Five Challenges of Firewall Management Every Company Must Address (by Nimrod Reichenberg)
Wireshark: Export SMB Objects (by Joke Snelders)

Understanding Packet Path Critical to Analyzing Application Problems (by Chris Greer)

Close your eyes and imagine that you are a packet (I know it sounds nerdy, but stick with me here). You’re leaving the NIC at the client end, and you are on your merry way to the application server at the other end of the connection. What is the first switch and port number you enter into? Which port are you forwarded out of? Which switch is next? Which routers are involved? What if you hit a roadblock, where do you get re-routed to?

Now this is probably the most important question – Are you sure you know the path betwen client and server?

Most network people know their systems pretty well, and may be confident about the path of a packet between clients and servers. But with moves, adds, changes, upgrades, and servers being made every day, be careful about assuming that a path from A to B is well documented and understood. Be especially careful about this assumption when installing analysis gear to capture a trace file and analyze the traffic. After all, there is nothing worse than getting a great analyzer installed where we assume traffic to be, starting the capture, reproducing the issue, then digging through the traffic – all to find out that what we’re in the wrong place.

How to Find the Path

There are some great tools out there at display the path a packet takes from client to server at layer 3. But one of my favorites – the OptiView XG – also shows the layer 2 path through the switches as well. It does this by using a feature called Path Analysis.

Path analysis

This feature will track the route taken by a packet from one device to another (client to server), displaying port in and port out, port speed, duplex, as well as any related problems for any of these interfaces along the way. This information saves a huge amount of time when troubleshooting problems in performance, and can really help key in on problem links in the network. Without this information, we make assumtions that can detour our troubleshooting efforts, adding overall time to the resolution. 

Remember that understanding application performance relies on understanding packet path. If we don’t know where traffic goes, then it is very difficult to capture it and analyze the network links between client and server. So forget that old documentation and make sure the path is known before digging too far into a problem.

Chris_greer              Packet Pioneer Logo

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer. Chris has many years of experience in analyzing and troubleshooting networks. He regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. When he isn’t hunting down problems at the packet level, he can be found teaching various analysis workshops at Interop and other industry trade shows. Chris also delivers training and develops technical content for several analysis vendors.

Chris can be contacted at chris (at) packetpioneer (dot) com.