No one likes taking network traces, except maybe for Cisco heads and sick bastards (such as myself). Most people’s ears bleed the moment they hear the words “take a trace”. I’ve seen IT Admins resort to chicken bones and goat’s blood before having to fire up a packet sniffer. I honestly don’t know why they get such a bad rap (kinda like brussels sprouts), but often times seeing what’s happening on the wire is the ONLY way to resolve an issue.
Two popular flavors of packet sniffers (for the Windows crowd) are NetMon [aka ol’ battle axe] and WireShark [aka Ethereal… for the stubborn]. Both programs let you capture packets and filter results for better analysis. There is an art to reading a trace and those skills takes time to develop (like seeing Magic Eye pictures). Sadly, this steep learning curve keeps many away from these essential utilities.
Because of that, I’ve decided to share a couple of handy apps that can get you most of the same crucial info you’d get from NetMon, but with none of the internal bleeding.
PortQryUI
Sometimes you don’t need to see EVERYTHING running on the wire, you just want to poke a remote system in some very specific places *wink*. Telnet is a popular method to use, but it’s limited to a simple “yes you can’” or “no you can’t” response with little additional information. If you need more data you usually go with the old standby portqry, but did you know there was a graphical version of it? PortQryUI is the often overlooked 2nd download link on the PortQry KB article. For many Active Directory issues I found myself using this before even thinking about a trace.
The interface lets you run a batch of port queries based on common scenarios like Domains and Trusts, Exchange Server and SQL Service. You can even manually import your ranges without having to change over to the command line. The results display in an easy to read format at the bottom which can also be saved off to a file.
This was incredibly useful when troubleshooting issues over the phone with folks that had less than stellar IT skills. Just send them a link to the KB, have them download the app and rock n’ roll. There wasn’t even an installation needed, just an EXE to be run directly. For me it was the duct tape of network troubleshooting, good enough for solving 90% of the issues.
ieHTTPHeaders
Anyone who’s had to wrestle with website issues through a firewall knows how painful network traces can be in these situations. I wanted to jab pencils into my eyes instead of having to deal with OWA through ISA 2004 problems. Before you can even start troubleshooting, you have to filter out all the noise from the trace and THEN you start following the HTTP conversation. Deciphering those little codes was also a pain in the tuckus, especially if you didn’t deal with those kinds of issues on a regular basis (I used this site as a cheat sheet – w3.org Status Code Definitions). So what could you do other than bite the bullet?
When I stumbled upon this beauty of a plugin I almost cried out “Hallelujah!”. ieHTTPHeaders is exactly what you need without all the hassle of a trace. This sucker plugs right into IE (which is what you’ll be troubleshooting 99% of the time in a corporate environment) and is leveraged through an easy to hide toolbar.
It provides a real time display of the HTTP packets as you access the website, all the pertinent information is easily viewable and the results can be saved to a file. I cut my troubleshooting time in half with this sweet piece of code.
Are there any utilities you use to get around the dreaded network trace? Feel free to share your tips & tricks in the comments.
——————————
Let me introduce myself, I’m Gabriel Novo, the WordPress monkey helping Ed keep this blog afloat. When I’m not busy being a nerd you can also find me over at Cuban Nomad. Ed told me if I don’t post more often I’ll get the hose again, so expect to see more of me in the near future.
You might also enjoy:
