Why am I being requested to provide a SSLDump/packet capture (PCAP) for the TIMSoft/MTP?

Document ID : KB000012882
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

  CA Technologies APM Technical Support often requests PCAP (Packet Capture) and SSL files from a TIMsoft (TIM-only) or MTP TIM. This knowledge document explains why these files are requested.

Question:

 CA Technologies APM Technical Support has just requested a SSLDump/packet capture (pcap) file from my TIM(s).

 What are they planning to do with these files?

Environment:
Any Supported APM Release running APM CE (CEM).
Answer:

 

This depends on the issue being encountered. Typically a packet capture is requested for these reasons:

  • To evaluate overall quality of network data (e.g. out of order packets, duplicate acknowledgments, empty or few packets, malformed packets)
  • To review if TIM network traffic connection is ONLY seeing HTTP/HTTPS/FLEX Traffic
  • To see if traffic from selected IP addresses are showing up
  • To see if HTTP requests and responses (two-way round trip traffic) are showing up
  • To see if SSL handshake is starting and is successful.
  • To see the SSL Ciphersuites supported and used.
  • To determine why a transaction is not recording or generating defects/statistics
  • To help with transaction count issues. (Less or more than expected.)

Typically a SSLDump is requested for these reasons:

  • To see if SSL Handshake completes and data is being sent.
  • To view if the private key is decoding any traffic and if there are any patterns on what is and is not being successfully decoded.
  • To see the SSL Ciphersuites supported and used.

Once completing this review, Technical Support can provide next steps to TIM recovery

Additional Information:

  Notes: