tap toons: the student has become the network master - part 1
TRANSCRIPT
TAP Toons
Sr. Engineer
Network Newbie
Hmm, how did you get the data?...let me take a look.
Hey Jacob, I am getting complaints about the quality of our voiceover IP service. Wireshark and Nmap aren’t showing anything out of the ordinary. Any ideas?
Wait, are we not using a TAP? What is feeding the VoIP monitors?
No, straight from the SPAN ports
Oh, you know we can’t do that right? We probably need to add this to our best practice policy for critical links.
0.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 Oxid8e (7454) 227 80 > 69003 [ACK].0.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 0.263369000 192.9.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].1.000123000 14 0.000009000 50.69.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 Oxid8d (7454) 227 80 > 69003 [ACK].0.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 50.69.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].1.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 0.000009000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].1.000123000 14 0.263369000 192.9.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].
Filter:
0.000123000 14 0.000009000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].1.000123000 14 0.263369000 192.9.197.201 192.192.1.112 80 63009 TCP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].0.000123000 14 0.263369000 50.69.197.201 192.192.1.112 80 63009 HTTP 60 65569 1 290 Oxidie (7454) 227 80 > 69003 [ACK].
File Edit View Go Capture Analyze Statistics Telephony Tools Internals Help
Transmission Control Protocol, Src Port: 60045 (60045), Ost Port 80 (80). Seq 1, Ack: 1, Len: 269Destination port: 80 (80)(Stream index: 14)Sequence Number: 1Flags: 0x018 (PSH, ACK)000....... ..... ..... = Reserved...0 ...... ...... .... = Nonce: Not Set
0000 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0010 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0020 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0030 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0040 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0050 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0060 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...0060 C8 d7 19 21 b7 ec 00 1C 25 99 db 85 00 ...!.....#......%..&...See, this isn’t real time data, I’m seeing dropped frames,
out-of-line packets, this isn’t accurate data flow Rob.
Maybe in bizzaro world. You know Cisco just made them to QA test in manufacturing right?
....So I guess SPAN isn’t always best practice?
Next time, just remember....a network TAPprovides one hundred percent of the data!
I got it, I got it....SPAN bad....TAP good
T E C H N O L O G Y
See every bit, byte and packet®
For more visit: GarlandTechnology.com