In this short series of videos we'll look at troubleshooting a slow response time problem using PCAP traces, Wireshark and markers.
Imagine you work in the network support team at a prestigious university. Users are complaining that the core administration system intermittently hangs.
Perhaps you already have some high capacity network recorders, or you could capture for long periods using dumpcap configured with a ring buffer. The trouble is that the problem is random and the users rarely accurately report the time of the problem. That means that you may need to study several million trace entries.
Trace marking is a simple but powerful technique that provides a signpost in a network trace file. By injecting a packet with unique characteristics just after a problem occurs, we can quickly find the problem area in a trace file.
In this video we demonstrate how a user can inject a marker immediately after a system hang. In future videos we will show how to find these markers and how to determine what's causing the problem.