1
00:00:00,000 --> 00:00:08,477



2
00:00:08,477 --> 00:00:11,571
Ok, for our next section, we will be discussing

3
00:00:11,563 --> 00:00:14,190
 I/O graphs, input/output graphs.

4
00:00:14,206 --> 00:00:19,925
So basically, first let's talk about input and output.

5
00:00:19,925 --> 00:00:25,242
So when we talk about computers or systems or

6
00:00:25,242 --> 00:00:30,020
routers or data, things go in and things go out.

7
00:00:30,020 --> 00:00:37,776
Commonly, CISCO engineers would like
 to talk about FIFO - first in, first out.

8
00:00:37,768 --> 00:00:43,930
There's a lot of reference to, 
when you look at disc utilization,

9
00:00:43,930 --> 00:00:50,520
the I/O of the disc, in and out, 
the speed of the disc.

10
00:00:50,530 --> 00:00:56,421
There's so many references to I/O 
but in the Wireshark world

11
00:00:56,421 --> 00:01:08,331
I/O is referenced as a way to view 
statistical data about your network -

12
00:01:08,327 --> 00:01:16,157
the input and output data on your network
found in the statistical menu, statistics menu.

13
00:01:16,154 --> 00:01:23,829
The I/O graph is a tool which allows you to view
the input and output of data on your network

14
00:01:23,829 --> 00:01:27,779
for the time of capture. So what you captured,

15
00:01:27,779 --> 00:01:32,937
your packets from 1 to 
however many packets you captured

16
00:01:32,937 --> 00:01:36,764
the I/O graph will show you that entire capture 

17
00:01:36,764 --> 00:01:44,685
on an x and y axis, 
specifically the amount of data 

18
00:01:44,682 --> 00:01:48,586
and you can run filters on it to view it in different ways.

19
00:01:48,598 --> 00:01:58,279
So the I/O as seen in the graphic here,
I put some basic filters in.

20
00:01:58,270 --> 00:02:04,145
We'll do a live showing of this 
so that you can get more feel for it but

21
00:02:04,145 --> 00:02:08,694
you can put up to 5 graphs in and you can change 

22
00:02:08,701 --> 00:02:11,726
your x and y axis to basically show

23
00:02:11,733 --> 00:02:18,889
the input and output of the entire capture
and how it relates to the actual y axis.

24
00:02:18,888 --> 00:02:26,329
So, let's pull up Wireshark 
where I've already prepped one.

25
00:02:26,329 --> 00:02:33,415
In this capture, I basically had set it up in a way to show

26
00:02:33,415 --> 00:02:36,203
I looked at the protocol hierarchy

27
00:02:36,216 --> 00:02:40,470
and I saw that HTTP was the top talking protocol.

28
00:02:40,472 --> 00:02:50,212
And I looked from specifically in seconds,
from 0 out to the end what that looked like

29
00:02:50,212 --> 00:02:55,741
based on the y axis which was packets.

30
00:02:55,741 --> 00:02:59,132
So I'm looking at, and you have 
to know your x and y axis is

31
00:02:59,132 --> 00:03:02,259
specifically in seconds by packets.

32
00:03:02,259 --> 00:03:07,036
So, to very quickly understand this graph, 
all you need to do is

33
00:03:07,036 --> 00:03:10,533
put in what it is that you want to see,

34
00:03:10,533 --> 00:03:17,646
and then on the x and y axis configured 
specifically in this, the x axis -

35
00:03:17,643 --> 00:03:20,877
so I want to see it by 1 second
 if I wanted to see 10 seconds.

36
00:03:20,885 --> 00:03:23,333
It changes that view.

37
00:03:23,329 --> 00:03:26,722
If I want to see it in 1 minute, 
it changes that view.

38
00:03:26,722 --> 00:03:30,146
And so on, so I put it back to 1 second.

39
00:03:30,146 --> 00:03:37,975
And or I want to see packets on the y axis,
how many? Or bytes.

