510 likes | 653 Views
Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI. Housekeeping. Cell Phones in Silent Mode. Breaks. Lunch. Rest Rooms. Emergency Information. Telephones. Beepers in Silent Mode. Questions. Student Reference CD. Contents of CD: Sniffer Portable trace files
E N D
Troubleshooting with theSniffer Portable AnalyzerTNV-101-GUI
Housekeeping Cell Phones inSilent Mode Breaks Lunch Rest Rooms EmergencyInformation Telephones Beepers inSilent Mode Questions
Student Reference CD Contents of CD: • Sniffer Portable trace files • Subdirectory for each Sniffer University course containing all of the trace files referenced in that course • Reference documents • IETF Request for Comments (RFCs) • Appendix material • ATM Forum specifications and glossary • Miscellaneous reference materials • Sniffer analyzer productdocumentation • Sniffer Portable 4.7 • Sniffer Distributed 4.1 • Sniffer Watch • Sniffer Reporter
No Copying... Thank You!
Curriculum Map Sniffer University's Total Network Visibility Curriculum • Troubleshooting with the Sniffer Portable Network Analyzer • Ethernet Network Analysis & Troubleshooting (10, 100, 1000 Mbps) • WAN Network Analysis and Troubleshooting • Sniffer Portable Switch Expert Analysis & Troubleshooting • ATM Network Analysis and Troubleshooting • Wireless LAN Analysis and Troubleshooting • TCP/IP Network Analysis and Troubleshooting • Microsoft Windows NT Network Analysis & Troubleshooting • Microsoft Windows 2000 Network Analysis & Troubleshooting • Sniffer Distributed Enterprise Management • Sniffer Watch Reports and Management
Sniffer CertifiedProfessional Program • The Sniffer Certified Professional Program (SCPP) recognizes network professionals who can demonstrate an in-depth understanding of Sniffer Technologies software • There are three levels of certification in the program: 1. Sniffer Certified Professional (SCP) • The first level is designed to test the candidate’s knowledge in the use of the Sniffer Portable Network Analyzer 2. Sniffer Certified Expert (SCE) 3. Sniffer Certified Master (SCM) • The second and third levels evaluate the candidate’s knowledge of various networking technologies
www.sniffer.com/education You will find links for: • The SCPP online resource center • Test preparation materials • Practice tests • Product documentation • Course schedule and catalog • Class listings • Registration Information • Register online • Sniffer University survey • Let us know what you think • Sniffer University contacts
Table of Contents Course Overview 1-9 Introduction and Concepts 1-14 Starting Sniffer Portable 1-27 Monitoring Network Health and Performance 2-1 Monitor Applications 2-5 Troubleshooting the Network 3-1 Managing Alarms 3-10 Capturing Network Traffic 3-19 Expert Analysis 3-31 Using Capture Filters to Narrow the View 3-67 Triggers 3-84 Analyzing Network Issues 4-1 Decode Window 4-10 Using Display Filters to Narrow the View 4-40 Exercises 5-1
Course Objectives At the end of this course, you will be able to: • Effectively use the Sniffer Portable Network Analyzer in a logical step-by-step process as a network troubleshooting tool • Employ effective troubleshooting techniques to quickly resolve problems in your networks • Partner with Sniffer Portable to proactively monitor and baseline your networks • Optimize your network and applicationsusing the information you have gainedfrom Sniffer Portable
Major Topics • We’ll show you how to: • Use the Monitor functions to check the health and performance of your networks • Troubleshoot problems by capturing traffic and using the Expert’s help • Analyze the issues by viewing the frames that were captured • Proactively manage the network with Sniffer Portable’s tools and reporting capabilities • And we’ll give you troubleshooting tips along the way
Vital Troubleshooting Skills • Your network • Use Sniffer Portable to monitor segments • Have an accurate logical drawing of your entire network • The protocols being used on your network • Sniffer University has a series of protocol-specific classes to teach you the fine details of troubleshooting and maintaining each type of network • Learn how routers and switches are configured to keep them where they belong • Resources available to help you find answers quickly In addition to having a protocol analyzer, you need to have an understanding of:
Additional Resources • Industry Standards, Protocol Specifications, and Product Documentation • Technical Support • Networking Professional Organizations • Fellow Troubleshooters • Books
Section Objectives At the end of this section, you will be able to: • Describe the system requirements and supported interfaces of the Sniffer Portable Network Analyzer suite • Relate the OSI Reference Model to a frame on the wire • Start the Sniffer Portable Network Analyzer • Configure a Sniffer Portable local agent • Identify menu items and icons onthe Toolbar and Status bar • Generate traffic with Packet Generator
