Tips on Using WireShark (Ethereal) to Analyse Network Packet Trace Files (Doc ID 416946.1)

Last updated on MARCH 01, 2023

Applies to:

Goal

This article is a few tips for on using WireShark to analyze network packet trace.

It also has some tips on how to collect network packet trace to analyze a problem.

Network packet trace can help considerably in diagnosing problems with any components that use network communications. It will show what is really sent and received rather than just what the application or component interprets what it sent or received. It is also possible, when trace is collected for both ends of a connection, to establish if what was sent was received unmodified or not.

For example network packet trace will show a lot more detail for LDAP requests than any LDAP servers own trace logging facility, though of course the LDAP servers own trace might also show other processing information that is not present in the actual requests.

Network packet trace will show more detail and is more reliable and complete than most HTTP header trace tools. It can also be used on the server side as well the the browser.

Only non-SSL packets can be formatted, but even for SSL connections a packet trace can be useful to diagnose SSL connection handshake problems. Though is some cases it is possible to use a tool like ssldump to analyze SSL traffic and RSA encrypted SSL packets can be analyzed using WireShark version 0.99.6 or above, see article 452164.1.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.