server delay
Server Delay
When it comes to packet/application analysis the trickier ones involve multi-tier or multifunction servers.
For example, you might use a web browser to access a server and when you make a query, the webserver will make a database query which might be an external or local server.
To capture the entire transaction will require multiple capture points, good timing and different capture filters.
In this video, I captured from the client and server and I walk through the basics of determining what happens when a client runs a php script.
3
views
For Cryin Out Loud, DOCUMENT!!
Document
When I walk into a client site, I assume they either don’t have documentation, or its not current and I would say that assumption is usually 90% correct.
Trust me, I totally understand, documentation is really tough to keep up to date since many people and departments ‘touch’ equipment. When I say ‘touch’ I mean physically and remotely.
Over time, changes and troubleshooting causes a cable to get move, a config gets tweaked and after a few years, this amounts to many small changes that gets hard to dig out from.
In this quick video, I suggest something simple when making physical changes, a simple photo. The photo could be of a rack, a room or equipment. After you take the photo, make a folder with the name of whatever is in the photo is and name the photo the date as the prefix.
For example, 2023_09_28_Router6.jpg would be a photo of Router6 September 28, 2023.
If you want to take the next step, you could simply put the images in a word doc, PowerPoint, or webpage as a reference.
I find if the process isn’t time consuming, technicians are more likely to do it, and everyone has their phones with them.
1
view
cisco port mirroring
tons of info at www.thetechfirm.com
In this example I use my Cisco 2940 and some mirror commands to capture data from my Dlink ATA.
original video https://youtu.be/af4d_fAkwAY
13
views
slow mo chickadee
used my samsung galaxy s10 in slo mode, tripod with phone adapter and bluetooth remote
3
views
i like catching these guys first thing in the morning, ..
i like catching these guys first thing in the morning, they are slow moving and only want breakfast.. like me ;)
taken with my samsung galaxy s10
3
views
Troubleshooting Loops: IPv4 ID/TTL and Addressing Notes
Troubleshooting Loops: IPv4 ID/TTL and Addressing Notes
Before I start, let the first cover a very common question I get asked. I will not be providing vendor specific information on this troubleshooting example. Nor will I be sharing the trace file.
The goal of this article and video, is to introduce you to the methodology, tips and tricks, and other things that you may not have thought of when you perform protocol analysis.
On to the problem; I covered a little bit about this in previous articles when I was talking about making a larger trace file manageable.
The client is complaining that the network has performance brownouts and wireless clients tend to get dropped off. So, I asked them to connect his computer to any port on that same deal and start a capture for a few minutes and then stop it, and send it to me. I then filtered and the capture device’s traffic and will go through the remaining packets and this exercise.
In the video you will see how I leverage the IP identifier, time to live and MAC addresses to determine what is happening. When I present or teach, I stress the goal of troubleshooting is to either prove what the issue is NOT or to figure out where your test point is with the final target being identifying the root cause.
Spoiler alert, the high packet rate of small broadcast packets is causing the problem.
10
views
Ubiquiti Wifiman review
Here at www.Networkdatapedia.com we strive to post different topics for our readers. We have everything from troubleshooting, packet analysis, and book reviews, to tool reviews.
in the past, I have mentioned all sorts of tools, but in this case, I am looking at a free Wi-Fi diagnostic tool by Ubiquiti called Wifiman.
Free tools have their place in my toolbox. They are used to complement my other specialty tools and are a great reference when comparing features.
3
views
Windows wifi commands
Windows WIFI Troubleshooting Tip
Since WIFI is pretty well everywhere, I find clients asking me to help out clients with wireless troubleshooting with no specialized tools. It is quite common for my clients to throw me into a problem.
I get a kick out of showing people how you can use Windows command prompt to start troubleshooting WIFI issues. Many of my clients are already familiar with ping, ipconfig, tracert, etc, but never used the “netsh wlan” commands.
I am not suggesting this tip will replace any of your WIFI troubleshooting tools, but will instead compliment any existing tools and give you an appreciation of your tools.
If you do have existing WIFI tools, this is a great way to compare what your operating system utilities report versus your tools. For example, it would be good to know that if Windows netsh wlan reports a 85% signal strength, your WiFi tool might report a RSSI of -45
since youtube doesnt like angled brackets you will have to go to networkcomputing at the end of sept to see the sample batch file
6
views
cable tip
Cable Tip
As I mention in the video, I am pleasantly surprised with the feedback from my quick videos.
