* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Sniffer University 1-3
Survey
Document related concepts
Internet protocol suite wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Airborne Networking wikipedia , lookup
Packet switching wikipedia , lookup
Network tap wikipedia , lookup
Transcript
Troubleshooting with the Sniffer Portable Analyzer Sniffer University 1-1 TNV-101-GUI Housekeeping Cell Phones in Silent Mode Lunch Rest Rooms Telephones Emergency Information Beepers in Silent Mode Questions Sniffer University 1-2 Breaks Student Reference CD Contents of CD: • Sniffer Portable trace files – Subdirectory for each Sniffer University course containing all of the trace files referenced in that course Sniffer University 1-3 • Reference documents – – – – IETF Request for Comments (RFCs) Appendix material ATM Forum specifications and glossary Miscellaneous reference materials • Sniffer analyzer product documentation – – – – Sniffer Sniffer Sniffer Sniffer Portable 4.7 Distributed 4.1 Watch Reporter Sniffer University 1-4 No Copying... Thank You! Curriculum Map Sniffer University 1-5 Sniffer University's Total Network Visibility Curriculum • • • • • • • • • • • Troubleshooting with the Sniffer Portable Network Analyzer Ethernet Network Analysis & Troubleshooting (10, 100, 1000 Mbps) WAN Network Analysis and Troubleshooting Sniffer Portable Switch Expert Analysis & Troubleshooting ATM Network Analysis and Troubleshooting Wireless LAN Analysis and Troubleshooting TCP/IP Network Analysis and Troubleshooting Microsoft Windows NT Network Analysis & Troubleshooting Microsoft Windows 2000 Network Analysis & Troubleshooting Sniffer Distributed Enterprise Management Sniffer Watch Reports and Management Sniffer Certified Professional Program Sniffer University 1-6 • The Sniffer Certified Professional Program (SCPP) recognizes network professionals who can demonstrate an in-depth understanding of Sniffer Technologies software • There are three levels of certification in the program: 1. Sniffer Certified Professional (SCP) • The first level is designed to test the candidate’s knowledge in the use of the Sniffer Portable Network Analyzer 2. Sniffer Certified Expert (SCE) 3. Sniffer Certified Master (SCM) • The second and third levels evaluate the candidate’s knowledge of various networking technologies www.sniffer.com/education You will find links for: • The SCPP online resource center 1-7 – Test preparation materials – Practice tests – Product documentation • Course schedule and catalog Sniffer University – Class listings • Registration Information – Register online • Sniffer University survey – Let us know what you think • Sniffer University contacts Sniffer University 1-8 Table of Contents Course Overview Introduction and Concepts Starting Sniffer Portable Monitoring Network Health and Performance Monitor Applications Troubleshooting the Network Managing Alarms Capturing Network Traffic Expert Analysis Using Capture Filters to Narrow the View Triggers 3-84 Analyzing Network Issues Decode Window Using Display Filters to Narrow the View Exercises 1-9 1-14 1-27 2-1 2-5 3-1 3-10 3-19 3-31 3-67 4-1 4-10 4-40 5-1 Sniffer University 1-9 Course Overview Sniffer University 1-10 Course Objectives At the end of this course, you will be able to: • Effectively use the Sniffer Portable Network Analyzer in a logical step-by-step process as a network troubleshooting tool • Employ effective troubleshooting techniques to quickly resolve problems in your networks • Partner with Sniffer Portable to proactively monitor and baseline your networks • Optimize your network and applications using the information you have gained from Sniffer Portable Major Topics Sniffer University 1-11 • We’ll show you how to: – Use the Monitor functions to check the health and performance of your networks – Troubleshoot problems by capturing traffic and using the Expert’s help – Analyze the issues by viewing the frames that were captured – Proactively manage the network with Sniffer Portable’s tools and reporting capabilities • And we’ll give you troubleshooting tips along the way Vital Troubleshooting Skills In addition to having a protocol analyzer, you need to have an understanding of: Sniffer University 1-12 • Your network – Use Sniffer Portable to monitor segments – Have an accurate logical drawing of your entire network • The protocols being used on your network – Sniffer University has a series of protocol-specific classes to teach you the fine details of troubleshooting and maintaining each type of network – Learn how routers and switches are configured to keep them where they belong • Resources available to help you find answers quickly Sniffer University 1-13 Additional Resources • Industry Standards, Protocol Specifications, and Product Documentation • Technical Support • Networking Professional Organizations • Fellow Troubleshooters • Books Sniffer University 1-14 Introduction and Concepts Sniffer University 1-15 Section Objectives At the end of this section, you will be able to: • Describe the system requirements and supported interfaces of the Sniffer Portable Network Analyzer suite • Relate the OSI Reference Model to a frame on the wire • Start the Sniffer Portable Network Analyzer • Configure a Sniffer Portable local agent • Identify menu items and icons on the Toolbar and Status bar • Generate traffic with Packet Generator What is a Sniffer Analyzer? Sniffer University 1-16 • A network troubleshooting tool that assists you in finding and solving network communication problems, analyzing and optimizing network performance, and planning for future growth – Monitor application provides statistics in real time – Capture does real time Expert Analysis as frames are gated into the capture buffer – Profiles make loading complex filters and settings easy to save and activate – Post-capture packet display allows you to analyze the frames in-depth using multiple views – Active tools allow you to generate frames, buffers or perform other tests Sniffer Analysis Suites Sniffer University 1-17 • Portable Analysis Suite – Sniffer Portable LAN – Sniffer Portable WAN – Sniffer Portable HighSpeed • Distributed Analysis Suite – Sniffer Distributed Agent – Sniffer Distributed Console No matter which Sniffer suite you choose, the user interface is the same Sniffer Distributed Sniffer Distributed Agent on remote segment Paris Frame Relay X.25 Switch/Router Sniffer Distributed Agent on remote segment Sniffer University 1-18 Tokyo Sniffer Distributed Agents on local segments Sniffer Distributed Consoles Router San Francisco Snifferbook • Analyze T1/E1 • RS/V with LM2000 Adapter Sniffer University 1-19 Standard Ethernet NIC 10/100 Topology-Specific Interface Module WANbook ….. …. Power Power 1 2 3 4 5 6 7 8 TO TO SNIFFER SNIFFER Snifferbook Pod TO HUB Troubleshooting Flowchart Sniffer University 1-20 Monitor Troubleshoot Decode Manage Monitor Apps Alarms Display Frames Address Book • Dashboard Capture Frames • Summary • Host Table Expert Analysis • Detail Packet Generator • Matrix Expert Options • Hex • ART Filters Navigation • History Samples Triggers Select Frames • Protocol Distribution • Global Statistics Find Frames Filters Display Setup User Tools • Ping • Trace Route • DNS lookup • Finger • Who Is • Scripts Sniffer Portable Operation Adapter Tools Ping Alarms Trigger 1-21 Monitor Filters Sniffer University Trace Route DNS Lookup Finger Monitor Applications Dashboard Probe Dir Host Table Profiles Matrix Configs ART Addr Bk History Samples Database Protocol Distribution Traces Exported Data Global Statistics Display Filters Displays Decode Matrix Host Table Protocol Dist Statistics Capture Filters Who Is Sniffer University 1-22 System Requirements • Windows 98 SE, 2000, or NT 4.0 • Sniffer Portable Software (Provided by Network Associates) • Microsoft Internet Explorer with MS Virtual Machine and media player • Pentium 400 MHz CPU with minimum 128 MB RAM (256 MB recommended) and minimum 125 MB free disk space • Network Interface Card with NDIS 3.0+ driver • Enhanced NAI drivers for selected cards enhance performance and allow error frames to be captured and analyzed Sniffer University 1-23 Supported Interfaces • Ethernet 10/100 • Token Ring 4/16 • FDDI • HSSI • Full Duplex (supported with a pod) • ATM • WAN • Gigabit Ethernet • 802.11b Wireless LAN Enhanced Drivers Sniffer University 1-24 Topology Adapter with Sniffer Enhanced Drivers O/S