Ask Your Question

Revision history [back]

Hi Tigerman,

This is a very hard question to answer because you usually start with the capture and then ask for specific help for the analysis.

I suggest you pick one kind of traffic that you know well and capture it long enough to capture the "issue."

If this is an Internet issue, you could capture traffic to and from a specific website if the IP address of the site remains the same.

You already know wired and wireless users are affected so you could start capturing closer to your "core" network or Internet "gateway."

But it's probably best to start closer to an end user so there is less traffic to sort through. You can work your way up to the core/gateway as you progress.

Once you have the capture, you need to look for the "issue".

I can't really list all the "bad" stuff you could find. Wireshark has excellent coloring so do look for black or red packets and read up on what that means. Expert info should also give you some good information about the capture.

Good hunting.