The Riverbed Blog (testing)

A blog in search of a tagline

Posts Tagged ‘Wireshark’

What impresses me most about Cascade…

Posted by riverbedtest on September 9, 2011

As a new Riverbed employee (just finished my third month) who previously worked at a Cascade competitor, I have to say I’m really impressed with Cascade, the application-aware network performance management product from Riverbed. It provides some unique features, like automated discovery and dependency mapping, as well as an elegant and simple design the makes it easy to deploy and use. It’s also very flexible. The feedback I’ve heard from Cascade users supports my opinions, and they typically add that it has helped them significantly reduce the time to diagnose and troubleshoot network performance and security issues. In fact, Cascade reduces MTTR (mean time to resolution) by an average of 83%, according to IDC. Making something as complex as Cascade look easy but still provide depth and flexibility is no mean feat and is definitely a feather in the cap of our engineering team.

Here are some of the things I love about Cascade – the features and capabilities that make it easy to use and which also set it apart from other solutions:

• Discovery and dependency mapping – My absolute favorite feature is discovery and dependency mapping (DDM). DDM automates the process of mapping transactions and applications and their interdependencies to the underlying infrastructure. It is an essential component of the Cascade solution because so many other features use the service models it creates to provide richer information. For example, service models become the basis of the Cascade service dashboards, and service maps provide location awareness to speed troubleshooting and are also invaluable tools for planning and validating IT change, such as data center consolidations.


• Service dashboards – Cascade’s service dashboards provide a quick view into the end-to-end health of an application or service. Application services are created using a wizard that automates the discovery process. It identifies the users, web servers, application servers, databases, authentication and DNS servers, etc. that make up today’s common applications. Because the discovery process is automated (unlike our competitors who must manually define service components), it means that service definitions are detailed, accurate and easy to keep up to date. Red-yellow-green health status indicators are driven by Cascade Profiler’s advanced analytics which automatically detect and alert on meaningful changes in performance, providing proactive notification of emerging issues.


• Automated analytics – Cascade’s advanced behavioral analytics are both mature and feature rich. I know analytics have gotten a bit of a bad name in competing products, but Cascade analytics have been stable since day one and they really work. Cascade Profiler track dozens of performance and security metrics, building and updating historical baselines and alerting upon meaningful changes in behavior. Cascade analytics give IT staff the warning they need to identify and fix problems before users even notice them.


• Distributed packet capture / centralized analysis – Cascade Shark appliances can be distributed throughout the network; they should be placed wherever continuous packet capture and storage is needed. While competitive products often require export of large trace files across the network for local packet analysis – often slowing network performance even further – Cascade Pilot analyzes trace files directly on remote Cascade Shark appliances, refining the data to send only the specific packets of interest to Wireshark for decoding. Distributed packet capture / centralized analysis means that when the network is experiencing issues, Cascade is not part of the problem!

• Integrated Packet/Flow (iP/F) – Cascade is the only network performance management solution to combine flow data and packet data into a single logical record. iP/F is the secret sauce that enables broad visibility with minimal instrumentation as well as facilitates the seamless transition between flow-based information in Cascade Profiler and packet-level information in Cascade Shark. The advantage of this architecture is that it provides greater visibility and management at a significantly lower cost, and it reduces the time it takes to identify, diagnose and resolve complex performance issues.


• Wireshark integration – Everybody loves Wireshark. In fact, Wireshark is downloaded more than 500,000 times a month. Tight integration and seamless hand off from Cascade Pilot to Wireshark takes advantage of the network staff’s expertise with Wireshark and further simplifies and streamlines troubleshooting. Why ask your network managers to use anything other than Wireshark, the tool they know and love?

• Steelhead WAN optimization analysis – Of course being a Riverbed product means that Cascade has to play nice with Steelhead appliances. Cascade does that in a variety of ways: it provides a deep understanding of utilization and performance; it enables you to reconstruct response time and normalize it across optimized and non-optimized environments; and it automatically identifies and alerts on changes in the experience of remote users. In addition, you can use Steelhead appliances to provide cost-effective visibility into branch LAN performance without have to add expensive probes. Cascade and Steelhead provide a one-two punch against WAN performance issues!

So, I’ve told you what I like about Cascade, now it’s your turn…What’s your favorite Cascade feature? Tell us your thoughts about Cascade and what role it has played in helping manage your network and application performance.

Posted in Packet Capture, Visibility | Tagged: , , , , , , , , | Leave a Comment »

Creators of TCPDUMP, WinPcap, and Wireshark assemble together on stage

Posted by bobegilbert on January 27, 2011

What do the creator of TCPDUMP, the creator of Wireshark, and the creator of WinPcap have in common? In addition to pioneering packet capture and analysis, they also happen to work for Riverbed.

Riverbed co-founder and CTO Dr. Steve McCanne worked with TCP/IP pioneer Van Jacobson in 1988 during the days of Arpanet.  Van was working on the TCP/IP stack and needed a reliable way to capture and efficiently analyze enormous amounts of network traffic.  Steve came up with an innovative solution that took an elegant, filter approach to capturing only the traffic you need.  Steve's packet capture invention was released into open source as the Libpcap library and ultimately as the application TCPDUMP.

Several years later in the late 90's, Loris Degioganni was a student at Politecnico di Torino, Italy.  Loris was tasked to come up with a way to capture network traffic from student's windows machines.  Loris came across a paper co-authored by Steve McCanne and he leveraged Steve's work, taking Libpcap and building a windows capture library, which he released into open source under the name WinPCap.

Around the same time, a network guy by the name of Gerald Combs was working for an ISP and needed a more robust way of analyzing packet captures.  Gerald started a weekend project that exploded to much more and Ethereal/Wireshark was born.

Below is a video covering these three pioneers sharing their story together on stage.



Posted in Uncategorized | Tagged: , , , , , , | 1 Comment »