Ethernet Adaptec PCI (ANA-21140/UC & ANA-6911/UC) Adaptec PCI (ANA-6911A/TX/TXC) Xircom CardBus Ethernet II 10/100 (CBE2) Xircom Realport CardBus Xircom Realport2 CardBus IBM 10/100 EtherJet CardBus Win NT, 2000, 98 SE Token Ring Madge PCMCIA Smart 16/4 Ringnode Mk2 (20-01) Madge 16/4 CardBus Adapter Mk2 (20-03) Madge Smart 16/4 PCI Ringnode Mk2/BM2 (51-02) Madge Smart 16/4 PCI Ringnode Mk3 (51-04) FDDI NuCard PCI FDDI Adapter Win NT Full Duplex FDX PCI Card Win NT WAN HSSI PCI Adapter LM2000 ISA Adapter Win NT, 2000, 98 SE ATM Sniffer ATM SAR Adapter Win NT, 2000, 98 SE Gigabit Xyratex PCI Adapter (SX, LX) Win NT, 2000, 98 SE Wireless Symbol Spectrum 24 PCMCIA Cisco Aironet 340/350PCMCIA Lucent Orinoco Gold PCMCIA Enterasys RoamAbout PCMCIA Win NT, 2000 Win NT, 2000, 98 SE Connects processes Moves Data Sniffer University 1-25 Provides Services OSI Reference Model 7 Application Allows users to transfer files, send mail, etc. Only layer that users can communicate with directly Key features are ease of use and functionality 6 Presentation Standardized data encoding and decoding Data compression Data encryption and decryption 5 Session Manages user sessions Reports upper-layer errors Supports Remote Procedure Call activities 4 Transport Connection management (e.g., TCP) Error and flow control Connectionless, unreliable (e.g., UDP) 3 Network Internetwork packet routing Minimizes subnet congestion Resolves differences between subnets 2 Data Link Network access control - MAC address Packet framing Error and flow control 1 Physical Moves bits across a physical medium Interface between network medium and network devices Defines electrical and mechanical characteristics of LAN The OSI Model and Frames DLC RI LLC Network Transport Session Presentation Application Sniffer University 1-26 • Frames include headers at several layers of the OSI model – The number of headers in a frame is protocoldependent – Each header has multiple fields that are also protocol-dependent • The Sniffer Network Analyzer reads the entire frame and decodes each byte (and sometimes each bit) into an English explanation of the values Sniffer University 1-27 Starting Sniffer Portable Starting Sniffer Portable Sniffer University 1-28 • Open the SNIFFER.EXE application using your favorite Windows method • From the File menu, go to Select Settings... and choose the local agent (adapter) you want to use – Adapters must be previously configured in Windows and use NAI enhanced or NDIS 3.0+ compliant drivers • The application automatically starts monitoring the traffic seen on the active local agent – Your settings are saved when you exit the application, so it will automatically begin monitoring on the local agent you last chose What is a Local Agent? Sniffer University 1-29 • A local agent is a logical reference to a collection of settings, addresses, and profiles associated with an adapter – Each local agent has a unique directory under the Sniffer Program directory – Changes you make are saved in the directory of the active local agent Local Agent 1 Configurations Thresholds Address Book Profiles (Filters) Adapter Local Agent 2 Configurations Thresholds Address Book Profiles (Filters) Select Settings... Sniffer University 1-30 The title bar indicates the active local agent Sniffer University 1-31 Select the Adapter • Settings dialog contains local agents that you have defined • Creating a new local agent allows you to maintain separate settings for each network you analyze – The settings for each will be maintained in separate “Local” directories under the Program directory Create a New Local Agent Sniffer University 1-32 New... from previous menu shows this screen Assign a name Choose the adapter Specify the Pod Copy settings from another agent User Interface Title Bar 1-33 Menu Bar Toolbar Capture Icons Sniffer University Toolbar Status Bar Sniffer University 1-34 The Toolbar Address Global Stats Book Protocol Distribution Capture Panel History Alarms Application Response Time Abort Matrix Print Hosts Print Dashboard Save File Open Status Bar Sniffer University 1-35 Watch the lower right corner of window for real-time counts Printing Frames Generated Frames Captured Alarms Getting Help