how to use a network analyzer last update 2007.06.08 1.4.0 copyright 2000-2007 kenneth m. chipps...
TRANSCRIPT
![Page 1: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/1.jpg)
How to Use aNetwork Analyzer
Last Update 2007.06.08
1.4.0
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com
1
![Page 2: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/2.jpg)
What Will Be Learned
• How to use the most basic troubleshooting and analysis tool
• The network analyzer
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 2
![Page 3: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/3.jpg)
Equipment
• This lab is best with both of these– PC with promiscuous mode NIC, a driver for
the NIC as specified by the network analyzer manufacturer, and an operating system installed
– Access to a hub based network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 3
![Page 4: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/4.jpg)
Equipment
• This lab only can work with either of these instead– PC with any NIC, any driver, and an operating
system installed– Access to a switch based network through a
spanned port
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 4
![Page 5: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/5.jpg)
Connect to the Network
• Drivers for Ethernet NICs are designed to see all traffic
• However they ignore all unicast traffic that is not addressed to them by MAC address
• To overcome this the driver for the NIC must be set to promiscuous mode
• In such a mode it sees all traffic
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 5
![Page 6: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/6.jpg)
Connect to the Network
• A NIC with a card that can be set to promiscuous mode is required for this lab, otherwise the card will see only traffic addressed to itself
• In general most NICs can be set this way by the network analyzer program
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 6
![Page 7: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/7.jpg)
Connect to the Network
• A connection issue related to the NIC is whether the driver will capture all of the errors on the network
• This does not relate to promiscuous mode, but rather to the way the driver is written
• In general these drivers are only available from the manufacturer of the network analyzer software
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 7
![Page 8: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/8.jpg)
Connect to the Network
• Be sure that you have a NIC that the supplier of the analyzer has a driver for
• If such a driver is not available the analyzer will still work, but it will miss the error packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 8
![Page 9: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/9.jpg)
Connect to the Network
• Once the NIC in the computer is set to promiscuous mode it will read in all traffic sent across the network as long as it is connected to a hub
• As in
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 9
![Page 10: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/10.jpg)
Connect to the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 10
![Page 11: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/11.jpg)
Connect to the Network
• To analyze the local traffic of a switch based network is more difficult because after a switch learns a MAC address on a port, it forwards traffic for this MAC address directly to the corresponding port
• On a switch, after host B's MAC address is learned, unicast traffic from A to B is only forwarded to B's port, and therefore not seen by the sniffer
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 11
![Page 12: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/12.jpg)
Connect to the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 12
![Page 13: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/13.jpg)
Connect to the Network
• To watch traffic on a switch based network, plug the cable from the computer running the analyzer software into any standard port on the switch
• Then set the switch port to span or monitor mode
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 13
![Page 14: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/14.jpg)
Connect to the Network
• In such a mode instead of the port just seeing the traffic directed to the MAC address of the computer on that port, the broadcast traffic, and the multicast traffic; by spanning the port, this port will see all traffic on the local network
• As in
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 14
![Page 15: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/15.jpg)
Connect to the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 15
![Page 16: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/16.jpg)
Connect to the Network
• For example on the Cisco Catalyst 2950 switch the Switched Port Analyzer or SPAN feature, also called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer
• This is called creating a Span port
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 16
![Page 17: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/17.jpg)
Connect to the Network
• The Catalyst 2950 Switches can have only one SPAN session active at a time and can monitor only source ports, it can not monitor VLANs
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 17
![Page 18: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/18.jpg)
Connect to the Network
• To create such a port, access the command line interface for the operating system then enter– C2950#config t– C2950(config)#monitor session 1 source
interface fastEthernet 0/2– !-- Interface fa 0/2 is configured as source
port
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 18
![Page 19: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/19.jpg)
Connect to the Network
– C2950(config)#monitor session 1 destination interface fastEthernet 0/3
– !-- Interface fa0/3 is configured as destination port
– C2950(config)#Ctrl Z• To check this enter
– C2950#show monitor session 1– Session 1– ---------
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 19
![Page 20: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/20.jpg)
Connect to the Network
– Source Ports:– RX Only: None– TX Only: None– Both: Fa0/2– Destination Ports: Fa0/3
• To clear this– C2950#config t– C2950#no monitor session session 1
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 20
![Page 21: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/21.jpg)
Connect to the Network
• Catalyst 2950 Switches are able to SPAN source port traffic in the– Receive direction only - Rx span or ingress
span– Transmit direction only - Tx span or egress
span– Both directions
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 21
![Page 22: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/22.jpg)
Connect to the Network
• Keep in mind the way most switches work these days in that if the switch receives a corrupted packet, the ingress port usually drops it, so you won't see it on the egress port
