The Payoff of having a double sided capture! (by Mike Motta)

The complaint came in that it was taking from 4 to 20 minutes to transfer data.

Why is the network slow?  Is it the network?

Could it be the infamous SNAIL problem?

Snail

At first the client sent me a trace only from the client side.  The trace file showed packets out of order and some re-transmissions along with low TCP windows.  I asked the client if it was possible to get a capture from both sides, client and server and the answer was “yes” (In my world that is the best way to eliminate any magic!)  

First: I looked at the server side trace file first.  It showed the server re-transmitting over a thousand times.  (Uh Oh)   

By having both sides I was able to prove that the server did indeed send the packet but the client did not receive it. 

We can also see that they are 5 hops from each other, which means something is dropping packets. 

Next : It is time to interrogate router interfaces and firewall interfaces for discards or drops. 

Watch this Video for the problem visibility process, guiding us to the issue at https://youtu.be/WW0SjeeteK8 

Get a TAP to see every bit of your Data!

Mike-suit-300x300The author - Mike Motta is a well-respected instructor at Network Instruments University, with experience training thousands of people. A veteran of the IT industry, he has been using protocol analyzers on a daily basis for more than 30 years, earning his CNX certification status in 1995, GEDI certification in 2007 and WCNA certification in 2013. A network and application performance expert, Mike is the owner of Motta Network Experts in Kansas City, where he troubleshoots network problems and performs network assessments for corporations throughout North America. Mike enjoys and  knows how to entertain as he trains students, making it easy to retain the information taught in his classes. Mike's extensive theoretical and hands-on knowledge of the Network Instruments products and Wireshark, there is no question too complex to answer. Mike delivers a valuable learning experience and equips his students with lasting real-world skills


Are My Packets Lying? – Four Things To Look For In Packet Traces (by Chris Greer)

Blog-Are my Packets Lying

Packets don’t lie – well, most of the time.

Packets will tell you the truth unless they have been captured incorrectly. In those cases, packets can tell bold-faced lies.

When digging through trace files, we can come upon symptoms in the packets that may raise an eyebrow. These are events that look strange on the surface and may even divert our troubleshooting focus for a time. In fact, some of these issues have misdirected engineers for hours, if not days, causing them to chase down issues and events that simply did not exist on the wire.

Most of these examples can be avoided simply by capturing the packets from a tap rather than on the machine generating the traffic. Come on, you know you have needed a tap for a while! Just spring for one and capture correctly next time. By the way, when you do make that decision, check out our buddies at Garland Technology. They make great stuff and they are nice people too!

  1. Very large packets

Continue reading "Are My Packets Lying? – Four Things To Look For In Packet Traces (by Chris Greer)" »


Upgrading Firmware And Why its Critical (by Tony Fortunato)

 The topic of keeping firmware and/or software that keeps your network equipment running current is not as straight forward as you might think.

Let me start from a different perspective. When researching equipment and vendors, I like to see if they have a support community and how often they update their firmware/software as well at the products’ technical specifications. I have found some real gems with this kind of background work. A few years ago I discovered a vendor that provided free management software that also performed firmware uprades for free. And it works great!!

Another key point is if the vendor charges for firmware/software and what the requirements are to register on the support forum. Along with this point, I try to determine the firmware upgrade process and if customers have had issues performing this procedure in the past. I personally find that if support forums are easy to join, members tend to share and collaborate tips, tricks and experiences more.

Back to the original topic, when I receive new equipment, one of the first things I do is check what the current version of software is loaded on the device versus what the current version is. One might argue that having the latest version might address specific exploits or vulnerabilities but newer versions of software might bring new problems or bugs. I always like to keep the current and previous version of software to be safe.

Recently I was asked to acquire, test and configure a router made by Ubiquiti Networks. I have used their wireless equipment for years, so I’m familiar with their equipment and generally had good experiences. The only criticism I would provide is that some of their equipment isn’t quite plug and play. They have a manual online but since their routers haven’t been around as long as the big players you have to scour the net to figure things out. They do have a support community but like most support forums don’t expect to get a prompt and accurate response every time.

Continue reading "Upgrading Firmware And Why its Critical (by Tony Fortunato)" »


LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet)



Yx_X0tC2Security is top of mind for most IT departments. Once the subject comes up, everyone has their own ideas about what security tools (IPS, IDS, DLP, WAF, etc.) and what defense strategies (black list, white list, defense in depth, etc.) should be put in place. But what about the functionality that enables the security solutions? How do you create the visibility into the network that you need to create a truly adequate security solution? Join us for the final podcast in this Best Practice series to learn about what a visibility architecture is and how you can use it to create your inline and out-of-band network security solutions.

Continue reading "LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet) " »


Troubleshooting with Wireshark - Remove Unrelated Protocols (by Chris Greer)

Sometimes packet digging can get tedious. We've all been there. 

It can be hard to set the right filter that lets us hone in on the root cause. In many cases, it is just as helpful to remove protocols from view that are not probably not related to the problem. At least that will give us less to dig through. I call that removing "packet static". 

In this video, we will look at how to create a button in Wireshark that will remove common protocols or conversations that will simplify the trace. 

 

Hope this helps when packet digging! 

Continue reading "Troubleshooting with Wireshark - Remove Unrelated Protocols (by Chris Greer)" »


Introduction to Automating Your Testing (by Tony Fortunato)

The ability test consistently is a critical factor when troubleshooting, baselining or lab testing. This becomes a bigger issue when you are part of a team and need to replicate a test that your colleague performed weeks or months ago.

In inability to perform the same test, with the same steps can lead you to make incorrect conclusions and cause general confusion.

The tried and true way to document your testing methodology would be to write or type out your steps. Heck you might include the odd screenshot or video to ensure the reader follows your steps exactly.

This is where I add a little something extra and suggest automating your tasks with some sort of scripting language so you literally just press a button, sit back and collect the data.  Scripting ensures that every step is performed the same way, with the same delays, etc. every time.

The most basic script in the Microsoft world would be a batch file. I’ve been tinkering with batch files since 1990 and am always impressed how Microsoft has added more functionality, added Powershell and other goodies over the years.  Of course our Linux friends have bash scripts which server the same purpose.

If batch files aren’t your cup of tea there are tons of scripting packages and languages out there. One of my favorites out there is Autoit (https://www.autoitscript.com/site/autoit/) since it s afree Basic like scripting language. Autoit now has a portable version and you can compile your scripts to stand-alone executables.

Continue reading "Introduction to Automating Your Testing (by Tony Fortunato)" »