Packet Detectives Episode 1: The Case of the Retransmissions

Original Entry by : Endace

Demystifying Network Investigations with Packet Data

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

As I talk to security analysts, network operations engineers and applications teams around the world a common theme regularly emerges: that troubleshooting security or performance issues with log or flow data alone just doesn’t cut it.

Most folks report spending way too many hours troubleshooting problems only to realize they just don’t have enough detail to know exactly what happened. Often this results in more finger pointing and unresolved issues. Too much time spent investigating issues also causes other alerts to start piling up, resulting in stress and undue risk to the organisation from a backlog of alerts that never get looked at.

On the other hand, those that use full packet capture data to troubleshoot problems report significantly faster resolution times and greater confidence because they can see exactly what happened on the wire.

Many folks I talk to also say they don’t have the expertise necessary to troubleshoot issues using packet data. But it’s actually much easier than you might expect. Packet decode tools – like Wireshark – are powerful and quite self-explanatory. And there’s tons of resources available on the web to help you out. You don’t need to be a mystical, networking guru to gain valuable insights from packet data!

Getting to the relevant packets is quick and easy too thanks to the EndaceProbe platform’s integration with solutions from our Fusion Partners like Cisco, IBM, Palo Alto Networks, Splunk and many others. Analysts can quickly pivot from alerts in any of those tools directly to related packet data with a single click, gaining valuable insights into their problems quickly and confidently.

To help further, we thought it would be useful to kick-off a video series of “real-world” investigation scenarios to show just how easily packet data can be used to investigate and resolve difficult issues (security or performance-related) in your network.

So here’s the first video in what we hope to make a regular series. Watch as industry-renowned SharkFest presenter and all-round Wireshark guru, Betty Dubois, walks us through investigating an application slow-down that is problems for users. The truth is in the packets …

We hope you find this video useful. Please let us know if you have ideas for other examples you’d like to see.


On decreasing incident response time

Original Entry by : Boni Bruno

Seems like security incidents are occurring more often with mild to significant impact on consumers and various organizations, such as Target and Sony.

Referring to the Verizon Data Breach Report year after year confirms that incident response times to such incidents are increasing, rather than decreasing, with root cause identification of the problems not occurring for months after the security incident in many cases. This can cause a pessimistic view among many security teams, however, there are a lot of good things happening in the security space that I want to share with you.

Continue reading “On decreasing incident response time”


Network (In)Visibility Leads to IT Blame Game

Original Entry by : Mike Heumann

Significant changes in the structure and use of IT, including such seismic trends as Bring Your Own Device (BYOD), virtualization and cloud computing, have introduced new challenges to IT administrators and staff. Added layers of complexity require new skill sets and knowledge bases as well as tools to effectively run a modern enterprise network. This raises a few questions about how IT teams are coping with the changes.

Continue reading “Network (In)Visibility Leads to IT Blame Game”


Protecting what is of value isn’t always about dollars and cents

Original Entry by : Brett Moorgas

When you think of the cost of a security breach in your network, the immediate thought is often a dollar amount; for example how much money has the breach caused in lost sales? Consequently, many think that private enterprises are the only ones that are prone to be at risk for attacks on their networks. The fact is public sector, educational institutions and non-profit organisations are just as much at risk and the potential costs are both great and varied.

Continue reading “Protecting what is of value isn’t always about dollars and cents”


Make Sure March Madness Doesn’t Live Up to its Name

Original Entry by : Mike Heumann

Last month, we talked about how to keep the Winter Olympics from clogging up your networks as employees raced to stream live events during the workday.  Well, in the U.S., today and tomorrow are two of the biggest sports streaming days of the year.  Although we’ve already seen some play-in games this week, when Ohio State and Dayton tip-off this afternoon in the NCAA Men’s Basketball Tournament, the annual “madness” repeats itself all over again. This is because this next slate of games will run almost continually over the coming 36 hours, mostly during regular business hours.  And let’s be honest, most of us want to sneak a peek at the scores and witness some of the thrilling upsets that happen every year.

Continue reading “Make Sure March Madness Doesn’t Live Up to its Name”


How to Keep Sochi From Sucking Up Bandwidth

Original Entry by : Mike Heumann

The Sochi Winter Olympics are officially underway, and as you may have seen, NBC will once again be providing viewers access to live streaming in a multitude of mediums. On the NBC Olympics page, computer users can enter their cable or digital television provider personal user name and password and watch live video of the events. Mobile viewers can also download the free NBC Live Extra App. The iPhone, Droid and iPad app will have live and recorded events, and on demand HD video.  And for the first time, NBC Universal will stream video on Facebook as part of a partnership deal with the social media giant.

Continue reading “How to Keep Sochi From Sucking Up Bandwidth”


Tools, Tools, and more Tools…introducing the Endace Fusion Program

Original Entry by : Sri Sundaralingam

Large enterprise customers are struggling to leverage and get better return on investment from various Network Operations (NetOps) and Security Operations (SecOps) tools. In a recent end user study we conducted, large enterprise organizations (banks, eCommerce companies, healthcare organizations, managed service providers) have in the order of 100+ tools deployed among NetOps and SecOps teams. We had a chance to closely observe both NetOps and SecOps analysts, their workflow, and how they leverage some of the common tools. Immediately one pattern jumped out – every analyst has their favorite set of tools and a particular workflow!

Continue reading “Tools, Tools, and more Tools…introducing the Endace Fusion Program”