One of Wireshark's strongest capabilities is the ability to analyze network phenomena and suggest a probable cause for it. Along with other tools, it gives us detailed information on network performance and problems. In this chapter, we will learn how to use this tool. Later in this book, we will provide detailed recipes on using the expert system, along with other tools, to find and resolve network problems.
The expert information option can be used when we first come to check a network, communication link, host servers, and so on, and we wish to get the first filling of the network. We will be able to see if there are events that can indicate a problem before we get into a deeper analysis. We should look for events to hold on to: things like TCP retransmissions, Ethernet checksum errors, DNS problems, duplicate IPs, and so on.
In the first recipe, we will learn...