I have installed wireshark which has replaced ethereal and have been sniffing packets on a client network to study his network traffic. My question is: When reading the output of session of wireshark how would
I determine traffic that is supposed to be there and what is not. I have noticed a lot of ARPing from several client machines on this clients network and he has also stated that his network performance has dropped a lot. I guess what I want to say is how would I fine tune his network using wireshark. Is there some trick or guidelines that I should follow?

A simple check for problems is to capture all traffic during a problem for a few minutes, then select menu Analyze->Expert Info. If you don't see a significant source of errors, then take a look at Statistics->Endpoints to see which addresses are generating the most traffic. You can then perform further analysis on that traffic.

Do you know if wireshark has a module that will display certificates that are being exchanged during an authentication like RADIUS on a wireless connection using PEAP?

Yes, wireshark can display certificates. Take a look here.

So basically your saying buy the book. It only shows a sample of the book.(the first 6 chapters) Do you work for Syngress. Thanks for the help!

???

I pointed you to an online resource, with an image that shows how wireshark decodes a PEAP exchange with a certificate. Isn't that what you asked about?

I find myself placing my own foot in my mouth a lot. Sorry, I thought that it was only a sale pitch but I see there are 6 chapters as a reference. thanks

That's OK. I'm over 50 now, and getting my share of senior moments.

LOL. I had one more question to ask:

From the readings from your reference it only shows me what is the content of the certificate but what I am interested in is the actual name of the certificates that are being exchanged(eap keys)like *.pem,*.der and etc... I am trying to figure out a EAP-PEAP issue. thanks