• It is then true that a switch is not completely transparent when it is a matter of capturing traffic
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 22
![Page 23: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/23.jpg)
Connect to the Network
• So when you see a corrupted packet, the errors where generated on the egress segment
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 23
![Page 24: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/24.jpg)
What is a Network Analyzer
• As Laura Chappell, a very well known writer and trainer on network analysis says– A network analyzer is a device (desktop,
laptop or portable computer) that can 'capture' all the packets seen on the network and display them in the order they appeared on the cable
– A good analyzer should have some alerts/alarms that notify you of unusual or faulty traffic patterns
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 24
![Page 25: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/25.jpg)
What is a Network Analyzer
– The analyzer should also be able to build trend graphs to illustrate the current and long-term traffic patterns (such as utilization and packets per second)
– In order to make the communications information useful to you, the analyzer decodes, or interprets, the actual packet information received
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 25
![Page 26: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/26.jpg)
What to Call These Things
• Network analyzers go by many different names
• Such as– Network Analyzer– Protocol Analyzer– Sniffer
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 26
![Page 27: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/27.jpg)
A Network Analyzer
• Next we will go through the basics of what a network analyzer can do using screenshots and an explanation of each task
• This example uses Sniffer Pro Version 4.5• We will begin by looking at each button on
the toolbar
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 27
![Page 28: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/28.jpg)
Opening Display
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 28
![Page 29: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/29.jpg)
Toolbar Buttons
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 29
![Page 30: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/30.jpg)
Toolbar Buttons
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 30
![Page 31: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/31.jpg)
Gauge Dashboard View
• The normal opening view shows the dashboard
• To make the dashboard appear click on the dashboard button on the toolbar
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 31
![Page 32: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/32.jpg)
Gauge Dashboard View
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 32
![Page 33: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/33.jpg)
Gauge Dashboard View
• The dashboard is a set of gauges showing– Utilization– Packets per Second– Errors per Second
• Below this is a line chart– Utilization is selected by default– Other lines can be added by checking the
boxes
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 33
![Page 34: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/34.jpg)
Gauge Dashboard View
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 34
![Page 35: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/35.jpg)
Detail Dashboard View
• The information seen in the gauges can be expanded to show more detail by clicking the Detail tab
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 35
![Page 36: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/36.jpg)
Detail Dashboard View
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 36
![Page 37: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/37.jpg)
Detail Dashboard View
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 37
![Page 38: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/38.jpg)
Gauge Threshold Settings
• The two colors on the gauges represent the normal range – in black and the problem range – in red
• These can be set to any level desired by clicking on the Set Thresholds button
• And adjusting the values shown
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 38
![Page 39: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/39.jpg)
Gauge Threshold Settings
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 39
![Page 40: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/40.jpg)
Gauge Threshold Settings
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 40
![Page 41: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/41.jpg)
See All Devices on the Network
• The network analyzer can be used to show all devices that are sending traffic over the network
• This is done by clicking the Host Table button
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 41
![Page 42: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/42.jpg)
See All Devices on the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 42
![Page 43: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/43.jpg)
See All Devices on the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 43
![Page 44: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/44.jpg)
See All Devices on the Network
• The devices can be listed by– MAC address– IP address
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 44
![Page 45: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/45.jpg)
See All Devices on the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 45
![Page 46: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/46.jpg)
See All Devices on the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 46
![Page 47: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/47.jpg)
See All Devices on the Network
• The IP list shows local and remote devices, such as web sites viewed
• This window has several other views that can be selected by clicking on the buttons on the left of the window
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 47
![Page 48: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/48.jpg)
See All Devices on the Network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 48
![Page 49: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/49.jpg)
Traffic Map
• The Traffic Map is an odd display• It is meant to show who is talking to who
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 49
![Page 50: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/50.jpg)
Traffic Map
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 50
![Page 51: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/51.jpg)
Traffic Map
• There are two basic views– Graphic view– Table view
• As in
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 51
![Page 52: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/52.jpg)
Traffic Map
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 52
![Page 53: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/53.jpg)
Traffic Map
