Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)

Analyzing packets at two points provides an accurate way to determine the delays across a network.  The team at Advance7 used this technique to find the cause of performance and stability problems with a web application.  The system topology was complex, but very common in today's enterprise environments; users accessing systems using a Windows terminal and ESX VDI-delivered desktops.

  Rtt_to_ack

Users reported slow response times and intermittent disconnects.  The path through the network from VDI host to application server was 10 GbE all the way, and so link overload was unlikely.  There were various theories about the cause of the problem but solid evidence was needed.

In this video ...

Continue reading "Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)" »


LMTV LIVE | Advanced Performance and Security Real-time Analysis (Extrahop)

 


YouTube LIVE start time: 9:30 AM PST, Wednesday, September 20, 2017


Extrahop_logo With 7.0, ExtraHop introduces live activity maps for complete 3D interaction with the hybrid IT environment; enhanced threat anomalies and machine learning-initiated workflows for performance and security; and perfect forward secrecy (PFS) decryption at scale to support next-generation security architectures.


Momma's Boy (by Paul W. Smith)

Man-inner-bicep-mom-tattoo-small

When I was growing up, you were a Momma’s Boy, a Man’s Man, or something in-between. Most of us belonged to the in-between group. Dare I say life is a bit more complicated these days?

There was a time not long ago when a female voice making an announcement on an airplane was assumed to be a flight attendant, a woman caring for you in a hospital was automatically a nurse, and a lady engineer was an oxymoron. In my lifetime, our culture has evolved to where female pilots, doctors and engineers are no longer notable, at least not for their gender.

While the whole gender identity issue is way above my pay-grade, the transition from the role models of my youth to a culture where humans and jobs are largely interchangeable is of great interest. This is particularly so in the STEM fields, where I have carved out my own career.

Continue reading "Momma's Boy (by Paul W. Smith)" »


TCP Checksum Error Case Study (by Paul Offord)

When I see TCP Retransmissions and Dup ACKs in a trace I naturally think about packet loss, but that's not the only cause.  The TCP Checksum mechanism is used to check the integrity of the TCP payload (or segment) and, although it's rare to see genuine checksum errors in a trace, it's another cause of retransmissions.

  Network topology

For Wireshark users there's good and bad news.  The good news is that Wireshark can check each packet for TCP Checksum errors.  The bad news is that they are not always genuine errors.  So how can we tell the difference?

In this video ...

Continue reading "TCP Checksum Error Case Study (by Paul Offord)" »


Troubleshooting SMB Connection Issue Using Wireshark (by Tony Fortunato)

In this video I walk you through how i worked my way through a Microsoft connectivity problem using Wireshark.

The main point of the video is to pay attention to the methodology where i document the issue, apply a change and re-measure.

Just some text from the slides;

"The problem is with a device running Windows 7 that is configured with some shares to its local drives like a storage server.Every so often no one can connect to the shares, Android users just see a spinning/processing icon and windows users get a variety of connection error messages. The end result is always the same, no connection.

The only solution is to reboot the Windows 7 device and things have gotten so bad that now they have a scheduled script that reboots the computer daily.I asked them to capture some packets from their computer when it happens again.

By noon I had a capture."

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Give Me Packets!!! Case Study: Slow Oracle DB (by Mike Canney)

There are a number of tools on the market that claim to allow you to analyze Data Bases.  I have many customers that own these tools and sometimes they work great.  Especially if it's what I call a "Low Hanging Fruit" problem, such as a slow SQL call like a SELECT or INSERT etc.  

What happens when it's not so obvious?  This is where deep packet analysis is needed.  In the following case study we will look at a chronic problem that far too many of my customers experience and how to quickly resolve that issue.  This particular problem was lasting for months.  More memory was added, servers upgraded, content switches added/upgraded yet the problem still persisted.  

 Let's take a look:

 

  

Continue reading "Give Me Packets!!! Case Study: Slow Oracle DB (by Mike Canney)" »