[Dshield] Traffic comparison - looking for tools
mrcorp at yahoo.com
Wed Jun 1 22:17:17 GMT 2005
I just experiences this same problem In a windows 2003 environment. It was tied to a patch MS
released last patch Tuesday. It seems to create problems intermittently impacting email, AD, and
etc. Contacted Microsoft and they sent a hotfix. A new patch will be release the next patch
--- Josh Tolley <josh at raintreeinc.com> wrote:
> Hi, all -
> I'm trying to track down a problem with a client-server application
> where the app quits responding periodically. After some investigation,
> it appears the problem might be caused by dropped packets, though since
> the communication is TCP, and TCP is supposed to handle that kind of
> thing, I can't be too sure. I'd like to set up a sniffer at the client's
> site and one at the server, and just compare to see if what gets sent
> matches what is received.
> So a couple of questions:
> 1) Is there a better way? If the problem is due to lost packets, and if
> the packets are being lost in some malfunctioning/congested router
> somewhere, I can't count on getting ICMP messages about them, so I can't
> look at that. I can't think of too many other options.
> 2) Any suggestions as to software I can use to compare these two traffic
> streams? My first thought was just load both client- and server-side
> captures in Ethereal, look for connections that were reported as having
> frozen, find the corresponding stream in the other capture, and see if
> all the packets that the client sent actually got there. This will
> definitely be time-consuming, but I don't know of other options.
> I'd appreciate any suggestions that can be given. I'm getting the
> distinct impression, just because of the sheer amount of work I think
> I'm setting myself up for, that there must be an easier way I'm just
> missing. Thanks...
> Josh Tolley
> Raintree Systems, Inc.
> Office Phone: (801) 293-3090
> Corporate Office: (760) 509-9000
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list