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 53
![Page 54: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/54.jpg)
Application Response Time
• Next is the Application Response Chart• This is a useful tool for baselining as it
shows how long it takes for a station to talk to a server
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 54
![Page 55: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/55.jpg)
Application Response Time
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 55
![Page 56: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/56.jpg)
Application Response Time
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 56
![Page 57: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/57.jpg)
History
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 57
![Page 58: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/58.jpg)
History
• History shows a bunch of stuff• As in
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 58
![Page 59: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/59.jpg)
History
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 59
![Page 60: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/60.jpg)
History
• Packets per Second• Utilization• Errors per Second• And so on• Lets look at a few of these by double
clicking the icon
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 60
![Page 61: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/61.jpg)
History
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 61
![Page 62: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/62.jpg)
History
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 62
![Page 63: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/63.jpg)
History
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 63
![Page 64: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/64.jpg)
Protocol Distribution
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 64
![Page 65: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/65.jpg)
Protocol Distribution
• The Protocol Distribution display is very useful
• It shows what protocols are running on the network
• For example, you may think there is no NetBEUI traffic on the network
• Yet this sample display shows NetBEUI traffic
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 65
![Page 66: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/66.jpg)
Protocol Distribution
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 66
![Page 67: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/67.jpg)
Protocol Distribution
• This has a– Histogram– Pie Chart– Table
• view
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 67
![Page 68: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/68.jpg)
Global Statistics
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 68
![Page 69: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/69.jpg)
Global Statistics
• The Global Statistics shows the packet sizes seen on the network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 69
![Page 70: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/70.jpg)
Global Statistics
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 70
![Page 71: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/71.jpg)
Alarm Log
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 71
![Page 72: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/72.jpg)
Alarm Log
• The Alarm Log shows just that, any alarms that have been issued based on the settings for alarms
• This is set on the Dashboard view using the Set Threshold button
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 72
![Page 73: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/73.jpg)
Alarm Log
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 73
![Page 74: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/74.jpg)
Capture and Decode Packets
• To examine the traffic packets must be captured and presented in a form humans can comprehend
• This is what capture does
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 74
![Page 75: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/75.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 75
![Page 76: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/76.jpg)
Capture and Decode Packets
• When– Capture– Start
• is selected frames going over the wire are placed in a buffer
• To look at this go back to the same place and select– Stop and Display
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 76
![Page 77: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/77.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 77
![Page 78: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/78.jpg)
Capture and Decode Packets
• In Sniffer Pro the initial decode display has the Expert tab selected
• For this example click on the Decode tab
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 78
![Page 79: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/79.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 79
![Page 80: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/80.jpg)
Capture and Decode Packets
• Now the display shows each packet listed in the top pane
• The decoded information in the middle pane
• The raw data in hex and ASCII in the bottom pane
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 80
![Page 81: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/81.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 81
![Page 82: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/82.jpg)
Capture and Decode Packets
• The middle pane is the most useful• It presents the information layer by layer in
a form simple humans can deal with• The example shown next is a decode
showing a conversation with a web server• Notice that it shows several layers from
bottom to top of the TCP/IP model
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 82
![Page 83: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/83.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 83
![Page 84: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/84.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 84
![Page 85: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/85.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 85
![Page 86: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/86.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 86
![Page 87: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/87.jpg)
Capture and Decode Packets
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 87
![Page 88: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/88.jpg)
Basic Packet Filtering
• Doing it the way just shown captures everything
• It is more useful to limit the packets captured to just those of interest
• This is done by specifying a filter such as– Address Filters– Protocol Filters– Dataset Filters
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 88
![Page 89: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/89.jpg)
Basic Packet Filtering
