Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI
description
Transcript of Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI
Sn
iffe
r U
niv
ersi
ty
1
-1
Troubleshooting with theSniffer Portable Analyzer
TNV-101-GUI
Sn
iffe
r U
niv
ersi
ty
1
-2
Breaks
Lunch
Telephones
Rest Rooms
EmergencyInformation
QuestionsBeepers inSilent Mode
Cell Phones inSilent Mode
Housekeeping
Sn
iffe
r U
niv
ersi
ty
1
-3Student Reference CD
Contents of CD:• Sniffer Portable trace files
– Subdirectory for each Sniffer University course containing all of the trace files referenced in that course
• Reference documents– IETF Request for Comments (RFCs)– Appendix material– ATM Forum specifications and glossary– Miscellaneous reference materials
• Sniffer analyzer productdocumentation– Sniffer Portable 4.7– Sniffer Distributed 4.1– Sniffer Watch– Sniffer Reporter
Sn
iffe
r U
niv
ersi
ty
1
-4No Copying...
Thank You!
Sn
iffe
r U
niv
ersi
ty
1
-5Curriculum Map
• Troubleshooting with the Sniffer Portable Network Analyzer • Ethernet Network Analysis & Troubleshooting (10, 100, 1000
Mbps) • WAN Network Analysis and Troubleshooting• Sniffer Portable Switch Expert Analysis & Troubleshooting• ATM Network Analysis and Troubleshooting • Wireless LAN Analysis and Troubleshooting• TCP/IP Network Analysis and Troubleshooting • Microsoft Windows NT Network Analysis & Troubleshooting • Microsoft Windows 2000 Network Analysis & Troubleshooting• Sniffer Distributed Enterprise Management• Sniffer Watch Reports and Management
Sniffer University's Total Network Visibility Curriculum
Sn
iffe
r U
niv
ersi
ty
1
-6Sniffer Certified
Professional Program
• The Sniffer Certified Professional Program (SCPP) recognizes network professionals who can demonstrate an in-depth understanding of Sniffer Technologies software
• There are three levels of certification in the program:1. Sniffer Certified Professional (SCP)
• The first level is designed to test the candidate’s knowledge in the use of the Sniffer Portable Network Analyzer
2. Sniffer Certified Expert (SCE)
3. Sniffer Certified Master (SCM)• The second and third levels evaluate the candidate’s
knowledge of various networking technologies
Sn
iffe
r U
niv
ersi
ty
1
-7www.sniffer.com/education
You will find links for:• The SCPP online resource center
– Test preparation materials– Practice tests– Product documentation
• Course schedule and catalog– Class listings
• Registration Information– Register online
• Sniffer University survey– Let us know what you think
• Sniffer University contacts
Sn
iffe
r U
niv
ersi
ty
1
-8Table of Contents
Course Overview 1-9Introduction and Concepts 1-14Starting Sniffer Portable 1-27Monitoring Network Health and Performance 2-1Monitor Applications 2-5Troubleshooting the Network 3-1Managing Alarms 3-10Capturing Network Traffic 3-19Expert Analysis 3-31Using Capture Filters to Narrow the View 3-67Triggers 3-84Analyzing Network Issues 4-1Decode Window 4-10Using Display Filters to Narrow the View 4-40Exercises 5-1
Sn
iffe
r U
niv
ersi
ty
1
-9
Course Overview
Sn
iffe
r U
niv
ersi
ty
1
-10
Course Objectives
At the end of this course, you will be able to:• Effectively use the Sniffer Portable Network
Analyzer in a logical step-by-step process as a network troubleshooting tool
• Employ effective troubleshooting techniques to quickly resolve problems in your networks
• Partner with Sniffer Portable to proactively monitor and baseline your networks
• Optimize your network and applicationsusing the information you have gainedfrom Sniffer Portable
Sn
iffe
r U
niv
ersi
ty
1
-11Major Topics
•We’ll show you how to:– Use the Monitor functions to check the health
and performance of your networks– Troubleshoot problems by capturing traffic
and using the Expert’s help– Analyze the issues by viewing the frames
that were captured– Proactively manage the network with Sniffer
Portable’s tools and reporting capabilities
•And we’ll give you troubleshooting tips along the way
Sn
iffe
r U
niv
ersi
ty
1
-12
Vital Troubleshooting Skills
• Your network – Use Sniffer Portable to monitor segments – Have an accurate logical drawing of your entire network
• The protocols being used on your network – Sniffer University has a series of protocol-specific
classes to teach you the fine details of troubleshooting and maintaining each type of network
– Learn how routers and switches are configured to keep them where they belong
• Resources available to help you find answers quickly
In addition to having a protocol analyzer, you need to have an understanding of:
Sn
iffe
r U
niv
ersi
ty
1
-13
Additional Resources
•Industry Standards, Protocol Specifications, and Product Documentation
•Technical Support•Networking Professional Organizations•Fellow Troubleshooters•Books
Sn
iffe
r U
niv
ersi
ty
1
-14
Introduction and Concepts
Sn
iffe
r U
niv
ersi
ty
1
-15
Section Objectives
At the end of this section, you will be able to:
•Describe the system requirements and supported interfaces of the Sniffer Portable Network Analyzer suite
•Relate the OSI Reference Model to a frame on the wire
•Start the Sniffer Portable Network Analyzer •Configure a Sniffer Portable local agent•Identify menu items and icons on
the Toolbar and Status bar•Generate traffic with Packet Generator
Sn
iffe
r U
niv
ersi
ty
1
-16
What is a Sniffer Analyzer?
