1 / 22

BAI513 - PROTOCOLS

Learn about the roles and purposes of network analysis, how to install protocol analyzers, and the features of the Sniffer Pro application. Understand protocol analysis, useful roles for protocol analysis, and elements of a protocol analyzer. Discover how to place a protocol analyzer on a network and different methods for analyzing switched networks.

floydv
Download Presentation

BAI513 - PROTOCOLS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. BAIST – Network Management BAI513 - PROTOCOLS Introduction to Network Analysis and Sniffer Pro

  2. Objectives • At the end of this presentation, the student will be able to: • Describe the roles and purposes of Network Analysis. • Describe the “how, where and why” of installing Protocol Analysers. • Describe the main features / functions of the Sniffer Pro application.

  3. About Protocol Analysis • Protocol analysis (also referred to as network analysis) is the process of tapping into the network communications system, capturing packets that cross the network, gathering network statistics, and decoding the packets into readable form • In essence, a protocol analyzer eavesdrops on network communications • Many protocol analyzers can also transmit packets—a useful task for testing a network or device

  4. Useful Roles for Protocol Analysis • Protocol analyzers are often used to troubleshoot network communications • Typically, analyzers are placed on the network and configured to capture the problematic communication sequence • Protocol analyzers are also used to test networks • Testing can be performed in a passive manner by listening to unusual communications, or in an active manner by transmitting packets onto the network

  5. Protocol Analyzer Elements • The following diagram depicts the basic elements of a protocol analyzer • The basic elements are: • Promiscuous mode card and driver • Packet filters • Trace buffer • Decodes • Alarms • Statistics

  6. Network Analyzer Elements

  7. Promiscuous Mode Card & Driver • The network interface card and driver used on the analyzer must support promiscuous mode operation • A card that runs in promiscuous mode can capture broadcast packets, multicast packets, and unicast packets sent to other devices, as well as error packets • An analyzer running with a promiscuous mode card and driver can see Ethernet collision fragments, oversized packets, undersized packets (a.k.a. runts), and packets that end on an illegal boundary

  8. Packet Filters • If you are interested in the type of broadcasts that are crossing a network, you can set up a filter that allows only broadcast packets to flow into the analyzer • When filters are applied to incoming packets, they are often referred to as capture filters, or pre-filters

  9. Packet Filters • Filters can be based on a variety of packet characteristics including, but not limited to: • Source data link address • Destination data link address • Source IP address • Destination IP address • Application or process

  10. Trace Buffer • The packets flow into the analyzer’s trace buffer, a holding area for packets copied off the network • Typically, this is an area of memory set aside on the analyzer, although some analyzers allow you to configure a “direct to disk” save option • Most analyzers have a default trace buffer size of 4 MB

  11. Decodes • Decodes are applied to the packets that are captured into the trace buffer • These decodes enable you to see the packets in a readable format with the packet fields and values interpreted for you • Decoders are packet translation tools

  12. Viewing Packet Decodes

  13. Alarms • Many analyzers have a set of configurable alarms that indicates unusual network events or errors • The following lists some typical alarms that are included with most analyzer products: • Excessive broadcasts • Utilization threshold exceeded • Request denied • Server down

  14. Statistics • Many analyzers also display statistics on network performance, such as the current packet-per-second rate, or network utilization rates • Network administrators use these statistics to identify gradual changes in network operations, or sudden spikes in network patterns

  15. Placing a Protocol Analyzer on a Network • A protocol analyzer can only capture packets that it can see on the network • On a network that is connected with hubs, you can place the analyzer anywhere on the network • There are basically three options for analyzing switched networks: • Hubbing out • Port redirection • Remote Monitoring (RMON)

  16. Hubbing Out • By placing a hub between a device of interest (such as a server) and the switch, and connecting the analyzer to the hub, you can view all traffic to and from the server

  17. Port Redirection • Many switches can be configured to redirect (actually, to copy) the packets traveling through one port to another port • By placing your analyzer on the destination port, you can listen in on all the conversations that cross the network through the port of interest

  18. Remote Monitoring (RMON) • RMON uses Simple Network Management Protocol (SNMP) to collect traffic data at a remote switch and send the data to a management device

  19. Sniffer Pro Introduction • Sniffer Pro is a powerful network visibility tool that enables you to: • Monitor network activity in real time • Collect detailed utilization and error statistics for individual stations, conversations, or any portion of your network • Save historical utilization and error information for baseline analysis • Generate visible and audible real-time alarms

  20. Sniffer Pro Introduction (cont) • Sniffer Pro is a powerful network visibility tool that enables you to: • Notify network administrators when troubles are detected • Capture network traffic for detailed packet analysis • Receive Expert analysis of network traffic • Probe the network with active tools to simulate traffic, measure response times, count hops, and troubleshoot problems

  21. Sniffer Pro Major Components • The main functional components of Sniffer Pro: • Monitorcalculates and displays real-time network traffic data. • Capturefunction captures network traffic and stores the actual packets in a buffer (and optionally to a file) for later analysis. • Real-time Expert Analysisfunction analyzes the network packets during capture and alerts you to potential problems on your network. These problems are categorized as either symptoms and/or diagnoses. • Displayfunction decodes and analyzes the packets in the capture buffer, and displays them in a variety of formats. • NOTE: BAI513 will only utilize the Capture and Display components of Sniffer Pro.

  22. Summary • This presentation covered information that allowed the student to: • Describe the roles and purposes of Network Analysis. • Describe the “how, where and why” of installing Protocol Analysers. • Describe the main features / functions of the Sniffer Pro application.

More Related