Fifteen Years
Fifteen years ago I released a little network protocol analyzer. At the time it wasn’t very special. It only dissected five protocols and only ran on Linux and Solaris. I decided to share it with the world and released it as open source. I made use of quite a bit of open source software at that point (and still do), and it seemed like a good way to give back to the community.
Immediately after the release an amazing thing happened — I started receiving code from people around the world. They had problems similar to mine and were able to modify the little analyzer to suit their needs. They were also kind enough to contribute those modifications back. Those contributions haven’t stopped to this day and Wireshark has grown into a mature, feature-rich, award-winning network analysis tool. People around the world use it to troubleshoot networks, develop software and protocols, and to learn about networking.
Wireshark has been a source of pride many times over the years but I’m particularly proud of two accomplishments. First, your network is not a black box.
Troubleshooting the hidden dangers of TCP’s Nagle algorithm and delayed acknowledgement
As we all know, TCP/IP is a great protocol suite. However, there are times when it can become the bottleneck. This is especially true if you use TCP/IP for real time transactions where small data sizes are the norm (think financial institutions). In this session, I’ll show you why Nagle algorithm and delayed acknowledgement was developed. But more importantly, I’ll highlight the unintended consequences when the two features interact – badly – with each other. After watching this session, you will be able to spot the hidden dangers of using TCP/IP for real time transactions. Enjoy, and as always, I would really appreciate your feedback and suggestions. Here is the video:
http://www.youtube.com/watch?v=2CMueBcQNtk&feature=share&list=PL18B4C1339C54900A
And as always, any and all feedback and suggestion are welcome. Thank you and Enjoy!
Hansang Bae
Comments 🔗Comment by credible58 on 2013-01-13 23:57:32 +0000 🔗Great video, Hansang.
Comment by Hansang Bae on 2013-01-14 12:53:06 +0000 🔗@credible58, thank you! If you have any ideas for future sessions, by all means, please let me know.
Comment by Jasper Bongertz on 2013-01-21 06:46:43 +0000 🔗Nice presentation, Hansang, as usual. The only thing that I might have added to the slides would haven been an animation of what would be different without the push flags.
Wireshark Tutorial Series. Tips and tricks used by insiders and veterans
For those of you who have attended Sharkfest in the past, you already know that protocol analysis is near and dear to my heart. It’s also a field where experience and art still matter. As great as Wireshark is as a tool, it still takes coaxing by an analyst to ferret out root cause. And as networks and applications become more complex, keeping up will be challenging.
But the one thing that I noticed over the years is that people rush to install sniffers without really thinking about it. It’s almost as if people expect sniffers to magically spit out the root cause, served on a silver platter! In reality, it takes fair amount of protocol and application knowledge to truly bring a tool like Wireshark to bear.
I started posting to this blog so that I can help budding protocol analysts and perhaps show interesting tricks-of-the-trade to veteran users. To become good in this field, it takes a fair amount of practice. It takes practice to know how to capture the right data, where to capture the data, what filters to use, and how to interpret the data.