Introduction to Network Analysis and Sniffer Pro

Slides:



Advertisements
Similar presentations
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Lesson 22. Networking Tools. Objective At the end of this Presentation, you will be able to:
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
Network Management 2 School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 16, Thursday 4/19/2007)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 15 Chapter 15: Network Monitoring and Tuning.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Troubleshooting methods. Module contents  Avaya Wireless tools  Avaya Wireless Client Manager  Avaya Wireless AP Manager  Hardware indicators  Non.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Nov 9, 2006 IT 4333, Fall IT 4333 – Network Admin & Management RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Remote Monitoring and Desktop Management Week-7. SNMP designed for management of a limited range of devices and a limited range of functions Monitoring.
HiVision SNMP Software.
1.  TCP/IP network management model: 1. Management station 2. Management agent 3. „Management information base 4. Network management protocol 2.
1. 2 How do I verify that my plant network is OK? Manually: Watch link lights and traffic indicators… Electronically: Purchase a SNMP management software.
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College
Hands-on Networking Fundamentals
Chapter 4: Managing LAN Traffic
Characterizing the Existing Internetwork PART 1
How to Use a Network Analyzer Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Robert E. Meyers CCNA, CCAI Youngstown State University Manager, Cisco Regional Academy Cisco Networking Academy Program Semester 4, v Chapter 7:
1. There are different assistant software tools and methods that help in managing the network in different things such as: 1. Special management programs.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
BAI513 - PROTOCOLS SNMP BAIST – Network Management.
Module 7: Fundamentals of Administering Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Networking Functions of windows NT Sever
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Chapter 6 – Connectivity Devices
COP 4930 Computer Network Projects Summer C 2004 Prof. Roy B. Levow Lecture 3.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.
Chapter 9 Hardware Addressing and Frame Type Identification 1.Delivering and sending packets 2.Hardware addressing: specifying a destination 3. Broadcasting.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
LAN Switching and Wireless Basic Switch Concepts and Configuration.
Sniffer, tcpdump, Ethereal, ntop
Monitoring Troubleshooting TCP/IP Chapter 3. Objectives for this Chapter Troubleshoot TCP/IP addressing Diagnose and resolve issues related to incorrect.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
RMON 1. RMON is a set of standardized MIB variables that monitor networks. Even if RMON initially referred to only the RMON MIB, the term RMON now is.
11 ROUTING IP Chapter 3. Chapter 3: ROUTING IP2 CHAPTER INTRODUCTION  Understand the function of a router.  Understand the structure of a routing table.
Page 1 Monitoring, Optimization, and Troubleshooting Lecture 10 Hassan Shuja 11/30/2004.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
PART1 Data collection methodology and NM paradigms 1.
Introduction to Networks v6.0
Monitoring Windows Server 2012
Lec 5: SNMP Network Management
Instructor Materials Chapter 5: Ethernet
RMON.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Network Administration CNET-443
Network Monitoring System
COMPUTER NETWORKS CS610 Lecture-10 Hammad Khalid Khan.
Lec 5: SNMP Network Management
Chapter 15: Network Monitoring and Tuning
Connecting to the Network
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Introduction to Network Analysis and Sniffer Pro BAI513 - PROTOCOLS Introduction to Network Analysis and Sniffer Pro BAIST – Network Management

Objectives At the end of this presentation, the student will be able to: Describe the roles and purposes of Network Analysis. Describe the “how, where and why” of installing Protocol Analysers. Describe the main features / functions of the Sniffer Pro application.

