IT Trenches:

diagnostics

Oct 6 2008   1:12PM GMT

Did you see this? - Process monitor now does TCP/UDP monitoring



Posted by: Troy Tate
administration, analysis, anti-virus, Data security, diagnostics, howto, recovery, debugging, Sandbox, Microsoft Windows, Microsoft, performance monitoring, troubleshooting, Networking, internet, LAN, network analysis, Security, forensics, malware, Monitoring, packet capture, Performance, reporting, research, Sysinternals, toolkit, tools

If you ever need to get under the covers of running Windows processes for investigating why a system is running slow, then the Sysinternals toolkit has an updated tool that will help you. Per the website:

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.

If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!

Oct 3 2008   7:59PM GMT

Did you see this? - Open Source Tools University



Posted by: Troy Tate
administration, analysis, anti-virus, blog, Data security, design, diagnostics, firewall, howto, IT education, blogging, debugging, Sandbox, performance monitoring, troubleshooting, Networking, internet, LAN, network analysis, WAN, wireshark, Security, forensics, Monitoring, SSL, Metrics, packet capture, Performance, podcast, research, reporting, toolkit, tools

If you are like me, you like those little goodie tools like nmap and wireshark that do something that is actually pretty complex but do it well and have a great following. I just came across this website that I am going to have to take some time to go through and find all of the nuggets it offers. Hope you get some use out of it too and let us know what you discover and how it made your job easier.

LoveMyTool

There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org - A Survival Guide for Bootstrapping Entrepreneurs


Oct 2 2008   12:00PM GMT

My server is hung! What do I do? - debugging resources



Posted by: Troy Tate
debugging, server, administration, diagnostics, howto, recovery, Microsoft Windows, performance monitoring, troubleshooting, Performance, reporting, toolkit, tools

Debugging a dump from a hung server may not be something you do every day, so you may want to engage with a Microsoft debug expert, however with this information as your guide you may find that you can narrow down a problem and save yourself a call.

My Server is hung - what do I do?

http://blogs.msdn.com/ntdebugging/archive/2008/09/12/red-alert-my-server-is-hung-what-do-i-do.aspx

If you need additional background on debugging, this article can get you started:

Basics of Debugging Windows

http://blogs.msdn.com/ntdebugging/archive/2008/08/28/basics-of-debugging-windows.aspx

 ·  Collect a kernel dump:  http://support.microsoft.com/kb/244139

·  Set up the debugger:  http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

·  Know how to use the symbol server:  http://support.microsoft.com/kb/311503

Additional resources that you may find useful (including links to the tools, book recommendations, etc.):

·  Microsoft Debugging Tools

·  ADPlus – An automated way to use the cdb.exe to capture/create a usermode dump when a process hangs or crashes (more info - http://msdn.microsoft.com/en-us/library/cc265629.aspx or KB286350)

·  Public Symbols for Microsoft Operating Systems:

o Microsoft Public Symbol server : srv * DownstreamStore * http://msdl.microsoft.com/download/symbols

o   example: srv*c:\mysyms*http://msdl.microsoft.com/download/symbols

o   Microsoft Symbol packages http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d

·  Use !Analyze-v to gather additional information about the bugcheck and a bucket-id for your dump file.  The bucket-id can be submitted to Microsoft for review for similar crashes and resolutions.  Try using the Microsoft Online Crash Analysis to submit your crash dump bucket-id for possible follow up from Microsoft or for Microsoft to look for trends:  http://oca.microsoft.com/en/Welcome.aspx

·  For concepts, tools and information about the system architecture:  http://msdn.microsoft.com/en-us/default.aspx

·  Windows Internal 4th edition (by Mark E. Russinovich & David A. Solomon):  the whole book or Chapter 14 - Crash Dump Analysis

·  Advanced Windows Debugging (by Mario Hewardt & Daniel Pravat):  http://technet.microsoft.com/en-us/default.aspx

·  How to Access the User Mode Debugger from the Kernel Debugger

·  How can I find out why the Cluster Resource Monitor dumped – Access Violation

·  1394 Kernel Debugging Tips and Tricks [WinHEC 2004; 373 KB]

·  Debugging Windows Vista


Aug 18 2008   7:24PM GMT

Did you see this? - Online tools/tutorials - RingOfSaturn



Posted by: Troy Tate
administration, awareness, design, diagnostics, howto, IT education, DataCenter, DataManagement, troubleshooting, Networking, internet, LAN, network analysis, WAN, wireshark, Security, malware, Monitoring, Storage, VoIP, Metrics, online identity, packet capture, Performance, reporting, research, risk, tools, web, website, www

Ok, I admit it. I’m a network tool junkie. I constantly look for neat tools to perform tasks in the easiest manner possible and give me reliable information. This website from RingofSaturn.com is definitely one of the cooler online tool websites. Check out the browser sniffer tool if you are curious about what information your browser gives up while surfing the web. You might be surprised!

Check out the TCP/IP tutorial. It’s a quick easy read that you can share with those you are trying to explain how a network works.

