All too often we networkers spend our time defending the network not only from security threats but from blame as the root cause (actual or perceived) of performance problems. The network is guilty until proven innocent. So how do we counter these arguments, put the issue to rest, and uphold the integrity of the network? Logs, logs, logs.
Logs are evidence to support your hypothesis. There are a couple of different types of logs I’d like to talk through and the roles they provide in a tiered approach to troubleshooting.
SNMP – This is one of the first places I go to when an issue is reported. This provides a look at the current state of the network based on polling intervals and traps, and also a place to explore data patterns and trends. Most enterprises will have an NMS solution in place and in my experience this is also a great place to learn the topology of the network(s) when joining a new company. There are many commercial and open source products available and I suggest trying a few different options to find out which works best for you and your team as they all organize and present the data in slightly different manners. Read More »
Tags: #ciscochampion, nms, packet capture, performance, snmp
The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts. The first part, intended for end-users, will explain in detail how to build and use the tool. The second part, intended for C programmers, covers cppip’s inner workings.
Cppip is a command line utility designed to make packet extraction from large pcap files extremely fast — without having to uncompress the entire file. It relies on pcap files that have been compressed using the freely available bgzip, a backward compatible gzip utility that boasts a special additive — the ability to quickly and cheaply uncompress specific regions of the file on the fly. You will find cppip quite useful if you work with large pcap files and have the need to extract one or more packets for subsequent inspection. As you’ll see, preparing your pcap files for use with cppip is a two step process of compressing the pcap file with bgzip and then indexing it with cppip. But before you can use cppip, you first have to install it. Read More »
Tags: open source, packet capture, pcap, security
It was about a year ago that Dr. Yannis Viniotis, Professor of the Electrical & Computer Engineering (ECE) department at North Carolina State University (NCSU), met with senior Cisco Engineers and agreed to collaborate on several small, hands-on projects with Cisco Engineers and NCSU students.
The NCSU ECE department partners with the industry as part of their Senior Design Project Program, where various vendors serve as sponsors and offer several projects for NCSU students to complete. That is also how the Cisco-NCSU collaboration started. Students get to work on real networking industry problems guided by engineers that already work in the industry. The students gain experience that can be later used in their professional lives. The Cisco engineers get to work with future engineers, mentoring and preparing them for their professional lives and solving some real world technical challenges. It is fun and educational for both sides.
Read More »
Tags: packet capture, security, TCP, wireshark