98 posts categorized "Wireshark" Feed

4 Ways to Transform Your Packet Capture Workflow (by Zach Chadwick)

When there is a technical problem here at QA Cafe, like you, we go straight to the packets.

 

We’ve been building test solutions for network devices since CDRouter debuted in 2002. Over that time we have learned that the sooner you can put a trace file of a problem in front of someone, the sooner they’ll be able to give you an answer about it.

 

CloudShark Enterprise grew out of our own need to manage and communicate around network capture files. Along the way we’ve learned some best practices for packet capture management. By prioritizing sharing and collaboration, these approaches will transform your workflow to make packet captures work for you.

  Cloudshark-gerald-quote

 

Continue reading "4 Ways to Transform Your Packet Capture Workflow (by Zach Chadwick)" »


Sharkfest 2018 - TCP Fundamentals Part 2 (by Chris Greer)

Greetings packet-people!

This is the second session on TCP Fundamentals that was delivered at Sharkfest US in June. However, consider this a sneak peek for my session at Sharkfest Europe 2018 in Vienna Austria. Hope to see you there. 

If you missed the first session, you can find it here

 

Author Profile - Chris Greer is a Chief Packet Head for Packet Pioneer LLC and a Wireshark Network Analyst. Chris regularly assists companies around the world in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for Wireshark and several packet analysis vendors. 

Chris Greer Packet Pioneer Logo


How TCP Works – The Timestamp Option (by Chris Greer)

TCP Timestamp TSval TSecr

In the TCP handshake, you may see an option called timestamps, shortly followed by scary-looking “TSval” and "TSecr" numbers. What are those values and how can you interpret them? Let’s dig.

What is a TCP Timestamp? 

The timestamps option in TCP enables the endpoints to keep a current measurement of the roundtrip time (RTT) of the network between them. This value helps each TCP stack to set and adjust its retransmission timer. There are other benefits, but RTT measurement is the major one.

How it works.

Each end of the connection derives a 4-byte increasing value. This value is unique to each side and has no real numerical significance. The opposite end does not care what the value is, it will simply echo it back to the original sender. The original sender can then measure the timing between the packet(s) that were sent and received with this unique value.

The value used by each end will be increased as the connection goes along. Many TCP implementations will add the measured network RTT value (in milliseconds) to the 4-byte timestamp and use this new number for the next segment to be sent.

For example, in the screenshot below, we can see both ends of the TCP connection using timestamps. Both values, the one used by the sender and receiver, have been added as columns in Wireshark to make them a little easier to see.

TCP Timestamps

The first packet has a timestamp value of 1125169296. Told you it was long and scary! But let's analyze...

Continue reading "How TCP Works – The Timestamp Option (by Chris Greer)" »


Sharkfest 2018 - TCP Fundamentals Part 1 (by Chris Greer)

TCP is a huge component of the reliable delivery of applications. You are using it at this moment to access and read this article. You are probably using it to deliver most - if not all - of your business critical services on your network. 

But how does TCP "do it's thing?"

Why is the network often blamed even when a TCP-based problem is the real culprit? 

Understanding how TCP works will help network engineers of all experience levels to be better troubleshooters. It will help them fix slow networks, identify the root cause of application issues, and finally get answers to perplexing performance questions. This video, recorded at Sharkfest USA 2018 in Mountain View, California, gives an overview of the fundamentals of TCP. 

Sit back, grab some popcorn, and copy of Wireshark. Let's learn more about TCP! 

 

Author Profile - Chris Greer is the Chief Packet Head for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for Wireshark and for several analysis vendors. Got packet questions? Let's get in touch!

Chris Greer Packet Pioneer Logo