How to Troubleshoot Slowness Issues in Network Through Wireshark | Wireshark Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hi everyone welcome to Skilled inspirational Academy I'm Arjun um today's class is wihar training so this is a demo class for w shark and today we are going to discuss about I know deep about what TCP IP about and uh we have different parameters to discuss throughput issues and most common issues we face in the you know internet connection so before walk you through those things um let me explain what is the use of vhar so we we probably seen know people they use V for capturing the packets but uh I mean from my standpoint and two three years back when I saw W shark it's full of pockets and it's so confusing in where to start with and what exactly the packet is talking about so I had enough hard understanding about this uh W Shar and then I did know lot of readings and then uh it is just like a one capsule I'm giving you with all my readings and you know put put everything in on on the table to make it very you know easy for everyone to understand and follow the wi training so that's the objective of this class the main takeaway of this class would be once you finish this demo session uh you would have you know solid understanding of what is TCP and what exactly you know uh what is inside the TCP packet because we heard of a TCP but um we you know very few people they might know peel out every TCP flags and TCP parameters that so many parameters that maybe you know for for few peoples they may not heard about this TCP flags and TCP parameters before so this particular class the biggest takeaway is uh you would get you know um a complete understanding of how TCP IP works with every parameters and why those parameters are used and um in the modern communication why this TCP is so important for the especially for Network trouble shooting um yeah this all about the biggest takeway of this class so once we finish this class you'll be so confident and you will understand better about TCP IP analysis uh I hope everybody will start enjoying this class so before start with uh let me explain a scenario we usually encounter this issue uh networking is the one common backbone where um all all the teams you know they keep barking about this problem they always compin the networking team for this any kind of know performance issue it can be a application issue as well so people might have might have come from a different background and I want to give you an overview of uh OSI model so we all know the OSI model it got I know seven layers so the main the core layer what we are going to look at here is uh transport layer so here works this TCP and UDP and we all know about that and we say TCP is uh very you know CCP is uh connection oriented and uh this is very reliable protocol why is that what is the mechanism that's you know outstanding when compared to UDP why TCP is so reliable why why people call it as so reliable connection what is the meaning of it so when there is a problem generally what the network Engineers they have the know maximum possibility to uh look around for an issue what is what is the ca of an issue how do they start with and how they come to an conclusion that okay this particular problem is not with the network it is a problem with application so to get a complete insight about a problem um I don't think with the know router C and firewalls we definitely we would see the TCP sin syac that's a stateful device right so it maintains a TCP session that's for sure Fireball is capable of it but to peel out what is inside every TCP parameter so here comes the wire shark so you cannot do that so in in the firewall to the maximum what you can do is okay if a connection is established between your source to destination so it can say it is a TCP or UDP and firewall will give you more control of okay this is a stateful connection and you can see the TCP connection establishment we call this as TCP sin and TCP syac right once these two connection established then we can say okay this is an established TCP connection so this is a maximum you know control we have with firewall but with the help of wi wire shark what we can do is okay what is inside the TCP pocket so it is something like you peel out every parameter in the TCP and you will see what exactly happened if there is a slowness issue there can be a multiple problems right so but to figure out all that the primary is very key thing here so you cannot just blame it is because of an application so to prove that you have to do some basic checks as you have to example you got your uh headend router or your coree router customer Edge router here and you have a bgp pairing with your provider Ag and you got your core switch very simple design here so we got couple of PCS connected and when the traffic is initiated from the client so you have to check here right even though your bandwidth is uh too good you got your 100 Mbps link it's a fat pipe and you got you know a good bandwidth connection at that's in your office but still people are complaining about the lowness issue so you can check the utilization there are many monitoring tools to do that so one we uses solar winds where we can find the utilization of a particular link so you can see this internet link is choked and uh how to find all that right so to prevent this in most of the Enterprise design what they do they use you know qos techniques uh so we'll see where exactly the qos marking happens and how we can find out in V but I'm just giving an overview about Q Qs is quality of service that is something like you are prioritizing your traffic so uh maybe few people they may heard of this but again the quick overview is in inside the IP header you can do a marking that is something called as IP precedence value that is you are prioritizing the traffic that's the main objective so you are marking your traffic so if from the switch level if you do uh qos that should be visible under the layer two so what is the quality of service you are using and how you are prioritizing your traffic example you are prioritizing your traffic something like this you're prioritizing your voice and you are prioritizing your uh data traffic is just an overview this is not much with networking to you know we'll look deeper inside the wire Shar so I want to give a glimpse about all this so I'll mark the packets and I'll give a priority for it for example for priority I'm giving a priority 10 and for data I'm giving priority five because voice traffic is very crucial and it is you know vital for the network so people should not be disconnected when they are on phones when they are using their teams so the priority is higher for voice so you can peel out all your qos information inside the wire shark and you can see even though if you applied a