400 likes | 535 Views
Module 1.2: Introduction (cont.). Characterizing Network Traffic Server Placement. Characterizing Network Traffic. Characterizing Network Traffic. Sniffing Network Traffic and performing Traffic Characterization Application Profiles Application Monitoring. Sniffing Network Traffic.
E N D
Module 1.2: Introduction (cont.) • Characterizing Network Traffic • Server Placement K. Salah
Characterizing Network Traffic K. Salah
Characterizing Network Traffic • Sniffing Network Traffic and performing Traffic Characterization • Application Profiles • Application Monitoring K. Salah
Sniffing Network Traffic K. Salah
Sniffing Network Traffic • By looking at what is going on inside the network wire - called “sniffing” • By analyzing on how the network is being used - looking at application use • We do this to better understand how the network resource, bandwidth, is being used and how its use impacts the network’s design • By capturing traffic you can really see how your network is performing K. Salah
Sniffing Network Traffic • There are several ways to collect data to determine our network traffic • One way is to look inside the wire - otherwise known as “sniffing” the network traffic • Lets look at how Windows NT does this as an example of how you do this • Experiments with Etherreal Sniffer Tool K. Salah
Analyze Optimize Predict Sniffing Network Traffic K. Salah
Characterizing Services • Traffic Characterization • What kind of traffic is generated? • How often is it generated? • What is the relative impact on the network? • Method for Characterizing a Service • Use a network capturing and analysis tool • Capture the appropriate traffic • Identify each frame in the capture K. Salah
Broadcast Deliver to all hosts Multicast Deliver to registered members Directed Deliver to specified address Frame Types K. Salah
Using the NT Network Monitor Software Installation • Network Monitor Application • Network Monitor Agent Network Adapter Card • Must Support Promiscuous Mode for Network-Wide Traffic • Local-only Mode Will Capture Traffic to and from the Local Host K. Salah
Network Monitor - [\Ethernet\NET1 Capture Window (Station Stats)] File Capture Tools Options Window Help Graph Pane Time Elapsed: 00:01:44.659 % Network Utilization: Network Statistics 0 0 100 # Frames: 35 # Broadcasts: 4 # Multicasts: 0 # Bytes: 3450 # Frames Dropped: 0 Network Status: Normal Frames Per Second: Total Statistics Pane 0 0 100 Bytes Per Second: 0 0 2180 Broadcasts Per Second : Captured Statistics # Frames: 35 # Frames in Buffer: 35 # Bytes: 3450 # Bytes in Buffer: 3730 % Buffer Utilized: 0 # Frames Dropped: 0 Session Statistics Pane Network Address 1->2 1<-2 Network Address 2 BACKUP 9 11 WFW Client BACKUP INSTRUCTOR INSTRUCTOR WFW Client 1 2 4 3 1 4 *BROADCAST WFW Client BACKUP *BROADCAST Per Second Statistics % Network Utilization: 0 # Frames/second: 0 # Bytes /second : 0 Station Statistics Pane Network Address Frames Sent Frames Rcvd Bytes Sent Bytes Rcvd Directed Frames Sent Multicasts Sent Broadcasts Sent *BROADCAST 0 4 0 423 0 0 0 BACKUP INSTRUCTOR WFW Client 14 6 15 15 5 11 1336 432 1682 1513 402 112 13 6 12 0 0 0 1 0 3 Network Monitor V1.1 (built on Jun 23 1995 at 17:49:57) The NT Network Monitor Interface K. Salah
Network Monitor- [Capture:1 (Summary)] File Edit Display Tools Options Window Help Frame 19 20 21 22 23 Time 66.276 66.277 66.278 66.279 66.281 Src MAC Addr WFW Client WFW Client BACKUP WFW Client BACKUP Protocol TCP NBT NBT SMB SMB Description .A..S., len: 0, seq: 282193079, ack:1312173 SS: Session Request, Dest: BACKUP , So SS: Positive Session Response, Len: 0 C negotiate, Dialect = Windows for Workgroups R negotiate, Dialect # = 3 Dst MAC Addr BACKUP BACKUP WFW Client BACKUP WFW Client Summary Pane + IP: ID = 0xE204; Proto = TCP; Len: 186 + TCP: .AP..., len: 146, seq: 282193151, ack: 1312173868, win: 8756, src: 1029 dst: 139 (NBT Session) + NBT: SS: Session Message, Len: 142 - SMB: C negotiate, Dialect = Windows for Workgroups 3.1a +SMB: SMB Status = Error Success +SMB: Header: PID = 0x36DB TID = 0x0000 MID = 0x4F81 UID = 0x0000 - SMB: Command = C negotiate SMB: Word count = 0 SMB: Byte count = 107 SMB: Byte parameters - SMB: Dialect Strings Understood SMB: Dialect String = PC NETWORK PROGRAM 1.0 Detail Pane Hex Pane 00000050 00 00 00 00 DB 36 00 00 81 4F 00 6B 00 02 50 43 . . . . | 6. . u0 . k . . PC 00000060 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 52 41 4D NETWORK PROGRAM 00000070 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F 46 54 20 1 . 0 . . MICROSOFT 00000080 4E 45 54 57 4F 52 4B 53 20 33 2E 30 00 02 44 4F NETWORKS 3 . 0 . . DO 00000090 53 20 4C 4D 31 2E 32 58 30 30 32 00 02 44 4F 53 S LM1 . 2X002 . . DOS 000000A0 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 57 69 6E 64 LANMAN2 . 1 . . Wind 000000B0 6F 77 73 20 66 6F 72 20 57 6F 72 6B 67 72 6F 75 ows for Workgroups SMB dialects this node understands F#: 22/35 Off: 93(x5D) L: 107 (x6B) Displaying Data with Network Monitor K. Salah
