[ot][fiction][crazy] Weird Bug Hotline

Fri Jun 17 05:37:05 PDT 2022

Intern: "Weird Bug Hotline! Is it currently biting you?"

Callee: "Hi, I use a lot of network services to arbitrage
cryptocurrency and train machine learning models, and my network
connections keep dropping when I go on lunch or look away. It's
causing me a lot of time and headache. Do you know what to do?"

Intern: "That's perfectly normal, Callee. Have you tried running a
packet logger?"

Callee: "A packet logger? What's that?"

Intern: "We'll need to log the network traffic so as to resolve the
cause of the network disconnections for real. We can filter out other
traffic so it won't reveal anything unneccessary. Go to
https://www.wireshark.org/ and download and install the product listed
there."

Callee: "Okay, I'm installing it ... it's exciting to sort this out!"

Intern: "Do you have it installed?"

Callee: "Umm ... one minute ..."

Callee: "Okay, I have it installed!"

Intern: "We're going to make a network log of your traffic, so that we
can understand the context of the disconnections. It's best if that
happens on both the clients, and the servers. Make note of the network
interface device names you're using to make the connection, and boot
up wireshark."

Callee: "I've booted it up!"

Intern: "The log is bigger the more traffic is sent, so press the
"Expression..." button at the bottom of Wireshark's toolbar, next to
the filter dropdown. We're going to set a filter to only log your
traffic."

Callee: "Okay, it popped up a dialog."

Intern: "In the "Field name" selector, scroll down to find IPv4 and
IPv6. It's alphabetical. Select the kind of connection you're making."

Callee: "Okay, this is IPv4."

Intern: "Pick IPv4 fields and values that uniquely identify your
connection. Use the "==" relation."

Callee: "Hum, okay, I have a few of them, let me see. I guess I have
to hit "OK" after every one? Oh, it turns it into code and adds it to
the filter box!"

Intern: "You'll need to add "and" and "or" operators to that filter
box to make it work. And once you see the format you can just type or
paste it."

Callee: "Okay, I've set up my filter!"

Intern: "Before you launch it, do an ifconfig on your interfaces, so
you can get an idea of how many packets they're handling. Ideally
you'd write a script to poll it regularly."

Callee: "Oh, I have load monitoring tools for that!"

Intern: "Oh? What do you use?"

Callee: "Such and such product."

Intern: "Huh, I should look into that. Anyway, now you've set a
filter, let's select the capture interface. Go into the "Capture"
drop-down menu and select "Interfaces"."

Callee: "Hum, I could have just hit Ctrl-I!"

Intern: "Select the interface the problematic connection is happening
on, and press Start."

Callee: "It's whizzing network activity by me! This is so cool!"

Intern: "So, you just used wireshark to start a packet capture. It'll
record the connection details around the problem: if there are timing
abnormalities, or if there are various different packets sent to
terminate the connection from a normal cause. If you have a headless
server, you can pass the same filter you made to the "tcpdump"
utility, to make the same packet capture. If you have a lot of
trafffic, you'll want to make sure the data is stored on a device with
enough space."

Callee: "And now I just go and have lunch again, while it logs?"

Intern: "Yep! In all likelihood the problem won't happen any more, now
that we're logging the traffic. I usually just keep a log running all
the time, to reduce my problems."

Callee: "Thanks, Weird Bug Hotline!"