network analysis using wireshark 1

Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]

Network analysis using Wireshark V2 [email protected] 1

Network Analysis Using Wireshark

Lesson 1:

Introduction & TS Basics



By the end of this lesson you will:

• Understand how to approach a network problem

• Understand the difference between GO-NOGO and performance problems

• Understand the tools that assist us in the network troubleshooting process

Lesson Objectives



What is network troubleshooting

Troubleshooting tools

Troubleshooting methodologies

Chapter Content

The network is guilty until proven otherwise…



Define the Problem

Gather Facts

Consider Possibilities

Create a Plan

Implement the Plan

Observe ResultsDoes the

Symptoms Stop

Document the Results

Start

End

TS Algorithm

YES

NO



TS Algorithm – Define the Problem (1)

• Draw the network

▫ Servers, switches, routers, firewalls etc.

• Draw the traffic flow chart

▫ Packets goes to servers, to Internet, between sites ….

Define the Problem

Gather Facts


Create a Plan

Implement the Plan

Observe ResultsDoes the Symptoms

Stop


Start

End



TS Algorithm – Define the Problem (2)

• Define the problem

▫ Does the problem happens always or occasionally

▫ Does it happen in one application or all applications

▫ Does it happened with all users, group of users or single user

Define the Problem

Gather Facts


Create a Plan

Implement the Plan


Stop


Start

End



TS Algorithm – Gather Facts

• Collect data about:▫ How often does the problem

happens ?

▫ When did the problem first occur ?

▫ What changes were made before the problem have started ?

▫ Is the problem reproducible ?

• Collect data from:▫ Affected users, administrators,

managers, and any key people involved with the network etc.

▫ Network management tools, protocol analyzers, diagnostic commands etc.

Define the Problem

Gather Facts


Create a Plan

Implement the Plan


Stop


Start

End



TS Algorithm – Consider Possibilities

• What can it be:▫ System/OS ?

▫ Application ?

▫ Network ?

▫ Hardware ?

• What tools to use ?▫ Networking tools ?

▫ System/OS tools ?

Define the Problem

Gather Facts


Create a Plan

Implement the Plan


Stop


Start

End



TS Algorithm – Create Plan

• Develop a plan for how you will test the most likely causes of the problem.

• Plan to change just one variable at a time

• Document your action plans. Each plan should describe a set of steps to be executed.

• Prepare a roll-back plan in case your actions make matters worse.

Define the Problem

Gather Facts


Create a Plan

Implement the Plan


Stop


Start

End



TS Algorithm – Implement the Plan and Observe the Results

• Follow the steps that you created in your action plan and observe the results.

• Make sure you document which plan you are currently trying otherwise it is too easy to repeat yourself.

• Test all fixes that you make. Be sure you do not make the problem worse or introduce new problems.

Define the Problem

Gather Facts


Create a Plan

Implement the Plan


Stop


Start

End



TS Algorithm – Implement the Plan

• When you have resolved the problem, you have one more important step remaining -documenting the results.

• Documenting the resolution will help you in the future when a similar problem occurs.

• In addition to documenting the resolution, be sure to save any configuration changes you made. If necessary, update your network maps.

Define the Problem

Gather Facts


Create a Plan

Implement the Plan


Stop


Start

End



What is the Problem Nature

Go / No GoProblem

PerformanceProblem

Problem Nature






Chapter Content

Don’t forget: user responses are relative …



• By the end of this lesson, you will be able to understand and use:

1. PC tools – Ping, Tracert ,Netstat, ARP …..

2. Communication equipment – Switches, Routers, Firewalls ….

3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..

4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..

5. Special tools – Netflow, Sflow, Port mappers, …..

6. Dedicated analyzers – Agilent, Spirent, IXIA…..

Network TS Tools



• End to end basic connectivity

• First “filling” of the network behavior

1. PC Tools - Ping, Tracert ,Netstat, ARP …..

To ISP

server pc

router



• Local data – counters in equipment itself

• For local problem isolation

2. Access to communication equipment's –Switches, Routers, ….

To ISP



• Local, in-depth, packet-by-packet protocol analysis of network traffic

• Network, hardware and application behavior

3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..

To ISP



• Continues monitoring and mapping

• Events and notifications

• Maps system

• Mostly SNMP based

4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..

To ISP



• Traffic analysis, engineering tools etc …

5. Special tools – Netflow, IP tools …..

To ISP



• Simulators, applications tests etc …

6. Dedicated analyzers – Agilent, Spirent, …..

To ISP






Chapter Content

Applications are typically developed in a “Golden Environment” -Fastest possible PCs, High Bandwidth, low latency etc. When they move from test (LAN) to production (WAN/WIFi/Cellular) the phone starts ringing…



T.S. Approaches

• Theoretical – “Scientist” approach

• Practical – “Caveman” Approach



• The “Scientist” approach will be to analyze and re-analyze the situation until the exact cause of the problem has been identified

• This approach will finally lead for solving the problem, but although this process is fairly reliable.

Theoretical - Scientist Approach



• The “Caveman” first instinct is start swapping cards, cables, hub's, and everything available, until miraculously, the network begins to work, even though not always properly.

• The problem with the “caveman” approach is that most of the times the root cause of the problem will still be present.

Practical - The Caveman Approach



• Analyze the network as a whole - rather than in pieces.

• Ask the questions - then collect the information - concentrate on

the problem - and then replace one broken ring in the chain to

solve it.

• Do not forget to verify that the problem have been truly fixed.

• Many problems can be user problems or mental problems that do

not involve anything in the network. Eliminate these problems at

the beginning!

The Right Approach



Summary

• In this lesson we talked about:

▫ Work in order

▫ Document, Document, Document!

▫ Scientist or Caveman? Both, as required

Thanks for your timeYoram [email protected]

Many examples, case-studies, capture files and more on my classroom course or online on:https://www.eknower.com/

network analysis using wireshark 1

Services