• A network troubleshooting tool that assists you in finding and solving network communication problems, analyzing and optimizing network performance, and planning for future growth – Monitor application provides statistics in real time– Capture does real time Expert Analysis as frames are
gated into the capture buffer– Profiles make loading complex filters and settings
easy to save and activate– Post-capture packet display allows you to analyze the
frames in-depth using multiple views– Active tools allow you to generate frames, buffers or
perform other tests
Sn
iffe
r U
niv
ersi
ty
1
-17
Sniffer Analysis Suites
• Portable Analysis Suite– Sniffer Portable LAN– Sniffer Portable WAN – Sniffer Portable High-
Speed
• Distributed Analysis Suite– Sniffer Distributed
Agent– Sniffer Distributed
Console
No matter which Sniffer suite you choose, the user interface is the same
Sn
iffe
r U
niv
ersi
ty
1
-18
San Francisco
Tokyo
Paris
Sniffer Distributed Consoles
Router
Frame RelayX.25Switch/Router
Sniffer Distributed Agents on local segments
Sniffer Distributed Agent on remote segment
Sniffer Distributed Agent on remote segment
Sniffer Distributed
Sn
iffe
r U
niv
ersi
ty
1
-19
Standard EthernetNIC 10/100
Topology-SpecificInterface Module
SnifferbookPod
Power
WANbook
Power 1 2 3 4 5 6 7 8 TO TO TOSNIFFER SNIFFER HUB
….…..
Snifferbook
• Analyze T1/E1• RS/V with LM2000
Adapter
Sn
iffe
r U
niv
ersi
ty
1
-20
Troubleshooting Flowchart
Monitor Apps
• Dashboard
• Host Table
• Matrix
• ART
• History Samples
• Protocol Distribution
• Global Statistics
Alarms
Capture Frames
Expert Analysis
Expert Options
Filters
Triggers
Display Frames
• Summary
• Detail
• Hex
Navigation
Select Frames
Find Frames
Filters
Display Setup
Address Book
Packet
User Tools
• Ping
• Trace Route
• DNS lookup
• Finger
• Who Is
• Scripts
Monitor Decode ManageTroubleshoot
Generator
Sn
iffe
r U
niv
ersi
ty
1
-21
Adapter Tools
Ping
Trace Route
DNS Lookup
Finger
Who Is
Trigger
Name Discovery
Alarms
Monitor Filters
Monitor Applications
Dashboard
Host Table
Matrix
ART
History Samples
Protocol Distribution
Global Statistics
Capture Filters
Display Filters
Displays
Decode
Matrix
Host Table
Protocol Dist
Statistics
Probe Dir
Profiles
Configs
Addr Bk
Database
Traces
Exported Data
Sniffer Portable Operation
Sn
iffe
r U
niv
ersi
ty
1
-22
System Requirements
• Windows 98 SE, 2000, or NT 4.0• Sniffer Portable Software (Provided by Network
Associates)• Microsoft Internet Explorer with MS Virtual
Machine and media player• Pentium 400 MHz CPU with minimum 128 MB
RAM (256 MB recommended) and minimum 125 MB free disk space
• Network Interface Card with NDIS 3.0+ driver• Enhanced NAI drivers for selected cards
enhance performance and allow error frames to be captured and analyzed
Sn
iffe
r U
niv
ersi
ty
1
-23
Supported Interfaces
•Ethernet 10/100•Token Ring 4/16•FDDI•HSSI•Full Duplex (supported with a pod) •ATM•WAN•Gigabit Ethernet•802.11b Wireless LAN
Sn
iffe
r U
niv
ersi
ty
1
-24
Enhanced Drivers
Topology Adapter with Sniffer Enhanced Drivers O/S
Ethernet
Adaptec PCI (ANA-21140/UC & ANA-6911/UC) Adaptec PCI (ANA-6911A/TX/TXC) Xircom CardBus Ethernet II 10/100 (CBE2) Xircom Realport CardBusXircom Realport2 CardBusIBM 10/100 EtherJet CardBus
