There is even a video of Dr. Vinton G. Cerf, vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company. Widely known as a “Father of the Internet,” Vint is the co-designer with Robert Kahn of TCP/IP protocols and basic architecture of the Internet.

Have a great day and thanks for stopping by!

On November 4-5, 2008 – Las Colinas, TX (near Dallas-Ft Worth airport) Laura will be holding a Troubleshooting and Security Summit.

In two full days you will walk away with more security, optimization and troubleshooting knowledge than you’d get after spending months in the field figuring this out.

Learn the best practices and most efficient tools to use to analyze wired and wireless network performance to optimize and secure network communications from Laura Chappell, Founder of Wireshark University and Protocol Analysis Institute. See the Summit 08 special pricing and group discount information below. Register today at www.chappellsummit.com.

Key points include:
* TCP Enhancements in Vista/Server 2008
* Faster File Transfers with SMBv1 vs. SMBv2
* Traffic Analysis between Virtualized Hosts
* Proven Techniques to Baseline the Network
* Latency Chokepoints
* Automatic Traffic Capture and Analysis
* Network Security and Forensics Procedures
* Key Points to Deploying Decoys
* Suspicious Traffic Signatures
* Handling Traffic Evidence

Bring Your Own Laptop (BYOL) Format
This hands-on lab-based course offers a series of demonstrations and individual hands-on labs to rapidly improve and expand your skill set. You will leave with your laptop loaded with tools, trace files and configured to improve network performance and security immediately after class.

GUEST SPEAKERS
*Gerald Combs, Creator of Wireshark – Must-Know Steps to Analyzing Virtualized Communications and the Future of Wireshark

* Tom Quilty, Cybercrime Investigator for BD Consulting and Investigation – Preparing for and Handling a Data Breach or Theft

Register Today – Seating is Limited
Register online at www.chappellsummit.com. Registration $1,295 – Early Bird $995 (ends midnight PDT Tuesday 9/30/08)

Group Discounts: Bring in two or more people from your company and receive $100 off each additional registration. Contact Brenda Czech at +1 408-378-7841 for more details.

Wireshark University Savings: Attendees receive the Wireshark University WSU03 Troubleshooting Network Communications self-paced course free with the student kits. Registered attendees also receive a 50%-off coupon on Wireshark University Self-Paced Courses.

Register today.
www.chappellsummit.com

If you go, please share some of the tips and tricks you gained with the ITKE population. Help spread the word!

You ask “What stopped working?” Let me tell you my friend… everything stopped working! Well, actually, to the users it seemed that way. It was as if I had a bad cable between the LAN and the router. Users were reporting slow performance due to packet retransmissions  and the LAN switch and the router were taking errors on the internal ethernet ports. Not a good situation!

So, strike 1 on the SS102. I called Datacom technical support and found out they were closed after 5:30 PM EST. It was now 8:15 PM EST. I left a message with details of what I was seeing on the network.

The next day, around 9:00 AM I tried calling Datacom technical support but received a message that all office staff were in a mandatory company meeting. A short time after this, I received a return call from a very good support engineer. We discussed my application and how I went through troubleshooting the situation. His current suggestion is rather than set the router & LAN switch ports to 100/full to set them to autosensing and ensure that portfast is enabled (this is a Cisco LAN switch). So, that is where I am now. I need to make a network maintenance window to make this change and try once again installing the Singlestream 102.

Stay tuned. More to come.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

I have ordered the Datacom Singlestream SS102 Link Aggregation Tap. I placed the order last Friday. On Monday, my supplier said that it could take more than two weeks to receive this product. I was surprised by the lead time required for this device. I was first told that it could take 4 weeks for the product to ship. I am in more of a hurry than that and was about to change to a different higher-cost product to pressure the supplier to have a quicker delivery.  The conversation seemed to have worked.

My alternative choice was the Network Instruments nTap. However, it was almost a 50% premium over the Datacom solution. The link I need to monitor is not a high speed link so I really do not need the memory buffer that NI’s equipment offers. I was just willing to consider it if I could receive and implement the solution quicker.

I will let you know how the product works and any issues I encounter during implementation.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Network Instruments nTAP – This is the particular device that initially captured my interest in this type of solution. More information can be found here

Datacom Systems Singlestream aggregation tap – More information on the 10/100 aggregation tap can be found here. Details on a gigabit tap can be found here.

The prices I received on these devices went from around $1000 to $1500 to $2000. As you can see, there are lots of choices. I have requested a demo model of the $1000 device and will see if it will meet my needs. More to come!

Thanks for your time. Let’s be good network citizens together & practice safe networking!

So, some questions need to be asked and some answers given.

Where to place potential solutions:

1. In the router or “cloud”.
2. In the edge LAN switch.
3. Between the router and the edge LAN switch.

What are the potential issues with sensor location:

1. Router or “cloud” – network address translation (NAT) may hide actual source address information. What load would this service put on the router? Would there be any costs for implementing this on the router and/or in the cloud? We use managed data network services so this could be a concern.
2. LAN edge switch – is port spanning or “mirroring” a valid option? What other monitoring services can the switch provide? SNMP or RMON? How would the monitor be remotely accessed if there is only one NIC and it is in listening mode only? Note that placing a destination switch port in span mode does not permit any outbound traffic to occur on that interface.
3. Between the LAN & WAN – is another switch needed with port spanning/mirroring? Would a hub work with it creating a half-duplex link for inbound/outbound traffic?

What hardware provides potential solutions:

1. Router or “cloud” – not the preferred method since not under my control and may have change request or monthly service costs involved.
2. LAN edge switch – monitoring system would require dual NIC’s; one to listen/monitor and one for remote access. Port spanning or mirroring could place a load on the switch. SNMP or RMON queries can add traffic to the network link and impact the monitoring accuracy.
3. Between the LAN & WAN – a hub is not desirable due to the fact mentioned above. It causes a full-duplex link to go to half-duplex and creates a bottleneck even though the WAN link is usually much smaller than the LAN. There is an alternative to the hub. That device appears to be called a network TAP or port aggregator. This is the solution I plan on investigating further.

Has anyone else had experience with implementing a network TAP or port aggregator for network monitoring? I will also discuss what applications I plan on using to monitor network traffic in a future post.

Thanks for your time. Let’s be good network citizens together & practice safe networking!