Many of you are aware of the new book, "Wireshark Network Analysis" by Laura Chappell and the thread here discussing it. It seemed to be pretty popular with the site's members and the author joined the discussion, so I asked her if she'd like to contribute a few copies as part of a giveaway on the site. She has graciously agreed to give away 3 copies, signed by Laura and Wireshark creator, Gerald Combs, no less.

What are you giving away?

3 signed copies of the new "Wireshark Network Analysis" book (ISBN 978-1-893939-99-8).

http://www.wiresharkbook.com/





..and a few swag items.

How do I get me hands on one?

This one is easy, create a post on this thread before 12:00PM CST on 5/6/2010. Be sure to include a write up describing a time you have used Wireshark to solve an issue on your network, be as specific and detailed as you can without divulging network/corporate secrets. The best write up gets a copy of the book and a choice of items from the networking-forum.com swag store.

From the rest of the entries, with write ups or without, two people will be randomly* selected as winners of the book and a sticker from the above mentioned swag store.

What else should I know?

• Nothing in life is guaranteed.
• Please don't hold Steve liable for getting your feelings hurt, I do this for the benefit of the members.
• The admin and mods will decide the winners. Their decision is final.
• The contest and or rules can change at any time.
• One entry per person, not account.
• The Wireshark write ups must be original and truthful. This will be up to the judges' discretion.
• Winners will be notified via this thread and will have 3 days to respond with their full name, shipping address, and contact phone number. If they don't reply, or an email gets lost, or whatever other unforeseeable thing happens, another winner will be selected and all prizes will be forfeited.

*Is there really such a thing as 'random'? I'm not sure but we'll do our best.

Awesome! I've been learning alot about how to use Wireshark recently to troubleshoot Websense web filtering... I'll try to come up with something

Agh it's already the third!

Very nice! I received the notification of this contest via LinkedIn.

I have a couple good examples of when I've used Wireshark to resolve an issue on my network and they're both good but since the rules called for only one I'll just pick one.

About a year or so ago while I was working as a contractor for a major computer processor manufacturing company one of the factory managers contacted me about an issue they were having with a specific tool in the factory. The details at first were sketchy but I did what I always did and started with the basics.

The problem was that each morning around 3:00am this specific tool and only this specific tool would seemingly lose its network connection. It was become very sluggish/slow in passing data and finally just stop entirely with the applications throwing out all kinds of "lost connection" errors.

After tracing out the device to determine the switch port they were connected to I discovered that every morning right around 3:00am there were a lot of out-discards from a few switch ports (which all happened to share the same VLAN) including the port to the tool in question. Not finding any other issues on the switch port or the network in general I decided to see what was going on the wire at 3:00am that might cause this issue. (I suspected it was something with the specific configuration of the tool...)

So one early morning I headed into work and got my work-issued laptop all set up and Wireshark running sniffing the VLAN on that specific switch. I then sat back and just watched as the packets scrolled by. Sure enough, at 2:50am my laptop went absolutely crazy. The amount of traffic coming into Wireshark from the span port was *insane*. I had to pull the network cable from my laptop and even then it took a few minutes for the data which Wireshark had sniffed to save to the hard drive (my work latpop was pretty low-end).

I saved the data I'd sniffed and headed up to my desk. After a few minutes of poking around I discovered what I felt to be the root cause. At 2:50am a production tool on the network (and the same VLAN as the tool having issues) began a *huge* file transfer. I emailed the findings to my customer and they right away figured out the problem.

This huge file transfer was a hard drive image being mirrored as part of a nightly backup. The script controlling the backup was broken and instead of deleting each days backup file it added a new one to the batch each day. So after a week they were mirroring just a ton of data across that VLAN.

They stopped the backup script the next morning and not a single problem. They fixed the script and allowed it to run the next morning and no issues.

That's it! I was quite satisfied that I was able to figure out the cause of the problem and help my customers fix their issues.

Dave

Sounds like a good contest! I'll pass this time as I currently already have a copy to read!

I want this book.

Me too. I've always found packets interesting to look through. Sometimes I'll run Wireshark on the home PC while I'm doing something or other just so I can see what it looks like on the wire.

Dave

When I started my new job, first issue that came in was very strange. User complaining that a specific application is slow, while other email, internet and others are working fine. After much checking of interfaces, arp entries and mac addresses we ran wireshark on the VLAN. What we found (which desktop people didnt) lots and lots of IPX chatter on VLAN apperently while we removed IPX routing from routers and layer 3 switches, some workstations still had it installed and while this application was originaly made for Netware it tried to talk on the IPX stack first, after timing out it would use IP stack. If it wasnt for wireshark we would still be waiting for desktop personal to figure this out !!!

I don't have any great stories on how it helped solve a problem, but it has been great to gain a better understanding of networking viewing capture packets.
I sure would like to get a free copy...

Noob trying to get a headstart A free copy will definitely help