LMTV LIVE | Advanced Performance and Security Real-time Analysis (Extrahop)


YouTube LIVE start time: 9:30 AM PST, Wednesday, September 20, 2017

Extrahop_logo With 7.0, ExtraHop introduces live activity maps for complete 3D interaction with the hybrid IT environment; enhanced threat anomalies and machine learning-initiated workflows for performance and security; and perfect forward secrecy (PFS) decryption at scale to support next-generation security architectures.

Momma's Boy (by Paul W. Smith)


When I was growing up, you were a Momma’s Boy, a Man’s Man, or something in-between. Most of us belonged to the in-between group. Dare I say life is a bit more complicated these days?

There was a time not long ago when a female voice making an announcement on an airplane was assumed to be a flight attendant, a woman caring for you in a hospital was automatically a nurse, and a lady engineer was an oxymoron. In my lifetime, our culture has evolved to where female pilots, doctors and engineers are no longer notable, at least not for their gender.

While the whole gender identity issue is way above my pay-grade, the transition from the role models of my youth to a culture where humans and jobs are largely interchangeable is of great interest. This is particularly so in the STEM fields, where I have carved out my own career.

Continue reading "Momma's Boy (by Paul W. Smith)" »

TCP Checksum Error Case Study (by Paul Offord)

When I see TCP Retransmissions and Dup ACKs in a trace I naturally think about packet loss, but that's not the only cause.  The TCP Checksum mechanism is used to check the integrity of the TCP payload (or segment) and, although it's rare to see genuine checksum errors in a trace, it's another cause of retransmissions.

  Network topology

For Wireshark users there's good and bad news.  The good news is that Wireshark can check each packet for TCP Checksum errors.  The bad news is that they are not always genuine errors.  So how can we tell the difference?

In this video ...

Continue reading "TCP Checksum Error Case Study (by Paul Offord)" »

Troubleshooting SMB Connection Issue Using Wireshark (by Tony Fortunato)

In this video I walk you through how i worked my way through a Microsoft connectivity problem using Wireshark.

The main point of the video is to pay attention to the methodology where i document the issue, apply a change and re-measure.

Just some text from the slides;

"The problem is with a device running Windows 7 that is configured with some shares to its local drives like a storage server.Every so often no one can connect to the shares, Android users just see a spinning/processing icon and windows users get a variety of connection error messages. The end result is always the same, no connection.

The only solution is to reboot the Windows 7 device and things have gotten so bad that now they have a scheduled script that reboots the computer daily.I asked them to capture some packets from their computer when it happens again.

By noon I had a capture."



Continue reading other LoveMyTool posts by Tony Fortunato »

Give Me Packets!!! Case Study: Slow Oracle DB (by Mike Canney)

There are a number of tools on the market that claim to allow you to analyze Data Bases.  I have many customers that own these tools and sometimes they work great.  Especially if it's what I call a "Low Hanging Fruit" problem, such as a slow SQL call like a SELECT or INSERT etc.  

What happens when it's not so obvious?  This is where deep packet analysis is needed.  In the following case study we will look at a chronic problem that far too many of my customers experience and how to quickly resolve that issue.  This particular problem was lasting for months.  More memory was added, servers upgraded, content switches added/upgraded yet the problem still persisted.  

 Let's take a look:



Continue reading "Give Me Packets!!! Case Study: Slow Oracle DB (by Mike Canney)" »

Using NetworkMiner with a Windows netsh trace File (by Paul Offord)

Before analyzing a network packet trace file, I try to make sure that I've collected information about IP addresses and TCP/UDP port numbers.  Even so, I still find that I don't have all the information I need.  There are techniques you can use to get the missing information - check NBNS host announcements, explore the names resolved by DNS - but it's all just more hassle.


Recently I noticed a bit of a buzz around NetworkMiner, so I thought I'd check it out.  What I found was a simple tool that does just what I need; extract useful host and service information from Wireshark traces.  We now analyze a fair number of traces captured with Windows netsh trace, so I thought I'd look at how we can use NetworkMiner with these Windows-native trace files.

In this video ...

Continue reading "Using NetworkMiner with a Windows netsh trace File (by Paul Offord)" »