About Protocol Analysis Protocol analysis (also referred to as network analysis) is the process of tapping into the network communications system, capturing packets that cross the network, gathering network statistics, and decoding the packets into readable form In essence, a protocol analyzer eavesdrops on network communications Many protocol analyzers can also transmit packets—a useful task for testing a network or device

Useful Roles for Protocol Analysis Protocol analyzers are often used to troubleshoot network communications Typically, analyzers are placed on the network and configured to capture the problematic communication sequence Protocol analyzers are also used to test networks Testing can be performed in a passive manner by listening to unusual communications, or in an active manner by transmitting packets onto the network

Protocol Analyzer Elements The following diagram depicts the basic elements of a protocol analyzer The basic elements are: Promiscuous mode card and driver Packet filters Trace buffer Decodes Alarms Statistics

Network Analyzer Elements

Promiscuous Mode Card & Driver The network interface card and driver used on the analyzer must support promiscuous mode operation A card that runs in promiscuous mode can capture broadcast packets, multicast packets, and unicast packets sent to other devices, as well as error packets An analyzer running with a promiscuous mode card and driver can see Ethernet collision fragments, oversized packets, undersized packets (a.k.a. runts), and packets that end on an illegal boundary

Packet Filters If you are interested in the type of broadcasts that are crossing a network, you can set up a filter that allows only broadcast packets to flow into the analyzer When filters are applied to incoming packets, they are often referred to as capture filters, or pre-filters

Packet Filters Filters can be based on a variety of packet characteristics including, but not limited to: Source data link address Destination data link address Source IP address Destination IP address Application or process

Trace Buffer The packets flow into the analyzer’s trace buffer, a holding area for packets copied off the network Typically, this is an area of memory set aside on the analyzer, although some analyzers allow you to configure a “direct to disk” save option Most analyzers have a default trace buffer size of 4 MB

Decodes Decodes are applied to the packets that are captured into the trace buffer These decodes enable you to see the packets in a readable format with the packet fields and values interpreted for you Decoders are packet translation tools

Viewing Packet Decodes

Alarms Many analyzers have a set of configurable alarms that indicates unusual network events or errors The following lists some typical alarms that are included with most analyzer products: Excessive broadcasts Utilization threshold exceeded Request denied Server down

Statistics Many analyzers also display statistics on network performance, such as the current packet-per-second rate, or network utilization rates Network administrators use these statistics to identify gradual changes in network operations, or sudden spikes in network patterns

Placing a Protocol Analyzer on a Network A protocol analyzer can only capture packets that it can see on the network On a network that is connected with hubs, you can place the analyzer anywhere on the network There are basically three options for analyzing switched networks: Hubbing out Port redirection Remote Monitoring (RMON)

Hubbing Out By placing a hub between a device of interest (such as a server) and the switch, and connecting the analyzer to the hub, you can view all traffic to and from the server

Port Redirection Many switches can be configured to redirect (actually, to copy) the packets traveling through one port to another port By placing your analyzer on the destination port, you can listen in on all the conversations that cross the network through the port of interest

Remote Monitoring (RMON) RMON uses Simple Network Management Protocol (SNMP) to collect traffic data at a remote switch and send the data to a management device

Sniffer Pro Introduction Sniffer Pro is a powerful network visibility tool that enables you to: Monitor network activity in real time Collect detailed utilization and error statistics for individual stations, conversations, or any portion of your network Save historical utilization and error information for baseline analysis Generate visible and audible real-time alarms

Sniffer Pro Introduction (cont) Sniffer Pro is a powerful network visibility tool that enables you to: Notify network administrators when troubles are detected Capture network traffic for detailed packet analysis Receive Expert analysis of network traffic Probe the network with active tools to simulate traffic, measure response times, count hops, and troubleshoot problems

Sniffer Pro Major Components The main functional components of Sniffer Pro: Monitor calculates and displays real-time network traffic data. Capture function captures network traffic and stores the actual packets in a buffer (and optionally to a file) for later analysis. Real-time Expert Analysis function analyzes the network packets during capture and alerts you to potential problems on your network. These problems are categorized as either symptoms and/or diagnoses. Display function decodes and analyzes the packets in the capture buffer, and displays them in a variety of formats. NOTE: BAI513 will only utilize the Capture and Display components of Sniffer Pro.

Summary This presentation covered information that allowed the student to: Describe the roles and purposes of Network Analysis. Describe the “how, where and why” of installing Protocol Analysers. Describe the main features / functions of the Sniffer Pro application.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.