What is a Sniffer Analyzer? • A network troubleshooting tool that assists you in finding and solving network communication problems, analyzing and optimizing network performance, and planning for future growth • Monitor application provides statistics in real time • Capture does real time Expert Analysis as frames are gated into the capture buffer • Profiles make loading complex filters and settings easy to save and activate • Post-capture packet display allows you to analyze the frames in-depth using multiple views • Active tools allow you to generate frames, buffers or perform other tests
Sniffer Analysis Suites Portable Analysis Suite Sniffer Portable LAN Sniffer Portable WAN Sniffer Portable High-Speed Distributed Analysis Suite Sniffer Distributed Agent Sniffer Distributed Console No matter which Sniffer suiteyou choose, the user interface is the same
Sniffer Distributed Sniffer Distributed Agent on remote segment Sniffer Distributed Agent on remote segment Frame Relay X.25 Switch/Router Paris Tokyo Sniffer Distributed Agents on local segments Sniffer Distributed Consoles Router San Francisco
Snifferbook Analyze T1/E1 RS/V with LM2000 Adapter WANbook Power TO TO TO SNIFFER SNIFFER HUB Power 1 2 3 4 5 6 7 8 ….. …. Standard EthernetNIC 10/100 Topology-Specific Interface Module Snifferbook Pod
Troubleshooting Flowchart Monitor Troubleshoot Decode Manage • Monitor Apps • Dashboard • Host Table • Matrix • ART • History Samples • Protocol Distribution • Global Statistics Alarms Capture Frames Expert Analysis Expert Options Filters Triggers • Display Frames • Summary • Detail • Hex • Navigation • Select Frames • Find Frames • Filters • Display Setup • Address Book • Packet • User Tools • Ping • Trace Route • DNS lookup • Finger • Who Is • Scripts Generator
Sniffer Portable Operation Adapter Tools Ping Trace Route DNS Lookup Finger Who Is Alarms Trigger Monitor Filters Name Discovery Capture Filters Monitor Applications Dashboard Host Table Matrix ART History Samples Protocol Distribution Global Statistics Display Filters Probe Dir Profiles Configs Addr Bk Database Traces Exported Data Displays Decode Matrix Host Table Protocol Dist Statistics
System Requirements • Windows 98 SE, 2000, or NT 4.0 • Sniffer Portable Software (Provided by Network Associates) • Microsoft Internet Explorer with MS Virtual Machine and media player • Pentium 400 MHz CPU with minimum 128 MB RAM (256 MB recommended) and minimum 125 MB free disk space • Network Interface Card with NDIS 3.0+ driver • Enhanced NAI drivers for selected cards enhance performance and allow error frames to be captured and analyzed
Supported Interfaces Ethernet 10/100 Token Ring 4/16 FDDI HSSI Full Duplex (supported with a pod) ATM WAN Gigabit Ethernet 802.11b Wireless LAN
OSI Reference Model Allows users to transfer files, send mail, etc. Only layer that users can communicate with directly Key features are ease of use and functionality 7 Application Standardized data encoding and decoding Data compression Data encryption and decryption Provides Services 6 Presentation Manages user sessions Reports upper-layer errors Supports Remote Procedure Call activities 5 Session Connects processes Connection management (e.g., TCP) Error and flow control Connectionless, unreliable (e.g., UDP) 4 Transport Internetwork packet routing Minimizes subnet congestion Resolves differences between subnets 3 Network Moves Data Network access control - MAC address Packet framing Error and flow control 2 Data Link Moves bits across a physical medium Interface between network medium and network devices Defines electrical and mechanical characteristics of LAN Physical 1
The OSI Model and Frames Application DLC Network • Frames include headers at several layers of the OSI model • The number of headers in a frame is protocol-dependent • Each header has multiple fields that are also protocol-dependent • The Sniffer Network Analyzer reads the entire frame and decodes each byte (and sometimes each bit) into an English explanation of the values RI LLC Transport Session Presentation
Starting Sniffer Portable • Open the SNIFFER.EXE application using your favorite Windows method • From the File menu, go to Select Settings... and choose the local agent (adapter) you want to use • Adapters must be previously configured in Windows and use NAI enhanced or NDIS 3.0+ compliant drivers • The application automatically starts monitoring the traffic seen on the active local agent • Your settings are saved when you exit the application, so it will automatically begin monitoring on the local agent you last chose
What is a Local Agent? • A local agent is a logical reference to a collection of settings, addresses, and profiles associated with an adapter • Each local agent has a unique directory under the Sniffer Program directory • Changes you make are saved in the directory of the active local agent Local Agent 1 Configurations Thresholds Address Book Profiles (Filters) Local Agent 2 Configurations Thresholds Address Book Profiles (Filters) Adapter
