374 posts categorized "Protocol Analysis" Feed

How TCP Works - Sequence Numbers (by Chris Greer)

TCP is important stuff for network engineers to know. 

Why? 

Today's problems aren't so cut-and-dry as they used to be. When a problem strikes, we can't just say "it's not the network" and go along with our day. A core understanding of TCP and how it carries and acknowledges data goes a long way in finding the root cause of performance problems today. 

One key aspect of TCP that is important to learn is the Sequence and Acknowledgement process. To put it simply, these numbers in the TCP headers indicate how much data has been sent and received. They allow each endpoint to determine if there was packet loss, what needs to be retransmitted, and help to determine how much data is in flight. 

For a six-minute crash-course on how TCP Sequence numbers work, check out this video:

 

Thanks for checking it out and hopefully it helps all packet-heads out there! 

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. Got network problems? Let's get in touch

Chris Greer Packet Pioneer Logo


How TCP Works - The Handshake (by Chris Greer)

This video uses Wireshark to show how the handshake process works in TCP. It is part of a new TCP Fundamentals series on the Packet Pioneer YouTube channel. I hope it helps the budding packet-heads out there! 

 Enjoy!

 

 

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. Got network problems? Let's get in touch

Chris Greer Packet Pioneer Logo




Sharkfest 2017 - Winning the Network Blame Game (by Chris Greer)

This session was recorded at Sharkfest 2017 on June 19th at Carnegie Mellon University. 

This session was recorded at Sharkfest 2017 – June 19th at Carnegie Mellon University in Pittsburgh. It delves into the reasons why people blame the network for performance problems, why these issues linger, and how network engineers can solve them using Wireshark.

I hope this helps you in resolving those pesky network and application issues.

Chris Greer Packet Pioneer Logo

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. Got network problems? Let's get in touch

Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet, by covering a few key points, we can dramatically cut the time needed to analyze any diagnostic data.

In my previous post we looked at the importance of a basic understanding of the topology of the system under investigation. In this blog I'll cover the use of markers; a ridiculously simple, but amazingly powerful, concept.  A marker places a distinctive packet in network packet trace data that we can easily find with Wireshark.

The RPR manual contains six pages of information on markers, covering suggested markers and what to use them for.  If you haven't used markers before you are in for a real treat.  Once you get the hang of them, you'll wonder how you ever did without them.

Let's imagine you've been investigating an intermittent slow response time problem for a bunch of users.  Nobody is quite sure what's causing the problem, although the application and platform teams insist it's not them.  You know the drill; if the cause isn't obvious it must be the network, right?

Billions_of_packets

Luckily, a user experienced the problem this morning, and you had packet traces running.  The bad news is that you have 500 GB of trace data (about 5 billion packets) and the user is vague about the time of the problem.

The first strategy ...

Continue reading "Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)" »


Troubleshooting with Wireshark - Remove Unrelated Protocols (by Chris Greer)

Sometimes packet digging can get tedious. We've all been there. 

It can be hard to set the right filter that lets us hone in on the root cause. In many cases, it is just as helpful to remove protocols from view that are not probably not related to the problem. At least that will give us less to dig through. I call that removing "packet static". 

In this video, we will look at how to create a button in Wireshark that will remove common protocols or conversations that will simplify the trace. 

 

Hope this helps when packet digging! 

Continue reading "Troubleshooting with Wireshark - Remove Unrelated Protocols (by Chris Greer)" »