Discussion on:

Use Wireshark to inspect packets on your network

you may always use NetShark: http://www.albedotelecom.com/pages/fieldtools/src/netshark.php filtering both upstream and downstream and full wire speed, sending filtered packets to a single or dual port.

One of the more useful pieces of info in the Frame layer is the system time stamp. This relates to the system time of the device doing the capturing. It is necessary when trying to correlate network packets with other problems such as session failures. You may need to adjust for the time zone but this helps you find a call in a large file of CDRs for instance. Or at least the proper file to search for the Call-ID.

My comment is on the .enc file extension when you install Wireshark for 32-bit OS. It shows up everywhere in your file system, the registry key is created for the software to work and all the other usual installation steps take place. What I don't get is how the .enc file extension was found all over the place, I know its the "capture file". I went straight to wireshark.com to search their FAQ and help database but to no avail. Does anyone know how or why this happens.

I had been using Wireshark for some time (not in the "workplace" as in monitoring; what comes in/out your network) but for testing and experimenting. The fact that you can apply so many filters for more specific packets and protocols or ports (from avaya to zigbee) is really what I thought was a highlight of the software.

I don't get the chance to use the computer much nowadays but still try to keep updated. I tryed Snort, but that for me was a little more cumbersome having to write scripts and then run everytime I wanted to use the application, in fact if it had come with a GUI aside from the CLI version, I say it would recieve a little more attention; over all it is still pretty useful.