Tcpdump is a great tool by itself, but pair it with Wireshark, and you have an unbeatable system for troubleshooting network application issues. You can save your Tcpdump packet captures to files and open them in Wireshark for easier analysis. Wireshark gives you a GUI to examine Tcpdump captures and sort the data for more thorough analysis. You can compare time stamps on individual packets to see how long it's taking for a reply to be returned after a request has been made. And if you've synced the system clocks on client and server computers, you can see how long it takes for packets to travel between the two.
If you have a slow internal Web application, you can use Tcpdump and Wireshark to locate the bottleneck. If you see a long delay in the DNS lookup requests and replies but the actual HTTP requests and replies are fast, then you know the trouble lies with the DNS system or the network links to the DNS servers. If the DNS process is working normally, then you'll want to examine how long it takes for client requests to reach the server and how long it takes for the server to reply back. Wherever your network problem lies, Tcpdump and Wireshark can help you put your finger on it.
Books have been written about Tcpdump and Wireshark. Read them and learn all about these two utilities. You'll certainly improve your network troubleshooting game.
We've all had that horrible sinking feeling in the pit of our stomachs when we've copied and pasted a new config into a router or switch and it stops responding. Did I remember to back up my old config before I uploaded the new one? How late will I be staying up tonight to fix this mess?
RANCID (Really Awesome New Cisco ConfIg Differ) is a versioning system for your switch and router configs. It uses either CVS or Subversion to store each new version of your configuration files. As it gathers and stores the configs for each of your devices, it runs a diff against the previous version to see what, if any, changes have been made. When it detects a change, it sends out an email with the details of that change to an address of your choosing. With RANCID, you'll know whenever a change has been made by your NOC team.
Because RANCID runs via a
crontab entry, you can control how often it logs in and checks your configurations. If you are a stable shop and rarely make changes, you might have RANCID check once a day. If you are a more dynamic NOC and make changes frequently, you can set RANCID to check hourly or as often as is appropriate for your company.
One of the neat features of RANCID is that it includes a looking-glass server. You can take a quick peek at all the routes in your organization and search for any elements that are out of sorts when you suspect a routing problem on your network.
RANCID supports gear from most of the big networking vendors, including Cisco, HP ProCurve, Juniper, Foundry, and several others. It is known to work on Linux, BSDs, Mac OS X, and Solaris.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Based on a technique created by a German blogger, here's how to stop wasting hours checking for Windows...
These prebuilt LAMP, MEAN, ELK, WordPress, and other handy stacks amount to gain without pain for...
Thanks to stalwarts like MySQL, MongoDB, and Cassandra, the database realm has been a haven for open...
Microsoft’s new collaboration is more than messaging—it’s a platform with three choices for integration...
It never hurts to be a jack-of-all-trades in IT, but you can't plan for some job skills