specific policy to this switch this L2 switch but still if you can see from The Wire shock if you take a capture from your PC and and if you you know do a packet capture from the switch and if you offload all your traffic back to the client PC you will come to know whether the traffic is actually you know the all your packets are being marked with your Q marking that's exactly configured on your switch that's been applied to the specific interface so you'll get all that kind of you know deep insights about that using the wire shot okay this fine so now I did my uh know basic checks something like I checked my uh internet link and the utilization levels right it can be either from from your switch or it can be from your van that is the only possibility right so if you got your router something like this and it is connected to a switch and you got your PC is connected here so it it can it could be either this end or this end or this end right so the because this is connected to ISP you you'll check all these three ends and you'll look for interface errors utilization levels right if there is any errors there's something like a physical issue you will see the CC errors keep increasing and um if you see any kind of utilization here it's your bandwidth is choking for 75% you'll get to know about all this with your monitoring tool that's fine so I have checked everything now the scenario is I have checked every single possibilities what I have but I couldn't figure of where the problem is so now I am concluded that okay all my layer all this below three layers my physical layer is good my data link layer is good my switch is actually forwarding all the frames that's no problem with the switches and my network layer is also clean there is the utilization is quite normal and there is no CPU utilization on my router or no CPU utilization on my switch as well as my PCS right so all the basic checks you have to do that is very important because network is just like an highway so if there is a congestion here then apparently your application will be dropped agree so that's how it works so my highway is clean my cabling is fine my switch is fine my router is fine utilization is fine there is no problem from the network perspective at all but how do you say or how how do you convince I I would say it is a convin how do you prove exactly that okay this is not my networking issue that that's a problem right because people they say okay if all good then why still my connection is bad why why I I'm dropping my packets why why the communication is not so healthy and faster so it's it's pretty slow so this all the application slowness generally the people they complain about this so how how do I overcome this problem to know about that I have to give give an overview again about the TCP so it is not that if I'm send if I send a packet from one source to destination I'm not pushing the packets without any mechanism so how I I know how I can guarantee all the packets has been you know delivered to the destination how I can be confident enough for about this packet delivery process so um to rule out this issue they have uh protocol called TCP that is called transmission control protocol we say but what exactly it does so for every packet it has its own database something like it it make note of every packet that it sends so how this mechanism exactly works yeah this how the TCP parameters helps us uh so if I got a big data so once one big data example it is a 64 bytes data but I cannot send send as a one single packet so I'm going to chunk this packet into small sizes so for every packet I'm going to you know identify every packet using the sequence number why it is used I'll show you there but I'll give you an again an overview about that so sequence number with the help of segment number I can track every single pocket that's being sent from my source example this is a sequence number one and I'm going to send the second packet here so my second packet is something like the sequence number two for just for the demonstration purpose the real sequence number is different so this is the sequence number and before that actually if you do a capture uh using the wire shark and any any you know um analyzing tool um one key thing you should understand about the this wire Shack will use a sequence number called as relative sequence number why this is used relative sequence number is for it's for um very you know um the administration is very simple example if you use your raw segments number it's very hard to follow the packets but if you use a relative sequence number that is something you it gives more control you you can actually track down it that something starts similar to 21 and it's an increment of one 2 and 3 2 and 4 2 and five something like that so it is an sequential approach it gives more control to track down your packets how many packets is been sent and received the raw sequence number I mean uh it's it's again a very big challenge for us to track the packet so make to make it simpler and for the you know tracking purpose they have introduced the relative sequence number option in the wihar where if you want you can enable it and I would hardly you know suggest you to always keep it enabling the relative sequence number so yack displays a relative sequence number by default in reality the initial sequence number is zero and it can be anything between Zer to this many values it's 2 to the^ of 32 that is a maximum value that that it can use so if you want you can disable the you know sequence number if you see an option here there is a relative sequence number that's enabled by default I hardly suggest and everybody they use this by default so this is the you know use of relative segment number in V Shar so coming back to this TCP process so this is know a quick overview about the sequence number and acknowledgement number and when we talk about TCP TCP is a three Tuple connection it's uh know three sorry for that let me write a little bigger here it's we call this as a three Tuple connection why it is called as three Tuple connection so to do that let me open up my whiteboard okay so if this is example this is a source and this is the destination so this is my PC here and this is my server it can be not my server it can be a public server and uh I'm trying to access HTTP request I'm I'm going to generate a HTTP get request here uh I'm I have opened a web browser here and I'm initiating a HTTP get request so this part if you see the OSI reference model the application layer is a layer where exactly we got our payload our payload is the application layer so how that sequentially happens um so we'll just look about okay application layer here so I have opened a web browser and here Works my layer 7 and what is the protocol I'm using here it is https we call this as