Usually I use Wireshark to debug networking problems in production. My Wireshark workflow is:
- Capture packets with tcpdump (typically something like
sudo tcpdump port 443 -w output.pcap
- scp the pcap file to my laptop (
scp host:~/output.pcap .)
- Open the pcap file in Wireshark (
That’s pretty simple! But once you have a pcap file with a bunch of packets on your laptop, what do you do with it?
Wireshark is my go-to tool for diagnosing networking issues.