Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
One of the toughest things to do when analyzing packets is documentation.
I rely on my Tracefile Workbook to make notes when I need to reference a specific packet or event.
Wireshark added a pretty cool feature to help with this process. It is called the Annotation feature. There are 2 different types of annotation; File and Packet.
The File annotation allows you to make some notes regarding the trace file itself. A good example of items to note would be things like recording the test environment, use of span ports, what is being tested or finally a description of the issue.
The Packet annotation allows you to make notes within specific packets. For example you might want to make a note on the packet that caused the application error, or mark the packet that represents when the client clicked submit.
I’ve been preaching the benefits of standardized and consistent testing for as long as I can remember.
If you are part of a team with multiple tools available, the first challenge you face is which tool to use in certain scenarios. Then the harder part – what tests and feature do I use? Better question; do you remember how you used it and the various settings you configured for that last report?
You might be a seasoned veteran and you know the various options of your favorite troubleshooting tool but what does the new guy do to get up to speed?
The same scenario can easily apply if you are a one man shop and haven't used a tool for a while and forget how you tested or configured that tool.
This is precisely why I favor tools where I can save my test criteria. In the past I have even showed you how I use batch files to ensure the tests are performed consistantly.
You haven’t missed something if you noticed that I haven’t mentioned saving your results. That’s an obvious feature and I havent seen a tool out there that cant save its test results. Lets face facts, if the test settings are incorrect, the results are irrelevant and not worth saving.
In this video I use Fluke Networks AirMagnet WiFi Analyzer to perform a site survey or validate an installation.
I get occasional emails and messages requesting that I produce some updated Wireshark quickstart videos. Topics suggested ranged from basic navigation, to how I configure Wireshark and of course troubleshooting scenarios.
I went back and was surprised that some of my Wireshark quickstart tutorials are 2 – 4 years old.
So time to refresh some of the basics and provide some tips and tricks along the way.
I love using the words WiFi Surveyand WiFi Troubleshooting interchangeably because as far as I’m concerned, the only difference between the two is spelling.
When I get involved with WiFi troubleshooting, the typical exercise involves recording the following items; location, signal statistics, throughput, packet loss and jitter. I have showed you some tools that automate or make this reporting methodology easier in previous videos.
The real work happens after you gather this data and attempt to transform it to meaningful information. For example, can I stream multimedia on my WiFi network? What kind of throughput can I expect in the conference room?
In many cases, the tools you use may use proprietary protocols or traffic generation that makes it tricky to predict how the real client’s application will actually perform.
I get many queries regarding TCP operation and general behavior. When you combine the additional questions as to what the various tools are trying to tell us when reporting various errors, I can probably make this a fulltime job.
I was working on a TCP troubleshooting webcast for Fluke Networks when I thought I would share a slide or 2 with you. I chose a TCP false alarm slide as well as a TCP overview slide.
Monitoring and alerting for rogue access points is a fairly common request.
Many of my recent customized onsite training engagements have involved figuring out a way to alert the network staff when a rogue access point appears. Just a quick note; a rogue access point doesn’t have to be a traditional physical device such as a smartphone in hotspot mode or your basic access point router but now there are software access points you can run on your wifi laptop or desktop.
Luckily most of these customers own a copy of AirMagnet Portable WiFi Analyzer, so lately I have been showing people how to configure this software to accomplish this helpful task.
There seems is a bit of confusion when it comes to understanding the main types of AirMagnet products; Portable and Enterprise. I think this stems from the customer believing they only need one or the other. While this may be true, in many cases I have demonstrated the need for both.
Portable tools are simple to figure out; these are tools that you physically carry around to troubleshoot, analyze or gather information.
Enterprise tools involve placing sensors around your network and you can remotely perform the same tasks performed with the portable tools. When it comes to AirMagnet's WiFi Analyzer, you can do some additional things such as block the rogue wireless or disable that switch port that the rogue is connected to and produce some pretty slick reports.
In my experience, I have found people will start with the portable solution and if the network is large enough where being in 2 places at the same time is impossible, or when remote management becomes an issue, they add the enterprise solution to the mix.
When troubleshooting performance issues, I have run across the following scenario many times; is it the pc, network, application or server? Factual side note; the group with the inability to document performance gets the blame.
Just having the methodology to prove which direction to look is incredibly helpful. I have walked into many scenarios where the finger pointing has gone on for months.
Before the flood of emails and comments start flying in explaining that there are products out there to auto-magically do this, I just want to let you know that I am aware of this fact. Knowing how to do this manually only makes these products more valuable since you can appreciate how much time it will save as well as being able to validate ‘the math’ from these tools.