Sniffer University 1-36 Three ways to get help in Sniffer Portable: 1. Use the Help on the menu bar to access the comprehensive on-line User’s Guide 2. Highlight an area on the screen and press F1 for context-sensitive help 3. Click on the icon Major Components 1-37 NIC Monitor Capture Monitor Applications Dashboard Real-Time Expert Analysis Host Table Sniffer University Matrix Application Response Time Protocol Distribution History Global Statistics Display Display Tabs Expert Analysis Decode Host Table Matrix Protocol Distribution Statistics Exercise 1-1 Sniffer University 1-38 Launch Sniffer Portable Sniffer University 1-39 Using Packet Generator What is Packet Generator? Sniffer University 1-40 • The main purpose of the packet generator is to stress test your network • You can configure it to generate: –A –A –A –A buffer of previously captured data frame from the displayed data new frame you configure before generating frame with no data • Monitor and Capture while generating to view the effect of the new data on the network • We will use it in class to generate trace files while viewing Monitor and Capture screens Sniffer University 1-41 Loopback Mode • Transmitting frames from the buffer with the Packet Generator to “replay” a trace file can be very useful to quickly show Monitor or Capture statistics • WARNING: Make sure that you enable Loopback Mode before starting traffic generation The Packet Generator Sniffer University 1-42 • Capture or load and display a trace file • Tools > Packet Generator Configure and send new packet Send current packet Stop Send current buffer Repeat Packet Generator Views Detail view—displays statistics: Sniffer University 1-43 Animation View—shows data being “pumped” into the network: Counter in the lower right corner: Monitoring and Capturing from a File Sniffer University 1-44 • To enable Monitor in the classroom when a live network is not available, we must – Set the local agent to Loopback Mode – Load a trace file – Generate traffic from the trace file • Monitor will accept the data as if it came from the network and give us statistics to view • The next couple of slides show the process to make that happen… Generating From a File • Under Files: Sniffer University 1-45 – Select Loopback Mode if no is visible – Open the trace file • Frames will be stored in the Capture buffer • Display the data • From the Tools pull-down menu: – Choose Packet Generator – Select the Send Buffer icon – Configure the number of times to send the buffer – Note the counts in the lower right counter as frames are generated Generate Buffer Configuration Sniffer University 1-46 Configure how often to send: Effects on Network Performance What happens when you transmit data into a live network? Multicast Broadcast Bad Good Data Data (Broadcast) Sniffer University 1-47 Dummy NIC Address CPU Interrupt Process Corrupt (discard data) Tables Sniffer University 1-48 Generating Traffic So, why would you want to generate traffic? • Test new equipment in a lab before installing it in a live network • Test vendor’s claims for new equipment performance, e.g., packets/frames per second forwarded by a particular brand and model of router/switch • Play back a trace file and observe its operation • Induce a known load of null traffic to see how a network will react to increased bandwidth usage • Test a Network Interface Card’s operation • Laboratory testing of suspect routers, switches, gateways, and NICs to ensure proper performance Sniffer University 1-49 Summary In this section, you learned how to: • Describe the system requirements and supported interfaces of the Sniffer Portable Network Analyzer suite • Relate the OSI Reference Model to a frame on the wire • Start Sniffer Portable • Configure a Sniffer Portable local agent • Identify menu items and icons on the Toolbar and Status bar • Generate traffic with Packet Generator Sniffer University 1-50 Group Discussion • When would you create/use a local agent? • Why might there be multiple local agents for the same NIC? • How does a frame on the wire relate to the OSI 7 layer model? • When troubleshooting, is it better to start with the Application layer or the DLC layer? Why? Sniffer University 1-51