Checkout this website. I guarantee that if networks are in your blood, you will find something of interest here.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


Aug 18 2008   7:11PM GMT

Did you see this? - Boot CD tutorial



Posted by: Troy Tate
recovery, bootcd, administration, diagnostics, howto, DataCenter, DataManagement, Microsoft Windows, Microsoft, troubleshooting, Mobile, Security, antivirus, forensics, Monitoring, packet capture, Performance, research, risk, tools

How often have you needed to recover a Windows system or use some type of boot disk? It’s not easy to create a bootdisk in the current versions of Windows (XP or Vista). There’s still a need for this capability. One source of how-to information can be found on the BootCD.US website. I recommend that you check out this fine resource and test this capability before you are in need and don’t have a lot of time to wade through a lot of how-to documentation.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


Jul 2 2008   1:57PM GMT

If no one is answering the front door - try the back door



Posted by: Troy Tate
awareness, diagnostics, howto, CIO, blogging, DataManagement, Development, Browsers, troubleshooting, Metrics, Performance, web, website, design, customer service, www

I recently went to Target and was going to look at my daughter’s wedding registry to see what she and her fiance had selected. When I got to the registry kiosks, there was a Target team member and a customer having problems getting into the service. The Target team member was on the phone apparently with another store or technical support. I heard things like “This is happening at all of the stores.” “We can’t get it to work.” “How do you reset this thing?”

Since there was another open kiosk, I thought I would try my luck and see what errors may appear. The main kiosk user page is intuitive and I immediately found the wedding registry icon and clicked it as any customer would. The application immediately responded with an error page describing some issues with scripting or something. Ahhhh… so I was receiving the same error as the other customer.

Well, the IT detective side came out in me and I started back over at the kiosk home page. Target designed this page with lots of options and ways to get to information that a customer may be looking for. Along the side of this page I found another link to get into the various registry areas, baby, wedding, etc. I clicked on that topic, navigated my way to the wedding registry and lo and behold… I was able to print out my daughter’s wedding registry while the other customer and the Target team members were still grumbling about the other kiosk.

I want to commend Target for providing multiple navigation means around their website. I would hope this experience would encourage more of the same for other vendors. I know, in IT, we like to restrict how many paths a user can go through an application to get to the same information, but in this case, Target did the right thing and provided good customer service.


Jun 25 2008   3:09PM GMT

Researching Network TAPs - Implementation Day (part 5)



Posted by: Troy Tate
Data security, diagnostics, howto, DataCenter, DataManagement, troubleshooting, Networking, network analysis, WAN, wireshark, Metrics, packet capture, Performance, reporting, research, tools

Hopefully you have been reading about my adventures with implementing a network tap to end network blindness. If not, take a look back at previous entries found here.

When I last left you on this topic, there was a problem plugging in the tap between the router and the LAN switch. I was informed by technical support that the devices needed to be configured with auto-detect network settings. Those settings have now been made and the network tap is now installed and functioning well!

One interesting thing I discovered about the Datacom Systems Singlestream 102 device  is that it will permit network injection through the tap port. What this means is that you can have a host running ntop and listening on the tap, for example, that you can get to without having to install a second nic and publishing on that nic. This is a great thing! It simplifies the configuration of the monitoring host.

So, it looks like my monitoring need has been met and now the real challenge of discovery and ongoing traffic management. Such is life in the network management world.

I will pass on any updates about this network tap as any new information arises from my implementation.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


Jun 18 2008   7:20PM GMT

Did you see this? - Microsoft Assessment & Planning Toolkit 3.1 Beta



Posted by: Troy Tate
administration, diagnostics, beta, DataCenter, Microsoft Windows, Microsoft, troubleshooting, Networking, LAN, Monitoring, Metrics, Performance, reporting, tools

The Microsoft Assessment and Planning (MAP) Toolkit is an integrated platform with tools and guidance that make it easier for you to assess your current IT infrastructure and determine the right Microsoft technologies for your IT needs. It offers easy inventory, powerful assessment and actionable recommendations for Windows Server 2008, Windows Server Hyper-V, Virtual Server 2005 R2, Microsoft Application Virtualization (formerly SoftGrid), System Center Virtual Machine Manager, Windows Vista, 2007 Microsoft Office, and SQL Server. The popular Windows Vista Hardware Assessment readiness tool has now been replaced by the MAP toolkit platform.


Jun 18 2008   7:15PM GMT

Did you see this? - Sysinternals LIVE!!



Posted by: Troy Tate
administration, Microsoft, Sysinternals, awareness, Data security, diagnostics, howto, CIO, Database, DataCenter, DataManagement, Development, Microsoft Windows, troubleshooting, Networking, LAN, network analysis, WAN, Security, forensics, Monitoring, Policy, Performance, reporting, tools, web, website, www

If you’re a fan of the Sysinternals tools, check out the beta of Sysinternals Live, a service that makes it easy for you to execute Sysinternals tools directly from the web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals live path into Windows Explorer, or at the command prompt as \\live.sysinternals.com\tools\<toolname> or view the entire Sysinternals Live tools directory in a browser.

If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!


Jun 17 2008   2:33PM GMT

Did you see this? - can MY browser do this?



Posted by: Troy Tate
diagnostics, Browsers, DataCenter, Linux, Microsoft Windows, Mobile, Networking, Metrics, Performance, reporting, tools, web, website, www

Here’s a great website for testing your browser functionality and understanding the different features of each application.

Thanks for your time. Let’s be good network citizens together & practice safe networking!