Ethereal Demo K. Salah
Application Profiles K. Salah
Application Profiles • The other way to characterize network traffic is by looking at the applications that users utilize on the network and figuring out their impact on the overall network • Again, the goal is to figure out how the bandwidth is being used and the adequacy of the network design K. Salah
Application Usage Patterns • Need to identify the number of users per application • Need to identify the frequency of application sessions • Length of an average application session • Number of simultaneous users of an application K. Salah
Application Assumptions • If it is not practical to research the application details, some assumptions you can make: • number of application users = simultaneous users • all applications are used all the time • each user opens just one session and the session lasts all day K. Salah
Size of Data Objects • Terminal session - 4 Kbytes • E-mail message - 10 Kbytes • Web page with graphics - 50 Kbytes • Spreadsheet - 100 Kbytes • Word processing document - 200 Kbytes • Graphical computer screen - 500 Kbytes • Presentation document - 2 Mbytes • High resolution image - 50 Mbytes • Multimedia object - 100 Mbytes • Database backup - 1 Gigabyte or more K. Salah
Application Monitoring K. Salah
Application Monitoring • Using software tools can be used to determine application performance statistics • Uses “agents” to collect data and send information to a “management” station • Agents run on the different OS where the applications are installed • Usually very expensive • $10,000 to $25,000 K. Salah
Application Monitoring • The idea is to be able to predict what will be the effect on the network of rolling out a new software application • For existing application, the profiling software transforms raw application data captured from the network into an application profile. This is used for scalability. • Allows you to do what-if scenarios, to ensure the planned application can be run across your LAN or WAN. K. Salah
Application Monitoring • CACI Products Company • Application Profiler • www.caci.com • Ganymede Software • Pegasus 2.1 • www.ganymede.com K. Salah
Server Placement K. Salah
Server Placement • Can have a major effect on capacity planning, depending on the applications run on the servers and the way the workstations are connected. • Network problems can be prevented when the designer understands the traffic patterns • Since servers use the bandwidth, placement becomes critical K. Salah
Server Types • Identified by Function and Users they support • Common Servers • Enterprise Server • Distributed Server • Network Computer Server (Terminal Server) • WEB Application Server K. Salah
Enterprise Server • Centralized Server • Supports all or majority of network users • example is e-mail server for company • Most often located in the Data Center near the network backbone • All users’ traffic travels through the backbone devices (routers & switches) K. Salah
Enterprise Server Example K. Salah
Distributed Server • Local or Workgroup servers • Supports a specific group of users • Payroll server that supports only the accounting group • Placed on the same network subnet as the users that it supports • located usually in the wiring closet K. Salah
Distributed Server • Can effectively reduce the amount of traffic traveling across the network core • Traffic does not need to be routed through the network • Can be used to direct traffic on the network, e.g. NAT. K. Salah
Distributed Server Example K. Salah
Terminal Server • Fileserver to support “thin” Clients • Network PC or Low End PC’s • Applications run on the server, graphic information sent to the client, no applications “run” on the client machine • Use NT Server to provide windows applications to the Unix client machines • Like the “mainframe” model of old K. Salah
Terminal Server • Can be either Distributed or Enterprise • Needs to be a high powered server in order to service the user with applications • imagine all users running Word on the Terminal Server vice on their own client machine K. Salah
WEB Server • Normally set up as an Enterprise level server as many users need access for common information • May also be set outside the company’s internal network for outsiders (untrusted) to get information from. Usually protected by different network devices. K. Salah
Server Placement Summary • As you can see, the location and purpose of a server can have a major impact on traffic • Need to understand where traffic is going in order to place the servers in the right location in order to ensure network “bottlenecks” are not created K. Salah