This bundle will create two new record types on your Explore appliance that will store every TCP option for both the client and server side during a TCP session. Included is an example query that looks for hosts that have Selective ACKs disabled and Window Scale disabled. The reason why this combination is useful as this is an extremely non-performant default configuration on Windows 2003 systems, and easily remedied when you know it is happening.
This information is recorded for all TCP sessions and all Flows which means you can link Application layer records with these TCP records to identify and possible implications and improvements that can be made at either the TCP stack level in the OS or on intermediate devices like Application Delivery Controllers (F5, A10, Citrix Netscaler, etc.)
RequirementsExtraHop Discover and ExtraHop Explore appliances.
- Download the Bundle
- Apply the Bundle, with assignments in the Settings -> Bundles window.
- Kick back and try the built in TCP: No SACK, No Wscale query to see what is going on.