104 posts categorized "Chris Greer" Feed

Wireshark Quick Tip - Opening Two Traces At Once on Mac OS (by Chris Greer)

Hey packet people!

If you are a Mac user and you need to do a side-by-side analysis of two trace files using Wireshark, this video will show you how. I got this tip from Mr. Gerald Combs himself. Thanks Gerald! 

Just wanted to post this in time for Sharkfest next week. You know, so you can follow along with the instructor while comparing a trace from your environment.

Continue reading "Wireshark Quick Tip - Opening Two Traces At Once on Mac OS (by Chris Greer)" »


Wireshark Quick Tip - Graphing TCP Zero Windows with tcptrace (by Chris Greer)

There is a handy new feature in Wireshark that just made looking at one of my favorite trace files a little more interesting.

The tcptrace graph has been used by analysts for years to graph the efficiency of data transfers over TCP. It helps us to see sequence number increase over time, the receive TCP window, bytes in flight, retransmissions and acknowledged data. That way if there is a hitch in a download or large transfer, you can quickly spot if the issue and get to digging for root cause.

In the screenshot below we see a tcptrace graph with all the pertinent info.

Tcptrace graph Wireshark

This graph is great. It has been a huge help for years. As you can see above, there is a long pause in the data transfer, and with a few clicks we can start to deep dive.

But until recently, there was one thing missing that is very important to know when analyzing data transfers – zero windows.

Continue reading "Wireshark Quick Tip - Graphing TCP Zero Windows with tcptrace (by Chris Greer)" »


LMTV LIVE | Improving Packet Analysis with Synthetic Testing (with Steve Brown and Ward Cobleigh)

LIVE EVENT START TIME : Wednesday, May 16th, 2018 9:30 AM PST

AlterEgoQuiz_LMT200Whether troubleshooting basic user complaints or trying to determine performance in the cloud, the challenges are the same in determining:

  • Where to begin troubleshooting?
  • Is it the network, application, client, server, or now cloud?

We’ll join with experts from Viavi product manager Ward Cobleigh and solutions director Steve Brown to discuss how to use synthetic testing to improve troubleshooting with packet analysis. In this edition of LMTV, we’ll focus on:

  • Extending visibility to the network edge, public cloud, and remote users
  • Confirming issue domain gets to root cause faster

We’ll also run through Viavi’s newest cloud NPM service ObserverLIVE showing troubleshooting examples for the public cloud, distributed architectures, and constant network firefighting scenarios. In the meantime, you can learn about free trials of the service at: www.ObserverLIVE.com


How TCP Works - No-Operation (by Chris Greer)

Hey packet people! 

If you have ever had to analyze a TCP connection, you have definitely seen a three-way handshake. In that handshake, both TCP stacks will exchange the options they are open to use for the connection. In the options field, you may also see several instances of the No-Operation value. 

How does this value work? What does it mean (other than no-operation of course), and how should I interpret it? 

Get the answers to these questions here:

 

Continue reading "How TCP Works - No-Operation (by Chris Greer)" »


How TCP Works - MTU vs MSS (by Chris Greer)

Hey packet people! 

There is a big difference between the Maximum Transmission Unit (MTU) on an ethernet connection or IP interface and the Maximum Segment Size in TCP. In this video we will take a look at how and where each is set, how it impacts the encompassed data, and how the network can adjust these settings. 

These core concepts will help when troubleshooting broken or slow connections due to MTU or MSS. 

Hope it helps in troubleshooting with Wireshark! 

Continue reading "How TCP Works - MTU vs MSS (by Chris Greer)" »