an HTTP SS TCP over TLS all the connection are secured it's all encrypted so the data is keep on you know encrypting for every layer it keeps incrementing the sorry in every layer it keeps encapsulating the data so this is presentation layer and you got your session and you got your transport layer and we got the network layer here and we got the data link layer this is layer 2 one this is layer three so my packet is keep on encapsulating right so visually how it looks my packet is something like see from here this is layer 7 and and what is the payload that is https and it will be sent to the layer six presentation layer all this data formats will be happening here and then it comes to transport layer the key things we are looking here so inside the transport layer so it's going to decide I'm going to useing TCP or UDP so I'm going to use TCP here right inside the TCP you got mult mple flag values we'll discuss about that but an overview inside the TCP okay so I'm using TLS then in the network layer it's going to specify the source IP and destination IP details and finally the layer two it has source Mac destination Mac and all this package is in a one single package and if you look at if you tear down this TCP packet here actually your payload will be in encapsulated right so my actual payload of this is an web traffic this particular payload is keep you know upended until it reaches a TCP and from the TCP it will do it will check is it a TCP or UDP and along with the payload and it will send to the IP layer then Layer Two so this encapsulation keep happening and until it reaches a layer two from PC all signals it doesn't understand about anything so whole thing is a pack is a package so it's going to push this package back to the destination and this is know I call this as a top down approach from the cender and it is a bottom to top approach so it keep decapsulating right so my router is one you know interested in the IP packets I'm not interested in Layer Two so in the same way switches it will just look for the MAC address and if it needed it will do all the you know the router it will do okay so this particular IP is in my network but I don't know the MAC address so here comes an R so this packet is keep on encapsulated until this TCP and it will open up and it's it would see right and this is a peer-to-peer connection it's an end to end connection so this is about an overview of how these packets are encapsulated and decapsulated when it comes to specific about DCP connection establishment it comes to TCP connection establishment this is my source and this is my destination so I have encapsulated all the packets now now what happens it will send a sin packet that is something like hey I want to establish a connection with you can you respond me back but here comes the question so inside the TCP sync what are the information it would send that is important right okay let's see now this is I said this is a three Tuple connection and I have sent a sin for this sin it's going to say sin act for your sin I'm I'm acknowledged I'm okay to establish a connection now for your s i and sin act so that's kind of an agreement okay I am also okay to receive your traffic so for this syak it's going to send an act and here the connection established until this point no application data no payload so here we say it is an ghost bite the sequence number something like it it is just for identity purpose it just marks it as a my sequence number is one and I'm sending this to you if you got my syn packet you have to you know acknowledge this pack so it's going to say okay I received your packet so I'm going to acknowledge and my acknowledge bit does set and it's going to send this back so inside this TCP if we peel out the TCP packets and parameters so you can see what is sin flag if it is a sin flag set then it is a sin packet if it is an reset packet so it is a reset set so reset happened here so this is how the connection establishment happens then comes your actual payload so now let's see how we can see all this information with a complete visual in v so to do that let me open up this capture let me go to TCP capture let me take this I of capture so let me keep TCP so this is the filter we use in the v shark so let me give you a and you know Glimpse about the options what tells we have solve the customized template what I have created uh to have more insights on the fly so this is the time when exactly the connection happened this is the column where it defines about the time here and this Delta time we'll discuss in the class but for the reference Delta time is very vital to understand where the problem is so it's all mostly in MC but if it crosses the seconds if you actually see this all milliseconds this is 35 milliseconds and this is 41 milliseconds and if you see any values that's been incrementing here that that is defined as seconds so in the networking world everything is happening in milliseconds if it exceeds the milliseconds and if it going Beyond millisecond if it is in seconds then there is a problem that's a slow connection so netking never like the packets to be in seconds always so for the Optimal Performance you always it has to be in the limitation of milliseconds so that's how this Delta time value is used to you know figure out what is the know time taken for the source and destination so Delta time and one key thing I would say is we call this as an round trip time call this as RT example if you make your flight booking that's something it will ask for it in one way wait booking or it's a WR trip booking so that is something from source to destination from destination to Source what is the time taken that is B directional from source to destination from destination to Source how long it took so that is actually a round trip time we call this as an RT even if in the Ping request you you would see your RT time when you do uh ping generally you can see your rtt what is the average time taken is 7 milliseconds that is your RT your average time taken is 7 milliseconds from source to destination back from the destination to source that is your rtt and then the this particular field is talking about this is a layer three and you see all your IP packets here so what is my source and what is my destination this is the destination Network where I'm trying to establish a connection and this particular column will give you know complete insights about what particular protocol is used by the source and destination if you see here it's my UDP it can be a DNS or it can be a video streaming that's how we can classify the packet so here it says it's an UDP and TCP segment length we'll talk about that we we know right when when we talk about about this um Osa model we generally we know about this all in the network layer we say it's packets all it is IP