1 / 40

Module 1.2: Introduction (cont.)

Module 1.2: Introduction (cont.). Characterizing Network Traffic Server Placement. Characterizing Network Traffic. Characterizing Network Traffic. Sniffing Network Traffic and performing Traffic Characterization Application Profiles Application Monitoring. Sniffing Network Traffic.

shana-logan
Download Presentation

Module 1.2: Introduction (cont.)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 1.2: Introduction (cont.) • Characterizing Network Traffic • Server Placement K. Salah

  2. Characterizing Network Traffic K. Salah

  3. Characterizing Network Traffic • Sniffing Network Traffic and performing Traffic Characterization • Application Profiles • Application Monitoring K. Salah

  4. Sniffing Network Traffic K. Salah

  5. Sniffing Network Traffic • By looking at what is going on inside the network wire - called “sniffing” • By analyzing on how the network is being used - looking at application use • We do this to better understand how the network resource, bandwidth, is being used and how its use impacts the network’s design • By capturing traffic you can really see how your network is performing K. Salah

  6. Sniffing Network Traffic • There are several ways to collect data to determine our network traffic • One way is to look inside the wire - otherwise known as “sniffing” the network traffic • Lets look at how Windows NT does this as an example of how you do this • Experiments with Etherreal Sniffer Tool K. Salah

  7. Analyze Optimize Predict Sniffing Network Traffic K. Salah

  8. Characterizing Services • Traffic Characterization • What kind of traffic is generated? • How often is it generated? • What is the relative impact on the network? • Method for Characterizing a Service • Use a network capturing and analysis tool • Capture the appropriate traffic • Identify each frame in the capture K. Salah

  9. Broadcast Deliver to all hosts Multicast Deliver to registered members Directed Deliver to specified address Frame Types K. Salah

  10. Using the NT Network Monitor Software Installation • Network Monitor Application • Network Monitor Agent Network Adapter Card • Must Support Promiscuous Mode for Network-Wide Traffic • Local-only Mode Will Capture Traffic to and from the Local Host K. Salah

  11. Network Monitor - [\Ethernet\NET1 Capture Window (Station Stats)] File Capture Tools Options Window Help Graph Pane Time Elapsed: 00:01:44.659 % Network Utilization: Network Statistics 0 0 100 # Frames: 35 # Broadcasts: 4 # Multicasts: 0 # Bytes: 3450 # Frames Dropped: 0 Network Status: Normal Frames Per Second: Total Statistics Pane 0 0 100 Bytes Per Second: 0 0 2180 Broadcasts Per Second : Captured Statistics # Frames: 35 # Frames in Buffer: 35 # Bytes: 3450 # Bytes in Buffer: 3730 % Buffer Utilized: 0 # Frames Dropped: 0 Session Statistics Pane Network Address 1->2 1<-2 Network Address 2 BACKUP 9 11 WFW Client BACKUP INSTRUCTOR INSTRUCTOR WFW Client 1 2 4 3 1 4 *BROADCAST WFW Client BACKUP *BROADCAST Per Second Statistics % Network Utilization: 0 # Frames/second: 0 # Bytes /second : 0 Station Statistics Pane Network Address Frames Sent Frames Rcvd Bytes Sent Bytes Rcvd Directed Frames Sent Multicasts Sent Broadcasts Sent *BROADCAST 0 4 0 423 0 0 0 BACKUP INSTRUCTOR WFW Client 14 6 15 15 5 11 1336 432 1682 1513 402 112 13 6 12 0 0 0 1 0 3 Network Monitor V1.1 (built on Jun 23 1995 at 17:49:57) The NT Network Monitor Interface K. Salah

  12. Network Monitor- [Capture:1 (Summary)] File Edit Display Tools Options Window Help Frame 19 20 21 22 23 Time 66.276 66.277 66.278 66.279 66.281 Src MAC Addr WFW Client WFW Client BACKUP WFW Client BACKUP Protocol TCP NBT NBT SMB SMB Description .A..S., len: 0, seq: 282193079, ack:1312173 SS: Session Request, Dest: BACKUP , So SS: Positive Session Response, Len: 0 C negotiate, Dialect = Windows for Workgroups R negotiate, Dialect # = 3 Dst MAC Addr BACKUP BACKUP WFW Client BACKUP WFW Client Summary Pane + IP: ID = 0xE204; Proto = TCP; Len: 186 + TCP: .AP..., len: 146, seq: 282193151, ack: 1312173868, win: 8756, src: 1029 dst: 139 (NBT Session) + NBT: SS: Session Message, Len: 142 - SMB: C negotiate, Dialect = Windows for Workgroups 3.1a +SMB: SMB Status = Error Success +SMB: Header: PID = 0x36DB TID = 0x0000 MID = 0x4F81 UID = 0x0000 - SMB: Command = C negotiate SMB: Word count = 0 SMB: Byte count = 107 SMB: Byte parameters - SMB: Dialect Strings Understood SMB: Dialect String = PC NETWORK PROGRAM 1.0 Detail Pane Hex Pane 00000050 00 00 00 00 DB 36 00 00 81 4F 00 6B 00 02 50 43 . . . . | 6. . u0 . k . . PC 00000060 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 52 41 4D NETWORK PROGRAM 00000070 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F 46 54 20 1 . 0 . . MICROSOFT 00000080 4E 45 54 57 4F 52 4B 53 20 33 2E 30 00 02 44 4F NETWORKS 3 . 0 . . DO 00000090 53 20 4C 4D 31 2E 32 58 30 30 32 00 02 44 4F 53 S LM1 . 2X002 . . DOS 000000A0 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 57 69 6E 64 LANMAN2 . 1 . . Wind 000000B0 6F 77 73 20 66 6F 72 20 57 6F 72 6B 67 72 6F 75 ows for Workgroups SMB dialects this node understands F#: 22/35 Off: 93(x5D) L: 107 (x6B) Displaying Data with Network Monitor K. Salah

