Today several folks here at the SolarWinds offices in Austin TX suggested that I write a blog post on the Conficker virus. This morning that seemed like a pretty good idea, but as the day went on and I started reading all of the great blog posts and articles (check out the ones by Network World and ZDNet) out there that have been written about this already - there really didn't seem to be anything else to say and it's pretty late to do anything to affect April 1st, so I've decided to write about something else entirely.

Last week we did a great webcast on network troubleshooting technologies. I say it was great not because I had any particular stroke of genius or because I had such a fantastic co-host in And now a word from Sparky…,  but because we've had such phenonemal feedback from the attendees and even people that couldn't attend but wanted the content. As a matter of fact, the demand has been so strong that we've decided to do a part 2 in April.

The most common questions had to do with detecting and monitoring specific types of traffic on the network. Some people were wanting to monitor RDP traffic, some people were concerned about YouTube, others focused on ustream, some were worried about virus and worm traffic, and a a few people were concerned with monitoring the traffic created by monitoring. It seems that we've definitely reached a point where not having visibility into the traffic on your network is simply unacceptable.

The good news is that whether you're working within a large enterprise with a substantial budget for network monitoring or a small business or pubic school with a limited (or maybe even non-existent) budget for doing network management - there are great solutions available to you to help you answer the age-old question of 'who is using our bandwidth and for what?".

There are loads of people out there that will tell you which tools you should be using and promote their own favorite free or paid for tools and I've certainly talked about my favorites in New Free Tool -  Real-time NetFlow Analyzer from SolarWinds. So tonight, rather than point you towards tools, I'm going to give you my Top 5 List of things you need to consider when monitoring network traffic.

Head Geek's Top 5 List of Things to Consider when Monitoring Network Traffic

#5 - Consider the source. Where you monitor network traffic is a key part of understanding what your monitoring tools are telling you. Which device was the NetFlow export sourced from? Which interface? Was it an ingress flow or an egress flow? Understanding these details is the first step in analyzing your network traffic.

#4 - Document your known traffic. It's very important to understand which TCP ports your business applications run on, what DSCP or TOS settings you should see on that traffic, and which routes that traffic should be taking. Knowing these things will help you to analyze the performane of your applications and will help you to gain an "intuition" when it comes to understanding the performance of these apps on the network.

#3 - Understand how Content Delivery Networks (CDNs) work. It's not as straight-forward as you might imagine.

#2 - Know your network topology. No excuses here folks. Don't just document it - but learn it.

#1 - Do something. If you haven't started - start now. If you've gotten started but still aren't able to understand your traffic as well as you want to - get help. Last but not least, if you have implemented traffic analysis tools and you feel that you've got a good handle on your own network traffic - share the knowledge. Become an active contributor within the forums here on There are a lot of people out there that are just getting started and could really use a "network traffic mentor". Step up.

If you've got some other tips for understanding network traffic ping me back or leave a comment.

Flame on...
Follow me on Twitter

As many of you are probably aware, when Kiwi and SolarWinds joined forces a few months ago there there were some pretty cool applications available from Kiwi besides the ever-popular Kiwi Syslog Server and Cat Tools. Being able to bring those tools to a wider audience is a big part of the reason we were all so excited about being able to work together. Well, I'm proud to announce that these tools are now FREE and available for download at These new free tools include:

Kiwi Secure Tunnel
Securely Transport Syslog Messages Across Any Network
Kiwi Secure Tunnel is a free secure tunnel service for use with Kiwi Syslog Server. It receives, compresses and securely transports syslog messages from distributed network devices to your instance of Kiwi Syslog Server. With Kiwi Secure Tunnel, you can securely transport your syslog data across any insecure network, such as the Internet. Kiwi Secure Tunnel can also monitor files and send new information from these files as syslog messages to Kiwi Syslog Server. (Runs on Windows® 2000/XP/2003)

Kiwi SyslogGen
Test Your Kiwi Syslog Server Installation
Kiwi SyslogGen is a free utility that tests your installation of Kiwi Syslog Server. It generates and sends syslog messages that can be varied in frequency. Source and destination ports can also be varied for UDP and TCP; Kiwi SyslogGen supports TCP syslog messages, enabling you to emulate Cisco® PIX® and Juniper® NetScreen® firewall messages. (Runs on Windows® 2000/XP/2003/Vista/2008)

