Cool Tools 12: CACE’s WireShark

Sometimes tcpTrace just won’t do the trick when you need to monitor network traffic, such as when you need to see what’s going on in the network layer between servers where you can’t control the port used between endpoints.  I recently used today’s Cool Tool when diagnosing an email issue between IIS and a remote SMTP server trying to send mail: I needed to see why emails coming from the WebCenter Interaction Portal weren’t being accepted by the government server being used to route the traffic:

The problem ended up having to do with Reverse DNS lookups, which I’ll write about soon. 

For the purposes of this post, though, the Cool Tool is CACE’s WireShark, the Big Brother (read: later version after a name change) to Ethereal (see this post for a clarification to that comment: “ethereal is still ethereal, but ethereal development has ceased. All the core developers are currently working on wireshark. So do not expect new releases of ethereal any time soon, Wireshark is what’s being developed.”).

WireShark allows you to sniff all traffic going into and out of a network interface, which is hugely valuable (if not a bit more complicated as you get acquained with network protocols and WireShark’s powerful filtering capabilities).  As a portal administrator, you likely won’t need it daily, but when you do, it’s hands-down the best network sniffing tool for the good guys – and potentially dangerous for the bad guys if you haven’t, say, locked down your search server.

Tags: ,

Leave a Reply