Chapter 7. Advanced Topics

Table of Contents

7.1. Introduction
7.2. Following Protocol Streams
7.3. Show Packet Bytes
7.4. Expert Information
7.4.1. Expert Info Entries
7.4.2. “Expert Info” dialog
7.4.3. “Colorized” Protocol Details Tree
7.4.4. “Expert” Packet List Column (optional)
7.5. TCP Analysis
7.6. Time Stamps
7.6.1. Wireshark internals
7.6.2. Capture file formats
7.6.3. Accuracy
7.7. Time Zones
7.7.1. Set your computer’s time correctly!
7.7.2. Wireshark and Time Zones
7.8. Packet Reassembly
7.8.1. What is it?
7.8.2. How Wireshark handles it
7.8.3. TCP Reassembly
7.9. Name Resolution
7.9.1. Name Resolution drawbacks
7.9.2. Ethernet name resolution (MAC layer)
7.9.3. IP name resolution (network layer)
7.9.4. TCP/UDP port name resolution (transport layer)
7.9.5. VLAN ID resolution
7.9.6. SS7 point code resolution
7.10. Checksums
7.10.1. Wireshark checksum validation
7.10.2. Checksum offloading

7.1. Introduction

This chapter will describe some of Wireshark’s advanced features.