FWIW, Looks like the ISP was at fault. While they (ISP) won't tell us what they did specifically, they did mention 'adjusted some routing' and hmm well, things are very much improved and working as expected suddenly. Wish I knew what they did or what they changed...
J -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Friday, October 07, 2011 7:39 AM To: NT System Admin Issues Subject: RE: strange hosted app issue Yeah Ngrep and Wireshakr Pcap files, you can basically dig a lot out of network traffic and be on your way to figuring out what this POS app is doing to you. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, October 06, 2011 12:12 AM To: NT System Admin Issues Subject: Re: strange hosted app issue +1 billion... On Wed, Oct 5, 2011 at 20:58, Steve Kradel <[email protected]> wrote: > Without knowing any detail at all about this situation, my first > instinct would be to fire up Wireshark and observe what protocols and > patterns the client and server use to communicate. Perhaps someone > has decided to brew up an UDP-based RPC protocol "because it's > faster"... and which poops itself on a congested network. Almost > anything is fair game if this thing is "thicker" than a web app. > > Read enough Wireshark captures and it will start to make sense to > you--and you'll learn a lot about all sorts of (eventually) useful > topics along the way. > > --Steve > > On Wed, Oct 5, 2011 at 5:29 PM, [email protected] > <[email protected]> wrote: >> some good info here edward, thanks. i will look at the fiddler app you >> mentioned. >> >> i've also used wireshark from time to time, but have a hard to following >> the network conversations and have it provide anything meaningful to me >> (due to lack of knowledge of what to be looking for in the conversation). >> I've used wireless successfully for determine issues with ping/dhcp, etc. >> but, for application monitoring, there's where my knowledge level isn't >> quite as handy when looking at wireshark. >> >> but good info here nonetheless, appreciate it. >> >> >> Original Message: >> ----------------- >> From: Ziots, Edward [email protected] >> Date: Wed, 5 Oct 2011 16:15:46 -0400 >> To: [email protected] >> Subject: RE: strange hosted app issue >> >> >> OK if the apps is hosted on the internet, is it safe to assume it's a >> web-based application? If so, it probably invokes Java on the >> workstation to do some of its function. Java, Unfortuntely, is a >> notorious PIG of an application, which could be leading to some of your >> application issues ( especially if the code being called within the web >> session and interacting with the java instance to do its bidding isn't >> optimized) >> >> You can look at the web-traffic happening on a client by using the >> FIDDLER HTTP Debugging Browser plugin for IE/Firefox, >> >> www.fiddler2.com >> >> Which if it's a web application will let you know exactly what is >> happening in the browser, and the response from the server ( or if you >> are seeing 400x or 500x errors ( Client side and Server side issues) >> >> The other thing you will probably want to put on a representative >> workstation is Wireshark, and do a sniff while you are working with the >> web application, and see if you are getting timeouts, a high number of >> retransmissions, or resets ( which means you got congestion, bandwidth >> issues, drive issues, packet loss etc etc, that you need to deal with at >> Layer 2-3, before you really see what is happening at layer 7) >> >> Also the thing you really need to see is what the traffic metrics and >> types for what is coming in and out of the internet pipe ( maybe using >> NTOP or other bandwidth analysis tools) which could give some insight >> about the traffic types, and the source IP's. Could be a lot of >> bit-torrent activity or dropbox, or Audit Streaming, or Malicious >> malware based traffic ( someone is using you as a amplifying site, or >> with Skype you might have just become a SUPERNODE and others are pointed >> your way which you might not know) >> >> Again a lot of possibilities, I am sure these aren't the only things you >> could look at but it's a good start. >> >> Z >> >> >> Edward E. Ziots >> CISSP, Network +, Security + >> Security Engineer >> Lifespan Organization >> Email:[email protected] >> Cell:401-639-3505 >> >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> Sent: Wednesday, October 05, 2011 2:26 PM >> To: NT System Admin Issues >> Subject: strange hosted app issue >> >> Finding this issue to be a bit perplexing. >> >> Have an application that is hosted on the internet. App uses a java >> interface run on the client machines (both PC and Mac and even iPads). >> The >> app sometimes takes forever to load up and users often get booted from >> it >> during normal use of the app (if they can even get into the app). Using >> the hosted app off-hours never shows any slowness. >> >> The internet pipe is 10mb up/down. Their doesn't SEEM to be an issue >> with >> bandwidth conjestion, but we're still determining that (customer had NO >> tools in place to monitor that traffic - live). When people are having >> problems running that application, they can still browse anything else >> on >> the internet without problem -- which makes it seem like bandwidth isn't >> an >> issue, possibly. >> >> The customer even tried swapping out to a different firewall for test >> purposes, and completely removing the web filter too. Neither helped. >> >> Aside from bandwidth, is there anything else worth looking at here? >> Something overlooked? App provider isn't helpful as the site in quetion >> is >> the only place experiecing the issue it seems. Perhaps trying a >> different >> java version, etc.? Grasping straws. Thanks! >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
