Sniffer University 4-1 Analyzing Network Issues. Sniffer University 4-2 Troubleshooting Flowchart Monitor Apps Dashboard Host Table Matrix ART History.

Slides:



Advertisements
Similar presentations
Database Basics. What is Access? Database management system Computer-based equivalent of a manual database Makes it easy to organize and update information.
Advertisements

EXCEL Spreadsheet Basics
Microsoft Word 2010 Lesson 1: Introduction to Word.
Chapter 2 Creating a Research Paper with Citations and References
Introduction to Network Analysis and Sniffer Pro
Using Folders to Organize Files
Chapter 5 Creating, Sorting, and Querying a Table
Guide to Oracle10G1 Introduction To Forms Builder Chapter 5.
A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.
Chapter 15 Chapter 15: Network Monitoring and Tuning.
Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.
Access Tutorial 3 Maintaining and Querying a Database
How to Get The Most Out of Outlook 2003 Michele Schwartzman Division of Customer Support Summer 2006.
Using Microsoft Outlook: Basics. Objectives Guided Tour of Outlook –Identification –Views Basics –Contacts –Folders –Web Access Q&A.
Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.
DEMONSTRATION FOR SIGMA DATA ACQUISITION MODULES Tempatron Ltd Data Measurements Division Darwin Close Reading RG2 0TB UK T : +44 (0) F :
COMPREHENSIVE Excel Tutorial 8 Developing an Excel Application.
Lesson 5: Using Tasks, Notes and the Journal
© 2002 ComputerPREP, Inc. All rights reserved. Word 2000: Forms, Merges, and Macros.
Advanced Tables Lesson 9. Objectives Creating a Custom Table When a table template doesn’t suit your needs, you can create a custom table in Design view.
Chapter 3 Maintaining a Database
Maintaining and Querying a Database Microsoft Access 2010.
© 2002 ComputerPREP, Inc. All rights reserved. Word 2000: Working with Long Documents.
Microsoft Office 2003 Illustrated Introductory with Programs, Files, and Folders Working.
Basic Administration.  Familiarize support staff with basic DSX administrative tasks  Provide expedited service to customers  Minimize the involvement.
Chapter 2 Creating a Research Paper with References and Sources Microsoft Word 2013.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
Microsoft Windows 7 - Illustrated Unit C: Managing Files and Folders.
Chapter 6 Generating Form Letters, Mailing Labels, and a Directory
1 2 Lab 2: Organizing Your Work. 2 Competencies 3 After completing this lab, you will know how to: 1. Use Explorer to manage files. 2. Copy files. 3.
1. Insert the Resource CD into your CD-ROM drive, click Start and choose Run. In the field that appears, enter F:\XXX\Setup.exe (if “F” is the letter of.
Word Lesson 2 Basic Editing
1 OPOL Training (OrderPro Online) Prepared by Christina Van Metre Independent Educational Consultant CTO, Business Development Team © Training Version.
1 The EDIT Program The Edit program is a full screen text editor that allows you to: Create text files Create text files Edit an existing text files Edit.
Basic & Advanced Reporting in TIMSNT ** Part Two **
® Microsoft Office 2010 Access Tutorial 3 Maintaining and Querying a Database.
Key Applications Module Lesson 21 — Access Essentials
Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 19 Organizing and Enhancing Worksheets 1 Morrison / Wells / Ruffolo.
© 2008 The McGraw-Hill Companies, Inc. All rights reserved. WORD 2007 M I C R O S O F T ® THE PROFESSIONAL APPROACH S E R I E S Lesson 15 Advanced Tables.
The Next Generation. Parent Access Grade History and Attendance.
Microsoft Access 2010 Chapter 8 Advanced Form Techniques.
FIX Eye FIX Eye Getting started: The guide EPAM Systems B2BITS.
Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.
Access Forms and Queries. Entering Data in Your Table  You can add data to your table in Datasheet view, by typing in the columns and rows.  This.
Database Applications – Microsoft Access Lesson 7 Designing Custom Reports Updated 11/13 27 Slides in Presentation.
Key Applications Module Lesson 17 — Organizing Worksheets Computer Literacy BASICS.
McGraw-Hill/Irwin The Interactive Computing Series © 2002 The McGraw-Hill Companies, Inc. All rights reserved. Microsoft Excel 2002 Working with Data Lists.
XP New Perspectives on Microsoft Office FrontPage 2003 Tutorial 7 1 Microsoft Office FrontPage 2003 Tutorial 8 – Integrating a Database with a FrontPage.
Gold – Crystal Reports Introductory Course Cortex User Group Meeting New Orleans – 2011.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.
Work with Tables and Database Records Lesson 3. NAVIGATING AMONG RECORDS Access users who prefer using the keyboard to navigate records can press keys.
Introduction to KE EMu Unit objectives: Introduction to Windows Use the keyboard and mouse Use the desktop Open, move and resize a.
Excel part 5 Working with Excel Tables, PivotTables, and PivotCharts.
Database EssentialsDatabase Essentials Lesson 1 © 2014, John Wiley & Sons, Inc.Microsoft Official Academic Course, Microsoft Word Microsoft Access.
Semester 1 v CCNA 1 Module 1:Introduction. Semester 1 v Connecting to the Internet.
Microsoft Office 2013 Try It! Chapter 4 Storing Data in Access.
Subscribers – List Model
Access Queries and Forms. Adding a New Field  To insert a field after you have saved your table, open Access, and open the table  It is easier to add.
1. Using word you can create the document and edit them later, as and when required,by adding more text, modifying the existing text, deleting/moving.
Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.
Network Administration CNET-443
Database Applications – Microsoft Access
Multi-host Internet Access Portal (MIAP) Enhancement Guide
Microsoft Official Academic Course, Access 2016
Active Tests and Traffic Simulation: Module Objectives
Active Tests and Traffic Simulation: Module Objectives
Assignment resource Working with Excel Tables, PivotTables, and Pivot Charts Fairhurst pp The commands on these slides work with the Week 2 Excel.
Presentation transcript:

