Wireshark Edit Name Resolution (by Tony Fortunato)
Website issues for Marketing and Branding (by John Gumas)

Give me PACKETS!! (by Mike Canney)

Give me Packets!

I have been troubleshooting “network” problems for over two decades.  From mom and pop small businesses to Fortune 10.  Literally thousands of companies.  As far as tools go, I’ve used just about all of them.  From the Network General Sniffer, Novell LanAlyzer, Optimal’s Application Expert/Vantage, Compuware Ecoscope, Cinco NetXray to Wireshark and back.  

You would be hard pressed to find something that is somewhat mainstream that analyzes packets that I haven't used to find and solve network and application issues. Flower issueI’ve have also used the majority of the popular APM/NPM tools on the market for monitoring Network and Application Performance (I won’t list them).  The one thing in common is that they’ve all been useful in their own right.  Understanding at a high level of what traffic is on the network and an inclining of ‘potential’ application performance issues. 

 

What I’ve never seen is someone that has actually solved a complex performance problem utilizing a metadata only solutions.  Sure, you can solve some of the what I call, “low hanging fruit” problems.  The things that an intermediate Wireshark user can typically find within 5 minutes of looking at a trace file.  You know, the “8 second delta” between the HTTP Get and Response type of issues.  Don’t get me wrong, metadata is a vital part of an overall network monitoring solution, but it should not be the only solution.

To solve the complex problems you have to have the packets.  Not only do you have to have some packets, you have to have ALL of the packets (including payload).  This means multiple capture points within the path of the data for a given application. 

Better yet a tool that can articulate, decode and present the data in a format that is readable to the human behind the analyzer. 

For the past 7 years of consulting and looking at customer trace files I have had a secret weapon.  I have been using an analyzer called NetData.  NetData is extremely unique in that it looks at the problem holistically. There is no need to prefilter your trace files. In fact, it allows you to import a multitude of trace files and it seamlessly merges those trace files into a single view.

I know there have been other tools in the past that'll allow you to merge trace files (I’ve used them) but never on the scale that NetData allows you to. You can literally import gigabytes of data into this analyzer and have it characterize all of the end-user and application transactions and put them into an easy-to-read graph.

This is imperative as our networks are getting more and more complex and distributed. Cloud-based applications and encryption enhance the complexity of analyzing performance problems. NetData handles these with ease.

Over the next several articles I will be demonstrating case files of the extremely complex performance problems that my customers have had and that I've successfully used NetData to resolve. These case studies will illustrate the extreme value of having long term packet capture in your environment as well as a tool that understands the transport and application protocols.

Mike CanneyMike Canney specializes in providing application and network performance consulting services.

Over the past 26 years Mike has helped 1,000’s of companies identify and resolve their application and network performance issues. Mike has also developed coursework and taught engineers how to identify, re-mediate, and prevent network and application issues by analyzing traffic flows at the packet level.

Mike has been a guest speaker at many industry trade shows (such as Networld Interop, Wireshark "Sharkfest" and Cisco Networkers/Live) throughout the United States on the topic of application performance analysis.

Mike can be reached at mike@canney.us

Editors Note - I count Mike as one of the TOP network analysts anywhere! I have known Mike for many years and he is a super hard working, knowledgeable technologist I know. 

Comments