91 posts categorized "Deep Packet Inspection" Feed

What is Network Metadata? (by Morgan Doyle)

What is Network Metadata?

The human view in Network Visualization!

Network Metadata is human readable data that describes your network traffic. It is generated and consumed by network traffic monitoring systems to analyse and report on network and user activity. This type of continuous monitoring is concerned with users, the apps they use and the data they access. It is generally not used for monitoring the health of the network fabric and attached devices.

Metadata the human view

The graphic below depicts some of the available technologies for continuous network traffic monitoring and how they relate to each other in terms of the information provided and the cost and complexity of implementation.

One on network metadata

Network Metadata is used to fill the gap between the “not-enough-detail” SNMP switch port counters and “too-much-complexity, too expensive” full packet capture systems.

Continue reading "What is Network Metadata? (by Morgan Doyle)" »


Monitoring network file stores by analysing network traffic! (by Darragh Delaney)

Monitoring network file stores by analysing network traffic!

Network based file stores have been around for quite some time now and they continue to be a popular way to share data within organizations. While cloud based services such as Dropbox and Office 365 are popular, network based file stores will be around for a long time.

There are many reasons why organizations choose to store their data locally on their network. For many, it comes down to the security risks of storing confidential data outside of their networks. For others, it is the convenience of locally stored data which can be easily accessed and it won’t go offline if Internet connectivity is lost.

See your network

However, network based file stores have become the number one target for Ransomware attacks. All it takes is for one infected client to encrypt all data on network file shares. For this very reason alone,  it is vital that you have some level of visibility as to what is happening on your network file stores. From my own experience, I know of three approaches:

  1. Agent\client based software solutions
  2. Native logging on file server
  3. Network traffic analysis

I am not going into any detail on the agent\client options as they are very vendor specific and I don’t know of any that does not impact on file server performance.

Continue reading "Monitoring network file stores by analysing network traffic! (by Darragh Delaney)" »


First Day Takeaways from NETSCOUT Engage 2016 (by Chris Greer)

Netscout engage 2016

 

Team Green has arrived in Dallas with their annual technology and user summit - Engage 2016. This conference is primarily an opportunity for users to come and interface with trainers, engineers, and product developers as they share tips, tricks, use cases, and new features on the NETSCOUT products.

This is my first Engage conference, so I really wasn’t sure what to expect upon walking through the door. On the website they posted the session titles and speakers, so at least I had an idea on the topic breadth that would be covered, but as for the size and scope of the conference overall, that would be new. (By the way, if you are at Engage and want to stop by my session - Advanced Troubleshooting Across SNMP, NetFlow, and Packet with TruView - I’ll be teaching in the Sanger room on Thursday at 3:10pm, stop on by!)

Continue reading "First Day Takeaways from NETSCOUT Engage 2016 (by Chris Greer)" »


Wireshark Use Case: Slow Response Times - Part 4 (by Paul Offord)

Now we step into the data center to look a bit deeper into a slow response time problem using PCAP traces, Wireshark and markers.

So far we believe that we have proven that the problem isn't a network problem but is due to a slow response from the web server. Luckily we have matching traces captured in the data center.

Capture topology

Better still the data center trace shows browser to web server and web server to database traffic.  So let's crack on ...

Continue reading "Wireshark Use Case: Slow Response Times - Part 4 (by Paul Offord)" »


Wireshark Use Case: Slow Response Times - Part 3 (by Paul Offord)

In this short series of videos we are looking at troubleshooting a slow response time problem using PCAP traces, Wireshark and markers.

In this video we take a look at combining three free tools (Workbench, Wireshark and TRANSUM) to identify the cause of a slow response time problem.

Sonar3

We contrast traditional statistical-based troubleshooting using standard Wireshark IO Graphs with transaction analysis.  We also discover ...

Continue reading "Wireshark Use Case: Slow Response Times - Part 3 (by Paul Offord)" »


Wireshark Use Case: Slow Response Times - Part 2 (by Paul Offord)

In this short series of videos we are looking at troubleshooting a slow response time problem using PCAP traces, Wireshark and markers.

In the last video we discovered a simple way for a user to send a marker into our network traces.

Wb_marker_ss

In this video we discover how to find markers in a Wireshark trace.  We also ...

Continue reading "Wireshark Use Case: Slow Response Times - Part 2 (by Paul Offord)" »