  13. Ethereal Demo K. Salah

  14. Application Profiles K. Salah

  15. Application Profiles • The other way to characterize network traffic is by looking at the applications that users utilize on the network and figuring out their impact on the overall network • Again, the goal is to figure out how the bandwidth is being used and the adequacy of the network design K. Salah

  16. Application Usage Patterns • Need to identify the number of users per application • Need to identify the frequency of application sessions • Length of an average application session • Number of simultaneous users of an application K. Salah

  17. Application Assumptions • If it is not practical to research the application details, some assumptions you can make: • number of application users = simultaneous users • all applications are used all the time • each user opens just one session and the session lasts all day K. Salah

  18. Size of Data Objects • Terminal session - 4 Kbytes • E-mail message - 10 Kbytes • Web page with graphics - 50 Kbytes • Spreadsheet - 100 Kbytes • Word processing document - 200 Kbytes • Graphical computer screen - 500 Kbytes • Presentation document - 2 Mbytes • High resolution image - 50 Mbytes • Multimedia object - 100 Mbytes • Database backup - 1 Gigabyte or more K. Salah

  19. Application Monitoring K. Salah

  20. Application Monitoring • Using software tools can be used to determine application performance statistics • Uses “agents” to collect data and send information to a “management” station • Agents run on the different OS where the applications are installed • Usually very expensive • $10,000 to $25,000 K. Salah

  21. Application Monitoring • The idea is to be able to predict what will be the effect on the network of rolling out a new software application • For existing application, the profiling software transforms raw application data captured from the network into an application profile. This is used for scalability. • Allows you to do what-if scenarios, to ensure the planned application can be run across your LAN or WAN. K. Salah

  22. Application Monitoring • CACI Products Company • Application Profiler • www.caci.com • Ganymede Software • Pegasus 2.1 • www.ganymede.com K. Salah

  23. K. Salah

  24. K. Salah

  25. K. Salah

  26. K. Salah

  27. K. Salah

  28. K. Salah

  29. Server Placement K. Salah

  30. Server Placement • Can have a major effect on capacity planning, depending on the applications run on the servers and the way the workstations are connected. • Network problems can be prevented when the designer understands the traffic patterns • Since servers use the bandwidth, placement becomes critical K. Salah

  31. Server Types • Identified by Function and Users they support • Common Servers • Enterprise Server • Distributed Server • Network Computer Server (Terminal Server) • WEB Application Server K. Salah

  32. Enterprise Server • Centralized Server • Supports all or majority of network users • example is e-mail server for company • Most often located in the Data Center near the network backbone • All users’ traffic travels through the backbone devices (routers & switches) K. Salah

  33. Enterprise Server Example K. Salah

  34. Distributed Server • Local or Workgroup servers • Supports a specific group of users • Payroll server that supports only the accounting group • Placed on the same network subnet as the users that it supports • located usually in the wiring closet K. Salah

  35. Distributed Server • Can effectively reduce the amount of traffic traveling across the network core • Traffic does not need to be routed through the network • Can be used to direct traffic on the network, e.g. NAT. K. Salah

  36. Distributed Server Example K. Salah

  37. Terminal Server • Fileserver to support “thin” Clients • Network PC or Low End PC’s • Applications run on the server, graphic information sent to the client, no applications “run” on the client machine • Use NT Server to provide windows applications to the Unix client machines • Like the “mainframe” model of old K. Salah

  38. Terminal Server • Can be either Distributed or Enterprise • Needs to be a high powered server in order to service the user with applications • imagine all users running Word on the Terminal Server vice on their own client machine K. Salah

  39. WEB Server • Normally set up as an Enterprise level server as many users need access for common information • May also be set outside the company’s internal network for outsiders (untrusted) to get information from. Usually protected by different network devices. K. Salah

  40. Server Placement Summary • As you can see, the location and purpose of a server can have a major impact on traffic • Need to understand where traffic is going in order to place the servers in the right location in order to ensure network “bottlenecks” are not created K. Salah

More Related