100 posts categorized "Deep Packet Inspection" Feed

IoT: Tesla Model S Remote Control (by Jonathan Whiteside, Darrin Roach and Paul Offord)

With the proliferation and expansion of wireless technologies, it is now becoming commonplace for vehicles to be connected to the Internet for numerous reasons, such as website access, telematics and always connected emergency services.

Tesla Motors is very much at the forefront of the ‘Connected Vehicle’ revolution, producing vehicles with ‘always on’ connectivity through 4G LTE and WiFi.  This gives the driver features such as Google Maps navigation, web access and Spotify.

Tesla_control

It also allows remote operation features such as climate control and charge port opening/closing, as well as providing an instant view of battery charge levels.  All these features can be readily accessed from a mobile phone app or desktop app on a PC.

The objective of this experiment was ...

Continue reading "IoT: Tesla Model S Remote Control (by Jonathan Whiteside, Darrin Roach and Paul Offord)" »


LMTV LIVE | How to Improve Network Troubleshooting (with Keith Bromley and Bill Coon)

With Paul Offord of Advance7 hosting, Keith Bromley from Keysight Technologies (formerly Ixia) and Bill Coon from Riverbed will be talking about how to use network visibility to improve troubleshooting.

According to an Enterprise Management Associates report (Network Management Megatrends 2016), IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. In addition, pressure can increase exponentially on IT personnel as problem resolution time increases, since it directly correlates to network and application slowness and downtime. There is a new LMTV event happening on February 21, 2018. Keith Bromley from Keysight Technologies (formerly Ixia) and Bill Coon from Riverbed will be talking about how to use network visibility to improve troubleshooting. According to an Enterprise Management Associates report (Network Management Megatrends 2016), IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. In addition, pressure can increase exponentially on IT personnel as problem resolution time increases, since it directly correlates to network and application slowness and downtime. 

Continue reading "LMTV LIVE | How to Improve Network Troubleshooting (with Keith Bromley and Bill Coon)" »


Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)

Now almost all the streams we analyze are encrypted, how can we see what's inside those pesky SSL/TLS packets. Here's one way.

Bds_iis_log_entry

In the previous video in this series we saw how web logs provide an abundance of information; just the sort of stuff we need to take a performance problem to a developer.  And now we can analyze web logs with Wireshark.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)" »


Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)

Wireshark's new TRANSUM plugin provides a great way to identify slow web site and web service transactions, but there's a problem.  More often than not, web traffic is carried in SSL (TLS) encrypted messages, and so, although we can see slow response times, we can't see the detail.  To prove the cause of a slow response time, ideally we want to see the URI, query strings and, in the case of a web service request, the SOAP Action value.

  Ue_iis_log

If we are very lucky, we may be able to get a copy of the private SSL keys and use Wireshark to decrypt the traffic, but what if that's not possible.  The good news is that web logs have much of the information we need, and we can combine this with Wireshark network traces to get a more complete picture.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)" »


Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)

Analyzing packets at two points provides an accurate way to determine the delays across a network.  The team at Advance7 used this technique to find the cause of performance and stability problems with a web application.  The system topology was complex, but very common in today's enterprise environments; users accessing systems using a Windows terminal and ESX VDI-delivered desktops.

  Rtt_to_ack

Users reported slow response times and intermittent disconnects.  The path through the network from VDI host to application server was 10 GbE all the way, and so link overload was unlikely.  There were various theories about the cause of the problem but solid evidence was needed.

In this video ...

Continue reading "Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)" »


TCP Checksum Error Case Study (by Paul Offord)

When I see TCP Retransmissions and Dup ACKs in a trace I naturally think about packet loss, but that's not the only cause.  The TCP Checksum mechanism is used to check the integrity of the TCP payload (or segment) and, although it's rare to see genuine checksum errors in a trace, it's another cause of retransmissions.

  Network topology

For Wireshark users there's good and bad news.  The good news is that Wireshark can check each packet for TCP Checksum errors.  The bad news is that they are not always genuine errors.  So how can we tell the difference?

In this video ...

Continue reading "TCP Checksum Error Case Study (by Paul Offord)" »