SharkFest'24 US

Monitoring and Troubleshooting Without Packet Traces
06-18, 11:45–12:45 (America/New_York), Great Falls

"Packets Never Lie" has been a phrase that I have lived by for many years, and the ability to tease out root causes of application and network issues with packet data has been a key to my career. But with the move to more data in the cloud and [S,A,I,N]aaS deployments, the ability to capture or monitor at the packet level has been curtailed. I have been working on multiple efforts to obtain key data about network-related incidents and behavior from other sources, primarily from log sources. Proxy, firewall, VPN, application and the more elusive cloud and SAAS logs have all provided insight into network health and fed into incident support. In this presentation, I will share how I have used proxy logs to measure ongoing RTT, VPN logs to measure network hiccups, firewall logs to measure connectivity failures and cloud flow logs to identify security configuration errors. How to trust these data sources? Validation of these approaches with packet traces and Wireshark.

Chris is a network engineer and packet analysis expert, currently working network operations at Capital One. Chris has previously worked at OPNET/Riverbed, first as a developer, and later in professional services. In OPNET, he developed and led the STAR24 service, providing a quick response, guaranteed, application and network performance troubleshooting service. This experience has carried through to Capital One, where he provides network monitoring visibility, incident analyses and network architecture support. Recent efforts include replacement of network visibility solutions, supporting our now-completed zero datacenter migration and COVID/WFH engineering.