9 posts categorized "Mike Canney" Feed

Open Source PCAP warehouse with dependency mapping. (by Mike Canney)

If you're like me, you probably have terabytes of PCAP files filling up your hard drive.  In previous articles I have reviewed one of my favorite "big trace file" tools Packet Analyzer (formerly known as Pilot) from Riverbed.  I absolutely love using this tool for quickly searching through a big trace looking for that needle in the haystack.

What happens when you have 100's of haystacks (PCAP files) and you still want to find that needle?  

In this short video we will look at a way to take that hard drive full of PCAPs, index them, and allow you to very quickly sort through terabytes of data.  

 

 

Continue reading "Open Source PCAP warehouse with dependency mapping. (by Mike Canney)" »


So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)

I often get trace files from customers with the comments, "there seems to be some TCP retransmissions" but they are not sure just how that really relates to performance issues they are having.  After all, some amount of retransmissions in an Ethernet Network is normal, right? 

There are certainly safeguards against packet loss in the protocols we use today but just what does it do to the end user experience when packet loss occurs?  Join me as we explore troubleshooting with Wireshark and NetData with an example I ran into recently where we needed to get to the bottom of their performance issue.

 

 

 

Continue reading "So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)" »


Creating a Useful Wireshark CIFS profile (by Mike Canney)

Combine the great SMB/CIFS decodes in Wireshark with the second to none customization capabilities, and you have the makings of a fantastic tool in your toolbox.  In this short video we talk about how to use Wireshark and the custom profile capabilities to quickly troubleshoot a CIFS file transfer issue.

 Let's take a look:

 

 

  

Continue reading "Creating a Useful Wireshark CIFS profile (by Mike Canney)" »


Give Me Packets!!! Case Study: Slow Oracle DB (by Mike Canney)

There are a number of tools on the market that claim to allow you to analyze Data Bases.  I have many customers that own these tools and sometimes they work great.  Especially if it's what I call a "Low Hanging Fruit" problem, such as a slow SQL call like a SELECT or INSERT etc.  

What happens when it's not so obvious?  This is where deep packet analysis is needed.  In the following case study we will look at a chronic problem that far too many of my customers experience and how to quickly resolve that issue.  This particular problem was lasting for months.  More memory was added, servers upgraded, content switches added/upgraded yet the problem still persisted.  

 Let's take a look:

 

  

Continue reading "Give Me Packets!!! Case Study: Slow Oracle DB (by Mike Canney)" »


The Dark Side of Packet Slicing (by Mike Canney)

SiegerninjaPF

 

Packet or frame slicing our captures can be a great way to hide information in trace files if done correctly.  However, you have to really understand the reason for the captures in the first place.  For example, often times application performance issues leave many clues at layer 4 (specifically TCP).  What happens when you 'hard" slice a trace file and now cannot follow the TCP sequence numbers because the incorrect frame size value is written in the pcap file?

Other times you may need to see the specific application call (SQL/Oracle) to actually fix the problem but you no longer have that data because you've sliced it away.  

Continue reading "The Dark Side of Packet Slicing (by Mike Canney)" »