Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
This article will be presented as a session at Sharkfest 2014 on June 17th, 2014. For the video of this session, stay tuned to LoveMyTool.
As most people in the network universe know, reading packet captures can be tough. After all, it’s the most detailed form of analysis that we have and can really help get into the guts of an issue. However, the high level of detail and the 10Gbit (and beyond) connections that we capture on can make traces get very big, very fast. If you’ve never had the pleasure of combing through a one-million packet trace looking for a bad SQL call, then take my word for it – it isn’t always fun, or easy.
With that said, there are certain things that we do as analysts that can compound this issue, making traces even harder to read. Even on small links with simple trace files, there are actions that we may take (or not take) that further complicate our efforts to capture, read, and understand a problem. Below we describe a few of the bigger ones.