packets it's Network layer so from the layer two perspective it's all frames and from the transport layer how I'm going to send a packet using TCP or UDP so it's all UDP packets right so that defines it can be my DNS it can be my video streaming so we have to check how how you will going to classify it using the port number if you just click on this particular packet and you will drill down you'll see okay this is using UDP and this is a destination Port is 53047 so this is not my DNS packet this is something else so here is your actual payload payload is something your real data right so you you will get about the insight about everything here this is about what protocol I'm using it will give you that and TCP segment length so uh we know in network layer VC packets in layer 2 VC frames in the transport layer we call this as a segments example if I have a 1GB file so can I send this a one single file definitely not so this 1 GB file is again chunked into multiple segments so we call this as one segment so for my one segment how much maximum data I will send that is your TCP segment length what is the the size of my segment so and one more thing here the calculated window size what is a window size that is something like a proposal so I'm proposing you example if I come down drill down little bit down if you see my calculator window size and this is very important the maximum TCP what is a TCP maximum segment length it can be 14,440 and what is the calculated window size so this is something the proposal it's saying that so your window size never starts like this in the beginning if you see the capture in the beginning if you see the this window sizes keep increasing so when we establish a connection when we establish a connection it's not something like I'm going to you know propose a biggest window size that you can send everything so before establishing a connection I should know what is the know window size I'm proposing so to do that if I give TCP and if you see number of displayed packets here this is all my TCP packet here sorry for that so this is the number of TCP packets alone I have filtered and here I'm going to take this and I'm going to conversation filter and I'm going to TCP so I have to do a right click on this and I'm go to conversation filter and I'm going to give TCP so it's it has populated a default filter value here this so we got what all the information it says this I p. address equal 192168010 4 that is my PC and the destination is uh 11712 10918 this is the public IP address 186 and this is the port number used what is my source port number it's 53333 so that is a randomly generated port number this is generated by the operating system from RPC and this is a server Port 520 0 1 so what is this particular capture this particular capture is something I have captured this when there was a throughput issue I had some problem my PC had some problem with the throughput so let's see how this window SI exactly helps us to figure out the problem yeah let's see that so before that so I want to go from to the beginning right so where exactly my synchronization happened here let me little bit drill down this this is actually the finished pocket I don't actually see this TCP flow it take some time okay this is the information I can see here let me see conversation filter TCP it's a pretty big pocket I couldn't actually figure out let me take a different capture I want to see this Sy pocket oh I got stuck here okay let me keep TCP here okay so here we go so we got you know sin sinak and a it's talking about this three Tuple connection right so this is from a client this a server and it sends Us in the beginning before establishing a connection so let's see so if I take this particular packet here if I open up my TCP transmission control protocol it says my source port number is 61 918 that's my source and this is a destination Port so from 443 I can figure out this is https so now I I come to know okay this is my source and this is my destination and if I look at this uh IP protocol I know this is my PC and destination is a public server and if you see this this are the key things we should know about you know TCP so I was talking about this sequence number since I I I I'm not sending any kind of data at this point so this is my first packet I'm going to send to this destination server so this is the relative sequence number used by vashar so this is the only value we are going to see we are not going to see the you know uh random sequence number here so we are going to see this sequence number and if you see the flags this what I'm talking about so it says it's syn Flag right so this is a sync packet and this particular flag it says it is syn flag this is my syn packet so from the server what is the response we get from the server if you see here I I made a filter for you know uh granular control there I can see all the information right away here so here if you see the TTL is very important uh the three default TL values are 64 128 and uh 255 and here my PC is it's using something 64 that is something TTL is for every hop your TTL will be decremented right TTL is something for every hop the value will be decremented so example this is three routers so I know my internet connection it has you know many bgp paing that happened in the middle that we call as Internet cloud and I got my destination somewhere here is all connected and for every hop for every hop the TTL will be decremented by one that's a logic so here if you see I can definitely see the packets are routed and my routing is fine so the sequence number is zero and the you know for this the acknowledge number what I get from the Ser server is also zero so what is the acknowledgement number actually it looks like so that's your actual data plus one that that's your you know acknowledgement number always so if you see here the server responded back with the synac and for the synac my PC has been send a send request back and if you see the calculated Windows SI it started with the very least value right the default value 65,535 and that's been increased now so I am proposing for 65,535 5 bytes but now since I established a connection here we go you send your real data your payload here exactly your payload happens and why this is important that that's a question here why I should know about all this definitely because if there is a routing problem I can figure out from the TTL I can figure out okay this is a problem with routing straight away I'm going to stop this and if I see down I mean if I drill down if my te detail is not decrementing there is something problem with routing so now I concluded okay this is not a problem with routing this is something else right if you come down the same way the TTL is keep decrementing if you see here is your application data exactly your