Kiwi Harvester
Convert Serial Port Data into Syslog Messages
Kiwi Harvester is a free Windows® utility that listens for data via your computer’s serial interface and converts received data into standard syslog messages. These messages are then forwarded via UDP to your instance of Kiwi Syslog Server. Kiwi Harvester allows you to integrate non-Ethernet-enabled devices, such as PBX call logging systems, mainframes, remote sensing devices, and router console ports, into your central logging system. (Runs on Windows® 2000/XP/2003)

Kiwi HarvesterGen
Test Your Kiwi Harvester Installation
Kiwi HarvesterGen is a free utility that tests your installation of Kiwi Harvester, or any process that reads messages from a serial comm port. (Runs on Windows® 2000/XP/2003)

Flame on...
Follow me on Twitter

This week I went to the Alamo Drafthouse theatre here in Austin and saw the new film "I Love You, Man" with Jason Segel and Paul Rudd. It was quite an experience. First, they served some great food and wine (I'm not much of a beer drinker), then I got to watch the new Star Trek trailer, and then, once the tears has dried from my eyes (yes, I get that emotinal about a good sci-fi film) I laughed 'till it hurt. It was a really, really good time. Afterwards though, I started thinking about some of the more serious messages in the film and the value of having a support system of friends that you can rely on.

As adults, sometimes establishing a support system can be difficult. Life transitions like moving, changing jobs, getting married or unmarried, , having kids, and even sometimes changing gyms can wreak havoc on your network social network. Because of this and because these transitions seem to happen more often today than in the past, the value of good friends and companions is higher than ever.

The same can be said about the importance of having a social network on a professional level. Having people that you go to when you're hitting technical issues that you haven't seen before or just to bounce ideas off of is a huge help. I've got buddies that I use when I need help analyzing a packet capture, when I'm considering some radical routing changes and need a second opinion, and when I'm about to move a subnet to IPv6 here in the lab. The thing that I have in common with all of these people is that all hang out here on

Online social networks have several advantages over traditional social networking methods. First off, they're accessible all the time. It's after midnight here in Austin and I'm logged into Thwack and checking into some posts on the Orion forum as I write this. Second, it doesn't matter where you are. If you decide to move to a new part of the country for a new job you can take your online social network with you whereas your buddies at the gym will probably get left by the wayside.

The other advantage that online social networks have is scale. Where else could I communicate with over 20,000 people that share common interests, concerns, and experience as I have? So, to all of my fellow Thwackers out there, thanks for joining and I'm glad to be a part of your network.

Flame on...
Follow me on Twitter

You know, I try to avoid going on wild rants within the confines of this blog but sometimes a geek's gotta do what a geek's gotta do...

I just read an article on how the government in China is taking another stab at blocking access to YouTube. First off, what are they freak'in thinking? Why in the world would you want to block access to content like this? Secondly, how in the world could you possibly think that you could do it? Sure, you might be able to block access to YouTube if you tried really hard and stayed on it as their content delivery systems keep evolving but people will find a way to get to the content that they want I don't care what you do. YouTube is just the most recognizable of providers of content like this - there are many more and blocking access is only going to cause even more distribution of content and innovation within delivery technologies. Technology will find a way folks. It always has and it always will...

I've also started seeing articles talking about the "dangers" of March Madness in corporate networks. What have we come to people? When did internet access and content become something that was so closely scrutinized? What's next, an OS feature where if I type in letters that spell a word that someone has decided isn't appropriate for work it'll just not show the word or give me an error or something? I mean, c'mon people. I agree that we should take adequate precautions to block access to obviously dangerous or inappropriate content, but YouTube videos and basketball games/scores/news?

Look, there are better ways to deal with this than attempting to block access. Here's my Top 5 Ways to Deal with March Madness Traffic on the Corporate Network:

#5 - Make sure that you have prioritized your essential traffic. It's pretty simple. Latency sensitive applications like corporate voice and video get the highest priority. Company sanctioned web traffic comes next followed by e-mail. Everything else falls to the bottom of the stack and is delivered if/when resources are available.

#4 - Have separate internet connections for business-critical apps. I'm seeing this more and more these days. Ship your really critical traffic across this special pipe and everything else across the other one. If you're really trying to make your boss feel special, route all of her traffic across the priority connection but not without first securing your first row parking spot.

#3 - Have a dedicated March Madness news update strategy. Make an event of it. Throw an office party in the breakroom for a night game and have someone send out updates a couple of times per day to the office with scores and updates. This way people won't have to waste time and bandwidth going online and looking for it.

