I make sure I cover what I call ‘tool calibration and behavior’ when presenting, teaching or on engagements because I consider it the biggest pitfall to network analysis.
Its easy to forget that our troubleshooting/monitoring tools are software and you need to understand how they analyze, collect and present data. I make it a point to ensure analysts understand they collect data and convert it to information.
The other big part of analysis is literally understanding the application interface behavior which includes everything from how settings and upgrades affect how the tool behaves.
In this article, I cover how Wireshark 2.0 remembers your last settings which you may not remember, causing confusion the next time you hit that start button. The difference between software versions shouldn’t be interpreted as a problem, but just different.