application data you know is being transferred here your real data is transferred here and if you keep drill down drill down here your application data exchanges keep happening here so when I stop here exactly okay I come to know okay this is a TCP retransmission and this packet is push packet how I know about push packets if you see the flag here for this particular packet this push packet is set okay I'll discuss about this so the flags are very important and mostly in my experience and you know always these three parameters are widely used in most of the time the TCP Flags one is the key thing is the sin packet Sin Sin flag and then push acknowledgement fin believe me these four are the you know uh key flags that most commonly used and we we are so much interested to know about only these four most of the time I would say so it will not go beyond that so push is something something here I say pushes something see it generally happens when the you know connection is about to close the data transfer so example if you send a segment number and if you send a sin and you get a syak back from the server for that I'll send a act acknowledgement again so here your actual data transfer is happening right here your application data happening and for every single conversation I got an you know unique sequence number and this particular application data transfer is happening between source and destination and when it is about to send this set this fin flag it's about the push hey you don't worry about that you keep receiving my data we are going to finish this traffic I mean we are about to end this conversation this is I mean couple of bites that's left out from me so I'm going to push this packet I'm going to receive and exactly here the problem happened right so for the push packet it's asking for the retransmission why the retransmission happens it says you're going to push your data but I haven't received your traffic what you you sent before so here comes the role of sequence number so this particular sequence number for that I didn't get the data for 330 26 exactly a packet before this if you see the calculator window size is same and if you see my calculator window size is not increasing and it is asking for the retransmission why the window size is not suddenly it Dro to 82944 earlier this is 262,144 that is because I'm not ready to receive your data you might be fast enough to send your data but I have a problem here you have to you know send your data slower because I cannot process your data so the T Tre transmission TCP duplicate acknowledgement this all happens because of throughput issues so this is one kind of scenario where I captured this is see if you see lot of see fast retransmission out of order and all this TCP errors is happening because of a througho issue I'm dropping a package here so this is the level of detail you get from you know Yar so inside the TCP we have different parameter this is one quick Glimpse and you know I gave you what is this window size and how we you know rule out this window size problem right and I'll give I'll show you one more scenario where we had a throughput issue with a different scenario I'll close this connection and let me open up this um okay so before that let me give you uh insight about how exactly we should capture this through put issue so I would suggest that there is a tool called IU uh it is a very you know most widely used tool by the network administrator to find the bandwidth so before that I'll give again an overview of what is bandwidth what is throughput what is speed so my early I mean when I started the career I had this confusion so what people are talking about band with throughput and speed what exactly the key difference between all these three and what it really matters here in wsh definitely yes we should know about all that here so bandwidth example if you got a link here and you have connected to your ISP and this is your switch router anything that's connected here this all IND user PCS so you got your 100 Mbps Link at least line connection guaranteed bandwidth 100 MVPs so this particular parameter we call this as a bandwidth so some so they say it's something problem with with your bandwidth and you have some performance issue that's happening here so how how you figure out that you have to bypass your router I mean what what I mean about Bypass or something I should not use a router instead this particular connection that's coming from the ISP I have to connect to my laptop and I should do a capture and I should see if any retransmission is happening like before we have seen right sorry for that let me write it clearly so I should see if I see any kind of R Transmissions so I have to figure out that so before that using the IP of Tool uh I did a capture here the IP of tool so where I want to show you exactly where this window problem happened if I come back here this is a reset so there is a particular filter to figure out this if you actually see here see this is the fin packet where exactly my communication you know successfully terminated on both ends so fin when when fin packet exactly happens this is a client and this is a server right so when there is a successful connection it has to send a sin packet and for that sin it has to send a syac pack and it will send a acknowledgement for the syak this is a common scenario where where this particular fact comes in here I told you push happens before the fin and fin is something I agree for that I got all the data in this particular segment I'm talking about the segment this particular segment I got 64 bytes I got all the data I find I'm good to close the connection and it's going to set this fin flag set inside TCP from the source and the same way in the destination it's going to send a fin packet here it's a mutual agreement to terminate the connection to close down the connection from the source and destination it's something like you know you are talking to your friend and the phone call and you say I'm done with my conversation let me disconnect that's a you know Mutual understanding between source and destination so that's how this fin comes here so why there is a problem with what is the packet coloring is red because this is a reset why it is a reset I didn't get your packet it's abruptly disconnecting a connection so my TCP conversation is happening here and who is doing this research that's a key thing you have to figure out okay where where there is a problem with the through Port so if you exactly see this is my source BC and this is a destination and here exactly if you see calculated window size is zero I'm going to reset this connection I'm not going to propose anything because I'm not ready to receive anything because I didn't get the previous pcket so I'm going to reset this connection this connection is