


a Firewall), even though the last step is often not that big of a problem – you can email the trace, or put it on an FTP server you own, etc. verify that the sanitization results are satisfactoryĪll three steps also apply if you’re going to share a trace file with a vendor investigating a problem with one of his devices (e.g.sanitize/anonymize the trace and remove all sensitive information.Which is a big problem, because it makes helping the person asking the question much harder or even impossible.īasically, there’s three steps required to share a trace file: Unfortunately, in quite a few cases the answer is “sorry, can’t do that, it contains sensitve information” or “no, it’s from a customer, I can’t share it”. pcap, capture file, binary log, etc.), so that Wireshark can be used to look at the problem.

And one of the most common comments to a question text is usually “can you provide a trace file” (a.k.a. It is much easier if you can get a PCAP or PCAPng file instead, but there are two major problems with that: how to share the file, and how to remove sensitive information first.Įven thought the Wireshark Q&A web site is mainly intended to ask and answer questions regarding Wireshark usage and development (including tools like tshark, editcap, mergecap etc.), many people also use it to ask questions about network capture analysis problems or how-to’s. In many of those cases the person asking a question on the Wireshark Q&A site posts screenshots or ASCII dumps of the packet list, which is very hard to work with when you’re trying to help.
