Workbench 0.18 User Guide

Workflows

Even with a good level of knowledge of TCP/IP and Wireshark, it can be difficult to plan a route through all the data captured to reach the desired destination; determining the root cause of the problem we are investigating.

There are many videos on YouTube® and elsewhere describing how to identify certain problems within a Wireshark trace but there are three challenges that often arise:

  • The video is based around a trace that has been pre-filtered to show the pertinent events
  • The scenario described in the video doesn’t quite match the one we are investigating
  • Variations and choices that would result in different analysis steps can’t be covered

Some videos also start with a statement like, “This is how we identify a TCP windowing problem”, whereas in a real-life situation that is never our starting point.

We may also just watch in awe as some of the famous Wireshark analysts use the tool, in intuitive ways, to great effect.  The trouble is that intuition like that requires years of experience, and we need the answers now; or at least we need a jump start to make us effective as soon as possible.

Workbench Workflows provide a step-by-step guide to achieving a certain task, such as identifying TCP issues that are causing poor system performance.  We’ve modelled the behaviour of some Wireshark experts so as to deliver effective workflows.  We’ve then modified those models to fill the gaps around the preparation of data, and to cope with variations in scenarios and environments.