not successful if you see lot of reset packets in your network then definitely it's a problem but the key thing is where exactly this is opening happening that's important if you see my IP V4 IP address here this is 192168 0.104 this is private IP and this is public IP range 152 and if you see 30 CP segment length for all the reset packets it's all zero you see see the acknowledgement also I I'm not acknowledging your actual segment length this is something problem so so the real data exchange is not happening at this point so all this red priorities and this alarm signals that indicates that there is a problem but why W Shar is I know very helpful at this point I can I can figure out where exactly this happened this is what exactly I'm trying to find see if this is something thing I am proposing I saying that my TCP window is full you don't send any kind of data if you see after this particular conversation this part this is from the client to server so here we have to see this is very important so if I see the client I got three researchs all happened because of my PC and along with that this is the destination and this is the calculated window size and this is a sequence number see and this is my TCP window is full it's saying you don't send any data I'm not ready to receive because my TCP window is full TCP window specified by the receiver is now completely full you don't send any data I'm full so now I can figure out okay this is something problem with my connection at some point I'm dropping packets I cannot process a packet but even though the server is ready to send the data but I cannot send because my TCP window is full I cannot receive any more data this is some kind of proposal some warning it says so now I can go ahead and and say hey yeah I agree it is something problem with my PC I have to look into this PC why it can happen maybe this particular PC might have established multiple connections to the internet and it cannot process a pcket right so my particular throughput is low what okay what is throughput here so when we discussed about bandwidth I explained what is bandwidth that is the your actual link speed is your bandwidth the throughput is something how much I get out of the bandwidth but how how I know what is the throughput I get for my PC so if we we go back let me try to bring up the IU tool here sometimes this public type of tool is uh always busy I have to give uh iov so here I got my iov um let me open up myo open path to copy this path open and terminal okay I on this and I give di HP of hen C and the there is there are many you know IP of servers that you can test I'll tell you what is IP of server so will to IP of testing so let me check DNS flow here what is a place where exactly I did an i of for a public server okay so now I'm connected so they say you got 100 MVPs link so here are the key things we have to understand here so we'll see what is the throughput okay see per second what is the throughput I get here so this is the guaranteed bandwidth so I got 100 Mbps link and how much I can send per PC this particular PC can send you know this particular speed for this PC you got it say this is a guaranteed bandwidth 100 Mbps but that particular 100 Mbps is not completely given for my PC it's a Shar bandwidth so now I have connected my computer my TV is consuming a few bandwidth and my mobile is consuming few bandwidth and my laptop and I got a guaranteed bandwidth and this is the through I can send 21.9 mb per second so how much data I have sent here is 2.62 megabytes and it is the interval is between every second I'm sending this data so this is your aage data sent and this is your average throughput and one point of time where my PC it says hey my my TCP window size is full you don't send any data until I process this packet and I'll send out a a new proposal where I I I know I'll propose the new window size and then after you know uh after that you can send your data back and I'm ready to receive so but at this point of time no my window size is full so that that is a use of window size that's why we we should know about window size so where is the problem so here my bandwidth is fine my transfer rate is fine my internet is fine but I come to know it's because of the TCP since my window size is full I cannot process a packet I'm busy with other connection established connection yeah this is about you know real time scenario where where we we often experience this problem or something people they keep baring about this through put issues so you can make use of IU and when I did an IU this is a capture I exactly did and where exactly it said that okay my my PC is proposed a window size it says hey I am full you don't send anything because my TCP window is full here you can see my calculator window size here it is full yeah that's it about uh the throughput issue uh you you have more details in the real classes uh this is one scenario we have so many interesting topics like how we do the same for UDP traffic and every packet it's guaranteed you you can definitely figure out where exactly the problem is if you see here it proves again I got a TCP window full error again from my client it's it's very visible it's it's my PC it's my PC it's not about with the bandwidth this is something I have I know many connection running so from there I have to drill down what is the problem so the problem is the what is the biggest takeaway of this scenario is you can figure out exactly where the problem is that's a root cause and we always have problem in finding that we don't know where is the root root cause and you're you know rattling around to find where exactly the problem is the the root Clause is the main thing so from there we have to dig deeper and figure out where why this particular PC is proposing a TCP window size as in you know it says I am full you don't send any data why is that is it my connection is too busy or my network is too busy so I can start looking at from my PC perspective now so I don't want to Rattle around it could be a problem with my internet link now it's all clean so this is all about the throughput and uh quick overview about Mt MTU and MSS so this is a major confusion many people they have I know even I had questions four five years back what is what is uh the difference between MSS and MTU MTU is a maximum transmission unit it comes under your ethernet hter the maximum value is 1,500 points why this is important let's discuss about so maximum segment size is for TCP what is your maximum sigment size there is a limitation for it so I'll give you a visual about how it looks like from the Y shark perspective let me go to MTU so MTU is Layer Two two and it has to match see if you have set your Mt as 1,500 if you see here if there is an MTU mismatch your connection is not going to happen so you can