• Address filters look for particular source or destination addresses at the MAC address, IP address, or IPX address level
• Protocol filters look for a particular activity as revealed by the protocol number the activity uses, such as 53 for DNS
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 89
![Page 90: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/90.jpg)
Basic Packet Filtering
• Dataset filters define traffic to watch based on a specific value at a specific offset within a packet– These are considered advanced filters and
difficult to construct• But this is a topic for another lab
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 90
![Page 91: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/91.jpg)
Typical Things to Watch
• What types of trends are most interesting• Common things to watch include
– Protocol distribution– Top 10 most active devices– Packet size distribution– Utilization trends– Packets per second trends– Error packets– Broadcast and multicast traffic
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 91
![Page 92: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/92.jpg)
Common Problems to Look For
• The network is experiencing excessive broadcasts– Filter on all traffic to the broadcast address
and find the most active device - the one that is broadcasting most often
– Then classify the broadcast types to determine its purpose
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 92
![Page 93: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/93.jpg)
Common Problems to Look For
– Typically broadcast storms are caused either by a device performing an unsuccessful lookup or by a device blasting information out to all devices on the network
• There is a large amount of unnecessary traffic on the network– For example, unanswered routing queries,
excessive watchdog or connection keep-alive sequences are just wasteful on the network
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 93
![Page 94: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/94.jpg)
Common Problems to Look For
• A client appears to have numerous failure replies– Filter on packets to and from that client device
to create a packet-by-packet view of what the client has been doing
– Perhaps the client mapped a resource to an incorrect location and it cannot find what it is looking for there
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 94
![Page 95: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/95.jpg)
Common Problems to Look For
• An unusual amount of unknown or undecoded traffic is found on the network– Consider filtering on some unique field value,
such as the type field or the port field value– You might find some proprietary
communication going on
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 95
![Page 96: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/96.jpg)
Common Problems to Look For
• The network is slow• General Traffic
– Does anything stick out as strange
• Broadcasts– Do periodic broadcast storms occur
• Multicasts– Does the network have a multicast storm problem
• ICMP Packets– Do any ICMP - Internet Control Message Protocol
packets indicate misconfigurations, loops, or services that are available only sporadically
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 96
![Page 97: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/97.jpg)
Common Problems to Look For
• Protocol Distribution– Is anything unexpected happening with the network
protocols
• Client Boot-Up Sequences– What happens when the client simply boots up– Do any severe slowdowns occur during the boot-up
sequence
• Client Login Sequences– What happens during the login process– Can I identify any slowdowns during the login sequence– How does the client get configured during this process– Do any errors occur
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 97
![Page 98: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/98.jpg)
Common Problems to Look For
• Network File Transfer Times– How much time does it take to copy a big file - at least 40
MB - across the network
• Internet Access Times– What is the roundtrip time when users access the
Internet
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 98
![Page 99: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/99.jpg)
Troubleshooting Procedure
• The general procedure to follow is– Look at the typical latency between a client
and a server to see if packets have a problem getting from one place to anotherIf the roundtrip LAN times are just a few microseconds or milliseconds no problem, but if a slowness is seen with every request and reply set or there are retransmissions or timeouts, then look at the infrastructure as a possible problem
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 99
![Page 100: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/100.jpg)
Troubleshooting Procedure
– If most request and reply sets are quick, however, look for anomalies - sudden moments when the response time climbs unusually
– To do this, scroll through the summary of the boot-up and login sequence, looking at the delta time column to see if any sudden increases in response time can be seen
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 100
![Page 101: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/101.jpg)
More Than This
• There is much more to network analysis• But this is a start• There are several issues that must be
dealt with when using a network analyzer• Such as
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 101
![Page 102: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/102.jpg)
Problems
• In the wrong hands these little guys are dangerous
• Let’s say a member of the cleaning crew plugs one in one night, then sets it to capture all of the traffic for the next day or two
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 102
![Page 103: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/103.jpg)
Problems
• Or just lets it run while they are there• With all of the broadcasts – even on a
network with no active users – much can be discovered
• In general network analyzers cannot be detected as they are passive devices
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 103
![Page 104: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/104.jpg)
Detecting Network Analyzers
• To detect these you can run a program that scans for NICs set to promiscuous mode
• The average NIC should not be set this way.
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 104
![Page 105: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/105.jpg)
Sources
• Several articles and books by Laura Chappell
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 105
![Page 106: How to Use a Network Analyzer Last Update 2007.06.08 1.4.0 Copyright 2000-2007 Kenneth M. Chipps Ph.D. 1](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649e235503460f94b10e5b/html5/thumbnails/106.jpg)
For More Information
• Introduction to Network Analysis, 2nd Edition– Laura Chappell– ISBN 1-893939-36-7
Copyright 2000-2007 Kenneth M. Chipps Ph.D. www.chipps.com 106