I love it when old tried and true methodologies still ring true. A great example is my old favorite; VLAN, broadcast or subnet analysis. This is one of my favorites for various reasons; 1. I don't need a span or mirror port 2. I get to see how various network devices are configured such as STP, OSPF, CDP, etc 3. Same as number 2 but for the client In this video, I show you how to use Wireshark and filter on DHCP, then spefici client conversations as well as see the effects of some old ip helper or dhcp relay configs that pointed to the local dhcp server. ... https://www.youtube.com/watch?v=BFP20O_qg48
Troubleshooting Loops: IPv4 ID/TTL and Addressing Notes
Before I start, let the first cover a very common question I get asked. I will not be providing vendor specific information on this troubleshooting example. Nor will I be sharing the trace file.
The goal of this article and video, is to introduce you to the methodology, tips and tricks, and other things that you may not have thought of when you perform protocol analysis.
On to the problem; I covered a little bit about this in previous articles when I was talking about making a larger trace file manageable.
The client is complaining that the network has performance brownouts and wireless clients tend to get dropped off. So, I asked them to connect his computer to any port on that same deal and start a capture for a few minutes and then stop it, and send it to me. I then filtered and the capture device’s traffic and will go through the remaining packets and this exercise.
In the video you will see how I leverage the IP identifier, time to live and MAC addresses to determine what is happening. When I present or teach, I stress the goal of troubleshooting is to either prove what the issue is NOT or to figure out where your test point is with the final target being identifying the root cause.
Spoiler alert, the high packet rate of small broadcast packets is causing the problem.
...
https://www.youtube.com/watch?v=iLaGKdri3Wc
This is a pretty neat little utility that will record what you download/run when you go to a website site as well as how long it took.
Linkedin Profile http://ca.linkedin.com/in/fortunat
Lovemytool Blog: http://www.lovemytool.com/blog/tony-fortunato/
Youtube Channel: http://www.youtube.com/user/thetechfirm
...
https://www.youtube.com/watch?v=EC4iaHNr-0E
In this video I show you how upgrading this printer from 10 Mb to 100 Mb knocked its performance to under 1 Mbps.
I go over a bit of the 3 way handshake and how to analyze the TCP window flow.
...
https://www.youtube.com/watch?v=N-n1n6WKmRs
Troubleshooting WiFi Issues with Wireshark
A customer called me and wanted some help troubleshooting some wireless problems. Their users have been reporting intermittent wireless performance issues and getting 'dropped'. To top it all off their WLAN controller has also been reporting 'containment' error messages that weren't to descriptive or helpful.
I showed up on site and did all the basic RF checks with my AirMagnet Spectrum XT to make sure there wasn't an RF issue like an interferer or channel planning issues. Like I always say, "Start at Layer 1".
Then I moved up a layer using my Fluke Networks AirCheck and AirMagnet WiFi Analyzer. Everything looked pretty quiet and nothing jumped up at me, so I saved some trace files to review later.
When I thought I would take the trace file and open it with Wireshark since I have more experience with packet analysis than I do using the AirMagnet/AirCheck tools.
In this video I show you some of the filters I used, what they mean and what I found.
I always enjoy getting to the packet level since packets don't lie, but would also like to spend more time with the other tools now that I know what issues are to see how or what they report.
In closing there are a few points I want to make sure aren't lost throughout the video;
1. Just because I used Wireshark to find some clues does not mean that the other tools were less effective, I just have more experience with protocol analysis/Wireshark.
2. If you deploy any kind of wireless intrusion system, make sure you don't just turn it on without proper network due diligence.
Linkedin Profile http://ca.linkedin.com/in/fortunat
Lovemytool Blog: http://www.lovemytool.com/blog/tony-fortunato/
Youtube Channel: http://www.youtube.com/user/thetechfirm
...
https://www.youtube.com/watch?v=rpL5irIj_Qo
By Tony Fortunato, Sr Network Performance Specialist, The Technology Firm – https://www.thetechfirm.com
Working on an issue with a client where his VOIP phone’s get stuck at the ‘initialization’ process. As we chatted over the phone we quickly determined that this issue occurs when a phone is powered off and back on. The client also mentioned that this seemed to start about a year ago when they got a new router installed.
I asked how he typically resolved the issue and he said “I just reboot stuff until everything works”. I have to give him credit, at least he was honest.
Just a few things I checked when I got on site:
- Yup, the problem is definitely repeatable which is a huge plus when troubleshooting.
- Verified that the phone had a link light
- Phone reports that it has
...
https://www.youtube.com/watch?v=ylj7ER9PUBU
When can you filter out SNMP
One of the biggest challenges we face as protocol analysts is what can we ‘filter out’ from a trace file to make our packet analysis job easier.
In this quick video I explain when, why and how you can remove SNMP from your trace in most scenarios.
...
https://www.youtube.com/watch?v=qksK9_9esHI
I’ve been talking about ‘Offloading’ since the introduction of Windows 7 and never surprised when the topic pops back up.
I thought this would be a good opportunity to review the impact offloading has on troubleshooting as well as share some of the behind the scenes set up information.
I start with how I configured my Network Critical SMARTNA-XL TAP/Packet Broker https://www.networkcritical.com/smartna-xl which is very important since we don’t want “garbage in”.
After the capture we have 2 traces, one from the client’s laptop and one from the SmartNA-XL monitor port that I will review. I cover why the client has huge packet sizes and the difference from the tap’s capture.
So in a nutshell this video has Packet Broker configuration, packet capture and some packet analysis, all under 10 minutes.
...
https://www.youtube.com/watch?v=NCcnC5z1J3U
Before I get into the tshark command syntax and other details, I want to chat about why you want to use tshark or any command lint tool. Simply put, working from the command line allows a tremendous amount of consistency and flexibility.
Consistency
When you try to have someone perform your capture using the Wireshark GUI, there are many opportunities for errors as well as just being very time consuming. When you have the command line syntax figured out you can put it in an email, batch file or document ensuring the client is doing exactly what you wanted. The added bonus is that working from, the command line is usually more responsive that remotely controlling a GUI over possibly slow links.
Flexibility
As I mentioned earlier, using the command line allows you to put the command in a batch file or document. This is incredibly useful if you wanted to schedule a capture, or if you wanted to configure a computer to automatically start capturing when it’s turned on. Other examples would be setting a desktop shortcut for the client to start
...
https://www.youtube.com/watch?v=lkiG231lDHQ
https://www.thetechfirm.com
I get involved with a lot of performance related troubleshooting and the majority of the time the root cause is related to packet loss or excessive latency.
Let me start with explaining the difference between the two terms. Packet Loss is literally when you do not receive a packet. This can be caused by a variety of reasons such as corrupted frames, RF interference, half full duplex mismatches, dirty fibre connectors, oversubscribed links and routing issues. Packet loss is an issue since TCP based protocols will have to wait and retransmit lost frames. The key word here is ‘wait’ since waiting implies you are no longer transmitting. For example, if you had a 500ms delay on 10 Mb link, you lost the opportunity to transmit 5 Mb within that 500 ms time frame. If your application is UDP based, all bets are off and it is up the application to decide what to do. I’ve seen UDP based applications react to packet loss by terminating the connection, resend data or corrupt data. With VOIP you hear echo and distorted audio.
read the rest at
https://www.networkcomputing.com/networking/packet-loss-vs-latency-analyzing-impact/523143466
...
https://www.youtube.com/watch?v=X8oZqRHuyPA