find everything in biar how do we find an MTU mismatch and if you see here this MSS maximum segment size son CP some TCP layer and if you see the maximum transmission unit 1,500 bytes and it's in the layer two ethernet hter and you I'm people from networking background they they might encounter this I mean they they would adjust the MSS value in the GRE header so generally in the in the IP head header I'll give an inside and inside in the IP header right in inside the IP header there is one more header is called GRE header why this is used because if I if I want my because my IP packets is 20 bytes and if I add this G headers a 2 by and additional information I cannot exchange this data because my actual package size will be incremented and it cannot be out back so what I'm going to do here so I'm going to decrement my payload how to decrement the payload so I am giving some part of bytes to GRE header so that that's the reason you do this IP MSS adjust command in your router and you will decrement the value something like 260 so generally it will look something like 1460 D4 so if you see this particular 1,500 is is the MTU but the maximum segment length as I said tcpn IP header is a 20 byte each and you it consumes 20 24 bytes extra and you your packet cannot be routed back so you from your actual playload they'll decrement this so that's the reason the actual playload comes here maximum segment size and here it they we have to borrow some bytes so we are freeing up some space in the segment size and your going to route your traffic and now the GRE package is been forwarded without any problem so that is something you have to adjust your MSS segment size your payload traffic will you know that should be reduced a bit from your default value so that that particular space will be used for the G head so that's it about MTU and MSS um so I'm done with my presentation so if you let me give control let me unmute everyone yeah so you have unmute permission and if you have any questions you can ask questions can you just make me the co-host sorry yeah this is him who just make me the co-host actually H okay okay so guys let me tell you this particular y Shack training we are start starting from 18th of March and it it's like weekend's batch and your classes will happen starting from 11:00 a.m. to 1 p.m. IST the fees for this training is $7,000 sorry 5,000 and what's about duration so can you Arjun can you just take this question how much it's a 45 hours maximum it will go around 45 hours yeah yeah s sir can I ask a question yeah please go ahead please yeah sir training not possible sir because we are five hours early morning I mean the course is very good gone through the content as to it's very good and the pie is also very time let's see we will discuss internally and we'll let you know on that okay okay you can reach out to me directly no worries sir thank you thank you yeah yeah guys if you have any questions uh you can ask your questions sir one more one more question about the the troubleshooting part sir sir troubleshooting sh scenarios say for example if you find a problem at work where there is like a slowness or somebody's complaining that we cannot access XY Z server or there's a delay or something like that so sir would we have like some sort of you know uh scenarios or something that we can look in here and then go back and compare at work and try to you know uh fix things like that is it possible yeah I mean you you you mean to say you you know that's something different I didn't get your question something you you mean to say we have to replicate a problem and do a capture and uh do an analysis so that helps you to figure out exactly where the problem is Sir exactly I I can give you example say for example I have a problem at work same like you discussed that uh there was you know like a throughput issue or something like that so would there be like any more scenarios that we can look into and you know compare it what we have and you know give them some suggestions yeah of course you have to take a capture it depends on your device I mean you can take TCP dump or if it is Cisco boxes you have know inbuilt embeded packet capture functionality that that is you know you can make use of uh your device and you can take a TCP dump and you can offload the pcap file to your local pcrt you know your tftp somewhere and if you have have your pkf file then yeah definitely we can look into it and we can figure out what could be the problem there okay all right okay thank you no problem yeah hi this is sh hi sh uh session was first of all I would like to congratulate that the session was good okay so like you mention about the throughput issue from your PC that it was not able to uh receive the packet uh send the packet again because it has this cap capacity full okay so probably it was due to the throughput issue so similar isue I am having a production environment where the end user is your Android APK M okay and there are multiple R transmission is being uh sent from the source to the mean means from the Android APK device to the destination which is behind the F5 okay okay so what would be the pro possible reason I have that pack Capt with me if you can uh if you allow me to share then I can I can share those no no in the in the real classes we can do it but since this is a demo and that is strictly [Music] confidential yeah no problem yeah hello hello yeah hello yeah sir Manish said actually sir uh I want to ask uh mean rather than Shing actually one interview question I want to discuss with you is it okay sir mean yeah yeah yeah sure yeah okay uh last mean two days ago I had interview with TCS so they asked me about the mean if we they ask me about dhtp server okay dhtp server is not in our willan so what is the this scenario means is the client and server of the different willand segment can communicate so means so at that time I had no idea about the dhtp relay isent how to work please could you explain me means in over DHCP Rel how it works and mean what is the scenario yeah sure uh so example so generally yeah in the Enterprise right so in the Enterprise people you know what they do generally if this is your switch and they say DHCP relay agent you have some uh you know you have an Fair idea about how this uh DHCP relay agent works right so example this is your DHCP relay agent and the ideology is something you might have one common DHCP server so that is ideology for every vand for every Network and for every site to have a DHCP server is not a good practice I mean I'm not saying it's a good practice it's for from the administration standpoint it's very hard to have multiple DHCP servers when there is a problem there is something like one common know DHCP server for the management perspective it's pretty simple to manage in trouble shoot so here