NETWORK SECURITY

  • 04/18/2017
    7:30 AM
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

Network Analysis: Large Packet Capture

In this video, Tony Fortunato shows how to avoid pitfalls when analyzing huge packets.

When I talk about efficient applications and optimal throughout, I generally cover it with this simple formula: big packets + low latency = good throughput.

The large-packet concept dovetails with one of the reasons Gigabit Ethernet is popular. GbE can use jumbo packet sizes, which can carry up to 9,000 bytes of payload. 100 Mb Ethernet carries up to 1,500-byte payload. Now we have GbE-attached computers, so when you capture packets from the computer that's involved in a troubleshooting situation, you might expect to see huge packet sizes.

But what do you do when the large packets show up with TCP errors? I’ve seen many network analysts go down this rabbit hole only to find that everything is just fine and the errors are red herrings. I’ve also seen network staff capture massive amounts of large packets only to find that they can’t easily analyze the data later, rendering it virtually useless.

In this video, I explain how to spot when this happens and how to change your strategy to capture the "real packets."


Log in or Register to post comments