Sniffer University 4-1 Analyzing Network Issues

Sniffer University 4-2 Troubleshooting Flowchart Monitor Apps Dashboard Host Table Matrix ART History Samples Protocol Distribution Global Statistics Alarms Capture Frames Expert Analysis Expert Options Filters Triggers Display Frames Summary Detail Hex Navigation Select Frames Find Frames Filters Display Setup Address Book Packet User Tools Ping Trace Route DNS lookup Finger Who Is Scripts MonitorDecodeManageTroubleshoot Generator

Sniffer University 4-3 Section Objectives After completing this section, you will be able to: Use the Summary, Detail, and Hex views of the Decode window to examine frames for potential errors or activity of interest Find and select frames in the trace Set display and capture filters Work with Filtered (x) window Use the Address Book Use Sniffer Portable windows and functions to do practical measurements

Sniffer University 4-4 Displaying Captured Data You can view and analyze the decoded frames stored in: –The capture buffer OR –A capture (trace) file Stop and display capture

Sniffer University 4-5 Post-Analysis Tabs

Sniffer University 4-6 Matrix

Sniffer University 4-7 Host Table

Sniffer University 4-8 Protocol Distribution

Sniffer University 4-9 Statistics Trace Statistics Network Statistics DLC Statistics TCP/IP Statistics NetWare Statistics

Sniffer University 4-10 Decode Window

Sniffer University 4-11 Decode Window SummaryView DetailView HexView

Sniffer University 4-12 Summary View Frame Length Summary Destination Address Status Source Address Frame Number

Sniffer University 4-13 Status Flags FlagDescription MMarked frame (a bookmark) #Packet has an associated symptom or diagnosis TPacket is an event filter trigger APacket was captured from Port A on the pod or adapter card BPacket was captured from Port B on the pod or adapter card [x]x is the number of the wireless LAN channel from which the packet was captured CRCCRC error packet with normal packet size

Sniffer University 4-14 Summary View Options The Summary View can be tailored to meet your needs: –Change the order of the columns –Add/remove columns –Display DLC or Network Layer addresses –Show Expert symptom/diagnosis –Summarize one or all layers of the frame –Time options –Byte counts

Sniffer University 4-15 Summary View: Addresses Network Layer addresses (default) Data Link (MAC) addresses