you got your PC example your PC is on 10 Network right so what exactly happens you know DHCP is a broadcast are you aware of it so DHCP packet is a broadcast yeah so inside the local land that's something inside the this particular network if it is a 10 Network it's going to broadcast to all the IPS mhm right looking for the DHCP response but since I got the DHCP relay agent somewhere here in the data center that that can be in any subnet example here let it be 1 15001 example this is your uh DHCP relay agent so if this for this particular broadcast it hits your gateway for sure right because it it will send to every PC that's a broadcast so when we get this broadcast packet so inside this you you configured your DHCP relay server your relay server is configured and you have given the IP address something like 1 15001 is my relay server so what happens from the PC to the Gateway it is a broadcast yes but whereas from the gateway to the DHCP relay agent is a unicast so here in the unicast what is the information it's going to send it's going to send this gateway address what is this gateway address so I this is my gateway address 101 so what happens when it goes to the DCP server it got multiple pools and it's going to look for this particular pool if there is a match it's going to look into the scope okay I got an IP range from 102 to 10 000 254 so I got this many IPS and it will reply back again to this Gateway and this Gateway again it will reply back to the PC it says hey here you got your for your DSP request I'm going to offer this packet offer is just kind of uh you know uh it going to say hey this is the IP address if you want you can use okay yes until this point there is no commitment that I'm going to use the same IP address but for this DHCP request it's going to send a dscp reply back that is offer offer yeah yeah so sir means uh inside me outside the willan it goes as a dhtv relay agent means if it is server is if is in different will so then yeah if my my PC is in 10.0 network network will okay and that server is 20.0 so means from the 10 10.0 it will get to the Gateway of the 10.0 supp 10.1 and and from the 10.1 it will it will unic the dhtp relent till the server is it is that flow yes no no no flow is something it is from the gateway to the DCP server it's it's a point to point connection it's an uni cast right it's straight away to your DHCP server because you defined your IP details there in the okay yeahp relay so it's a unicast straight away it relays back to the DHCP server so you have to understand one thing see here if your routing is fine you have to check first you have a reachability to your DHCP server yes then your routing is fine then happens the unicast the first o overlay is your routing and then on top of that it's it's you know your underlay is your routing if your writing routing is uh you know if your routing is properly happening and you can reach the destination then comes this uni cast packet forwarding yeah sry simply you can just say like this if your your DSP server somewhere in a data center which is not in the same network M and you you want to uh get the IP because in order to get this uh to the client get to the IP address they need to communicate with the DP yes you're right the communication will be there but only the simple thing if uh if the dscp IP helper command needs where you your uh client is not in the same network that's that's the because uh dscp is is a layer too isn't it so it's not it will broadcast but it will not go after broadcast if it's not in the same network for suppose if your DP server sit in the somewhere in the data center and you want to get connection your client get to connection to the dscp yes you need IP helper command that's the only simple thing isn't it yeah yes sir got you got hello guys so anyone have anything else otherwise we can just yeah hi Arjun this side so first of all thanks for uh your session will help if someone is planning for wcna it will be helpful for him uh what is the WCN can you uh know can you abbreviate what is WCN yeah yeah that is the certified network analyst yeah so definitely this this particular course will help you for that but like I will not recommend you can go for this particular certification because it's not needed right yeah that that is my next if you are working as a like network security engineer or as a Network engine not need it at all actually okay that's right yeah yeah I just have a question like uh since you know I'm into the pure security side uh so what are the things that you are going to cover uh when it comes to security part we discuss about uh TLS and various authentication mechanism are you working on TX so we'll try to you know find what is why this t question okay sorry voice is breaking yeah if we'll see about the in the course content you will see all the security protocols what what what are the security protocols we discussed there yeah any malware content or something that you can cover at least some Basics stuff DDO is ATT attack we have know topic to discuss about DDOS attack and how how to prevent it and how the W can be configure to find the GE locations where you can find where where exactly your traffic is coming from sure sure okay thank you yeah no problem any other questions guys anyone have if like somebody interested for this particular training and if somebody wants to enroll these are the mention contact numbers you have to reach out to us on these particular numbers okay anyone have anything yeah go ahead timings are fixed because I actually timing is fixed actually yeah timing is fixed okay 11: a.m. to 1 p.m. it's actually conflicting with my other training that's why I'm just asking okay okay because you know time generally we used to keep fixed yeah yeah yeah yeah because it's I was in the middle of the training I can't stop it that's why I'm just asking got it got got it yeah it's a weekend batch right yep yep it's a weekend okay guys so thanks for joining this particular demo take care and have a nice day ahead let let's just basically disc disconnect this particular meeting take care guys [Music] bye
Info
Channel: Sianets
Views: 515
Rating: undefined out of 5
Keywords: How to Troubleshoot Slowness Issues in Network Through Wireshark, wireshark, wireshark training, wireshark tutorial, Wireshark network troubleshooting tutorial, How to analyze network traffic with Wireshark, Step-by-step guide for network performance optimization, Practical tips for diagnosing packet loss in networks, Comprehensive Wireshark protocol analysis tutorial, Wireshark tutorial for effective network diagnostics, Network traffic analysis, how to capture network traffic
Id: fCIIckgRLaM
Channel Id: undefined
Length: 75min 51sec (4551 seconds)
Published: Sun Mar 03 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.