Are My Packets Lying? – Four Things To Look For In Packet Traces (by Chris Greer)
Saving Specific Packets With Wireshark (by Tony Fortunato)

The Payoff of having a double sided capture! (by Mike Motta)

The complaint came in that it was taking from 4 to 20 minutes to transfer data.

Why is the network slow?  Is it the network?

Could it be the infamous SNAIL problem?

Snail

At first the client sent me a trace only from the client side.  The trace file showed packets out of order and some re-transmissions along with low TCP windows.  I asked the client if it was possible to get a capture from both sides, client and server and the answer was “yes” (In my world that is the best way to eliminate any magic!)  

First: I looked at the server side trace file first.  It showed the server re-transmitting over a thousand times.  (Uh Oh)   

By having both sides I was able to prove that the server did indeed send the packet but the client did not receive it. 

We can also see that they are 5 hops from each other, which means something is dropping packets. 

Next : It is time to interrogate router interfaces and firewall interfaces for discards or drops. 

Watch this Video for the problem visibility process, guiding us to the issue at https://youtu.be/WW0SjeeteK8 

Get a TAP to see every bit of your Data!

Mike-suit-300x300The author - Mike Motta is a well-respected instructor at Network Instruments University, with experience training thousands of people. A veteran of the IT industry, he has been using protocol analyzers on a daily basis for more than 30 years, earning his CNX certification status in 1995, GEDI certification in 2007 and WCNA certification in 2013. A network and application performance expert, Mike is the owner of Motta Network Experts in Kansas City, where he troubleshoots network problems and performs network assessments for corporations throughout North America. Mike enjoys and  knows how to entertain as he trains students, making it easy to retain the information taught in his classes. Mike's extensive theoretical and hands-on knowledge of the Network Instruments products and Wireshark, there is no question too complex to answer. Mike delivers a valuable learning experience and equips his students with lasting real-world skills

Comments