The stopped shaping the traffic? :-) On Mon, Oct 10, 2011 at 8:12 PM, Jesse Rink <[email protected]> wrote:
> FWIW, > Looks like the ISP was at fault. While they (ISP) won't tell us what they > did specifically, they did mention 'adjusted some routing' and hmm well, > things are very much improved and working as expected suddenly. Wish I knew > what they did or what they changed... > > J > > > > -----Original Message----- > From: Ziots, Edward [mailto:[email protected]] > Sent: Friday, October 07, 2011 7:39 AM > To: NT System Admin Issues > Subject: RE: strange hosted app issue > > Yeah Ngrep and Wireshakr Pcap files, you can basically dig a lot out of > network traffic and be on your way to figuring out what this POS app is > doing to you. > > Z > > Edward E. Ziots > CISSP, Network +, Security + > Security Engineer > Lifespan Organization > Email:[email protected] > Cell:401-639-3505 > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, October 06, 2011 12:12 AM > To: NT System Admin Issues > Subject: Re: strange hosted app issue > > +1 billion... > > On Wed, Oct 5, 2011 at 20:58, Steve Kradel <[email protected]> wrote: > > Without knowing any detail at all about this situation, my first > > instinct would be to fire up Wireshark and observe what protocols and > > patterns the client and server use to communicate. Perhaps someone > > has decided to brew up an UDP-based RPC protocol "because it's > > faster"... and which poops itself on a congested network. Almost > > anything is fair game if this thing is "thicker" than a web app. > > > > Read enough Wireshark captures and it will start to make sense to > > you--and you'll learn a lot about all sorts of (eventually) useful > > topics along the way. > > > > --Steve > > > > On Wed, Oct 5, 2011 at 5:29 PM, [email protected] > > <[email protected]> wrote: > >> some good info here edward, thanks. i will look at the fiddler app you > >> mentioned. > >> > >> i've also used wireshark from time to time, but have a hard to following > >> the network conversations and have it provide anything meaningful to me > >> (due to lack of knowledge of what to be looking for in the > conversation). > >> I've used wireless successfully for determine issues with ping/dhcp, > etc. > >> but, for application monitoring, there's where my knowledge level isn't > >> quite as handy when looking at wireshark. > >> > >> but good info here nonetheless, appreciate it. > >> > >> > >> Original Message: > >> ----------------- > >> From: Ziots, Edward [email protected] > >> Date: Wed, 5 Oct 2011 16:15:46 -0400 > >> To: [email protected] > >> Subject: RE: strange hosted app issue > >> > >> > >> OK if the apps is hosted on the internet, is it safe to assume it's a > >> web-based application? If so, it probably invokes Java on the > >> workstation to do some of its function. Java, Unfortuntely, is a > >> notorious PIG of an application, which could be leading to some of your > >> application issues ( especially if the code being called within the web > >> session and interacting with the java instance to do its bidding isn't > >> optimized) > >> > >> You can look at the web-traffic happening on a client by using the > >> FIDDLER HTTP Debugging Browser plugin for IE/Firefox, > >> > >> www.fiddler2.com > >> > >> Which if it's a web application will let you know exactly what is > >> happening in the browser, and the response from the server ( or if you > >> are seeing 400x or 500x errors ( Client side and Server side issues) > >> > >> The other thing you will probably want to put on a representative > >> workstation is Wireshark, and do a sniff while you are working with the > >> web application, and see if you are getting timeouts, a high number of > >> retransmissions, or resets ( which means you got congestion, bandwidth > >> issues, drive issues, packet loss etc etc, that you need to deal with at > >> Layer 2-3, before you really see what is happening at layer 7) > >> > >> Also the thing you really need to see is what the traffic metrics and > >> types for what is coming in and out of the internet pipe ( maybe using > >> NTOP or other bandwidth analysis tools) which could give some insight > >> about the traffic types, and the source IP's. Could be a lot of > >> bit-torrent activity or dropbox, or Audit Streaming, or Malicious > >> malware based traffic ( someone is using you as a amplifying site, or > >> with Skype you might have just become a SUPERNODE and others are pointed > >> your way which you might not know) > >> > >> Again a lot of possibilities, I am sure these aren't the only things you > >> could look at but it's a good start. > >> > >> Z > >> > >> > >> Edward E. Ziots > >> CISSP, Network +, Security + > >> Security Engineer > >> Lifespan Organization > >> Email:[email protected] > >> Cell:401-639-3505 > >> > >> > >> > >> -----Original Message----- > >> From: [email protected] [mailto:[email protected]] > >> Sent: Wednesday, October 05, 2011 2:26 PM > >> To: NT System Admin Issues > >> Subject: strange hosted app issue > >> > >> Finding this issue to be a bit perplexing. > >> > >> Have an application that is hosted on the internet. App uses a java > >> interface run on the client machines (both PC and Mac and even iPads). > >> The > >> app sometimes takes forever to load up and users often get booted from > >> it > >> during normal use of the app (if they can even get into the app). Using > >> the hosted app off-hours never shows any slowness. > >> > >> The internet pipe is 10mb up/down. Their doesn't SEEM to be an issue > >> with > >> bandwidth conjestion, but we're still determining that (customer had NO > >> tools in place to monitor that traffic - live). When people are having > >> problems running that application, they can still browse anything else > >> on > >> the internet without problem -- which makes it seem like bandwidth isn't > >> an > >> issue, possibly. > >> > >> The customer even tried swapping out to a different firewall for test > >> purposes, and completely removing the web filter too. Neither helped. > >> > >> Aside from bandwidth, is there anything else worth looking at here? > >> Something overlooked? App provider isn't helpful as the site in quetion > >> is > >> the only place experiecing the issue it seems. Perhaps trying a > >> different > >> java version, etc.? Grasping straws. Thanks! > >> > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