Heres another tip on marking your cables..
Tony Fortunato
Sr Network Performance Specialist
The Technology Firm
https://www.thetechfirm.com
Getting things to work better - bit by bit-
Linkedin Profile https://ca.linkedin.com/in/fortunat
Youtube Channel: https://www.youtube.com/@thetechfirm
NetworkDataPedia: https://www.networkdatapedia.com
Twitter https://twitter.com/therealtechfirm
1
view
device baselining
The week goes by without hearing from people asking for me to perform a baseline.
I also got a lot of requests asking to create a template booked some time to help them perform a baseline.
Not to sound like a console, but every baseline is completely different depending on the equipment, the network, and your ultimate goal.
In this video I show you how I started baseline with the camera and my Profitap IOTA. Of course you can start any baseline using Wireshark which is completely free, but the gold for your first race line should be to document the equipment location, network topology, hang your cool.
For example you might say I want to see how this camera behaves when it boots up. You would want to investigate which device is communicating with, which protocols that using, and possibly the load put up on the network.
I strongly encourage you not to get overwhelmed with too much detail up front because if you have a trace file, you should be able to go back to me point and retrieve any information that you may decide is important at a later date.
Enjoy
5
views
Measure Task Time With Timer
Over the years there is always interest in the articles I post showing how to measure latency, delay or how long it takes a task to complete.
I have showed my readers many utilities, tricks and tips on how to accomplish various variations on this theme.
Here’s another helpful utility you should consider for your toolbox. Its portable, free and simple to use which got my interest right away. Heres the link to Timer https://www.gammadyne.com/cmdline.htm#timer
Here’s a video on an idea of its use.
Enjoy
wireshark nmap sS
Knowing your tool – nmap…
This article and video is a great example of getting familiar with your tools by, well, using your tools.
Many of us have used nmap for port scans, etc, but how many of you have captured those packets to see how nmap works and better yet, develop some wireshark skills to identify scans and determine which ports are closed/open?
When I present, I love to say “skills are developed through practice, failure, success and knowledge”, so don’t be afraid to play with your tools.
15
views
tip when making cables
Another quick one for you:
Here's a helpful tip for creating Ethernet cables while freeing up a hand, using items you likely have around your home.
1
view
windows 11 and xmas scans
Observing Windows 11 during a XMAS scan
I encourage people to spend a few minutes and learn how devices respond to certain scenarios. This is one of the tasks my regular clients ask me to perform.
One of those examples would be to download Nmap and run the scan on a device within your network.
The benefits of this example are countless; You get to practice and develop nmap skills, you get more practice with Wireshark and protocol analysis, and lastly you get to learn the real behavior of various devices on the wire, not by reading a theoretical white paper.
In this video I take a windows 11 device and run a nmap/Xmas scan against it, change one simple variable, disable the windows firewall and repeat. This exercise was inspired from a conversation I had one in one my onsite training sessions where people were debating if a windows 11 device would respond to a Xmas scan. As the discussion progressed, people were throwing in variables such as what if the firewall was enabled?
I interrupted and simply suggested to the group “Why not find out instead of theorizing?”. So we started our captures, randomly scanned a windows 11 host, and reviewed the results.
In the following video I cover the basics of what we did and encourage you to do the same. Feel free to try all sorts of devices you might have available to you within your network such as printers, phones, cameras, routers, switches and anything else you can think of.
3
views
setting up geoip in wireshark
I get many requests asking me how to configure Wireshark to use GEOIP.
For those of you who are not familiar with GEOIP, it’s a pretty simple database that Wireshark can use to look up IP addresses and tell you what country, etc the IP address originate or is destined for.
This is especially helpful for security people, and those who perform application baselines and want to know where the device is communicating. This could simply be an exercise in validating where your data is going, or in some cases to investigate malicious or suspicious application communication.
In the video below, I show you how to get GEOIP working with Wireshark. I encourage you to give it a try and you might be surprised what you will see.
As an added bonus, go to Statistics - Endpoints and click on the IP tab to see a cool summary of the same information. While you’re there click on the MAP button to see those IP addresses on a geographical map.
Too cool.
17
views