40
00:03:37,975 --> 00:03:44,038
So again, this just shows me statistically 
what it is that I want to see.

41
00:03:44,040 --> 00:03:46,892
And it shows me anomalies.

42
00:03:46,915 --> 00:03:51,643
So for example, I see a couple of spikes here 
at certain time intervals

43
00:03:51,643 --> 00:03:57,617
and that may be very relevant to, let's say,
for example, at those particular moments

44
00:03:57,631 --> 00:03:59,898
I had a performance degradation,

45
00:03:59,930 --> 00:04:03,169
I might be able to pull something out of this I/O graph

46
00:04:03,169 --> 00:04:05,145
that shows me specifically

47
00:04:05,145 --> 00:04:11,061
that in 1 second intervals at 60 something seconds,

48
00:04:11,061 --> 00:04:16,061
and when I review it by bytes,
I had a major surge of bytes 

49
00:04:16,081 --> 00:04:21,134
when using HTTP twice within this time period.

50
00:04:21,142 --> 00:04:27,660
I can change the look and feel.
So if, if I'm vision impaired,

51
00:04:27,672 --> 00:04:31,985
or if I want now to distinguish differences 
between what I see

52
00:04:32,022 --> 00:04:39,433
as HTTP or TCP or anything else, 
I can now change up what it looks like

53
00:04:39,447 --> 00:04:44,674
per filter so that I can now distinguish what it is that I see.

54
00:04:44,674 --> 00:04:49,043
In this filter, I took the top talkers
 from the protocol hierarchy.

55
00:04:49,043 --> 00:04:55,159
I selected HTTP, TCP, UDP, IP and net bios.

56
00:04:55,170 --> 00:05:00,019
And I plotted them with these filters on this I/O graph

57
00:05:00,048 --> 00:05:05,075
so I can see how they, 
how they, how much they occured

58
00:05:05,082 --> 00:05:09,225
within this time period in this capture.

59
00:05:09,237 --> 00:05:12,828
So another point, 
a very important one actually is

60
00:05:12,828 --> 00:05:17,069
you can't just add this information in
and it shows you have to apply it.

61
00:05:17,069 --> 00:05:21,878
So on the left-hand side of where you apply
the filter, there is a button, here.

62
00:05:21,873 --> 00:05:27,233
And you can turn this information off so that 

63
00:05:27,233 --> 00:05:31,849
you can see one filter over the other
or you can see them all at the same time.

64
00:05:31,849 --> 00:05:38,322
Just be aware that if you do not select this, 
or deselect this, you may add a filter in

65
00:05:38,322 --> 00:05:42,296
and you may wonder why you can't see it 
or it's not showing up.

66
00:05:42,296 --> 00:05:46,055
And the reason being, because you have not applied it.

67
00:05:46,055 --> 00:05:49,019
So just be aware of that -
there is some manual intervention

68
00:05:49,019 --> 00:05:52,989
that needs to take place here.

69
00:05:53,014 --> 00:06:02,965
So again to recap, to use the I/O graph,
to use the statistics menu in the capture window,

70
00:06:02,980 --> 00:06:10,030
you select your I/O graph and once you do,
you could populate it with filters 1 through 5.

71
00:06:10,033 --> 00:06:14,828
You can select and deselect them.
You can change visually what they look like.

72
00:06:14,828 --> 00:06:17,847
And you use this to tell a story.

73
00:06:17,847 --> 00:06:23,301
The story you're going to tell is based on
how you adjust your x and y axis.

74
00:06:23,301 --> 00:06:27,928
Specifically, when you go in to adjust your x and y axis,

75
00:06:27,928 --> 00:06:29,696
you can do so by time.

76
00:06:29,696 --> 00:06:36,534
You can do so by unit and there are 
multiple selections that you can choose from.

77
00:06:36,556 --> 00:06:41,817
So I advise you to go through and figure,
 that again for example,

78
00:06:41,828 --> 00:06:44,121
 if you wanted to see packets versus bytes,

79
00:06:44,125 --> 00:06:48,301
that's something that you can select and choose.

