WIRESHARK FILTER

I need a solution

Hello everyone, how are you?

I have a doubt:

Here, when one person try to access some websites, he has a big delay… I did a trace file, where I have “Transaction timing: total-transaction-time 78050 ms” and I did a wireshark capture, but I don’t know how to analyse this wireshark capture haha.

Do you know which filter I can use to analyse this better?

Tks in advance!

0

Related:

  • No Related Posts

VDA registration failure over WAN

Collected Wireshark traces from VDA and DDC simultaneously while restarting the Citrix Desktop Service on VDA.

Found below highlighted things were modified by Riverbed device before network packets reaches from VDA to DDC

1. Sequence number was changed.

2. Packet payload length was modified.

3. Riverbed probe was added to the TCP options

4. Packet was detected by Wireshark as malformed packet.

VDA Snippet

User-added image

DDC Snippet

User-added image

Related:

Re: ESRS Network Connectivity (NAT)

Hi,

Sometimes the network check is reporting incorrect results. A meaningful test from the VM itself would be a

curl -v -k https://esrs3.emc.com

curl -v -k https://esrs3-core.emc.com

if these two work (the second will probably end in a SSL handshake failure, but SSL handshake will at least be started), please follow fix 1 in KB article 503235 to be able to skip the network check. There will be an option in the GUI to skip the network check in a future version, unfortunately not in 3.32 yet.

If provisioning does not work, indicating a real issue with the network connectivity, please open a SR with support to get assistance.

Regards

Frank

Related:

Upgrading Workload Balancing with Internet Access

Upgrading with the Internet requires that you download GNU wget, an HTTP retrieval utility. You also need to download a Python script that configures a repository (add-repo.py) on your virtual appliance.

To upgrade Workload Balancing in environments with Internet access

1. If you have not done so already, log in to the Workload Balancing appliance you want to upgrade as described in Section 8.1.1, “Logging in to the Workload Balancing Virtual Appliance”

2. Install GNU wget so you can retrieve the upgrade repository installation script using HTTP:

a. From the bash prompt, run the following command:

yum install wget

b. During installation, wget Setup asks you to accept various prompts, such as the size of the download package and the CentOS key. Type y when prompted.

3. When the wget installation is complete, download “add-repo” script by running the following command:

wget http://updates.xensource.com/XenServer/WLB/6.5/add-repo.py

When this command finishes running, a message appears stating the ‘add-repo.py’ script is saved.

4. At the bash prompt, run the following command to create the upgrade repository on the Workload Balancing appliance:

python add-repo.py

After the script finishes, the output states “Done.”

5. Do one of the following to upgrade your Workload Balancing virtual appliance:

• To upgrade both CentOS and Workload Balancing, run:

yum update

• To upgrade Workload Balancing only, run:

yum update citrix-wlb

• To upgrade CentOS only, run:

yum update –disablerepo=citrix-wlb

6. After upgrading either CentOS or Workload Balancing or both, restart the Workload Balancing virtual appliance.

Note:

After upgrading CentOS, the operating-system time changes from Coordinated Universal Time (UTC) to the local time zone. One side effect of this change is that the timestamps in the Workload Balancing log file (LogFile.log) also change from UTC time to local time. If you want to change the system time back to UTC time, run the following command in the Workload Balancing virtual appliance: rm -rf /etc/localtime.

Related:

7023345: Locked out of Filr Management Web UI due to certificate problems.

This document (7023345) is provided subject to the disclaimer at the end of this document.

Environment

Micro Focus Filr

Situation

None of the https (Secure HTTP) pages can load from the Filr server due to a problem with the certificate.
This scenario creates a problem because the solution is to manage the certificates, but the tool to manage the certificates (HTTPS port 9443) is inaccessible until the certificate problem is resolved.

Resolution

Reset the Filr certificate to a new Self-Signed Certificate using the CLI.

Paste the following string of commands in a terminal session (putty or other tool):

rcfilr stop;rcnovell-jetty stop;mv /vastorage/conf/certs/keystore /vastorage/conf/certs/keystore-backup;mv /vastorage/conf/certs/keystore.db /vastorage/conf/certs/keystore.backup;wget -P /tmp https://support.novell.com/Platform/Publishing/images/va_firstboot_setupCerts.sh;chmod +x /tmp/va_firstboot_setupCerts.sh;/tmp/va_firstboot_setupCerts.sh;rcnovell-jetty start;rcfilr start

Note: If you cannot SSH to the server, run the following command at the terminal through a VMware tool:

rcsshd start

If you want a 3rd party certificate applied to the server, you can configure that after running the above string of commands. When configuring that, keep the self-signed_cert configuration within the Digital Certificates -> Web Application Certificates tool. Be sure to set the new 3rd party certificate as Active.

Cause

This problem could be the result of either:

  1. Uploaded a new certificate and rebooted the server prior to setting it as Active.
  2. The server powered up after a power outage. Secure Connection Failed is returned when attempting to load Secure HTTP pages.
  3. Some other problems with certificates.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

7015122: How to use Dumpcap to capture a rolling packet trace

This document (7015122) is provided subject to the disclaimer at the end of this document.

Environment

Novell Client 2 SP3 for Windows

Situation

For intermittent problems, it can be impossible to predict when and where the problem may next occur.

Need to gather LAN packet trace information over a long period of time.

Resolution

The Wireshark command line utility called ‘dumpcap.exe’ can be used to capture LAN traffic over an extended period of time. Wireshark itself can also be used, but dumpcap does not significantly utilize the computer’s memory while capturing for long periods of time. By configuring dumpcap to use a ring buffer, you can capture a large number of packets over a long period of time without adversely impacting the performance of the workstation running dumpcap.

Dumpcap can be run on a machine which might experience the problem, or on a second machine. If on a second machine, it is necessary to place the machine running dumpcap in the collision domain of the target workstation. This will require a dumb hub or a visible / mirrored port on a switch.

Note: Choose the “Run as Administrator” option when launching the CMD.EXE session which will run Dumpcap.exe.

A typical syntax is:

c:”Program Files”Wiresharkdumpcap.exe -i <interface> -s 1518 -w <somename>.cap -b filesize:16384 -b files:256 -f “host xxx.xxx.xxx.xxx”


This command will create a series of 256 files (-b files:), each size 16384 KB (-b size:), with packets truncated at 1518 bytes (-s 1518). The files will follow the naming convention and be located in the path designed after the -w parameter. If you just have one interface, the -i <interface> switch can be omitted. You can see a list of your interfaces (1, 2, 3, etc.) by running dumpcap with the -D parameter. The -f parameter is used only if tracing from a second machine. Substitute the IP address of the machine seeing the problem.

For example:
c:”Program Files”Wiresharkdumpcap.exe -i 1 -s 1518 -w c:tracesSR12345678.cap -b filesize:16384 -b files:256 -f “host 192.168.1.1”
This command will capture packets on interface 1 (as displayed in “dumpcap.exe -D”) and will create a series of 256 files, each of size 16384 KB, with packets truncated at 1518 bytes. The files will follow the naming convention “SR12345678” and be located in the c:traces directory. The packets will be filtered to include traffic on 192.168.1.1.
See dumpcap.html in the Wireshark download package (available from wireshark.org) for additional information about dumpcap and its command line parameters.

Additional Information

See also TID 3892415, “How to use Wireshark to capture a packet trace.”

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related: