Does Your Switch Hinder Diagnosis?

Visibility is a Diagnostic Necessity

Network Protocol Dissection
Figure 1. Capturing frames is a prerequisite to protocol analysis. Protocol analysis is often a prerequisite to understanding the nature of the problem. Maximize your diagnostic potential.

It is hard to imagine a greater diagnostic impediment, than the inability to visualize what is happening on the wire.  Intelligent switching platforms provide features that facilitate the visualization of frames as they ingress and egress switch ports.  Cisco IOS switches provide the Switched Port Analyzer (SPAN) feature, sometimes referred to as port mirroring or port monitoring by other vendors, offering similar capabilities.  The SPAN feature enables you to define a group of source ports that are to be mirrored on a destination port for analysis, with a protocol analyzer such as Wireshark.  There are numerous other features within the IOS feature set that are advantageous, when trying to diagnose network issues, but SPAN invokes passion, and is particularly worthy of our attention.

The pairing of SPAN with a protocol analyzer provides the ability to identify issues conveyed in Internet Control Message Protocol (ICMP) messages; observe Transmission Control Protocol (TCP) connection setup (3-way handshake); observe Transport Layer Security (TLS) cipher suite negotiations (Fig. 1), to name just a few.  An all-inclusive list would be exhaustive!  Note the exclamation mark, we rarely use them.  In a broader context, it provides the ability to diagnose connectivity issues, investigate performance concerns, perform security monitoring / analysis ...


Technical Investment

Visualization of network traffic is a stepping stone to interpretation and diagnosisWithout this ability you are more likely to flail about, as you seek understanding of your predicament.  If you’re a network administrator you should be familiar with Wireshark, or another protocol analyzer, as protocol analysis is a common starting point for diagnosis.  Of course, you also need to develop an understanding of the protocols you’re trying to analyze, and that takes time.  If you’ve not yet started, do so.  Wireshark is multi-platform, and free.


Hardware Investment

Business operations deserve to be run on hardware worthy of the responsibility.  Far too many businesses under invest in the capabilities of their hardware.  If you choose hardware that does not facilitate the visualization of network traffic, you are impeding your support staff’s diagnostic potential.  With appropriate investment, you can reduce your time-to-resolution, and sustain critical business functions.  Invest wisely.

last modified: 2017.03.24, 19:02 -0400