Hi Lisi,
Turns out that's a large question.
The route I have taken involved a mix of classes and hands-on
experience. I started taking classes in 1991, and I've taken a class on
protocol analysis (Wireshark is just one of many, many tools which
perform a function called 'protocol analysis') every year or two since,
gradually deepening my understanding of how clients and servers interact
in modern networked environments, as I use these tools repeatedly to
solve problems at work. [I'm not the smartest bear on the block, so you
may be able to progress more rapidly than I have!] That's been my path
-- other folks may have followed different routes to acquire their
understanding.
I'm casting about for an analogy ...
This oversimplifies things a bit, but learning to understand Wireshark
output is like learning to understand x-ray output ... the doctor-to-be
learns an awful lot about how the body works, how the organs function,
how bones behave, how the whole system interacts with itself and the
outside world ... and only /after/ numerous years in med school and
working as an intern and as a resident would s/he find an x-ray useful
... an x-ray by itself doesn't tell us much, just as a protocol trace
(aka Wireshark output) doesn't tell us much ... but when layered on top
of an understanding of how clients/networks/servers interact, /then/ it
becomes useful. And of course, both the MD and the trouble-shooting
analyst learns more and more as the years go by ... IT (Information
Technology) may be a whole lot simpler than biology (medicine) ... but
there's still more material than any one person will learn in a lifetime.
hth,
--sk
Stuart Kendrick
FHCRC
On 10/3/2011 3:38 AM, Lisi wrote:
> I cannot find anywhere a basic and simple enough explanation of the meaning of
> the output from Wireshark for me to be able to understand it (the output).
>
> Can anyone recommend something that I could read, that might slightly reduce
> my ignorance? My ignorance is so total that I do not even know what
> questions to ask, so that Google is sadly not my friend. :-(.
>
> Thanks,
> Lisi
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe