103 posts categorized "Chris Greer" Feed

Wireshark Quick Tip - Graphing TCP Zero Windows with tcptrace (by Chris Greer)

There is a handy new feature in Wireshark that just made looking at one of my favorite trace files a little more interesting.

The tcptrace graph has been used by analysts for years to graph the efficiency of data transfers over TCP. It helps us to see sequence number increase over time, the receive TCP window, bytes in flight, retransmissions and acknowledged data. That way if there is a hitch in a download or large transfer, you can quickly spot if the issue and get to digging for root cause.

In the screenshot below we see a tcptrace graph with all the pertinent info.

Tcptrace graph Wireshark

This graph is great. It has been a huge help for years. As you can see above, there is a long pause in the data transfer, and with a few clicks we can start to deep dive.

But until recently, there was one thing missing that is very important to know when analyzing data transfers – zero windows.

Continue reading "Wireshark Quick Tip - Graphing TCP Zero Windows with tcptrace (by Chris Greer)" »


LMTV LIVE | Improving Packet Analysis with Synthetic Testing (with Steve Brown and Ward Cobleigh)

LIVE EVENT START TIME : Wednesday, May 16th, 2018 9:30 AM PST

AlterEgoQuiz_LMT200Whether troubleshooting basic user complaints or trying to determine performance in the cloud, the challenges are the same in determining:

  • Where to begin troubleshooting?
  • Is it the network, application, client, server, or now cloud?

We’ll join with experts from Viavi product manager Ward Cobleigh and solutions director Steve Brown to discuss how to use synthetic testing to improve troubleshooting with packet analysis. In this edition of LMTV, we’ll focus on:

  • Extending visibility to the network edge, public cloud, and remote users
  • Confirming issue domain gets to root cause faster

We’ll also run through Viavi’s newest cloud NPM service ObserverLIVE showing troubleshooting examples for the public cloud, distributed architectures, and constant network firefighting scenarios. In the meantime, you can learn about free trials of the service at: www.ObserverLIVE.com


How TCP Works - No-Operation (by Chris Greer)

Hey packet people! 

If you have ever had to analyze a TCP connection, you have definitely seen a three-way handshake. In that handshake, both TCP stacks will exchange the options they are open to use for the connection. In the options field, you may also see several instances of the No-Operation value. 

How does this value work? What does it mean (other than no-operation of course), and how should I interpret it? 

Get the answers to these questions here:

 

Continue reading "How TCP Works - No-Operation (by Chris Greer)" »


How TCP Works - MTU vs MSS (by Chris Greer)

Hey packet people! 

There is a big difference between the Maximum Transmission Unit (MTU) on an ethernet connection or IP interface and the Maximum Segment Size in TCP. In this video we will take a look at how and where each is set, how it impacts the encompassed data, and how the network can adjust these settings. 

These core concepts will help when troubleshooting broken or slow connections due to MTU or MSS. 

Hope it helps in troubleshooting with Wireshark! 

Continue reading "How TCP Works - MTU vs MSS (by Chris Greer)" »


How TCP Works - Window Scaling

Hello packet-heads! 

In this video we will look at the window scale option in TCP. How does this feature improve performance across high-bandwidth, high-latency connections? How does Wireshark come up with the Calculated Window Size field? How can we set the scale factor if we missed the handshake? 

We'll answer all of these questions and more in this nine minute video. 

Enjoy! 

Continue reading "How TCP Works - Window Scaling" »