With 7.0, ExtraHop introduces live activity maps for complete 3D interaction with the hybrid IT environment; enhanced threat anomalies and machine learning-initiated workflows for performance and security; and perfect forward secrecy (PFS) decryption at scale to support next-generation security architectures.
There are a number of tools on the market that claim to allow you to analyze Data Bases. I have many customers that own these tools and sometimes they work great. Especially if it's what I call a "Low Hanging Fruit" problem, such as a slow SQL call like a SELECT or INSERT etc.
What happens when it's not so obvious? This is where deep packet analysis is needed. In the following case study we will look at a chronic problem that far too many of my customers experience and how to quickly resolve that issue. This particular problem was lasting for months. More memory was added, servers upgraded, content switches added/upgraded yet the problem still persisted.
Packet or frame slicing our captures can be a great way to hide information in trace files if done correctly. However, you have to really understand the reason for the captures in the first place. For example, often times application performance issues leave many clues at layer 4 (specifically TCP). What happens when you 'hard" slice a trace file and now cannot follow the TCP sequence numbers because the incorrect frame size value is written in the pcap file?
Other times you may need to see the specific application call (SQL/Oracle) to actually fix the problem but you no longer have that data because you've sliced it away.
Single-board computers, like the Raspberry Pi or Odriod, are getting widespread adoption within the network engineering community thanks to their computational power (approximately 1 GHz) and low cost (less than $50 per unit). As a result, more and more companies are deploying these devices within their enterprise networks and using them as monitoring sensors to collect analytics on network performance, wireless networks, and cloud services.
Panos Vouzis is a cofounder of NetBeez which provides network performance monitoring designed for network managers primarily interested in early fault detection and quick troubleshooting of complex wide area networks.
Like many Network Engineers, I have also heard all to often that "The Network is Slow". This is the mantra repeated across the World by end users, server admins and application developers.
Luckily, we are armed with a tool set to not only exonerate the network (in most cases) but also pinpoint exactly where the problem occurred.
Being a Packet Fetcher, the first thing I typically turn to in these situations is handy dandy PCAP(s). In this first case study, we will see how to quickly solve this performance issue given the correct trace files from, more importantly, the correct areas of the network. See the following diagram of the capture points as well as the video at the end of the post.