59 posts categorized "Paul Offord" Feed

Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet, by covering a few key points, we can dramatically cut the time needed to analyze any diagnostic data.

In my previous post we looked at the importance of a basic understanding of the topology of the system under investigation. In this blog I'll cover the use of markers; a ridiculously simple, but amazingly powerful, concept.  A marker places a distinctive packet in network packet trace data that we can easily find with Wireshark.

The RPR manual contains six pages of information on markers, covering suggested markers and what to use them for.  If you haven't used markers before you are in for a real treat.  Once you get the hang of them, you'll wonder how you ever did without them.

Let's imagine you've been investigating an intermittent slow response time problem for a bunch of users.  Nobody is quite sure what's causing the problem, although the application and platform teams insist it's not them.  You know the drill; if the cause isn't obvious it must be the network, right?

Billions_of_packets

Luckily, a user experienced the problem this morning, and you had packet traces running.  The bad news is that you have 500 GB of trace data (about 5 billion packets) and the user is vague about the time of the problem.

The first strategy ...

Continue reading "Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)" »


LMTV LIVE | Performance Article and TribeLab - Tony Fortunato and Paul Offord

In this episode, Tony Fortunato and Paul Offord are hijacking LMTV.  

Tony is covering Cisco router speed testing and the merits of performance testing.  Tony will briefly cover why you need to pay attention with the protocol you use and why you should avoid the disk - initially.

Paul is previewing two new updates to TribeLab Workbench; the first allowing you to explore more data types with tools like Excel and Wireshark, and the second extending the range of tools in the toolbox.  

Paul will demonstrate how Excel can open not just a Wireshark trace file, but also an ETL file captured using netsh trace.  We'll also see how we can add TraceWrangler to the toolbox to give us drag-and-drop anonymization of trace files.

 

 


Network Troubleshooting Tip - Understand the System (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet by covering a few key points can dramatically cut the time needed to analyze any diagnostic data.

In my previous post I covered the selection of a single symptom for investigation. In this blog we'll discover the need to understand more than just the network connectivity.

I remember visiting a third party data center and chatting to a network engineer who had been leading the investigation into a Citrix performance problem. He had spent months looking at this issue and I was shocked to discover how little he understood about the system he was analyzing. I asked him to draw a rough diagram showing the main components of the system and how they talked to each other. He couldn't and didn't see the need. As far as he was concerned, packets went into one switch port and they came out of another. "I don't need to know what connected to those ports", he informed me.

This may be an extreme example, but I have attended many meetings with teams that have been investigating a performance problem and nobody is able to draw the system on a whiteboard.

Ipt_diag

Modern systems are very complex, and so we need to sketch out the system with enough detail to provide everyone with an understanding of how it works, but not so much that it's overwhelming.  Advance7 has found ...

Continue reading "Network Troubleshooting Tip - Understand the System (by Paul Offord)" »


Capture packets with a standard Windows tool (by Paul Offord)

Wireshark is a great way to capture network packets, but it's not always practical to use it.  In an enterprise environment, at the very least, we need to get a change approved to install the software.  Often it is just not possible to get approval to install Wireshark onto a desktop or server.  So packet capture isn't possible - or is it?

Windows includes a rarely-used command line tool that has many of the capabilities of Wireshark dumpcap.  It's there ready and waiting, on every Windows machine!  Let's take a look at how we can use it.

Netsh_trace_ss

Windows 2000 introduced a command line utility called netsh (network shell).  As the name suggests, netsh is a shell environment that provides commands that address network issues.  One of the commands it provides is netsh trace, a simple command line packet capture tool.

 In the following video ..

Continue reading "Capture packets with a standard Windows tool (by Paul Offord)" »