1 / 39

QuickStart for EtherPeek

QuickStart for EtherPeek. January 2002. The History of WildPackets. 1990: Introduced a Macintosh-based EtherPeek protocol analyzer 1996: Windows-based version of EtherPeek released

tangia
Download Presentation

QuickStart for EtherPeek

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. QuickStart for EtherPeek January 2002

  2. The History of WildPackets 1990: Introduced a Macintosh-based EtherPeek protocol analyzer 1996: Windows-based version of EtherPeek released 1998: The iNetTools (under a different name at the time) were developed to allow active network testing such as a port scan and ping scan 2000: Changed name from AG Group to WildPackets 2000: Acquired Net3Group, makers of NetSense 2001: Acquired Optimized Engineering which is now the Professional Services arm of WildPackets 2001: Released AiroPeek to extend into the wireless market place 2001: EtherPeek NX is released. WildPackets now offers 2 product lines: EtherPeek Standard (4.2) & EtherPeek NX

  3. Current Customers Include.. Motorola, NY Times, 3Com, IBM,, Talk City, Condé Nast Publications, Novell, US Air Force, National Institutes of Health, DARPA, NASA Sandia National Labs, Liberty Mutual Insurance, EDS, GTE Information Services Apple Computer, Boeing, Cisco Systems, Microsoft, Nortel Networks Ericsson, Bank of America, Lucent Technologies, Yahoo!, FAA, Lockheed Martin, Xerox Corp., Lawrence Livermore National Labs and many, many K-12 and higher educational institutions in the United States and abroad.

  4. Today’s Agenda • Launching EtherPeek • Examining network statistics • Overview of protocol layers • The Packets and decode windows • Using filters to isolate problems • Alarms and the Log Window • The iNet Tools • NetSense • Protocol Analysis Training Options • EtherPeek NX overview

  5. What is a Protocol Analyzer and when can it be used • EtherPeek is an example of a protocol analyzer • also referred to as a packet analyzer • An analyzer can ‘see’ the conversations between networked devices • By evaluating the traffic network problems can be identified • An analyzer is also useful in proactively monitoring a network to identify potential issues, before they turn into serious problems • We produce an analyzer for Ethernet, Wireless 802.11 and Token-Ring

  6. Getting Started with EtherPeekWindows • NIC Card for EtherPeek • See the following web site for information about supported NIC cards http://www.wildpackets.com/support/hardware/etherpeek_win • At least: • 400 Mhz Pentium II • 128 MB RAM • NDIS3 Compatible Network Interface Card • Color Monitor strongly recommended

  7. Getting Started with EtherPeekMacintosh • NIC Card for EtherPeek • See the following web site for information about supported NIC cards http://www.wildpackets.com/support/hardware/etherpeek_mac4 • At least: • PCI-based Power Macintosh running System 8.0 or later • 32MB RAM Recommended • Supported Ethernet Interface

  8. Analysis in the Switched World • SPAN • Port Mirror • Port Monitor • Other Possibilities: • a mini-hub • EtherHelp

  9. Statistics There are two location for statistics

  10. Report Examples… Utilization Packet Size Distribution Nodes Statistics

  11. Examples of Web-Based Reports

  12. The Interpretation Of Statistics • Are the protocols seen what you expect? • Are the packet sizes consistent with the activity? • Is utilization at an acceptable level? • Are the ‘top talkers’ the right ones? Covered in WP101

  13. Application Presentation Session Transport Network Data Link Physical Covered in WP100 Overview of Protocol Layers • Ethernet is responsible for the local movement of the frame • IP is responsible for the routed travel of the packet • TCP and UDP identify the upper layer protocol via a Port number. TCP ‘guarantees’ the delivery of the data • Application layers such as FTP, Telnet, and HTTP provide the functionality to the user’s program Troubleshoot from the bottom up

  14. Getting Started Capturing… • Capture -> Start Capture • Click OK • Click on the Start Capture button

  15. Packets View • Packets scroll past in real-time

  16. Details, Details.. P D N T S P A Double-click on a packet to see the detailed decode and hexadecimal view Covered in WP103&4

  17. Getting Started With Filters Post-Capture Filtering A Real-Time Capture Filter

  18. Alarms and Log Window • Right click on a statistic to Make Alarm • View ->Alarms • Tools -> Notification to specify the action to take Alarms Log

