Does anybody have some kind of easy to follow guide to using Wireshark, i.e. things to look out for in captures / what's good / what's bad
I've hunted around and can't seem to find anything, and the caputure files are often a mindfield!
Perhaps if you tell us what question you want wireshark to answer we can give you some example filters to try on your network?
I just want to find out really what "junk" is flying around the network that shouldn't be flying around the network... but I'm unsure what I should be looking for in the captures to spot what is "junk" and what is needed etc
When I run a capture I see alot of Broadcast ARP requests, I don't know what's nornal or not, I get many NBNS querries looking for some computer names that don't exist on the network, I get lots of "Host Announcments" - "Potential Browser", again I don't kniow if this is "normal" or a mis-configuration somewhere in the setup of the computers
If somebody has a guide or can point out things that I shouldn't worry too much if I see them in a caputure file or things that if I see them then "hey you've got a problem" then that would be a great help!
Ok you are basically looking at broadcast traffic. ARP and Netbios traffic is normal. As are LLDP and STP. Anything else you should be suspicious of. In particular look out for things broadcasting on protocols you don't use (eg SSDP, DHCPv6, MDNS, IPX, Appletalk).
You also might want to look at the wiki.
DisplayFilters - The Wireshark Wiki
The following book might be worth getting if you want to learn more about WireShark and how to interpret the captures. I bought a copy when the publisher had a sale last month, but I haven't got around to reading it yet (the reviews on Amazon all say it's good though :) ).
Practical Packet Analysis, 2nd Edition by Chris Sanders
Using Wireshark to Solve Real-World Network Problems
Thanks both... I've put an order in for one of those books!