258 posts categorized "Application Performance" Feed

The Dark Side of Packet Slicing (by Mike Canney)

SiegerninjaPF

 

Packet or frame slicing our captures can be a great way to hide information in trace files if done correctly.  However, you have to really understand the reason for the captures in the first place.  For example, often times application performance issues leave many clues at layer 4 (specifically TCP).  What happens when you 'hard" slice a trace file and now cannot follow the TCP sequence numbers because the incorrect frame size value is written in the pcap file?

Other times you may need to see the specific application call (SQL/Oracle) to actually fix the problem but you no longer have that data because you've sliced it away.  

Continue reading "The Dark Side of Packet Slicing (by Mike Canney)" »


LMTV LIVE | Distributed Network Monitoring with Raspberry Pi (with Panos Vouzis of NetBeez)



YouTube LIVE start time: Wednesday, August 9, 2017 - 9: 30 AM (PST)


Netbeez Single-board computers, like the Raspberry Pi or Odriod, are getting widespread adoption within the network engineering community thanks to their computational power (approximately 1 GHz) and low cost (less than $50 per unit). As a result, more and more companies are deploying these devices within their enterprise networks and using them as monitoring sensors to collect analytics on network performance, wireless networks, and cloud services.

Panos Vouzis is a cofounder of NetBeez which provides network performance monitoring designed for network managers primarily interested in early fault detection and quick troubleshooting of complex wide area networks.


Click to read other LMTV posts by contributors of LoveMyTool »


Give me PACKETS!! Case Study: "The Slow Internet" (by Mike Canney)

Like many Network Engineers, I have also heard all to often that "The Network is Slow".  This is the mantra repeated across the World by end users, server admins and application developers.  

Luckily, we are armed with a tool set to not only exonerate the network (in most cases) but also pinpoint exactly where the problem occurred.  

Being a Packet Fetcher, the first thing I typically turn to in these situations is handy dandy PCAP(s).  In this first case study, we will see how to quickly solve this performance issue given the correct trace files from, more importantly, the correct areas of the network.   See the following diagram of the capture points as well as the video at the end of the post.

Internet_pic

 

 

 

Continue reading "Give me PACKETS!! Case Study: "The Slow Internet" (by Mike Canney)" »


Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet, by covering a few key points, we can dramatically cut the time needed to analyze any diagnostic data.

In my previous post we looked at the importance of a basic understanding of the topology of the system under investigation. In this blog I'll cover the use of markers; a ridiculously simple, but amazingly powerful, concept.  A marker places a distinctive packet in network packet trace data that we can easily find with Wireshark.

The RPR manual contains six pages of information on markers, covering suggested markers and what to use them for.  If you haven't used markers before you are in for a real treat.  Once you get the hang of them, you'll wonder how you ever did without them.

Let's imagine you've been investigating an intermittent slow response time problem for a bunch of users.  Nobody is quite sure what's causing the problem, although the application and platform teams insist it's not them.  You know the drill; if the cause isn't obvious it must be the network, right?

Billions_of_packets

Luckily, a user experienced the problem this morning, and you had packet traces running.  The bad news is that you have 500 GB of trace data (about 5 billion packets) and the user is vague about the time of the problem.

The first strategy ...

Continue reading "Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)" »


LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet)



Yx_X0tC2Security is top of mind for most IT departments. Once the subject comes up, everyone has their own ideas about what security tools (IPS, IDS, DLP, WAF, etc.) and what defense strategies (black list, white list, defense in depth, etc.) should be put in place. But what about the functionality that enables the security solutions? How do you create the visibility into the network that you need to create a truly adequate security solution? Join us for the final podcast in this Best Practice series to learn about what a visibility architecture is and how you can use it to create your inline and out-of-band network security solutions.

Continue reading "LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet) " »


Got NetFlow and Metadata – Why do I need packets? (by Chris Greer)

It’s all about time.

Alarm-2165710_640

When it comes to network monitoring, NetFlow and Metadata-based tools allow engineers to get a handle on traffic usage, statistics, capacity, and even security attacks. They quickly help us visualize the conversations and applications involved in congestion, as well as hone in on strange traffic behavior. It would be difficult (and overkill at times) to use packet data to show the same traffic statistics.

So then, why are packets necessary for analysis and monitoring?

In most cases, NetFlow and Metadata do not show us packet timing, which is critical when isolating the root cause of performance issues, and some security issues. To better understand why, let’s look at how NetFlow works.

NetFlow 101

Continue reading "Got NetFlow and Metadata – Why do I need packets? (by Chris Greer)" »