[Dshield] Traffic comparison - looking for tools

ajnevman ajnevman at yahoo.com
Thu Jun 2 11:19:12 GMT 2005


We are currently in the midst of migrating to a 2k3 environment, that patch you mentioned what was it for, we have been having great problems within AD in particular with our exchange servers ability to communicate via smtp and our MX records getting hosed..... 
thanks
aj

Mrcorp <mrcorp at yahoo.com> wrote:
I just experiences this same problem In a windows 2003 environment. It was tied to a patch MS
released last patch Tuesday. It seems to create problems intermittently impacting email, AD, and
etc. Contacted Microsoft and they sent a hotfix. A new patch will be release the next patch
Tuesday.

Mrcorp

--- Josh Tolley wrote:

> Hi, all -
> 
> I'm trying to track down a problem with a client-server application 
> where the app quits responding periodically. After some investigation, 
> it appears the problem might be caused by dropped packets, though since 
> the communication is TCP, and TCP is supposed to handle that kind of 
> thing, I can't be too sure. I'd like to set up a sniffer at the client's 
> site and one at the server, and just compare to see if what gets sent 
> matches what is received.
> 
> So a couple of questions:
> 
> 1) Is there a better way? If the problem is due to lost packets, and if 
> the packets are being lost in some malfunctioning/congested router 
> somewhere, I can't count on getting ICMP messages about them, so I can't 
> look at that. I can't think of too many other options.
> 
> 2) Any suggestions as to software I can use to compare these two traffic 
> streams? My first thought was just load both client- and server-side 
> captures in Ethereal, look for connections that were reported as having 
> frozen, find the corresponding stream in the other capture, and see if 
> all the packets that the client sent actually got there. This will 
> definitely be time-consuming, but I don't know of other options.
> 
> I'd appreciate any suggestions that can be given. I'm getting the 
> distinct impression, just because of the sheer amount of work I think 
> I'm setting myself up for, that there must be an easier way I'm just 
> missing. Thanks...
> 
> -- 
> Josh Tolley
> Raintree Systems, Inc.
> http://www.raintreeinc.com
> Office Phone: (801) 293-3090
> Corporate Office: (760) 509-9000
> 
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

		
---------------------------------
Discover Yahoo!
 Stay in touch with email, IM, photo sharing & more. Check it out!


More information about the list mailing list