Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)
Wireshark Dropped Packet Counter (by Tony Fortunato)

Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)

Wireshark's new TRANSUM plugin provides a great way to identify slow web site and web service transactions, but there's a problem.  More often than not, web traffic is carried in SSL (TLS) encrypted messages, and so, although we can see slow response times, we can't see the detail.  To prove the cause of a slow response time, ideally we want to see the URI, query strings and, in the case of a web service request, the SOAP Action value.

  Ue_iis_log

If we are very lucky, we may be able to get a copy of the private SSL keys and use Wireshark to decrypt the traffic, but what if that's not possible.  The good news is that web logs have much of the information we need, and we can combine this with Wireshark network traces to get a more complete picture.

In this video ...

 ... we introduce the concept of web log analysis.  We cover how to get the log, what it contains and matching it to Wireshark traces.  In Part 2 of this mini series we will cover how to gain insight into SSL  network traces using web log information.

[MP4 version here in case YouTube is blocked]

In the video I open an IIS log with Wireshark using a standard Workbench feature called transformers. Transformers allow tools like Wireshark to read trace and log files in formats that are not normally supported; all with a simple drag and drop interface.  You can still get a free copy of Workbench from the Downloads section of the TribeLab Community website - https://community.tribelab.com

The BDS dissector mentioned in the video is available from https://community.tribelab.com/course/view.php?id=32.

Best regards...Paul

 

Picture of Paul OffordAuthor Profile - Paul Offord has had a 39-year career in the IT industry that includes roles in hardware engineering, software engineering and network management. Prior to founding Advance7, he worked for IBM, National Semiconductor and Hitachi Data Systems.

Paul is currently leading the TribeLab project to explore new ways to help IT support people troubleshoot performance and stability problems.

Comments