Win NT, 2000, 98 SE
Token Ring
Madge PCMCIA Smart 16/4 Ringnode Mk2 (20-01)Madge 16/4 CardBus Adapter Mk2 (20-03) Madge Smart 16/4 PCI Ringnode Mk2/BM2 (51-02) Madge Smart 16/4 PCI Ringnode Mk3 (51-04)
Win NT, 2000, 98 SE
FDDI NuCard PCI FDDI Adapter Win NT
Full Duplex FDX PCI Card Win NT
WAN HSSI PCI AdapterLM2000 ISA Adapter
Win NT, 2000, 98 SE
ATM Sniffer ATM SAR Adapter Win NT, 2000, 98 SE
Gigabit Xyratex PCI Adapter (SX, LX) Win NT, 2000, 98 SE
Wireless
Symbol Spectrum 24 PCMCIA Cisco Aironet 340/350PCMCIA Lucent Orinoco Gold PCMCIA Enterasys RoamAbout PCMCIA
Win NT, 2000
Sn
iffe
r U
niv
ersi
ty
1
-25
OSI Reference Model
Allows users to transfer files, send mail, etc.Only layer that users can communicate with directlyKey features are ease of use and functionalityStandardized data encoding and decodingData compressionData encryption and decryption
Manages user sessionsReports upper-layer errorsSupports Remote Procedure Call activities
Connection management (e.g., TCP)Error and flow controlConnectionless, unreliable (e.g., UDP)
Internetwork packet routingMinimizes subnet congestionResolves differences between subnetsNetwork access control - MAC addressPacket framingError and flow control
ApplicationApplication77
66 PresentatioPresentationn
55 SessionSession
44 TransporTransportt
33 NetworkNetwork
22 Data LinkData Link
11 PhysicalPhysicalMoves bits across a physical mediumInterface between network medium and network devicesDefines electrical and mechanical characteristics of LAN
Pro
vid
es
Serv
ices
Moves
Data
Connect
spro
cess
es
Sn
iffe
r U
niv
ersi
ty
1
-26
The OSI Model and Frames
•Frames include headers at several layers of the OSI model – The number of headers in a frame is
protocol-dependent– Each header has multiple fields that are also
protocol-dependent •The Sniffer Network Analyzer reads the
entire frame and decodes each byte (and sometimes each bit) into an English explanation of the values
DLCDLC ApplicationApplicationPresentationPresentationSessionSessionTransportTransportNetworkNetworkLLCLLCRIRI
Sn
iffe
r U
niv
ersi
ty
1
-27
Starting Sniffer Portable
Sn
iffe
r U
niv
ersi
ty
1
-28
Starting Sniffer Portable
• Open the SNIFFER.EXE application using your favorite Windows method
• From the File menu, go to Select Settings... and choose the local agent (adapter) you want to use– Adapters must be previously configured in Windows
and use NAI enhanced or NDIS 3.0+ compliant drivers
• The application automatically starts monitoring the traffic seen on the active local agent– Your settings are saved when you exit the application,
so it will automatically begin monitoring on the local agent you last chose
Sn
iffe
r U
niv
ersi
ty
1
-29
What is a Local Agent?
•A local agent is a logical reference to a collection of settings, addresses, and profiles associated with an adapter– Each local agent has a unique directory
under the Sniffer Program directory – Changes you make are saved in the directory
of the active local agent
Adapter
Local Agent 2ConfigurationsThresholdsAddress BookProfiles (Filters)
Local Agent 1ConfigurationsThresholdsAddress BookProfiles (Filters)
Sn
iffe
r U
niv
ersi
ty
1
-30
Select Settings...
