With the ability to capture traces along the path from user to server comes the advantage of narrowing down a problem to a particular area of the network.
Whilst matching identical packets may be fairly straightforward, it gets complicated when the traffic passes through firewalls, load balancers and proxies.
In the first of my SharkFest presentations, we covered tips and tricks to match packets as that flow from PC to server and back again.
In the following presentation I explain four different strategies to match packets so that we can deal with challenges such as:
- NAT and PAT
- SSL especially with load balancers
- Increased traffic volumes seen deeper into a system
- Capture time sync inaccuracies
I illustrate the strategies and various techniques with Wireshark examples.