#2 - Talk to your people about your concerns. Look, if your company is up against a crunch and you're seriously worried that productivity may be hurt by people watching games or checking scores from their desks then tell them that. You'll likely find three things. One group of people wasn't getting much done before March Madness hit and this news probably didn't affect them at all. Another group of people isn't in to basketball but just got the message that you need a little something extra from them for the next few weeks and they're going to give it to you. The third group of people are fans and like to work hard so are probably going to pay you  back an hour for every 5 minutes they spend on basketball during office hours. March Madness might even increase productivity...

#1 - Get over it. Look, if you've got people working for you that you're worried aren't working hard enough don't blame it on basketball. Chances are that they'd be finding some other reason to goof off any way. Don't punish everyone for their laziness. Most of the people I work with that are fans will probably spend a few minutes or more each day focusing on March Madness. However, that cost is far out-weighed by the fact that they spend a lot of time on the nights and weekends working.

Working hard is a lifestyle. March Madness, YouTube videos, the PGA Tour, or the latest group of models duking it out to see who will be 'America's Next Top Model" won't change who your "go to players" are.  I've never known a network engineer or system administrator worth their salt that didn't put in way more ours than they are paid for. Embrace the fact that they're taking a small sliver of their work day to do something that they enjoy and that lets off a little stress and in return are giving huge amounts of their personal time for things that you need.

Flame on...
Follow me on Twitter

This Thursday, March 26th, at 10:00 a.m. CDT, we're hosting a new webcast on "Network Troubleshooting - the Top 5 Technologies to Leverage". This webcast is going to be a little different than some of the others as we're going to dive a little deeper into how each technology works vs. focusing on applications the leverage the technology. We'll also cover some of the common concerns that people raise with enabling these technologies on your corporate network. During the webcast we'll take an in-depth look at:

  • Trace route
  • SNMP
  • NetFlow (J-Flow, sFlow, etc)
  • Packet captures
  • IP SLA

Additionally, we'll do a quick demonstration of the new SolarWinds Engineer's Toolset Version 10.0 and the new Workspace Studio.  Click HERE to sign up.

Flame on...
Follow me on Twitter

A few weeks ago I wrote Cisco IP SLA - Cool technology for free... about some cool technologies including NetFlow and Cisco's IP SLA and provided some information on what IP SLA can be used for and how it works. Since then I've become even more convinced that IP SLA is a must-use technology. I guess you could say I've gone from being just a fan to being somewhat of a fanatic. Sort of like the way I feel about Mountain Dew, spinnerbaits, and bird dogs - I just plain love 'em.

Over the last few weeks I've really been able to get my hands dirty with this technology. I hosted a webcast -Deep Dive on IP SLA the week before last and in preparation I tested, and retested both our applications the leverage IP SLA and IP SLA itself. I learned several things...

First, while configuring IP SLA on a router or switch for a a few operations isn't all that much work, configuring IP SLA on a large number of devices or even for a single devices for a large number of operations can be quite a chore.  There are easier ways to do this. Several applications including CiscoWorks, Orion NCM, and Kiwi Cat Tools can automate configuration tasks like rolling out IP SLA. Effectively, they automate the process of using telnet to connect to the devices and enter in the commands (yes, I'm way over simplifying this but I really don't like blog posts that go on forever even if I'm the one writing them). Other applications like the SolarWinds IP SLA Monitor (free) or the VoIP Module for Orion use SNMP to configure the devices.

Speaking of which, while testing our new IP SLA free tool last week we learned that the IP SLA parameters that we were adding to the devices weren't showing up in the devices' running configurations. However, if you did a "show ip sla config", badda bing - there they were. Turns out there is an option you have to specify when pushing out IP SLA parameters via SNMP to put the IP SLA config into the running config. So, being the nimble company that we are, we pushed out a new version yesterday that fixed a couple of bugs and also made it so that the IP SLA configs we enter appear in the running config therefore can be saved to NVRAM.

If you've never played with Cisco IP SLA, grab the IP SLA Monitor from SolarWinds.Com and use it to setup and monitor IP SLA on one of your Cisco routers and see what you think. It's a free tool and you've really got nothing to lose. Pull the running config from the router before and after you use the IP SLA Monitor tool to and compare them so that you can see the how the configuration is altered.

This is cool stuff folks. Give it a shot and next time you're in Austin stop by and we'll take the boat out to Lake Travis with a cooler full of Mountain Dew, some spinner baits, and my bird dogs Bailey and Pepper for company.

