384 posts categorized "Protocol Analysis" Feed

How TCP Works - MTU vs MSS (by Chris Greer)

Hey packet people! 

There is a big difference between the Maximum Transmission Unit (MTU) on an ethernet connection or IP interface and the Maximum Segment Size in TCP. In this video we will take a look at how and where each is set, how it impacts the encompassed data, and how the network can adjust these settings. 

These core concepts will help when troubleshooting broken or slow connections due to MTU or MSS. 

Hope it helps in troubleshooting with Wireshark! 

Continue reading "How TCP Works - MTU vs MSS (by Chris Greer)" »


How TCP Works - Window Scaling

Hello packet-heads! 

In this video we will look at the window scale option in TCP. How does this feature improve performance across high-bandwidth, high-latency connections? How does Wireshark come up with the Calculated Window Size field? How can we set the scale factor if we missed the handshake? 

We'll answer all of these questions and more in this nine minute video. 

Enjoy! 

Continue reading "How TCP Works - Window Scaling" »


So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)

I often get trace files from customers with the comments, "there seems to be some TCP retransmissions" but they are not sure just how that really relates to performance issues they are having.  After all, some amount of retransmissions in an Ethernet Network is normal, right? 

There are certainly safeguards against packet loss in the protocols we use today but just what does it do to the end user experience when packet loss occurs?  Join me as we explore troubleshooting with Wireshark and NetData with an example I ran into recently where we needed to get to the bottom of their performance issue.

 

 

 

Continue reading "So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)" »


Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)

Now almost all the streams we analyze are encrypted, how can we see what's inside those pesky SSL/TLS packets. Here's one way.

Bds_iis_log_entry

In the previous video in this series we saw how web logs provide an abundance of information; just the sort of stuff we need to take a performance problem to a developer.  And now we can analyze web logs with Wireshark.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)" »


Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)

Wireshark's new TRANSUM plugin provides a great way to identify slow web site and web service transactions, but there's a problem.  More often than not, web traffic is carried in SSL (TLS) encrypted messages, and so, although we can see slow response times, we can't see the detail.  To prove the cause of a slow response time, ideally we want to see the URI, query strings and, in the case of a web service request, the SOAP Action value.

  Ue_iis_log

If we are very lucky, we may be able to get a copy of the private SSL keys and use Wireshark to decrypt the traffic, but what if that's not possible.  The good news is that web logs have much of the information we need, and we can combine this with Wireshark network traces to get a more complete picture.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)" »


Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)

Analyzing packets at two points provides an accurate way to determine the delays across a network.  The team at Advance7 used this technique to find the cause of performance and stability problems with a web application.  The system topology was complex, but very common in today's enterprise environments; users accessing systems using a Windows terminal and ESX VDI-delivered desktops.

  Rtt_to_ack

Users reported slow response times and intermittent disconnects.  The path through the network from VDI host to application server was 10 GbE all the way, and so link overload was unlikely.  There were various theories about the cause of the problem but solid evidence was needed.

In this video ...

Continue reading "Palo Alto Packet Latency Case Study Using Workbench and Wireshark (by Paul Offord)" »