Pros and Cons of Packet Slicing

Whenever I’m working with a client on packet analysis, I always ensure that I cover packet slicing concepts. It doesn’t matter if I am teaching, troubleshooting or baselining, I believe that packet slicing is an important part of packet capture.

One school of thought is to slice after the fact, which you can do with Wireshark’s editcap utility and the -s option and now you have the original trace and a sliced one. Unfortunately, depending on the size of the trace, you might find this a bigger job than you think and now you have to ensure you keep track of 2 files.

In this video I cover why, and when, I packet slice. I prefer to slice ahead of time, especially if the captured packets might contain sensitive information. In this video I show you how I configured packet slicing in Wireshark and using the web interface on Network Critical’s SmartNA XL (https://www.networkcritical.com/smartna).

Keep in mind that under specific conditions, some capture devices (laptop and desktops) may drop full sized packets and slicing is a way to mitigate that problem. I would encourage you to test your packet capture laptops and desktops and determine when, or if they drop packets using various frame sizes and rates.

If you need to figure out to determine a specific slice offset, check out my other video “Figuring Out Where To Slice a Packet Using Wireshark” https://www.networkdatapedia.com/post/2018/02/05/Figuring-Out-Where-To-Slice-a-Packet-Using-Wireshark

Tony Fortunato

Sr Network Performance Specialist

The Technology Firm

https://www.thetechfirm.com

Getting things to work better - bit by bit-

Click here to book a call with Tony https://calendly.com/thetechfirm/30min

Linkedin Profile https://ca.linkedin.com/in/fortunat

Youtube Channel: https://www.youtube.com/@thetechfirm

NetworkDataPedia: https://www.networkdatapedia.com/blog/author/Tony-Fortunato