Sniffer University 4-16 Summary View: All Layers Provides a summary of the key fields found in every protocol header in the frame

Sniffer University 4-17 Summary View: Time Options Relative time –Interval between the marked frame and current frame Delta time –Time between frames Absolute time –Time of day frame was received

Sniffer University 4-18 Uses for Time Options Relative Time –The time interval between the marked frame and the current frame –You can find the time span over a number of frames in order to make response time and throughput measurements Delta Time –The time interval (S ) between adjacent displayed frames –Useful for determining how quickly nodes are transmitting between frames and for seeing a server’s turnaround time Absolute Time –The time of day (HH:MM:SS.0000) at which each frame was captured –Used when the actual time of day is required (be sure the correct DATE and TIME are set)

Sniffer University 4-19 Practical Application: Response Time Measurement To find workstation-to-server response time: 1. Collect traffic between a workstation and a server 2. Find the first frame of a command sequence in the Summary view and mark it 3. Find the last frame in the command sequence 4. Look at the relative time (this indicates how much time has elapsed since the command that you marked) 5. Record the relative time When you suspect problems, try this procedure again and see if the response time has changed significantly

Sniffer University 4-20 Exercise 4-1 Response Time Measurement

Sniffer University 4-21 Summary View: Packet Size Options Frame Length –Total number of bytes captured in a specific frame Cumulative Bytes –Total number of bytes between marked frame and displayed frame

Sniffer University 4-22 Uses for Packet Size Options Frame Length (Bytes) –Shows the number of bytes for each frame –Useful for general information and when looking for packet size efficiency of the protocol or network Cumulative Bytes –Mark a frame and display the total amount of data transmitted between the marked frame and some specific frame –Useful for determining how many bytes were used to accomplish a given procedure or operation by filtering on a communications session between two stations

Sniffer University 4-23 Practical Application: Application Efficiency To calculate the overhead an application generates: 1. Collect traffic between the stations exchanging data with the application you wish to evaluate 2. Identify the beginning of a command that indicates the transfer of data and mark it 3. Note the amount of actual user data being transferred 4. Turn on Cumulative bytes 5. Find the final acknowledgment in the Summary View 6. Look at the cumulative bytes in the final acknowledgment 7. Record the cumulative bytes 8. Cumulative Bytes (C) - User Data (D) = Overhead (O) O / C = Percent of Overhead

Sniffer University 4-24 Exercise 4-2 Application Efficiency

Sniffer University 4-25 Two-Station Format This optional display format places the summary of the conversation side-by-side for easier viewing –Commonly used after applying a filter on two stations

Sniffer University 4-26 Detail View The Detail View provides a complete decode of each field in the transmitted frame –Headers may be compressed or expanded:

Sniffer University 4-27 Vendor Codes and Functional Address Files Manufacturer’s IDs are in the.BET files –SNIFFER.BET for Ethernet –SNIFFER.BTR for Token Ring –You can edit them to add more - follow the format Broadcast and Functional Addresses are in SNIFFER.xxM files –SNIFFER.ETM for Ethernet –SNIFFER.TRM for Token Ring All are in the Program directory under Sniffer Portable’s directory

Sniffer University 4-28 Investigating Addressing Problems Q: Is the DLC destination address the correct address for a router that can reach network ? Source node is on network Destination node is on network Source node is on network Destination node is on network

Sniffer University 4-29 Hex View Protocol layers or fields highlighted in the Detail View will automatically highlight in the Hex View Conversely, clicking on bytes in the Hex View will highlight the associated field in the Detail View

Sniffer University 4-30 Hex View Offset Q: What is the word that starts at offset 4A? A B C D E F ASCII or EBCDIC decode ASCII or EBCDIC decode Offset 004A

Sniffer University 4-31 Decode Window Navigation Tips Keyboard Shortcuts: –Tab to move between the Summary, Detail, and Hex views –Use the F4 key to zoom in or out of a particular view –Use the Home and End keys to go to the top or bottom of the view –Use F7 to go to the previous frame, F8 to go to the next frame in the trace –Use F2 to go to the next selected frame, Shift-F2 to go back Click the square box next to a frame to select it for further analysis Right-click over the Summary view for short cut to menu options

