What is a payload? Well, before answering that question we need to be clear on the context. In aerospace/military jargon, the payload is the carrying capacity of a particular delivery vehicle, and as such can be either a positive or negative thing. For example, the payload of the space shuttle is very positive – astronauts and their experiments, or equipment to be delivered to the space station. But the payload of a missile is the warhead – something you definitely don’t want to be on the receiving end of!
In computer networking, it’s always a positive thing, whether you’re considering straight networking or network analysis. In networking, the payload is the data that is being carried within a packet or other transmission unit over the network. Simply put, the payload is the bits of meaningful data that get delivered to the end user sans the data required to get the packet to its destination.
From the above description it is hopefully very clear why payloads are important. Without them there is no useful information to communicate, kind of like sending empty envelopes via snail mail (or at this time of year, maybe like all that political junk mail you’re receiving …). But that’s not the only reason why they’re important.
Imagine you are using a network analyzer, and collecting information from packet headers, which only dissect the communication layer. When the protocol is correct and the users are still experiencing poor network performance, your analysis needs to go beyond just the packet header. This is where the payload comes in, since the payload can help determine exactly how the application is being used, and what may be going wrong in the transaction.
So, how you can use network payloads to your advantage?
First, payload analysis can be a bit more difficult to perform, and typically you need some idea of where the problem is and who is affected before diving in. So, before you make the leap into payload analysis, investigate all protocol-level issues first. Your network analyzer will interrogate packet headers and help you determine if there are layer 2 or layer 3 issues, like retransmissions, dropped packets, or excessive latency. This analysis will typically guide you to exactly where more detailed payload analysis is required.
The most common use cases for payload analysis include those where you are trying to solve problems for a particular application or user. In order make the volume of data to be analyzed manageable you will want to:
- Analyze at the appropriate location.
If you’re having issues with a particular application, connect to the distributed network recorder in the data center that correlates with the application and/or database server in question. Be sure to capture data 24×7, so you already have all the data you need to troubleshoot the application, whether local or remote.
- Filter to specific IP to IP conversations between clients and servers.
This is crucial in creating a data set that is manageable and applicable to the application being analyzed, particularly if you are investigating a problem with a specific client. If the problem is widespread, then you’ll need to filter out all traffic except traffic that has the source or destination IP of your application server.
- Look for clues.
Now that you have a manageable data set that is focused on the area of interest, look for clues, like long response times from the application server or repeated requests without a server response. These are the packets that contain the data you need.
For example, let’s say you have a user complaining of extremely poor response time from a specific database-driven application. First filter your packet data down to the specific conversation between the user and the application server. Then use your network analyzer’s visualization features to look for anomalies in the conversation, like excessively long request-response delays. You will probably find some, so look at the payload of the packet generating the request to see what data is being requested, and look at the delayed response from the server to see what is being returned to the user. Most application and database errors will be included in clear text in the payload, allowing you to quickly determine the root cause of the delay or failure.
Payloads can hold the key to solving some of the more granular issues on your network. It is important to remember that without a packet analyzer, this type of analysis cannot be performed.