  19. iNetTools For example, Ping Scan… Covered in WP101

  20. Obtaining iNetTools • The iNetTools are available as a separate demo download • Installing the iNetTools is a choice when running the EtherPeek Installation program On the Mac, iNetTools are always separate

  21. NetSense Overview • Open a file • File Summary • DLC (Data Link Control) Error Expert • Frame Size Chart • Protocol Chart • Problem Finder • Network Peer Map • Client/Server Expert • Other Possibilities: • ProAnalyst ToolBox • Response Time/Latency Analysis • Throughput Analysis Covered in WP104

  22. Client/Server Expert

  23. Professional Services WP100: Foundations Of Network Protocol Analysis WP101: Network Troubleshooting Methods Using EtherPeek WP103: TCP/IP Protocol Analysis Methods WP104: Advanced TCP/IP Protocol Analysis Coming Soon: WP106: 802.11 Wireless Network Analysis Using AiroPeek and WP105: AppleTalk and Mac OS/X Network Analysis AATech: Applied Analysis Technician PAS: Protocol Analysis Specialist NAX: Network Analysis Expert

  24. And now….EtherPeek NX

  25. What’s New? • Real Time Expert Analysis • Real Time Peer Map • Significantly enhanced Alarm capabilities

  26. Real Time Expert Analysis • Evaluates and and analyzes all 7 layers of OSI model • Separates packets into independent conversations and displayed in intuitive tree structure • Analyzes device by device to isolate problem behavior • Describes behaviors indicative of network, client, server, router, or infrastructure problems • Records the error condition, allows quick display of relevant packets, provides a textual explanation of why the error occurred, and what can be done to correct • Provides a comprehensive report of network-wide problems in the case where a problem is reported but no specific suspect station is known.

  27. Expert Conversations pane Problem summary Pane

  28. Details, Details • The Node Details tab is linked to the Conversations pane • When you click on a conversation or diagnosis in the Conversations pane, detailed information about the nodes in the conversation appears in the Node Details tab Click on a problem or conversation More information appears here

  29. Configuring The Expert This button opens up the Problem Finder settings, which allow you to configure the expert.

  30. Real Time Peer Map • Eye-catching Peer Map not just for show • Elongated ellipse used so that map remains usable even on busy networks • User decides the ‘look’

  31. Peer Map Packets between stations are displayed here, in the left-most pane The display is configured here, in the right-hand pane

  32. Alarm Capability • Over 100 real-time (or post-capture) conditions are tracked by the alarm notification system • Default values have been set based on years of real-life networking experience • Recall, Alarms have severity levels associated with them. Notifications are tied to severity levels.

  33. “Suspects Detected, Problems Diagnosed”

  34. What Else Is New? • New SMB Analysis module • Ability to import/export alarms • Cumulative bytes column shows cumulative byte counts per packet • Stop trigger can now stop a capture ased on elapsed time • Can read Sniffer .cap files

  35. NX Highlights- Recap • Provides both expert diagnostics and frame decoding in real-time, during capture • Analyzes application layer client/server problems including busy networks and servers, inefficient clients, low throughput and latency • Customizable ProblemFinder Settings • Select packets related to Problems with one-click • Ring Buffer option for continuous capture • Innovative, full-featured Peer Map • Advanced alarms system detects Suspect conditions, diagnoses Problem events

  36. And let’s not forget.. • The Best UI in the Business • Professional Services including WildPackets Academy and consulting • Technical Support • Affordable price

  37. System Requirements for NX • Minimum: • 400 Mhz processor • 128 MB RAM • Recommended: • 600 Mhz processor • 256 MB RAM • In general, EtherPeek NX performance for capture and analysis is a direct function of the packet rate on the network and the complexity of the conversation mix on that network. The above system recommendations have been found to be appropriate for networks of moderate utilization (ie, 10 Mbit Ethernet with ~20% network utilization.) • For packet capture and analysis on high-utilization, high-speed networks, it may be prudent to significantly upgrade the above configurations.

  38. Questions?? ? ? ? ? ? ? ?

  39. Thank You! http://www.wildpackets.com 800.466.2447

More Related