How it works under the hood: A closer look at TCPIP and Winsock ETL tracing on Windows 7 and Windows 2008 R2 with an example

Hi there,   In this blog post, I would like to talk about TCPIP, Winsock ETL tracing a bit with an example to show you how powerful those tracing facilities could be when troubelshooting connectivity problems. Please note that it is to give you an idea about what kind of information could be retrieved from…

0

SCCM packages may be distributed slower than standard file copy (xcopy/Windows Explorer)

Hi there,   In this post, I’m going to mention about another issue where I helped a colleague of mine to troubleshoot an SCCM package distribution scenario. The problem was that package distribution to clients were visibly slower compared to standard file copy methods (like using xcopy, Windows Explorer etc). In the given setup, the…

3

SQL Browser may not be reachable through firewalls when it runs on a cluster

Hi there,   In this blog post, I would like to talk about a problem in which I was involved as a network engineer. The problem was that the SQL server instance name to port mapping wasn’t successfully done through a firewall if the SQL instance in question runs on a cluster. Let’s take a…

0

Bogus IP packets and Wireshark

Hi there,   In today’s blog post, I’m going to talk about an issue that I have come across several times while analyzing network traces with Wireshark. Let’s take the following example:   I apply the following filter on a network trace:   ip.addr==192.168.100.23 and ip.addr==192.168.121.51 and tcp.port==3268 and tcp.port==8081   And I get the…

6

How to decrypt an SSL or TLS session by using Wireshark

[Updated on 26th October 2013] The following blog post is the newer version of this blog post: http://blogs.technet.com/b/nettracer/archive/2013/10/12/decrypting-ssl-tls-sessions-with-wireshark-reloaded.aspx Hi there,   In this blog post, I would like to talk about decrypting SSL/TLS sessions by using Wireshark provided that you have access to the server certificate’s private key. In some cases it may be quite useful…

10

Why are local resources accessed slowly when loopback or local IP address is used whereas accessing the same resources over the network works fine?

Hi there,   In today’s blog post, I’m going to talk about a local resource access performance issue.   One of our customers reported that SQL server instances running on a Windows 2003 server were failing over to another node especially when CPU load on the server was high for a short period (like 5…

0

Effects of incorrect QoS policies: A story behind a slow file copy…

Hi there,   In this blog post, I’ll talk about another network trace analysis scenario.   The problem was that some Windows XP clients were copying files from a NAS device very slowly compared to others. As one of the most useful logs to troubleshoot such problems, I requested a network trace to be collected…

2

Where have those AFD driver related registry (DynamicBacklogGrowthDelta / EnableDynamicBacklog …) keys gone?

Hi there,   In today’s blog post, I’m going to talk about some registry keys that were removed as of Windows 2008. Recently a colleague raised a customer question about configuring the following AFD related registry keys on Windows 2008:   DynamicBacklogGrowthDelta EnableDynamicBacklog MaximumDynamicBacklog MinimumDynamicBacklog   Actually our customer was trying to implement the settings…

1

Does sqllogship.exe have anything to do with web servers in the internet? Story behind CRL check for certificates …

Hi there,   In today’s blog post I’m going to talk about a network trace analysis scenario where I was requested to analyze a few network traces to understand why a server was trying to contact external web servers when sqllogship.exe was run on it.   Our customer’s security team noticed that there were http…

0

Where are my packets? Analyzing a packet drop issue…

One of the most common reasons for network connectivity or performance problems is packet drop. In this blog post, I’ll be talking about analyzing a packet drop issue, please read on.   One of customers was complaining about remote SCCM agent policy updates and it was suspected a network packet drop issue. Then we were…

1