Sniffer University 4-32 Display Options Right-click on any Decode view to do the following: –Find Frames –Go to Frame –Mark Current Frame –Select Frames –Display Setup –Display Filters –Send Current Frame or Buffer These capabilities are also available from the main Display menu

Sniffer University 4-33 Find Frames Choose Find Frame… from the Display menu or press Alt + F3 Use the tabs to find frames based on text, data, status, or Expert symptom or diagnosis string

Sniffer University 4-34 Go To Frame Choose Display from the Menu bar, then Go To Frame… Right-clicking in the Decode window will also give you this option

Sniffer University 4-35 Mark Current Frame The Mark provides a reference point in the trace and controls the Cumulative Bytes and Relative Time displays

Sniffer University 4-36 Select Frames Sniffer Portable lets you select individual frames, or a group of frames, in the Summary view of the Decode window, and then optionally save them into a separate decode window

Sniffer University 4-37 Select Range 1. Select a range of frames by choosing Display from the Menu bar, then Select Range… 2.Then choose the Display menu and either –Save the selected frames OR –Go to the next or previous selected frame

Sniffer University 4-38 Display Setup Display Setup allows you to customize the Summary Display, Protocol Color, Protocol Expansion, and the font for protocol decodes From the Menu bar choose Display > Display Setup...

Sniffer University 4-39 Display Setup: Summary Display Optional Fields:

Sniffer University 4-40 Using Display Filters to Narrow the View

Sniffer University 4-41 Display Filters Use display filters to eliminate frames from view or to isolate a specific conversation When you apply a display filter, Sniffer Portable will default to create a Filtered (x) window attached to the original trace –There are 3 options to create a separate filtered window You may apply display filters using –Filter profiles (named filters) –Automatic filters –“Quick” filters

Sniffer University 4-42 Display Filter Profiles To define a display filter profile, select Display > Define Filter from the menu bar

Sniffer University 4-43 Selecting Display Filters Display > Select Filter from the Menu Bar allows you to select either a display or capture filter for display filtering

Sniffer University 4-44 Automatic Filters: Expert Display Filter In the Expert, you can filter on any Object, Symptom, or Diagnosis by highlighting the item and clicking on the Expert Display Filter icon

Sniffer University 4-45 Automatic Filters: Matrix Visual Filter In the Matrix, you can select station addresses and filter on them by clicking on the Matrix Visual Filter icon

Sniffer University 4-46 “Quick” Filter You can quickly define a filter for use when viewing captured data: 1. Display > Define Filter… 2. Select the “Default” filter 3. Click the Reset button to put options back to original setting 4. Modify options with appropriate selection criteria 5. Click OK when done 6. Right-click and choose Select Filter...

Sniffer University 4-47 Filtered (x) Tab When you apply a display filter, Sniffer Portable, by default, attaches the window to the original trace as Filtered (x)

Sniffer University 4-48 Filtered Window Frame Numbers The frames in a filtered window retain their original frame numbers –This makes it easy to go back to the original trace and see where the problem occurred

Sniffer University 4-49 Viewing Sequential Frame Numbers in a Filtered Window 1. Reduce the box column to nothing by dragging it to the left 2. Double click the left most line next to the heading 3. The sequential number column will appear

Sniffer University 4-50 Filtered Window Analysis 1 Expert analysis for this filtered window is not available –Expert tab shows the original trace file analysis

Sniffer University 4-51 There are three options to separate the filtered window and provide Expert analysis: 1. Right click over the Summary view in the filtered window and select 2. Select File > Save As… to name and save it A separate window will appear with Expert analysis 3. Select Tools > Options > General and enable Extra Filtered Window Every time a Display filter is applied, a separate filtered window will be created Filtered Window Analysis 2

Sniffer University 4-52 Filtered Window Analysis 3 All options will create a filtered window with Expert analysis –The frame numbers will now be sequenced

Sniffer University 4-53 Separate Filter Window Results Original trace with Filtered (x) window Separate filtered window with Expert analysis

Sniffer University 4-54 Closing Filtered (x) Window Right-click on the Filtered (x) tab to display the Close option and remove the filtered window

