How TCP Works - MTU vs MSS (by Chris Greer)

Hey packet people! 

There is a big difference between the Maximum Transmission Unit (MTU) on an ethernet connection or IP interface and the Maximum Segment Size in TCP. In this video we will take a look at how and where each is set, how it impacts the encompassed data, and how the network can adjust these settings. 

These core concepts will help when troubleshooting broken or slow connections due to MTU or MSS. 

Hope it helps in troubleshooting with Wireshark! 

Continue reading "How TCP Works - MTU vs MSS (by Chris Greer)" »

How To Improve Network Security and Performance (by Keith Bromley)

How To Improve Network Security and Performance 

As you may have seen, I like to talk a lot about network visibility – what it is and what the benefits are. Therefore, I often get the question, “So, how can I specifically use network visibility to solve my problems?” – sort of a Jerry Maguire “show me the money” type of question. The short answer is that there are lots of use cases available, it simply depends upon what your individual needs are. Let me show you.

Hopefully you have heard of the term “network visibility” by now. It has become commonplace over the last year or so. If not, network visibility is simply the ability to see what your network is doing and how it is performing. You can get a longer narrative of the definition here and free resources on network visibility are available here. While some might think that network visibility is a non-issue these days. It’s actually not. Many networks have had, and continue to have, network problems such as:  downtime, slow running applications, missing data, expensive troubleshooting activities, and security breaches.

The first half of the solution to this problem is straight forward. You should consider implementing a visibility architecture. This approach allows you to integrate your network architecture with your security architecture so that you can capture all of the data that you need. The right data is crucial to minimizing (and even preventing) downtime, repairing the network as fast as possible, meeting and exceeding your internal and external customer SLAs, and maximizing your network security.

The second half of the solution is to implement the right technology and processes to solve your problems. Basically, what can you, and what should you, implement? Let’s look at this subject in further detail.

First, you need to figure out what your specific trouble areas and blind spots are. You may already know about several of your problem areas. At the same time, you probably do not know what you do not know. So, there may be some hidden problems as well. These areas, called blind spots, are where you can’t tell (or don’t know about) that there is an issue. There are numerous sources for blind spots including:  the use of cloud networks, silo IT, rogue IT, mergers and acquisition with different networks and applications, etc. You can get more details on blind spots in this article .

Once you figure out what your problems areas are, take a look at this free resource. This resource examines 6 different categories of solutions that resolve different types of known problem areas and/or blind spots. These areas include:

  • Network security improvements
  • Cost containment capabilities
  • Enhanced troubleshooting efforts and network reliability
  • Removal of network blind spots
  • Optimization of Network Performance
  • Strengthening of regulatory compliance initiatives

In fact, the book contains 68 different examples of what you can do (i.e. use cases), broken down by those six categories. Some examples are:

  • How to expose indicators of compromise
  • How to make inline security tool deployments more reliable by using High Availability
  • How to reduce/eliminate the need for Change Board Approvals and crash carts
  • How to use application intelligence to conduct proactive troubleshooting
  • How to simplify inline SSL decryption by using an NPB with integrated decryption
  • And many others

Once you read the book, you will have a very good of what you should do and how to go about improving network operations. It shows you how to combine taps, bypass switches, network packet brokers, application intelligence, and security and monitoring tools to achieve your security and monitoring goals.

If you want more information on this topic, click here to see a list of resources that also might help you, especially if you want more details of the various use cases described in the book.

KeithAuthor: Keith Bromley is a product marketing manager for Ixia, Inc., with more than 20 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Ixia’s network monitoring switch solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, management systems, unified communications, IP telephony, SIP, wireless and wireline infrastructure. Keith joined Ixia in 2013 and has written many industry whitepapers covering topics on network monitoring, network visibility, IP telephony drivers, SIP, unified communications, as well as discussions around ROI and TCO for IP solutions. Prior to Ixia, Keith worked for several national and international Hi-Tech companies including NEC, ShoreTel, DSC, Metro-Optix, Cisco Systems and Ericsson, for whom he was industry liaison to several technical standards bodies. He holds a Bachelor of Science in Electrical Engineering.

Oldcommguy dubs Keith "One Of The Good Guys" in today's technology!

Please note - Keith has many other popular articles on - and on









Wireshark Capture Interface Issue (by Tony Fortunato)

When I first started my website I had a whole section on product ‘issues’ or ‘bugs’.

My intent was to help my clients, subscribers, while reducing the number of emails I get about these issues.  Over the years, I found it to be too much work to maintain since I introduced more tools to my website.

In the past 2 years, I have eliminated almost all vendor specific tool webpages from my site that contained tips, tricks and bugs.

Wireshark is still one of the primary tools I use in the field and still do private training or presentations with it, so I thought I would keep that section on my website.

In this video I explain an issue I ran into recently with the default capture interface setting. The purpose of the video is to document the issue and help anyone who may encounter this issue.

Let me know if you find this helpful and I will create more along with my usual tips and tricks.




Continue reading other LoveMyTool posts by Tony Fortunato »

How TCP Works - Window Scaling

Hello packet-heads! 

In this video we will look at the window scale option in TCP. How does this feature improve performance across high-bandwidth, high-latency connections? How does Wireshark come up with the Calculated Window Size field? How can we set the scale factor if we missed the handshake? 

We'll answer all of these questions and more in this nine minute video. 


Continue reading "How TCP Works - Window Scaling" »

Capture Packets With Microsoft’s netsh (by Tony Fortunato)

There are many challenges we face when I want to capture packets while troubleshooting.  

  • Installing a packet capture tool such as Microsoft’s Netmon or Wireshark, might be a deal breaker for some admins.
  • Using a span or mirror port might not be available or add excessive latency to packets.

In most cases I would be happy with a solution that simply captures the packets and I can analyze the data on another system.

Many analysts I speak to are not aware that most Microsoft operating systems allow you to capture packets without installing anything on it.  The command is netsh trace start etc… 

In this video I show you how to get started by capturing data and making the trace compatible for Wireshark.



Continue reading other LoveMyTool posts by Tony Fortunato »

Open Source PCAP warehouse with dependency mapping. (by Mike Canney)

If you're like me, you probably have terabytes of PCAP files filling up your hard drive.  In previous articles I have reviewed one of my favorite "big trace file" tools Packet Analyzer (formerly known as Pilot) from Riverbed.  I absolutely love using this tool for quickly searching through a big trace looking for that needle in the haystack.

What happens when you have 100's of haystacks (PCAP files) and you still want to find that needle?  

In this short video we will look at a way to take that hard drive full of PCAPs, index them, and allow you to very quickly sort through terabytes of data.  



Continue reading "Open Source PCAP warehouse with dependency mapping. (by Mike Canney)" »