Are My Packets Lying? – Four Things To Look For In Packet Traces (by Chris Greer)

Blog-Are my Packets Lying

Packets don’t lie – well, most of the time.

Packets will tell you the truth unless they have been captured incorrectly. In those cases, packets can tell bold-faced lies.

When digging through trace files, we can come upon symptoms in the packets that may raise an eyebrow. These are events that look strange on the surface and may even divert our troubleshooting focus for a time. In fact, some of these issues have misdirected engineers for hours, if not days, causing them to chase down issues and events that simply did not exist on the wire.

Most of these examples can be avoided simply by capturing the packets from a tap rather than on the machine generating the traffic. Come on, you know you have needed a tap for a while! Just spring for one and capture correctly next time. By the way, when you do make that decision, check out our buddies at Garland Technology. They make great stuff and they are nice people too!

  1. Very large packets

Continue reading "Are My Packets Lying? – Four Things To Look For In Packet Traces (by Chris Greer)" »


Upgrading Firmware And Why its Critical (by Tony Fortunato)

 The topic of keeping firmware and/or software that keeps your network equipment running current is not as straight forward as you might think.

Let me start from a different perspective. When researching equipment and vendors, I like to see if they have a support community and how often they update their firmware/software as well at the products’ technical specifications. I have found some real gems with this kind of background work. A few years ago I discovered a vendor that provided free management software that also performed firmware uprades for free. And it works great!!

Another key point is if the vendor charges for firmware/software and what the requirements are to register on the support forum. Along with this point, I try to determine the firmware upgrade process and if customers have had issues performing this procedure in the past. I personally find that if support forums are easy to join, members tend to share and collaborate tips, tricks and experiences more.

Back to the original topic, when I receive new equipment, one of the first things I do is check what the current version of software is loaded on the device versus what the current version is. One might argue that having the latest version might address specific exploits or vulnerabilities but newer versions of software might bring new problems or bugs. I always like to keep the current and previous version of software to be safe.

Recently I was asked to acquire, test and configure a router made by Ubiquiti Networks. I have used their wireless equipment for years, so I’m familiar with their equipment and generally had good experiences. The only criticism I would provide is that some of their equipment isn’t quite plug and play. They have a manual online but since their routers haven’t been around as long as the big players you have to scour the net to figure things out. They do have a support community but like most support forums don’t expect to get a prompt and accurate response every time.

Continue reading "Upgrading Firmware And Why its Critical (by Tony Fortunato)" »


LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet)



Yx_X0tC2Security is top of mind for most IT departments. Once the subject comes up, everyone has their own ideas about what security tools (IPS, IDS, DLP, WAF, etc.) and what defense strategies (black list, white list, defense in depth, etc.) should be put in place. But what about the functionality that enables the security solutions? How do you create the visibility into the network that you need to create a truly adequate security solution? Join us for the final podcast in this Best Practice series to learn about what a visibility architecture is and how you can use it to create your inline and out-of-band network security solutions.

Continue reading "LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet) " »


Troubleshooting with Wireshark - Remove Unrelated Protocols (by Chris Greer)

Sometimes packet digging can get tedious. We've all been there. 

It can be hard to set the right filter that lets us hone in on the root cause. In many cases, it is just as helpful to remove protocols from view that are not probably not related to the problem. At least that will give us less to dig through. I call that removing "packet static". 

In this video, we will look at how to create a button in Wireshark that will remove common protocols or conversations that will simplify the trace. 

 

Hope this helps when packet digging! 

Continue reading "Troubleshooting with Wireshark - Remove Unrelated Protocols (by Chris Greer)" »


Introduction to Automating Your Testing (by Tony Fortunato)

The ability test consistently is a critical factor when troubleshooting, baselining or lab testing. This becomes a bigger issue when you are part of a team and need to replicate a test that your colleague performed weeks or months ago.

In inability to perform the same test, with the same steps can lead you to make incorrect conclusions and cause general confusion.

The tried and true way to document your testing methodology would be to write or type out your steps. Heck you might include the odd screenshot or video to ensure the reader follows your steps exactly.

This is where I add a little something extra and suggest automating your tasks with some sort of scripting language so you literally just press a button, sit back and collect the data.  Scripting ensures that every step is performed the same way, with the same delays, etc. every time.

The most basic script in the Microsoft world would be a batch file. I’ve been tinkering with batch files since 1990 and am always impressed how Microsoft has added more functionality, added Powershell and other goodies over the years.  Of course our Linux friends have bash scripts which server the same purpose.

If batch files aren’t your cup of tea there are tons of scripting packages and languages out there. One of my favorites out there is Autoit (https://www.autoitscript.com/site/autoit/) since it s afree Basic like scripting language. Autoit now has a portable version and you can compile your scripts to stand-alone executables.

Continue reading "Introduction to Automating Your Testing (by Tony Fortunato)" »


Got NetFlow and Metadata – Why do I need packets? (by Chris Greer)

It’s all about time.

Alarm-2165710_640

When it comes to network monitoring, NetFlow and Metadata-based tools allow engineers to get a handle on traffic usage, statistics, capacity, and even security attacks. They quickly help us visualize the conversations and applications involved in congestion, as well as hone in on strange traffic behavior. It would be difficult (and overkill at times) to use packet data to show the same traffic statistics.

So then, why are packets necessary for analysis and monitoring?

In most cases, NetFlow and Metadata do not show us packet timing, which is critical when isolating the root cause of performance issues, and some security issues. To better understand why, let’s look at how NetFlow works.

NetFlow 101

Continue reading "Got NetFlow and Metadata – Why do I need packets? (by Chris Greer)" »