Flame on...
Follow me on Twitter

Well, it’s not often I get to (try to) fill the Head Geek’s shoes, but Josh called me with some lame excuse about how he couldn’t update his blog today and asked me if I could fill in for him. He said something about his laptop being down, but he was kind of mumbling and it was really hard to hear him over all the video game noises in the background…

Anyway, I succumbed to my inner Dogbert and gleefully replied that I would, knowing that this could be my big chance to turn “Geek Speak” into “Sparky’s Corner” or “SNMP Extravaganza” (yeah, they don’t have  the same ring, but I’m working on it…). If you have any suggestions for the new name, please post ‘em below; that’ll teach him to pawn his work off on me.

Since I’ve got you here, I’d like to brag on my team a little bit.  We have been working really hard on the new Toolset v10.0 release which just released today, and man, is it super-cool.  What makes it super-cool you ask?  For starters, we’ve added this new application called the Workspace Studio, which is an application that allows you to perform real-time monitoring and troubleshooting just by dragging and dropping gadgets and devices onto tabs.  Got a tab all setup like you like with your gadgets, just name it, save it, and close it, then it’s only a double click away when you need that setup again.  As some of you may know, the previous releases of Toolset consisted of 49 separate tools and applications, all running in their own windows. Now with the Workspace Studio, it’s all in the same app. For those folks who *liked* them all running in their own windows, you can still run all the classic tools by themselves, we didn’t take anything away; but I bet once you see what you can do in the Workspace Studio, you won’t want to any more…

Here is a short list of some of things I think make the Toolset v10.0 super-cool:

The Workspace Studio:
    * Does IPv6 and SNMPv3!
    * Lets you aggregate stats and interfaces from the same device or across multiple devices!
    * It has an SSH/Telnet Client built in!
    * You can even add shortcuts to your own favorite applications, and then drag devices on them and launch your application with the device info passed along on the command line!

The Toolset:
    * Get a new command line version of SwitchPortMapper with XML output!
    * Works on Windows 2008 and all 64bit flavors of Windows!
If your Toolset maintenance is current, you can upgrade to v10.0  now (or as soon as your account is provisioned) - login to your account and download it here:

Well, he said keep it short so I’d better cut it off here, but maybe Josh will let me post more cool (and more technical) stuff here in the future, unless of course, I get “Sparky’s Corner”, buwahahahaha…

Flame on,
Greg “Sparky” Newman

Last weekend I traveled home to Arkansas to attend my great-grandmother's funeral. Normally I wouldn't write about such a thing, but my grandmother was such a happy person - always smiling - and I think that she would appreciate the fact that we're celebrating her life rather than mourning her death. She would've been 101 years old in May and the thing I will miss most about her is her stories.

You see, my grandmother had a very quick mind and I think if she'd been born in my generation or that of my son she would've been a great technologist. As a technologist myself I find some of the things that she would talk about to be amazing. For instance, she told the story of when she traveled to the state fair to see her first television. To watch it, you had to hold your face up to a binocular-like viewer and the tiny sceen inside was only 2 inches across but sure enough there was a moving picture in there. She also told the story of the first car to ever arrive in my home town. The town doctor bought it and had it shipped in via train and then hired my great-grandfather to "figure the thing out and then teach him to drive it". She also told the story of the marvel she experienced when later in life she saw the first airplane she'd ever seen flying overhead.

When she was my age most people didn't have telephones or automobiles and certainly no one had a television or had even pondered the idea of a computer. She told a great story of when they lived in Colorado and she was in her twenties and my grandfather (he was a hunter and trapper) caught a silver fox that he then traded for their first automobile that they in turn used to relocate to Arkansas.

As I sit here tonight thinking about her and these stories, I can't help but wonder what strories I'll tell my grandchildren, great-grandchildren, and even great-great-grandchildren (if I'm as lucky as she was) that they'll find hard to believe. Will they believe that our "telephones" were voice only and no video? Will they believe that there was a time when bandwidth to your home was measured in Mbps or that IP addresses were only 32 bits?

Even within the 20 year gap between my 15 year-old son and me there are some pretty amazing differences in terms of technical evolution. I can't wait to see what the next few years have in store.

Flame on...
Follow me on Twitter

I'm hosting a new webcast tomorrow (March 5th, 2009) at 10:00 CST on Cisco's IP SLA. It's going to be a technical look at this feature of Cisco IOS and we're going to have a special guest from the IOS team at Cisco.

Click here to sign-up.

Flame on...
Follow me on Twitter

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.