108 posts categorized "Chris Greer" Feed

Wireshark Week - How to Fix Slow (by Chris Greer)

Sick of being blamed for the spinning wheels and delays in applications? 

Most network engineers are tired of hearing "It's the network", but don't have the packets to prove it. This week, Viavi Solutions is hosting Sharkweek - a five day series of webinars featuring Wireshark. This year, they have focused on these titles:

Intro to Wireshark 

How to fix "Slow"

Troubleshooting Performance in the Cloud

Monitoring and Assessing Encrypted Traffic

Troubleshooting High-Speed Networks

In the webinar about how to fix slow, we will look at how to set up Wireshark to make pinpointing problems faster, learn new filters to hone in on "slow", and learn how to quickly isolate the problem domain. 

Check out the links above to register. Hope to see you there! 

Chris Greer Packet Pioneer Logo

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors.

Sharkfest 2018 - TCP Fundamentals Part 2 (by Chris Greer)

Greetings packet-people!

This is the second session on TCP Fundamentals that was delivered at Sharkfest US in June. However, consider this a sneak peek for my session at Sharkfest Europe 2018 in Vienna Austria. Hope to see you there. 

If you missed the first session, you can find it here


Author Profile - Chris Greer is a Chief Packet Head for Packet Pioneer LLC and a Wireshark Network Analyst. Chris regularly assists companies around the world in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for Wireshark and several packet analysis vendors. 

Chris Greer Packet Pioneer Logo

How TCP Works – The Timestamp Option (by Chris Greer)

TCP Timestamp TSval TSecr

In the TCP handshake, you may see an option called timestamps, shortly followed by scary-looking “TSval” and "TSecr" numbers. What are those values and how can you interpret them? Let’s dig.

What is a TCP Timestamp? 

The timestamps option in TCP enables the endpoints to keep a current measurement of the roundtrip time (RTT) of the network between them. This value helps each TCP stack to set and adjust its retransmission timer. There are other benefits, but RTT measurement is the major one.

How it works.

Each end of the connection derives a 4-byte increasing value. This value is unique to each side and has no real numerical significance. The opposite end does not care what the value is, it will simply echo it back to the original sender. The original sender can then measure the timing between the packet(s) that were sent and received with this unique value.

The value used by each end will be increased as the connection goes along. Many TCP implementations will add the measured network RTT value (in milliseconds) to the 4-byte timestamp and use this new number for the next segment to be sent.

For example, in the screenshot below, we can see both ends of the TCP connection using timestamps. Both values, the one used by the sender and receiver, have been added as columns in Wireshark to make them a little easier to see.

TCP Timestamps

The first packet has a timestamp value of 1125169296. Told you it was long and scary! But let's analyze...

Continue reading "How TCP Works – The Timestamp Option (by Chris Greer)" »

Troubleshooting a Spotty/Bad Internet Connection (by Chris Greer)

Recently, I changed my internet service to a new provider. These guys promised some decent bandwidth at a good price.

After getting it installed, nerd-proofed, and monitored, all looked good.

That is until I had a remote training class to teach over WebEx – then the audio issues began. (Of course! Why do these issues always KNOW?!?! Right when you need the connection the most – boom!)

Every 10-15 minutes or so the audio would drop for about 5 seconds. The students could still see my screen, but the audio was clearly having issues. Fortunately, I could call in using my cell and finish up the class with no further problems.

As much as I wanted to blame WebEx, I knew that it was no small coincidence that I had just changed my internet service. Alas, this time it looked like it really was the network! Time to crack out the tools and troubleshoot.

Packet Capture - Wireshark

Continue reading "Troubleshooting a Spotty/Bad Internet Connection (by Chris Greer)" »