Sniffer University 4-55 Dave Exercise 4-3

Sniffer University 4-56 Data Pattern Filter Define a data pattern filter to select frames that match data found in a frame at a specific location Create from a single data pattern or from multiple patterns that are connected by AND/OR/NOT Boolean operators The Data Pattern is defined by: –A particular sequence of bits –The length of the sequence (max. length = 32 bytes) –The offset position of the data in a frame The offset position may be specified relative to the beginning of the frame or the beginning of the first protocol header

Sniffer University 4-57 Data Pattern Tab Use the Data Pattern tab to set and view the data pattern match configuration

Sniffer University 4-58 Data Pattern Options Define Pattern Specify Boolean Logic Test the Syntax Define Negative match

Sniffer University 4-59 Pattern Match Logic AND/OR Boolean logic –If two data patterns are ANDed, both patterns must be found in the frame to pass –If two patterns are ORed, either pattern can be found in the frame to pass NOT Boolean logic –If the pattern criteria is met, the matched frame(s) will be excluded from the display

Sniffer University 4-60 Pattern Match Logic (cont.) Note: Add NOT before adding pattern

Sniffer University 4-61 Edit Data Pattern Highlight a packet in the Summary window and use the Set Data button to automatically paste data above Frame Data Pattern Value Packet Number

Sniffer University 4-62 Determines from which point the offset is calculated –From: Packet calculates the offset from the beginning of the frame –From: Protocol calculates the offset backwards to the beginning of the Layer 3 header (*Usually used when there is routing information in the frames) MAC Header RI NW hdr Transport hdr Data CRC MAC Header NW hdr Transport hdr Data CRC Data Offset

Sniffer University 4-63 Pattern Copy and Paste Procedure To copy and paste a data pattern: 1. Identify the frame that contains the desired pattern 2. Select Define Filter… 3. Go to the Data Pattern tab 4. Select the Add Pattern option 5. Select the data Format (Hex, Binary, ASCII, EBCIDIC) 6. Scroll through the data display and find the desired pattern 7. Press Set Data to paste the pattern into the data area 8. Click OK Set up logical operations with additional data patterns as necessary

Sniffer University 4-64 Binary pattern matches allow you to specify bit patterns for matching Select the format before pressing Set Data For best results, combine binary pattern matches with a protocol filter Binary Pattern Match

Sniffer University 4-65 Isolating a Subnet Exercise 4-4

Sniffer University 4-66 Address Book

Sniffer University 4-67 Managing Names In an effort to make the analyzer screens more “readable,” names associated with captured addresses are displayed in place of Network Layer or DLC addresses The names are discovered automatically by Sniffer Portable during monitor, capture, and display of data The name information is stored in a temporary table for display purposes and may be transferred to the Address Book for permanent storage Names may be imported into the Address Book, providing a more complete online reference for a network

Sniffer University 4-68 Address Book Lets you assign familiar, recognizable names for nodes on your network

Sniffer University 4-69 Address Book Toolbar New Address Sort by Medium Export Delete All Addresses Autodiscovery Delete Address Undo Edit Address Redo

Sniffer University 4-70 Entering Names Manually Add your own addresses or update existing entries Device Types: Workstation Server File Server Printer Server Router Bridge Hub Device Types: Workstation Server File Server Printer Server Router Bridge Hub

Sniffer University 4-71 Importing Address Tables

Sniffer University 4-72 Autodiscovery Actively search for IP addressed devices OR Passively watch for names and addresses Names can be automatically added to the Address Book when found Active Passive

Sniffer University 4-73 Discovered Addresses

Sniffer University 4-74 Exercise 4-6 Managing Names

Sniffer University 4-75 In this section, you learned how to use Sniffer Portable to: Summary Use the Summary, Detail, and Hex views of the Decode window to examine frames for potential errors or activity of interest Find and select frames in the trace Set display and capture filters Work with Filtered (x) window Use the Address Book Use Sniffer Portable windows and functions to do practical measurements

Sniffer University 4-76 Group Discussion What kind of information do the Summary, Detail, and Hex views in the Decode window provide? Describe how Absolute Time can be useful when troubleshooting network problems What is the difference between a Capture and Display filter? Why would you select frames? Can you view multiple captures simultaneously?

Sniffer University 4-77

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.