Presenter Profile - Hansang Bae currently leads the Network/Application Performance Engineering Team with direct responsibility for Packet Capture Infrastructure at Citi. He brings a unique perspective with his broad knowledge of protocol analysis in a complex enterprise infrastructure.
As one of his colleagues puts it, “Hansang is one of the most outstanding individuals in the industry. His technical expertise is second to none. He is also an amazing leader, mentor, and a highly ethical, sincere person. Hansang possesses the unique ability to explain highly complex topics to a broad audience, which earned him the trust and respect from every person he encountered within Citigroup. ”
Editor's note - This presentation was recorded at Sharkfest 2012 - UC Berkely, CA - June 24th-27th.
A better way to visualize HTTP packets for analysis!
One of the more practical, and yet fundamental uses of packet capture analysis in todays networks is examining HTTP flows to isolate problems with the protocol or underlying network interactions. However, 1) getting accurate and 2) easily accessible/understandable data for a successful review can vary wildly depending on the tools used, particularly when it comes to timing information. This can be a difficult task but there is some new technology that can help. The QACafe Team has come up with a tool that will help you in this investigation with T-Shark by giving you a higher plane of useful visualization. T-Shark is an open source terminal based on Wireshark - http://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html , that allows for easily programed packet capture interactions.
TShark - A Wireshark tool!
The HTTP request analysis tool from CloudShark, http://cloudshark.org/ , contains a solution for both problems. This tool takes advantage of a powerful and simple web interface which makes collaboration on HTTP data faster and easier while interacting with T-Shark.
Continue reading "A better way of Analyzing HTTP Packet Captures from Cloudshark (by Jason Walls)" »
As everyone knows Wireshark is the ultimate Open Source network and data packet visualization tool.
So can you find the three problems in the traces below....The Challange Begins!!
Every Network Engineer should know Wireshark inside and out regardless of the commercial tools they use. Here is an incrediable oportunity for those in and around Austin, Texas, capitol of the Great State of Texas!
Should you Go to this Class - Well lets look at some of the things you will learn about...see if you know the answers of what is in these Wireshark traces -
What do you see that is a problem in this filtered Wireshark trace????
Answer - that you will learn in the class-
This is what it looks like when another 10mb device’s preamble overwrites another packet.
The preamble pattern of 1010 works out to be A and 0101 is 5.
Probable cause: half/full duplex mismatch
Ok, Do You Want To Try another trace -
Continue reading ""Should I go" Challange - Wireshark Training in Austin, Texas" »
The world of IT and networking is changing, and it’s changing fast. Not only are networks getting much faster but IT and data are going virtual, applications are migrating to the web, people are bringing their own toys to work and the cyber crooks are playing a much smarter game than they’ve ever played before. The days of organizations deploying relatively simple point solutions on COTS (commercial off the shelf) hardware have gone for good. It’s time to face the facts: A single dropped packet could mean the difference between seeing the Stuxnet worm and seeing nothing!!!
Too Much to see - too fast - where is it!
The real problem that organizations face is one of network visibility. It’s inconceivable to imagine airport security letting passengers skip the metal detector when the queue gets a bit long, yet there are thousands of systems in the ground that are currently dropping millions of packets daily from capture and even inspection. Today there are glaring holes in the armor that are exposing critical data and systems to the criminal fraternity.
Here is a list of three visibility pre-requisites that decision-makers responsible for procuring network security, network monitoring or any type of network instrumentation must be looking for:
- Absolute proof of continuous 100 percent accurate packet capture and inspection at line rate at 1Gbps, 10Gbps, 40Gbps AND 100Gbps.
100Gig is just around the corner and any technology decisions, particularly expansive long term integrations, must take into account the demands of tomorrow’s network as well as today’s. Continuous 100 percent packet capture and inspection at high speeds is a problem that, as any expert will attest, can only be solved in hardware. There’s a compelling argument that suggests we are about to enter a new age of purpose built, ultra high performance network monitoring and recording systems that are designed from the ground up to capture, analyze (inspect) and record packets for the purposes of network visibility and loss mitigation.
Continue reading "Network visibility and inspection (by Tim Nichols)" »
One of the latest buzzwords in IT is BYOD (Bring Your Own Device). The topic has been covered in many different places, but this article will focus on how an IT department can attack the issue, even without budget or a top-down mandate.
BYOD is inevitable, given that consumer-grade technology is better, faster, and cheaper than business-grade. Consumers don’t have to wait 3 years for the equipment to depreciate before it can be replaced, so employees can often purchase a personal laptop that’s at least as powerful as their work equipment. Additionally, the latest technological status symbols are highly mobile, highly connected, and highly addictive. Even if current security policy forbids it, users will bring to the office their smartphones, tablets, and occasionally laptops.
What doesn’t work in BYOD
I’ve seen several reactions by businesses to the idea of BYOD. The most common case has been denial: IT simply does not support non-standard equipment. IT engineers can identify if their site fits this pattern by the number of times any given person will ask for iPhone support. If it’s only once, it means that the user found someone else to help them. iPhone users are social by nature, and once one person figures out how to get online, that information will spread virally.
Continue reading "BYOD: Pull the Weeds and Plant a Walled Garden (by Jim MacLeod)" »
The 10 Gigabit myth:
As I have mentioned, a number of vendors claim that they handle 10 Gbps with ease, but how do you know unless you test them? As Tim O’Neil says, “Don't trust them, test them”! That is exactly what we did.
Riverbed Cascade Shark:
I recently was able to get my hands on a Cascade Shark Appliance. I suspect many of you have seen my reviews on Cascade Pilot and know how much I love this product for slicing and dicing extremely large trace files. Pilot has truly changed my life when it comes to mining out data from large packet traces. Naturally, I was very excited to see if the Shark Appliance could live up to my huge expectations.
Recent Comments