Select Settings... The title bar indicates the active local agent
Select the Adapter • Settings dialog contains local agents that you have defined • Creating a new local agent allows you to maintain separate settings for each network you analyze • The settings for eachwill be maintained inseparate “Local”directories under theProgram directory
Create a New Local Agent New... from previous menu shows this screen Assign a name Choose theadapter Specify the Pod Copy settings fromanother agent
User Interface Title Bar Menu Bar Toolbar Capture Icons Toolbar Status Bar
The Toolbar Address Book Abort Print Matrix Global Stats Protocol Distribution Hosts Print Dashboard Save Capture Panel File Open History Alarms Application Response Time
Status Bar Watch the lower right corner of window for real-time counts Alarms Printing FramesGenerated Frames Captured
Getting Help Three ways to get help in Sniffer Portable: 1. Use the Help on the menu bar to access the comprehensive on-line User’s Guide 2. Highlight an area on the screen and press F1 for context-sensitive help 3. Click on the icon
Major Components NIC Monitor Capture Monitor Applications Real-Time Expert Analysis Dashboard Display Host Table Display Tabs Matrix Expert Analysis Decode Application Response Time Host Table Protocol Distribution Matrix Protocol Distribution History Statistics Global Statistics
Exercise 1-1 Launch Sniffer Portable
What is Packet Generator? • The main purpose of the packet generator is to stress test your network • You can configure it to generate: • A buffer of previously captured data • A frame from the displayed data • A new frame you configure before generating • A frame with no data • Monitor and Capture while generating to view the effect of the new data on the network • We will use it in class to generate trace files while viewing Monitor and Capture screens
Loopback Mode • Transmitting frames from the buffer with the Packet Generator to “replay” a trace file can be very useful to quickly showMonitor or Capture statistics • WARNING: Make sure that you enable Loopback Mode before starting traffic generation
The Packet Generator • Capture or load and display a trace file • Tools > Packet Generator Send current packet Configure andsend new packet Send current buffer Stop Repeat
Packet Generator Views Animation View—shows data being “pumped” into the network: Detail view—displays statistics: Counter in the lower right corner:
Monitoring and Capturing from a File • To enable Monitor in the classroom when a live network is not available, we must • Set the local agent to Loopback Mode • Load a trace file • Generate traffic from the trace file • Monitor will accept the data as if it came from the network and give us statistics to view • The next couple of slides show the process to make that happen…
Generating From a File • Under Files: • Select Loopback Mode if no is visible • Open the trace file • Frames will be stored in the Capture buffer • Display the data • From the Tools pull-down menu: • Choose Packet Generator • Select the Send Buffer icon • Configure the number of times to send the buffer • Note the counts in the lower right counter as frames are generated
Generate Buffer Configuration Configure how often to send:
Effects on Network Performance What happens when you transmit data into a live network? Dummy Multicast Broadcast Bad Good NIC Data Data Address (Broadcast) CPUInterrupt Process (discard data) Corrupt Tables
Generating Traffic So, why would you want to generate traffic? • Test new equipment in a lab before installing itin a live network • Test vendor’s claims for new equipmentperformance, e.g., packets/frames persecond forwarded by a particular brandand model of router/switch • Play back a trace file and observe its operation • Induce a known load of null traffic to see howa network will react to increased bandwidthusage • Test a Network Interface Card’s operation • Laboratory testing of suspect routers, switches,gateways, and NICs to ensure proper performance
Summary In this section, you learned how to: • Describe the system requirements and supported interfaces of the Sniffer Portable Network Analyzer suite • Relate the OSI Reference Model to a frame on the wire • Start Sniffer Portable • Configure a Sniffer Portable local agent • Identify menu items and icons on the Toolbar and Status bar • Generate traffic with Packet Generator
Group Discussion • When would you create/use a local agent? • Why might there be multiple local agents for the same NIC? • How does a frame on the wire relate to the OSI 7 layer model? • When troubleshooting, is itbetter to start with theApplication layer orthe DLC layer? Why?