Weekly Network Knowledge Challenge QUIZ from The Network Heroes! (From:ProfiTAP)

For the next 14 weeks the Network Heroes will be asking you the challenge questions.

See if you can answer all 14, correctly!!!

Click here - for the ProfiTAP website Every Monday for the Latest Question! - Click here!

Mike P Question

Mike Pennacchi

Nps logo

Continue reading "Weekly Network Knowledge Challenge QUIZ from The Network Heroes! (From:ProfiTAP)" »

When A Simple SPAN Port Is Enough (by Timothy Schmidt)

When A Simple SPAN Port Is Enough

Header image - when a simple SPAN port is enough

The two most common ways to access and replicate data within your network are TAP and SPAN technology. A Test Access Point (TAP) is a hardware device that copies all of your network data. SPAN or Switch Port Analyzer are mirroring ports within a switch that copies specific data as a best effort with no guarantees.

Network TAPs are always the industry's best practice but in a few specific and limited situations when a SPAN port suffices. When monitoring products are looking for low bandwidth application layer events like “conversation or connection analysis,” “application flows,” and applications where real time, dropped packets and knowing real delta times are not important. SPAN could also be used in a remote location that doesn’t justify a permanent deployment, offering temporary access for limited troubleshooting.

In these specific situations when a SPAN port perfectly suffices, you likely need a way to aggregate a few SPAN lines together and send that combined network traffic out to one or more sets of tools or appliances. When these situations arise, think simplicity.


Continue reading "When A Simple SPAN Port Is Enough (by Timothy Schmidt)" »

How TCP Works – The Timestamp Option (by Chris Greer)

TCP Timestamp TSval TSecr

In the TCP handshake, you may see an option called timestamps, shortly followed by scary-looking “TSval” and "TSecr" numbers. What are those values and how can you interpret them? Let’s dig.

What is a TCP Timestamp? 

The timestamps option in TCP enables the endpoints to keep a current measurement of the roundtrip time (RTT) of the network between them. This value helps each TCP stack to set and adjust its retransmission timer. There are other benefits, but RTT measurement is the major one.

How it works.

Each end of the connection derives a 4-byte increasing value. This value is unique to each side and has no real numerical significance. The opposite end does not care what the value is, it will simply echo it back to the original sender. The original sender can then measure the timing between the packet(s) that were sent and received with this unique value.

The value used by each end will be increased as the connection goes along. Many TCP implementations will add the measured network RTT value (in milliseconds) to the 4-byte timestamp and use this new number for the next segment to be sent.

For example, in the screenshot below, we can see both ends of the TCP connection using timestamps. Both values, the one used by the sender and receiver, have been added as columns in Wireshark to make them a little easier to see.

TCP Timestamps

The first packet has a timestamp value of 1125169296. Told you it was long and scary! But let's analyze...

Continue reading "How TCP Works – The Timestamp Option (by Chris Greer)" »

Does your Brand have a Personality? 5 Ways to Define Your BRAND Personality (by John Gumas)


Does your Brand have a personality?

Most marketers know that customers are looking for that unexplainable thing that connects them to a brand. Nobody wants to buy from a boring company, no matter how great the product. However, brand personality is something that entrepreneurs and business owners often overlook. This is a big miss, because the reality is that a brand’s personality can drive sales and promote lifetime customer loyalty. Where many marketers struggle, however, is proving this to their boss. But, we’ll save that for another blog.

Here are five ways to create and define your brand personality.  

  1. Define Your “Why.” This might seem obvious, but it’s not easy to put into words. Anybody can sell products, but what makes your business unique? How do you differ from the competition? For example, everyone knows GoPro is known for capturing intense moments of adventure, but they really just sell cameras. Since day one, Apple’s had a hold on the young and tech-savvy outcasts, but they simply started out selling computers. Talk to the founders of your business and discover what inspired them to start the company. Identify the reasons why employees are drawn to the company and why consumers should choose you over your competitors.

Continue reading "Does your Brand have a Personality? 5 Ways to Define Your BRAND Personality (by John Gumas)" »

Microsoft getmac and MAC Address (by Tony Fortunato)

When troubleshooting it is quite common to get the mac address of the host, server or network equipment for a variety of reasons.

For example, many syslog messages or logs may refer to mac addresses depending on what the error is. If you are working from the switch, you more than likely need to know the mac address if you need to figure out which port the target is for your monitor or span command. And of course if you are using a protocol analyzer, you should always capture with a mac address, when possible.

In this video I review how most people figure out their mac address and how to determine the mac address of another device on the same vlan as you. The issue with this methodology is that in some scenarios you may want to figure out the mac address of a Microsoft device that is on another VLAN.

Using Microsoft’s getmac command allows you to get your mac address as well as a remote system’s mac address. As I mention in the video, this command seems to be using the DCE/RPC protocol, so if you block this protocol on your host, servers, or network you might have an issue with command.

Lastly, you need to know the user name/password on the remote system for this to work remotely.

Hope this helps you with your troubleshooting.

Continue reading "Microsoft getmac and MAC Address (by Tony Fortunato)" »

How to Connect your Inline Application Monitoring Tools in 5 steps Understanding Advanced Features in a Network Packet Broker ( by Chris Bihary)

How to Connect your Inline Application Monitoring Tools in 5 steps Understanding Advanced Features in a Network Packet Broker


It goes without saying, but proper application monitoring is a critical component of sound network management. Let the following example show you:

Say you have two critical 10G links that you need to monitor with a few inline network tools. That sounds like a big problem because each inline appliance has the potential of introducing a point of failure. Then, there is also the problem of getting all the network traffic from each critical link to go to each individual inline appliance for processing.

Sounds like a scenario that could be difficult and expensive to implement. But it doesn’t have to be. By using a Garland Technology Advanced Aggregator, you can increase the efficiency and port utilization of your network.

Continue reading "How to Connect your Inline Application Monitoring Tools in 5 steps Understanding Advanced Features in a Network Packet Broker ( by Chris Bihary)" »