Heroes of Packet Analysis Quiz

Enter the competition and match your skills to those of the Packet Analysis Heroes! Answer all questions correctly for a chance to win a $500 Amazon Gift Card.

Navigate through the questions by clicking on the numbers below.

1   |   2   |    3   |   4   |   5   |   6   |   7   |   8   |   9   |   10   |  11   |  12   |   13   |   14

12: What clues can we offer around the synchronization failures?

Question Background:

Two database servers in a hospital synchronize with each other 7x24, updating each other on the flow of lab results; clinicians then consult these lab results to make care decisions. Intermittently, this synchronization process fails for hours at a time, requiring manual intervention to restore. The databases speak the HL7 protocol, a protocol for which Wireshark does not contain a dissector: Wireshark can only show us Layers 1-3.

Download the pcap file › 


Click on the image to zoom in.

A. The TCP Stack inside 10.10.80.102 contains a bug which caused it to miscalculate where it was in the TCP stream (TCP Ack arithmetical error), breaking the TCP conversation.
B. The TCP Layer is fine, which suggests that the Network is correctly transmitting frames; look for bugs in the Client’s or Server’s implementation of HL7.
C. The Network dropped a huge number of frames between 604 and 605; look for a major Network outage during that period.
D. This pcap is flawed: the Packet Analyzer dropped a huge number of frames between 604 and 605, causing Wireshark to misinterpret what it sees. Capture again, but this time use a hardware analyzer, like a ProfiShark, to reduce the chances of dropping frames.

Who asked the question:

Stuart Kendrick

System Engineer at Allen Insitute

Stuart has functioned as both ITIL Problem Manager and Problem Analyst, provided 3rd tier support, and contributed to design efforts. He writes and maintains an enterprise network and device management and monitoring application (the Netops Toolkit).

Specializing in transport, monitoring, and packet analysis, he provides mentoring and communication training, teaches Root Cause Analysis workshops, and coordinates the efforts of multiple groups interacting with multiple vendors to solve problems or design solutions. He also runs skendric.com.

Read his White Papers › In-Line Tapping in the Data Center

Please choose your answer via the form.

Answer *:(* required fields)

Answer all questions correctly for a chance to win a $500 Amazon Gift Card.

Join the conversation

Find us on one of the following social platforms to get a sneak peek into the network monitoring world.

Be Part of the Team

We are always on the lookout for passionate people, who are open to change and innovation.
Check the Careers Page

Our Blog

Find the latest insights on network monitoring & analysis so you know which solution suits you best.
Check the Latest Insights