When solving network problems, intermittent problems are the most difficult to solve. It can take weeks to try to catch the problem only when it does. There are four key steps to solving intermittent problems. First, you must enter the path of the packet. Secondly, you need to be able to capture for a long time to make sure you don't miss the problem. Finally, you need a way to determine when the problem occurs so that you can track down and find problem packets. Read on to learn how to use IOTA 1G to reliably find the source of these problems.
1. Access and capture data packets
The first step in setting up IOTA to capture packets is to configure the capture port in inline mode. Log in to IOTA and turn off SPAN mode to put it into inline mode.
Inline IOTA 1G between the client PC and other networks. IOTA 1G supports full line speed and full duplex gigabit traffic. Not only can it capture traffic, but TAP is fault-tolerant. Therefore, if IOTA loses power for any reason, it will continue to pass data packets between the computer and the rest of the network.
After placing IOTA on the wire, press the button to start capturing all packets. With IOTA, all data can be stored for a long time. This is important to successfully resolve intermittent problems because it is difficult to detect when the problem will occur, and a small capture buffer will also reduce the time window. IOTA also built a 1TB SSD hard drive. For an average computer, this means that data can be captured for days or weeks without any data loss. When the packets are captured, IOTA is writing them to files and storing metadata for each traffic in a searchable database.
2. Find problems quickly
In the past, the person who had this problem had to write down the date and time when the problem occurred. This is very unreliable. A better way to mark the capture to show when the problem occurred is to place a shortcut on the desktop, which will send a ping packet every time the person in question clicks, and then search for the captured packet later. Know when the problem occurred.
3. In-depth view of packet marking
Let's see how to find the marker and extract the packet to analyze it in Wireshark. Just start looking at a 24-hour period, and there will be a lot of collected data. By setting a filter on the IP address of the marked frame, you will be able to find the marked packet and see exactly when the client clicked the shortcut. Use the mouse to zoom in 10 minutes before marking and 10 minutes after marking, you can see the situation before and after the problem occurs.
Then, delete the tag filter and set a filter on the IP address of the device in question. It's as simple as clicking the magnifying glass next to the IP address. After correct completion, you will only have 110MB of traffic through the network during this time. Click Download pcap to extract the data packets entering and leaving the problem computer during this time period to your computer.
4. Analyze the captured data packet in wireshark
Next, open the trace file in Wireshark, and by applying an IP address filter to the trace file, you will find marked packets. In this example, the first marking occurred at frame 22069. This is where you should start looking at the trace file. Click on the frame and remove the filter to see all traffic between the client computer and the rest of the network captured by IOTA. Just track the information before the mark to find the problem.
IOTA helps find the root cause of intermittent problems by entering the path of capturing data packets at full line rates, providing a simple means to filter out problematic data packets, and easily extract these data packets for network traffic analysis.