Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireshark In the Large Enterprise Hansang Bae Director – Product Architecture

Published byRonald Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireshark In the Large Enterprise Hansang Bae Director – Product Architecture"— Presentation transcript:

1 Wireshark In the Large Enterprise Hansang Bae Director – Product Architecture Hansang.bae@riverbed.com

2 Due to an error in video recording, this session was not recorded. I will cover the trace files in separate recordings – give me a month. The last and most interesting trace will be covered in 2014!!!

3 Information YouTube Channel with older sessions etc. www.youtube.com/hansangb www.box.com/Sharkfest2014 Trace files Presentations Camtasia recordings (will be up within one month from end of Sharkfest) NET/NET = I’m older than epoch, the beginning of time

4 Information YouTube Channel with older sessions etc. www.youtube.com/hansangb www.box.com/Sharkfest2014 Trace files Presentations Camtasia recordings Q4…2014 (pester me - *PLEASE*)

5 Slow Throughput, Not always…what you think. Old medical school saying: When you hear hooves beating, think horses and not zebras! Server SA reports extreme slowness during file transfers What are the top issues that come to mind? Server SA started a ping script and in it showed….. Lessons Learned: Learn to recognize what should and should not change as you go through the trace files. RFC1323 was not in play because they are on the same switch! Take a few minutes to scan the trace files. Learn to trust your brain’s ability to spot differences. Know how protocols work so you can rule out red-herrings. This is what separates “techs” from “engineers” Try not to filter. You might have missed the “arp” frames in this trace. This is different than capturing in “promiscuous” mode.

6 Training the Brain SUNDAY MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY

7 Training the Brain

8 First signs of danger Be on the look out for excessive use of PSH The more PSH bits there are, the more chances that it will be chatty Previous topics (window size, etc.) still is in play. Buffer tearing This is where the application uses PSH bits to set the amount of data “chunk” it is willing to release to the network. It’s the way apps work, you can’t fight it.

9 Murder Conviction, No Body Rule out the usual suspects Window size Buffer tearing RFC1323 Recognize false positives Sometimes you just have to assume. Know the RFCs/Protocols to identify things that are ABSOLUTELY wrong.

Download ppt "Wireshark In the Large Enterprise Hansang Bae Director – Product Architecture"

Similar presentations

Shipping Rules. About Us… Lori McNeely Ultriva Customer Support Specialist Supporting Ultriva > 5 years 2 Naveen Gottumukkala

Shipping Rules. About Us… Lori McNeely Ultriva Customer Support Specialist Supporting Ultriva > 5 years 2 Naveen Gottumukkala
Recording TV Shows from Network websites. Network TV Websites Many program episodes can be played in Streaming mode from TV Network websites Can watch.

Recording TV Shows from Network websites. Network TV Websites Many program episodes can be played in Streaming mode from TV Network websites Can watch.
Session B1: The Art of Packet Analysis

Session B1: The Art of Packet Analysis
Year 10 ISA Controlled assessment Week starting March 4 th 2013.

Year 10 ISA Controlled assessment Week starting March 4 th 2013.
Top Causes for Poor Application Performance Case Studies Mike Canney.

Top Causes for Poor Application Performance Case Studies Mike Canney.
An explanation of how UCEP students will locate and begin their Coop placements.

An explanation of how UCEP students will locate and begin their Coop placements.
TEST YOUR READING SKILLS : See a day of the week written in French. Say what you think it is. Click to check your answer.

TEST YOUR READING SKILLS : See a day of the week written in French. Say what you think it is. Click to check your answer.
Ain't It A Shame 1-4 Aint it a shame to work on Sunday, Aint it a shame, (a working shame,) Aint it a shame to work on Sunday, Aint it a shame, (a working.

Ain't It A Shame 1-4 Aint it a shame to work on Sunday, Aint it a shame, (a working shame,) Aint it a shame to work on Sunday, Aint it a shame, (a working.
Data Synchronization and Grain-Sizes Week 3 Video 2.

Data Synchronization and Grain-Sizes Week 3 Video 2.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Wireshark in the Large Enterprise June 16, 2010 Hansang Bae Senior Vice President | Citi (f.k.a.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Wireshark in the Large Enterprise June 16, 2010 Hansang Bae Senior Vice President | Citi (f.k.a.
Unit 5 Can you come to my party. What are they doing?

Unit 5 Can you come to my party. What are they doing?
1 The seven days of the week. 2 Monday is our washing day. Scrub, scrub, scrub.

1 The seven days of the week. 2 Monday is our washing day. Scrub, scrub, scrub.
Ministery for Education, Ireland Department for Learning

Ministery for Education, Ireland Department for Learning
QUESTION 1 What day is it today?................................ A) I’m Tuesday. B) I have Tuesday. C) Tuesday. D) It’s Tuesday.

QUESTION 1 What day is it today? A) I’m Tuesday. B) I have Tuesday. C) Tuesday. D) It’s Tuesday.
2012 CALENDAR. JANUARY 2012 Sunday 日 Monday 月 Tuesday 火 Wednesday 水 Thursday 木 Friday 金 Saturday 土 1234567 891011121314 15161718192021 22232425262728.

2012 CALENDAR. JANUARY 2012 Sunday 日 Monday 月 Tuesday 火 Wednesday 水 Thursday 木 Friday 金 Saturday 土
Tillay’s Physics Survival Guide By Nicholas Mendoza.

Tillay’s Physics Survival Guide By Nicholas Mendoza.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt CalendarTime.

1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt CalendarTime.
Saturday May 02 PST 4 PM. Saturday May 02 PST 10:00 PM.

Saturday May 02 PST 4 PM. Saturday May 02 PST 10:00 PM.
Reducing Flow-Completion Time for Small Flows by Modifying Slow-Start Affan Rauf (05030063)

Reducing Flow-Completion Time for Small Flows by Modifying Slow-Start Affan Rauf ( )
brain Teasers and Lateral Thinking Puzzles

brain Teasers and Lateral Thinking Puzzles

Similar presentations

Ads by Google