80
00:06:48,315 --> 00:06:55,501
So as we just mentioned, 
if you're going to customize the graph,

81
00:06:55,501 --> 00:06:58,609
there's 5 different filters you can put in.

82
00:06:58,609 --> 00:07:02,755
You can select different views and you can set the axis

83
00:07:02,755 --> 00:07:06,588
specifically to what it is that you want to see.

84
00:07:06,588 --> 00:07:10,192
And there are advanced statistics that you can do.

85
00:07:10,192 --> 00:07:13,636
And this is a question that has come up in the past.

86
00:07:13,636 --> 00:07:16,198
How do I dump this information?

87
00:07:16,198 --> 00:07:20,081
Obviously, we can do a screen shot, 
paste it into a report.

88
00:07:20,081 --> 00:07:23,665
Or what you can do, tricks that I've seen in the past,

89
00:07:23,665 --> 00:07:31,115
is that you can dump this CSV into a Excel worksheet.

90
00:07:31,115 --> 00:07:37,097
And then you can run some advanced statistics
 on the data which can be very helpful.

91
00:07:37,097 --> 00:07:41,692
You can use it to find more anomalies 
and or baseline the data or 

92
00:07:41,692 --> 00:07:47,173
capture it over time and run averages.
There's quite a few things that you can do

93
00:07:47,173 --> 00:07:52,266
with an I/O graph. 
I hope that this tool is helpful for you.

94
00:07:52,266 --> 00:07:57,841
It is just one of many statistical tools 
that you can use to troubleshoot with.

95
00:07:57,830 --> 00:08:02,749
And just remember there's some more 
advanced features that you can use

96
00:08:02,749 --> 00:08:05,893
if you take the information out and you use it in Excel.

97
00:08:05,893 --> 00:08:11,380
So the 2 questions that I saw here specifically was

98
00:08:11,380 --> 00:08:16,987
I'm running net full 9 on a Nexus 7k
and would like to run a decode on the packets

99
00:08:16,987 --> 00:08:20,326
is it possible to do that with Wireshark?

100
00:08:20,326 --> 00:08:31,408
It is possible, however, it should be noted 
that I had to research specifically what that was 

101
00:08:31,394 --> 00:08:40,847
and the answer was that you have to know 
the port numbers and you have to use 

102
00:08:40,847 --> 00:08:50,076
Wireshark functionality set as decode as. 
So where I generally use Wireshark,

103
00:08:50,076 --> 00:08:57,714
to translate issues from, you know,
application problems and response,

104
00:08:57,714 --> 00:09:02,604
I just wanted to make sure that you had 
the correct answer from Wireshark directly.

105
00:09:02,604 --> 00:09:08,532
So that is the answer that was pulled from there.
And then the other question

106
00:09:08,532 --> 00:09:15,950
was that - can I use I/O graphs to check 
specific QoS settings, and so on and so forth?

107
00:09:15,950 --> 00:09:23,832
One thing that I wanted to mention was 
the I/O graph is as limited as

108
00:09:23,832 --> 00:09:30,405
to the filter sets that you can create.
So if, and these are a large amounts of filters,

109
00:09:30,405 --> 00:09:32,226
but if you can't create the filter,

110
00:09:32,228 --> 00:09:34,857
then the I/O graph is not going to be able to represent it.

111
00:09:34,876 --> 00:09:38,234
It sounds to me like you want to look 
at something more like

112
00:09:38,241 --> 00:09:42,992
Mazu or cascade profiler, stream analyzers.

113
00:09:43,023 --> 00:09:49,295
That kind of stuff where it's going to 
give you a bigger picture of all that data.

114
00:09:49,295 --> 00:09:56,187
So, Wireshark is immensely helpful
 but it is limited somewhat to what it can do.

115
00:09:56,171 --> 00:10:02,880
And it's limited to the filters that you can build. 
So I hope that also answers your question.

116
00:10:02,880 --> 00:10:07,900