249 posts categorized "Application Performance" Feed

Metadata - We all need it now! (by Darragh Delaney)

Metadata – we all need it now!

Not so long ago, flow analysis was one of the tools of choice when it came to troubleshooting security or operational problems on networks. Many vendors developed tools which could take these flow records and store them in a data base, so that you could get real-time and historical reports.

However, metadata analysis is now seen as the must have pieces of technology for keeping modern networks running both securely and efficiently. Metadata analysis systems typically use network traffic or packets as a data source. You can typically source these via SPAN, mirror ports or TAPs. The clever part of metadata analysis involves data reduction. This is where you take raw network traffic and capture interesting pieces of data like IP addresses, website names or filenames. In some instances, you end up with a 4000:1 compression ratio. For example, if I transfer a 4MB file across the network, I may capture 1KB of metadata.

See your network

The screen shot below from our own (NetFort) LANGuardian system is a good example of this data reduction.

 

Continue reading "Metadata - We all need it now! (by Darragh Delaney)" »


Network Troubleshooting Tip - Focus on a Single Symptom (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet by covering a few key points can dramatically cut the time needed to analyze any diagnostic data.

In my previous post I covered the need to thoroughly understand a symptom. In this blog we'll look at the dangers looking for a common cause for multiple symptoms.

Imagine you are faced with a situation where users are complaining about three issues:

  • Word documents should open in less than 5 seconds, but intermittently take more than 30 seconds.
  • Excel workbooks should save in less than 15 seconds, but intermittently take more than 60 seconds.
  • Opening an Outlook Inbox should take less than 20 seconds, but sometimes takes more than 3 minutes.

All problems are reported as having started at the same time, and there’s a widespread belief that they are being caused by a network issue. This is the point where alarm bells should start to ring.

  Symptoms1

 

Maybe some of the symptoms are down to the same root cause, but maybe they are not, and starting by assuming they are is likely to lead to a very frustrating time. The choice of a single symptom and ...

Continue reading "Network Troubleshooting Tip - Focus on a Single Symptom (by Paul Offord)" »


Network Troubleshooting Tip - Understand the Problem (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet by covering a few key points can dramatically cut the time needed to analyze any diagnostic data.

Let's start with a seemingly obvious point; do you understand the problem? Sounds like a stupid question, but I am amazed by how much time an IT team will spend investigating a problem that they barely understand.

Take the example of the bank that had a tiger team of seven investigating a "network performance problem" for four months. Staff in an Indian processing center were complaining that they couldn't meet business targets because the system was slow. The same system was used by UK workers and it performed fine for them; so it must be a network problem right? I arranged for us to call a user at the processing center.

The lady at the center explained that during the latter stages of processing a loan application the system intermittently threw a script error, and so she needed to start the process again. This made the system slow to use!

What had the tiger team been doing for the last four months? Crawling all over the network, Citrix servers, application servers, databases, etc. 

Scenario 1 Scenario 2 Scenario 3
Start Word Open Windows Explorer Open an Inbox item
Choose File -> Open Navigate to the shared folder Double-click on an attached Word doc
Navigate to the shared folder Double-click on a Word doc Hang for 30 seconds
Double-click on a Word doc Hang for 30 seconds Document opens in Word
Hang for 30 seconds Document opens in Word  
Document opens in Word    

The situation is often a little more subtle.

Continue reading "Network Troubleshooting Tip - Understand the Problem (by Paul Offord)" »


LMTV LIVE | Taps vs SPAN Ports (with Keith Bromley and Jonathan Petkevich of IXIA)



YouTube Live Event starts at 9:30AM PST, Wednesday, March 8, 2017


Yx_X0tC2This week we will be speaking with Keith Bromley and Jonathan Petkevich, Senior Manager of Solutions Marketing and Product Manager of IXIA, respectively.

When it comes to monitoring your network, data collection is an extremely important subject. You need to know the type and quality of your data. For instance, is it an exact copy of the network data or has your monitoring data been modified (time stamps, checksums, etc.). The source of the data is important as it effects troubleshooting activities and network security. Join us for a discussion of how to capture the right type of monitoring data and a comparison of Tap-based vs. SPAN-based data.

Continue reading "LMTV LIVE | Taps vs SPAN Ports (with Keith Bromley and Jonathan Petkevich of IXIA) " »


LMTV LIVE | Networking Trends for 2017 (with Mike Canney of Viavi)



Live Broadcast starts @ 9:30 AM PST, Wednesday, January 11, 2017


ViaviMike canneyWith the New Year’s celebrations behind us, it’s time to put down the eggnog and look forward to the key technologies and trends that will impact network professionals in 2017.

LMTV will kick off this year with Mike Canney, Principal Strategic Architect and troubleshooter of Viavi Solutions, to take a look into our crystal ball to discuss the biggest things to impact IT.


Continue reading "LMTV LIVE | Networking Trends for 2017 (with Mike Canney of Viavi) " »


LMTV LIVE | Steve Brown and Warren Caron of Viavi Solutions


Viavi_Color_RGB

This week we will speak with Steve Brown and Warren Caron of Viavi Solutions, who are their Director of Solutions Marketing and Solutions Engineer, respectively.

With network teams increasingly involved in all aspects of security from threat prevention to breach investigation and remediation, understanding how to be proactive is critical. In this week's LMTV LIVE, we’ll discuss how network pros can more effectively work with security teams on threat prevention, investigations, and cleanup efforts.

  • Proactively ID anomalous network behavior
  • Recognize malware, ransomware, and DDoS
  • Assess damage post-attack
  • Reconstruct or playback breaches
  • Ensure successful remediation
  • Overcoming key visibility and intelligence issues
  • Strategies to ensure security events are fully captured