 |  |  |  |  |  |  |  |  |
Chappell Seminars
TM
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
| Recent Blog Entries (RSS Feed) |
| [R] Recorded course available - included in All-Access Pass (additional recordings in production) |
| COURSE LIST (View Schedule) |
50% off Summit 09 Registration More info
Summit 09 50% off for
All Access Pass Members
All Access Pass Members
Posted: 2009-10-21 10:19:54 UTC-07:00
Summit 09 Bonus: Licensed NetScanTools Pro - a $249 Value
All Summit 09 attendees will receive a full licensed copy of NetScanTools Pro – a
$249 value.
During troubleshooting processes, a standard ping test is often used to check
connectivity to a host and determine the round trip latency time. This process
uses an ICMP Type 8 Echo Request and relies on an ICMP Type 0 Echo Reply.
Sometimes, however, the target won't respond to ICMP Echo Replies - either
because it is configured to ignore these ICMP Echo Requests or because a
device along the path filters these packets out so they don't reach the target.
I prefer to perform traceroute using NetScanTools' TCP option. Besides setting
the TCP port and the sequence number settings, you can also set the MTU
(Maximum Transmission Unit) to test the maximum packet size along a path.
Another option available is to set the TCP window size - in our example I have set
the window size field value to 16,384. In addition, you can define the payload -
using a binary or text file. Why would you use a big fat file for the test? Ahhh... my
padawan - to test the MTU allowed through the path and consider putting a
signature in the payload that should trigger an IDS or be logged by a firewall -
multiple birds with one stone - connectivity testing, latency testing, IDS/firewall
testing! Nice!
In the figure below, you can see my host 192.168.0.113 sending a series of TCP
SYN packets - the target port is 79 (finger). The packets colored with a red
background have an IP header Time-to-Live value less than 5 - a sure sign of a
traceroute operation.
When we reach the target, a RST is generated in response. That's what gives us
our round trip latency time.
I appreciate why companies restrict ICMP-based traffic on their networks - and
when I'm doing connectivity tests and latency tests, customizing my TCP-based
traceroutes always sits on the top of my to-do list.
Enjoy life one bit at a time!
Laura
Summit 09 Bonus: Licensed NetScanTools Pro - a $249 Value
All Summit 09 attendees will receive a full licensed copy of NetScanTools Pro – a
$249 value.
During troubleshooting processes, a standard ping test is often used to check
connectivity to a host and determine the round trip latency time. This process
uses an ICMP Type 8 Echo Request and relies on an ICMP Type 0 Echo Reply.
Sometimes, however, the target won't respond to ICMP Echo Replies - either
because it is configured to ignore these ICMP Echo Requests or because a
device along the path filters these packets out so they don't reach the target.
I prefer to perform traceroute using NetScanTools' TCP option. Besides setting
the TCP port and the sequence number settings, you can also set the MTU
(Maximum Transmission Unit) to test the maximum packet size along a path.
Another option available is to set the TCP window size - in our example I have set
the window size field value to 16,384. In addition, you can define the payload -
using a binary or text file. Why would you use a big fat file for the test? Ahhh... my
padawan - to test the MTU allowed through the path and consider putting a
signature in the payload that should trigger an IDS or be logged by a firewall -
multiple birds with one stone - connectivity testing, latency testing, IDS/firewall
testing! Nice!
In the figure below, you can see my host 192.168.0.113 sending a series of TCP
SYN packets - the target port is 79 (finger). The packets colored with a red
background have an IP header Time-to-Live value less than 5 - a sure sign of a
traceroute operation.
When we reach the target, a RST is generated in response. That's what gives us
our round trip latency time.
I appreciate why companies restrict ICMP-based traffic on their networks - and
when I'm doing connectivity tests and latency tests, customizing my TCP-based
traceroutes always sits on the top of my to-do list.
Enjoy life one bit at a time!
Laura
Tracing the
Route
Route
ALL ACCESS PASS
includes Core 1, Core 2, Whiteboard
Videos, Ask Laura Videos, Trace File
Videos, Trace Files and access to all the
recorded Chappell Seminars.
[View the All Access Info PDF...]
Single membership; individual account
info@chappellU.com
includes Core 1, Core 2, Whiteboard
Videos, Ask Laura Videos, Trace File
Videos, Trace Files and access to all the
recorded Chappell Seminars.
[View the All Access Info PDF...]
Single membership; individual account
info@chappellU.com
$999
REGISTER FOR WEEKLY NEWS
Copyright Chappell University
All Rights Reserved
Privacy Policy
All Rights Reserved
Privacy Policy
years of Wireshark/Ethereal experience
- Foreword by Gerald Combs, Creator of
Wireshark
- Practical tips throughout
- Basic through advanced techniques
- Undocumented features
- Exporting for reporting tricks
- Find the needle in the haystack
- Analyze unruly applications
- Spot the cause of slow web browsing
- Identify WLAN problems
- Analyze and replay VoIP connections
- Reassemble traffic of all kinds
- Catch scanning/discovery processes
- Hundreds of sample traffic files to work on
- Chapter review/answer sections
- Real world case studies
- Tricks for command-line capture
- Remote capture solutions
- Decrypting SSL traffic
- Tips for capturing on switched nets
- Custom profile configurations included
- Security color filters included
- more...
Click here to order your copy today.
- Foreword by Gerald Combs, Creator of
Wireshark
- Practical tips throughout
- Basic through advanced techniques
- Undocumented features
- Exporting for reporting tricks
- Find the needle in the haystack
- Analyze unruly applications
- Spot the cause of slow web browsing
- Identify WLAN problems
- Analyze and replay VoIP connections
- Reassemble traffic of all kinds
- Catch scanning/discovery processes
- Hundreds of sample traffic files to work on
- Chapter review/answer sections
- Real world case studies
- Tricks for command-line capture
- Remote capture solutions
- Decrypting SSL traffic
- Tips for capturing on switched nets
- Custom profile configurations included
- Security color filters included
- more...
Click here to order your copy today.
JUST RELEASED
Review the Table of Contents
Peek at sample pages
Peek at sample pages
