Welcome on our blog

What’s the performance meaning of 0-Windows?

Definition :

During a TCP session the client and server announce to each other the amount of data they can manage. This buffer size is called window size.

This window size change all the time to optimize the data flow according to the network capacities.  If one participant cannot manage more data (client or server), it sends a TCP zero windows (0-win) to indicate that TCP buffer is full.

These zero windows happen when datagrams are sent out faster than receiving device can process, this is TCP flow control using windowing.

The transmission can resume when the 0-win generator send a window size superior to …

The value of N/APM for Wireshark Users

Wireshark is the most famous protocol / packet analyzer on the market! Almost any engineer use Wireshark for troubleshooting network / application issues.

What is the value N/APM solutions, such as Performance Vision can bring to these experienced Wireshark users: there are three main added value of N/APM solutions compared to packet analysis; indeed, you cannot use a packet analysis solution such as Wireshark, if you do not have any N/APM solution in place. Here is why:

    • Keeping an history of what happened: most degradations are reported after they have taken place. Most of performance degradations are non-continuous-intermittents phenomena and cannot be …

Capturing Application Transaction Real Time

Why capturing application transaction real time?
Network-aware NPM solutions have provided a visibility into TCP level performance; having a broad view of whether the degradations comes from the network conditions, the server processing time or the quantity of data sent back and forth still has value. It enables IT operations to pinpoint the origin of a broad performance slowdown.

Nowadays people need a precise vision of where applications are failing to deliver a proper performance and to quickly identify transactions with errors and slow response times.

A diagnostic should not require any complex post treatment and transactions should not be presented as …

TTFB (Time To First Byte) – A metric to use with precaution

The TTFB (Time To First Byte) is a metric in network metrology. It is the time elapsed between the opening of a TCP connection between a client and a server, and receipt by the client of a first packet with payload from the server.


Time To First Byte (simplified)


A common measure

The TTFB is a common measure in metrology, this for two reasons.

The first is that it covers a number of possible causes of performance problems. As shown in the diagram above, the TTFB contains a part of…

Performance impact of encryption: a case study!

Is the treatment you execute on a flow neutral from a performance point of view?
Well… it depends how fast it is performed. If you have the article on the drivers of network latency (http://blog.securactive.net/?p=2857), you will probably see what we refer to. The processing job performed by network devices may not be neutral.

Here is a concrete example of a network connection which gets encrypted for security reasons. Here is what we could observe from a performance point …

APM: Taking IT monitoring beyond the limits of SNMP

SNMP Based monitoring is the starting point of an IT Service Management initiative

Polling data from critical devices has always been the basis for any IT monitoring system: it is the starting point for any monitoring systems. These platforms always provide a global view of all the critical devices in your IT system to control their availability and level of resource consumption.
Most traditional monitoring systems whether commercial software (e.g. BMC Patrol, HP IMC, ManageEngine OpsManager, Solarwinds NPM, Ipswitch What’s Up Gold, CastleRock SNMPc, CA Nimsoft) or open source (Nagios, Centreon, Cacti etc…) rely on a set of methods to control the …

Performance Vision


Check our latest Infographic!

Using Performance Vision’s Open API

How to Interact with SPV
Power users of SPV often ask for interaction with SPV.

SPV can already provides useful data through SNMP for BCA and BCN, as explained in http://blog.securactive.net/?p=3358.  With SNMP you can also monitor the operating system of the probe, like the resource usage.

However how to request a custom page with filters from an other program? Starting with SPV 2.18 Securactive added a few useful features for developers to do so.
Send a link with embedded authentication
First of all, a simple feature, very basic for now, you can send a link with the embedded login and password. This is …

How to Capture Virtual Traffic with VMware VDS & Performance Vision

This short video shows how you can setup Virtual Distributed Switch of VMware and Performance Vision to visualize traffic & performance metrics between virtual machines.

If you have any further question, please visit http://forum.securactive.net and we shall provide you with additional information.

How to Activate the HTTP Performance Module?

The version 2.15 of Performance Vision offers the possibility to analyze HTTP performance.

Among other items, it allows you to display the behavior and performance of all the elements of a web page requested by a user.

Here is a timeline computed following a web request:


How to activate it?
This activation can be done in 2 ways:

1/ By zone: you can activate the HTTP analysis on a whole zone (which can be defined by subnets, IP addresses, MAC addresses, VLAN… e.g.: a zone named “Web servers”)



2/ …