Transcription
Solving Network PerformanceProblems with WiresharkLaura ChappellFounder Wireshark UniversitySHARKFEST '08Foothill CollegeMarch 31 - April 2, 2008SHARKFEST '08 Foothill College March 31 - April 2, 2008
FullSpeedTraffic TAPCaptureandInjection2CopperportsWireshark1 GbAggregationWinPcap
Capturing Traffic: Analyzer PlacementConsiderations: Wired vs. Wireless Switched Network Issues Half-Duplex vs. Full-DuplexDuplexAccessPointSwitch
Half-Duplex – Hubbing OutHub issues – is it really a hub?Switch
Half-Duplex – Hubbing OutHub issues – is it really a hub?Switch
Port SpanningSwitch(config)#interfaceinterface fastethernet 0/1Switch(config-if)#portport monitor fastethernet 0/2Switch(config-if)#portport monitor fastethernet 0/5port span0/2Switch0/10/5
Full-DuplexDuplex Tap OptionsCopper or FiberAggregatingAggregating or Non-AggregatingPassive (no power) or ActiveRegenerating TapsAdvanced Taps (packet insertion, filtering)10/100 Slim Tap: Non-aggregating tap withdual power supplies and two monitor ports– datastream A and datastream B.Requires separate aggregation.ITP-PAD-SX5-SFP: designed to sit ona SX fiber link where it will split off aportion of the fiber signal, aggregate theduplex traffic into a single datastream andprovide that data on two monitor ports
Wireless Traffic Capture801.11 ABGNExternal antennasChannel scanning (monitor mode)Multi-channel captureAggregating trafficTransmit capabilityAccessPointSwitch
Overview of the Onsite ProcessThe “Primary Directive”www.wiresharkU.com)The trace file log (www.wiresharkU.comNetwork diagrams in advanceTrace files in advance (if possible)Local staff level of knowledgeTap-in point availablityBullet list of issues seen during analysisRecommendationsReport – graphs, notes
Analyzing Network Performance IssuesKey Issues:High Latency (Client, Server, Link)Packet Loss (Upstream, Downstream)Congestion (Network, Receiver)Configuration Problems (Service Unavailable, Loops)Redirections (Routing, Service)Interdependencies (Third Parties)Low throughput (Itty-BittyBitty Stinkin’ Packets)Negotiation Faults (Protocol or Application Layer)
ReportsOverview of trafficProtocol distributionConversationsICMP traffic etc.All with notes included.
What’s Next?Laura’s Lab Kit v9In show bags as well as ISO image: mlWireshark University: www.wiresharkU.comLaura’s Blog: laurachappell.blogspot.com/
Problems with Wireshark Laura Chappell Founder Wireshark University SHARKFEST '08 Foothill College March 31 SHARK FEST '08 Foothill College March 31 - April 2, 2008 - April 2, 2008. Full Speed Traffic TAP Wireshark Aggregation 2 Copper ports 1 Gb Capture and Injection WinPcap.
