385 posts categorized "Protocol Analysis" Feed

LMTV LIVE | How to Improve Network Troubleshooting (with Keith Bromley and Bill Coon)

With Paul Offord of Advance7 hosting, Keith Bromley from Keysight Technologies (formerly Ixia) and Bill Coon from Riverbed will be talking about how to use network visibility to improve troubleshooting.

According to an Enterprise Management Associates report (Network Management Megatrends 2016), IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. In addition, pressure can increase exponentially on IT personnel as problem resolution time increases, since it directly correlates to network and application slowness and downtime. There is a new LMTV event happening on February 21, 2018. Keith Bromley from Keysight Technologies (formerly Ixia) and Bill Coon from Riverbed will be talking about how to use network visibility to improve troubleshooting. According to an Enterprise Management Associates report (Network Management Megatrends 2016), IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. In addition, pressure can increase exponentially on IT personnel as problem resolution time increases, since it directly correlates to network and application slowness and downtime. 

Network visibility solutions allow you to get a clearer picture (in a faster way) as to what is happening on your network. This allows you to reduce your mean time to repair (MTTR) performance.

Some key thoughts we will discuss during the event:

  • A Visibility Architecture is an end-to-end infrastructure which enables physical and virtual network, application, and security visibility
  • There are several possible ways to optimize your troubleshooting activities:
    • Insert taps between the network and monitoring tools (or network packet broker) to improve the quality of monitoring data and time to data acquisition
    • Deploy network packet brokers (NPBs) between those taps and the security and monitoring tools to optimize the data sent to the tools, like Riverbed
    • Deploy NPBs that support floating filters to further decrease the time to data acquisition
    • Use NPBs that support adaptive monitoring, which speeds up the data filter deployment process by using automation to replace manual intervention
    • Implement proactive troubleshooting with application intelligence to create a macroscopic troubleshooting approach that reduces fault localization time
  • Network analysis tools, like those from Riverbed, can provide capabilities to help you improve your network operations. Riverbed's SteelCentral application performance monitoring solution let’s you identify network problems to optimize your network.
  • A visibility architecture typically yields immediate benefits such as the following:  eliminating blind spots, improving data flow to security tools, and maximizing network and tool availability
  • A visibility architecture typically yields immediate benefits such as the following:  eliminating blind spots, reducing costs while maximizing ROI, and simplifying data control

Join us for the second of several discussions to learn how to unleash the power of network visibility.

If you can’t make it to the event, watch the podcast on-demand or check out some of these free resources.


How TCP Works - MTU vs MSS (by Chris Greer)

Hey packet people! 

There is a big difference between the Maximum Transmission Unit (MTU) on an ethernet connection or IP interface and the Maximum Segment Size in TCP. In this video we will take a look at how and where each is set, how it impacts the encompassed data, and how the network can adjust these settings. 

These core concepts will help when troubleshooting broken or slow connections due to MTU or MSS. 

Hope it helps in troubleshooting with Wireshark! 

Continue reading "How TCP Works - MTU vs MSS (by Chris Greer)" »


How TCP Works - Window Scaling

Hello packet-heads! 

In this video we will look at the window scale option in TCP. How does this feature improve performance across high-bandwidth, high-latency connections? How does Wireshark come up with the Calculated Window Size field? How can we set the scale factor if we missed the handshake? 

We'll answer all of these questions and more in this nine minute video. 

Enjoy! 

Continue reading "How TCP Works - Window Scaling" »


So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)

I often get trace files from customers with the comments, "there seems to be some TCP retransmissions" but they are not sure just how that really relates to performance issues they are having.  After all, some amount of retransmissions in an Ethernet Network is normal, right? 

There are certainly safeguards against packet loss in the protocols we use today but just what does it do to the end user experience when packet loss occurs?  Join me as we explore troubleshooting with Wireshark and NetData with an example I ran into recently where we needed to get to the bottom of their performance issue.

 

 

 

Continue reading "So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)" »


Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)

Now almost all the streams we analyze are encrypted, how can we see what's inside those pesky SSL/TLS packets. Here's one way.

Bds_iis_log_entry

In the previous video in this series we saw how web logs provide an abundance of information; just the sort of stuff we need to take a performance problem to a developer.  And now we can analyze web logs with Wireshark.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)" »


Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)

Wireshark's new TRANSUM plugin provides a great way to identify slow web site and web service transactions, but there's a problem.  More often than not, web traffic is carried in SSL (TLS) encrypted messages, and so, although we can see slow response times, we can't see the detail.  To prove the cause of a slow response time, ideally we want to see the URI, query strings and, in the case of a web service request, the SOAP Action value.

  Ue_iis_log

If we are very lucky, we may be able to get a copy of the private SSL keys and use Wireshark to decrypt the traffic, but what if that's not possible.  The good news is that web logs have much of the information we need, and we can combine this with Wireshark network traces to get a more complete picture.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 1 (by Paul Offord)" »