General Network Error

...cleaning up the mess when your packets fall on the floor...

Top

Auxilliary

Popular Categories

Popular Tags

Blog Posts

2013-5-18 12:40:13.880 PDT - generalnetworkerror
Cisco Embedded Event Manager (EEM) Config Diff Generator
2013-4-24 1:34:29.800 PDT - generalnetworkerror
Cisco WLC (Wireless LAN Controller) Series - IP & VLAN Planning
2013-1-13 1:52:15.23 PST - generalnetworkerror
Cisco WLC (Wireless LAN Controller) Series - Building Blocks
2012-12-14 23:3:53.580 PST - generalnetworkerror
Cisco WLC (Wireless LAN Controller) Series - Introduction
2012-11-26 2:36:16.410 PST - generalnetworkerror
Top General Network Errors from Microsoft
2012-11-15 20:30:18.817 PST - generalnetworkerror
End-of-Life (EoL) for the Cisco ACE Load-Balancer
2012-11-13 2:14:23.820 PST - generalnetworkerror
Cisco CSS 11500 HTTP-to-HTTPS (SSL) Redirection
2012-11-10 2:58:56.367 PST - generalnetworkerror
The gloomy side of Clouds
2012-11-10 2:57:53.977 PST - generalnetworkerror
ICS comes with Cisco VPN compatibility [finally]
2012-11-10 2:46:25.467 PST - generalnetworkerror
NetFlow -- The who/what/when/where of packet flows

Discussion Activity

2013-5-12 23:35:7.173 PDT - generalnetworkerror on
L5 or L7 Load-Balancing
2013-4-25 17:19:50.47 PDT - generalnetworkerror on User Errors
2013-4-10 1:19:44.330 PDT - generalnetworkerror on Cisco ACE Module HTTP-to-HTTPS (SSL) Redirection
2013-4-3 7:8:26.507 PDT - Roger on Cisco ACE Module HTTP-to-HTTPS (SSL) Redirection
2013-3-20 19:38:23.113 PDT - generalnetworkerror on Protocol Overhead
2012-12-14 2:7:45.113 PST - generalnetworkerror on
Sniffer placement in the data center
2012-12-6 1:26:19.530 PST - generalnetworkerror on "The network can not be reached" [sic]
2012-12-4 0:47:53.983 PST - generalnetworkerror on
The SSD Invasion
2012-11-25 1:30:44.73 PST - generalnetworkerror on The SSD Invasion
2012-11-20 1:45:35.780 PST - generalnetworkerror on Sniffer placement in the data center

network management > Sniffer placement in the data center

Good article on sniffer placement at http://sevenlayers.wordpress.com/

Nov 20, 2012 at 1:45 |

generalnetworkerror

Running a large number of websites, our enterprise uses the Coradiant TrueSight appliance (now BMC End-user experience management) that sniffs specifically HTTP (and SSL if you drop the certs on it). From 4 different SPAN ports — two on each agg switch -- both client-side and server-side VLANs can be monitored on each load-balancer pair.

For general packet captures, I run Wireshark on a physical box that sits outside of our vmWare clusters and is tied to an access switch. Using RSPAN (remote SPAN), I can get mirrored packets from just about anywhere in the data center over to Wireshark. Most pcap troubleshooting (like earlier today!) is usually non-http traffic because of the TrueSight appliance, so I watch conversations like web servers to sql servers on the side where traffic is unencrypted.

By the way, I’m sure I saw Wireshark documentation that talked about giving it the SSL private key to decrypt traffic, though I haven’t personally tried it and suspect it won’t be simple. For now, I'd just be happier with a more stable Wireshark that doesn't crash under the weight of a mere 10,000 packets. It's supposed to handle 50K packets easily.

Dec 14, 2012 at 2:07 |

generalnetworkerror

Home	Blog	Forums	Links	Books	Registration	Login	About
Categories	changelog	Downloads	RSS	Search	FAQ	Contact	Feedback

The general network error [blog] by generalnetworkerror.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Images on this site are excluded from the Creative Commons License above and are free images requiring no attribution unless indicated otherwise. Most images sourced from a non-Exclusive, non-Transferable licence on stock.xchng and other sites.