Troubleshooting Tips And Tricks For TCP/IP Networks
2y ago
60 Views
1 Downloads
4.60 MB
25 Pages
Report/dmca
Download PDF

Transcription

Troubleshooting Tips and Tricksfor TCP/IP NetworksJune 16, 2011Laura ChappellFounder Chappell University/Wireshark Universitylaura@chappellU.comSHARKFEST ‘11Stanford UniversityJune 13‐16, 2011SHARKFEST ‘11 Stanford University June 13–16, 2011

The “Top 10” Issues1.2.3.4.Packet lossClient, server and wire latencyWindow scaling issues (RFC 1323)Service response issues and applicationbehavior5. Network design issues (wired/wireless)6. Path issues (such as QoS)7. Itty Bitty Stinking Packets (Low MSS Value)8. Fragmentation9. Timing problems10. Interconnecting devicescopyright chappellseminars.comSHARKFEST ‘11 Stanford University June 13–16, 2011

Hot Tips for TCP/IP Troubleshooting Build a troubleshooting profile* Recolor Window Update packets to green background(should not be “Bad TCP” coloring) Filter on ports, not protocols(e.g., use tcp.port 80rather than http) Always watch the time column –some networking is just ugly Watch for both Retransmissions andFast Retransmissions in the Expert*** See Laura’s Lab Kit v10** as noted in the session – filter on tcp.analysis.retransmissionswill show both standard and fast retransmissions!SHARKFEST ‘11 Stanford University June 13–16, 2011

Hot Tips for TCP/IP Troubleshooting Recognize a “short TCP handshake” – data is containedin the third handshake packet Expand the Conversation window to view Duration Enable TCP Conversation Timestamps(TCP protocol setting) – column? Click through the IO Graph –Don’t troubleshoot red herrings Know the definition of eachTCP analysis flag Watch the handshakes!* See Laura’s Lab Kit v10SHARKFEST ‘11 Stanford University June 13–16, 2011

Your TCP/IP Troubleshooting ProfileISO image online atlcuportal2.comSHARKFEST ‘11 Stanford University June 13–16, 2011

The All‐Important HandshakeFocus on: Window Size OptionsSHARKFEST ‘11 Stanford University June 13–16, 2011

TCP cp‐parameters.xmlSHARKFEST ‘11 Stanford University June 13–16, 2011

The Ideal Handshake MSS is decent size Window Scaling is enabled and shift factor isOK (watch out for a shift factor of 0) SACK is enabled Timestamp is on for high speed links (PAWS) Taken at client, the RTT is acceptableSHARKFEST ‘11 Stanford University June 13–16, 2011

PAWS (RFC 1323) Protection Against Wrapped SequenceNumbersSHARKFEST ‘11 Stanford University June 13–16, 2011

The Problem Handshake #1RouterSwitchMSS 1460WinScale x4SACKMSS 1460WinScale x1SACKMikeSHARKFEST ‘11 Stanford University June 13–16, 2011

The Problem Handshake #1Uh oh only500 bytes receivebuffer space –YourWinScalex1I’ll stopsendingSwitchRouterAck WinSize: 500 (x4)MikeWinScale x4SHARKFEST ‘11 Stanford University June 13–16, 2011

The Problem Handshake #2MSS 1460WinScale x4(You don’t SACKso I won’t either)RouterSwitchMSS 1460WinScale x4SACKMSS 1460WinScale x4MikeSHARKFEST ‘11 Stanford University June 13–16, 2011

Let’s Analyze a Problem10.3.8.209NAT/FirewallLoad ST ‘11 Stanford University June 13–16, 2011

Let’s Analyze a capNAT/FirewallLoad Balancertcp-problem-pointB.pcapMikeSHARKFEST ‘11 Stanford University June 13–16, 2011

Connection at Point ASYNSYN/ACKNAT/FirewallLoad BalancerMikeSHARKFEST ‘11 Stanford University June 13–16, 2011

Connection at Point BSYNSYN/ACKNAT/FirewallLoad BalancerMikeSHARKFEST ‘11 Stanford University June 13–16, 2011

Connection at Point CSYNSYN/ACKNAT/FirewallLoad BalancerMikeSHARKFEST ‘11 Stanford University June 13–16, 2011

The BeliefsNAT/FirewallMy WinScale x256131,840 bytesMikeSHARKFEST ‘11 Stanford University June 13–16, 2011

The BeliefsSwitchNAT/FirewallYour WinScale x1515 bytes availableMikeSHARKFEST ‘11 Stanford University June 13–16, 2011Switch

What About this Issue?SHARKFEST ‘11 Stanford University June 13–16, 2011

Use Wireshark TCP Analysis Flags tcp.analysis.flagstcp.analysis.lost t retransmissiontcp.analysis.duplicate acktcp.analysis.out of ordertcp.analysis.window fulltcp.analysis.zero windowSHARKFEST ‘11 Stanford University June 13–16, 2011

BTW: TCP Preferences Change Change to relativesequence numberssettingSHARKFEST ‘11 Stanford University June 13–16, 2011

BTW: Using a Heuristic DissectorEtherType 0800 (IP)IP: Type 6 (TCP)TCP: Port 80 (HTTP)HTTP DissectorSHARKFEST ‘11 Stanford University June 13–16, 2011

Coloring RulesQuestions?laura@chappellU.com(download the ISO of LLK10 atlcuportal.com)SHARKFEST ‘11 Stanford University June 13–16, 2011

SHARKFEST ‘11 Stanford University June 13–16, 2011

Hot Tips for TCP/IP Troubleshooting Builda troubleshooting profile* Recolor Window Update packets to green background (should not be “Bad TCP” coloring) Filter on ports, not protocols (e.g., use tcp.por

Related Books

Solidworks - Hints, Tips, Tricks and Best Practices.

Solidworks - Hints, Tips, Tricks and Best Practices.

MicroMD EMR Tips & Tricks

MicroMD EMR Tips & Tricks

6/7 FÄRGPLOTTER Modell GP-1650/1850 - Furuno

6/7 FÄRGPLOTTER Modell GP-1650/1850 - Furuno

6/7 FÄRGPLOTTER Modell GP-1650W/1850W - Furuno

6/7 FÄRGPLOTTER Modell GP-1650W/1850W - Furuno

User Maunal-iPOLiS Mobile-Android-SWEDISH-v2,6

User Maunal-iPOLiS Mobile-Android-SWEDISH-v2,6

iPad Tips and Tricks - Weebly

iPad Tips and Tricks - Weebly

Manual Installation, Tips & Tricks

Manual Installation, Tips & Tricks

Tips and Tricks for Using USB, LAN, and GPIB - Application .

Tips and Tricks for Using USB, LAN, and GPIB - Application .

Undocumented Autodesk Architectural Desktop Tips and Tricks

Undocumented Autodesk Architectural Desktop Tips and Tricks

NetFlow Tips and Tricks

NetFlow Tips and Tricks

Centricity Tips and Tricks That Any User Will Love

Centricity Tips and Tricks That Any User Will Love

PopularTags

Recent Views