The title bar indicates the active local agent
Sn
iffe
r U
niv
ersi
ty
1
-31
Select the Adapter
•Settings dialog contains local agents that you have defined
•Creating a new local agent allows you to maintain separate settings for each network you analyze– The settings for each
will be maintained inseparate “Local”directories under theProgram directory
Sn
iffe
r U
niv
ersi
ty
1
-32
Create a New Local Agent
New... from previous menu shows this screen
Assign a name
Choose theadapter
Specify the Pod
Copy settings fromanother agent
Sn
iffe
r U
niv
ersi
ty
1
-33User Interface
Status BarStatus Bar
Title BarTitle BarMenu BarMenu Bar
ToolbarToolbar
Toolbar Capture Icons
Toolbar Capture Icons
Sn
iffe
r U
niv
ersi
ty
1
-34The Toolbar
File Open
Save
AddressBook
Abort Print
DashboardHosts
ApplicationResponseTime
Matrix
History
ProtocolDistribution
GlobalStats
Alarms
CapturePanel
Sn
iffe
r U
niv
ersi
ty
1
-35
Watch the lower right corner of window for real-time counts
Status Bar
Printing FramesGenerated
Frames Captured
Alarms
Sn
iffe
r U
niv
ersi
ty
1
-36Getting Help
Three ways to get help in Sniffer Portable:
1. Use the Help on the menu bar to access the comprehensive on-line User’s Guide
2. Highlight an area on the screen and press F1 for context-sensitive help
3. Click on the icon
Sn
iffe
r U
niv
ersi
ty
1
-37
Monitor
Major Components
Dashboard
Host Table
Matrix
Protocol Distribution
History
Global Statistics
Monitor Applications
CaptureReal-Time Expert AnalysisDisplay
Expert Analysis
Host TableMatrixProtocol Distribution
Decode
Statistics
Display Tabs
NIC
Application Response Time
Sn
iffe
r U
niv
ersi
ty
1
-38Exercise 1-1
Launch Sniffer Portable
Sn
iffe
r U
niv
ersi
ty
1
-39
Using Packet Generator
Sn
iffe
r U
niv
ersi
ty
1
-40
What is Packet Generator?
•The main purpose of the packet generator is to stress test your network
•You can configure it to generate:– A buffer of previously captured data– A frame from the displayed data– A new frame you configure before generating– A frame with no data
•Monitor and Capture while generating to view the effect of the new data on the network
•We will use it in class to generate trace files while viewing Monitor and Capture screens
Sn
iffe
r U
niv
ersi
ty
1
-41
Loopback Mode
•Transmitting frames from the buffer with the Packet Generator to “replay” a trace file can be very useful to quickly showMonitor or Capture statistics
•WARNING: Make sure that you enable Loopback Mode before starting traffic generation
Sn
iffe
r U
niv
ersi
ty
1
-42
The Packet Generator
•Capture or load and display a trace file•Tools > Packet Generator
Send current buffer
Repeat
Stop
Configure andsend new packet
Send current packet
Sn
iffe
r U
niv
ersi
ty
1
-43
Packet Generator Views
Animation View—shows data being “pumped” into the network:
Detail view—displays statistics:
Counter in the lower right corner:
Sn
iffe
r U
niv
ersi
ty
1
-44
Monitoring and Capturing from a File
•To enable Monitor in the classroom when a live network is not available, we must– Set the local agent to Loopback Mode– Load a trace file– Generate traffic from the trace file
•Monitor will accept the data as if it came from the network and give us statistics to view
•The next couple of slides show the process to make that happen…
Sn
iffe
r U
niv
ersi
ty
1
-45
Generating From a File
•Under Files:– Select Loopback Mode if no is visible– Open the trace file
• Frames will be stored in the Capture buffer• Display the data
•From the Tools pull-down menu: – Choose Packet Generator– Select the Send Buffer icon– Configure the number of times to send the
buffer– Note the counts in the lower right counter as
frames are generated
Sn
iffe
r U
niv
ersi
ty
1
-46
Generate Buffer Configuration
Configure how often to send:
Sn
iffe
r U
niv
ersi
ty
1
-47
CorruptTables
Dummy Multicast Broadcast Bad Good NIC Data DataAddress (Broadcast)
Effects on Network Performance
What happens when you transmit data into a live network?
CPUInterrupt
Process (discard data)
Sn
iffe
r U
niv
ersi
ty
1
-48
Generating Traffic
So, why would you want to generate traffic?• Test new equipment in a lab before installing it
in a live network• Test vendor’s claims for new equipment
performance, e.g., packets/frames persecond forwarded by a particular brandand model of router/switch
• Play back a trace file and observe its operation• Induce a known load of null traffic to see how
a network will react to increased bandwidthusage
• Test a Network Interface Card’s operation• Laboratory testing of suspect routers, switches,
gateways, and NICs to ensure proper performance
Sn
iffe
r U
niv
ersi
ty
1
-49
Summary
In this section, you learned how to:•Describe the system requirements and
supported interfaces of the Sniffer Portable Network Analyzer suite
•Relate the OSI Reference Model to a frame on the wire
•Start Sniffer Portable •Configure a Sniffer Portable local agent•Identify menu items and icons on the
Toolbar and Status bar•Generate traffic with Packet Generator
Sn
iffe
r U
niv
ersi
ty
1
-50
Group Discussion
•When would you create/use a local agent?
•Why might there be multiple local agents for the same NIC?
•How does a frame on the wire relate to the OSI 7 layer model?
•When troubleshooting, is itbetter to start with theApplication layer orthe DLC layer? Why?
Sn
iffe
r U
niv
ersi
ty
1
-51