1 / 77

Analyzing Network Issues

Analyzing Network Issues. Troubleshooting Flowchart. Monitor. Troubleshoot. Decode. Manage. Monitor Apps Dashboard Host Table Matrix ART History Samples Protocol Distribution Global Statistics. Alarms Capture Frames Expert Analysis Expert Options Filters Triggers.

missy
Download Presentation

Analyzing Network Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analyzing Network Issues

  2. Troubleshooting Flowchart Monitor Troubleshoot Decode Manage • Monitor Apps • Dashboard • Host Table • Matrix • ART • History Samples • Protocol Distribution • Global Statistics Alarms Capture Frames Expert Analysis Expert Options Filters Triggers • Display Frames • Summary • Detail • Hex • Navigation • Select Frames • Find Frames • Filters • Display Setup • Address Book • Packet • User Tools • Ping • Trace Route • DNS lookup • Finger • Who Is • Scripts Generator

  3. Section Objectives After completing this section, you will be able to: • Use the Summary, Detail, and Hex views of the Decode window to examine frames for potential errors or activity of interest • Find and select frames in the trace • Set display and capture filters • Work with Filtered (x) window • Use the Address Book • Use Sniffer Portable windows andfunctions to do practical measurements

  4. Displaying Captured Data You can view and analyze the decoded frames stored in: • The capture buffer OR • A capture (trace) file Stop and display capture

  5. Post-Analysis Tabs

  6. Matrix

  7. Host Table

  8. Protocol Distribution

  9. Statistics Trace Statistics Network Statistics DLC Statistics TCP/IP Statistics NetWare Statistics

  10. Decode Window

  11. Decode Window Summary View Detail View Hex View

  12. Summary View Frame Length Source Address Summary Status Destination Address Frame Number

  13. Status Flags

  14. Summary View Options • The Summary View can be tailored to meet your needs: • Change the order of the columns • Add/remove columns • Display DLC or Network Layer addresses • Show Expert symptom/diagnosis • Summarize one or all layers of the frame • Time options • Byte counts

  15. Summary View: Addresses Network Layer addresses (default) Data Link (MAC) addresses

  16. Summary View: All Layers Provides a summary of the key fields found in every protocol header in the frame

  17. Summary View: Time Options • Relative time • Interval between the marked frame and current frame • Delta time • Time between frames • Absolute time • Time of day frame was received

  18. Uses for Time Options • Relative Time • The time interval between the marked frame and the current frame • You can find the time span over a number of frames in order to make response time and throughput measurements • Delta Time • The time interval (S.000.000) between adjacent displayed frames • Useful for determining how quickly nodes are transmitting between frames and for seeing a server’s turnaround time • Absolute Time • The time of day (HH:MM:SS.0000) at which eachframe was captured • Used when the actual time of day is required(be sure the correct DATE and TIME are set)

  19. Practical Application:Response Time Measurement To find workstation-to-server response time: 1. Collect traffic between a workstation and a server 2. Find the first frame of a command sequence in the Summary view and mark it 3. Find the last frame in the command sequence 4. Look at the relative time (this indicates how much time has elapsed since the command that you marked) 5. Record the relative time When you suspect problems, try this procedure again and see if the response time has changed significantly

  20. Exercise 4-1 Response Time Measurement

  21. Summary View:Packet Size Options • Frame Length • Total number of bytes captured in a specific frame • Cumulative Bytes • Total number of bytes between marked frame and displayed frame

  22. Uses for Packet Size Options • Frame Length (Bytes) • Shows the number of bytes for each frame • Useful for general information and when looking for packet size efficiency of the protocol or network • Cumulative Bytes • Mark a frame and display the total amount of data transmitted between the marked frame and some specific frame • Useful for determining how many byteswere used to accomplish a givenprocedure or operation by filteringon a communications sessionbetween two stations

  23. Practical Application:Application Efficiency To calculate the overhead an application generates: 1. Collect traffic between the stations exchanging data with the application you wish to evaluate 2. Identify the beginning of a command that indicates the transfer of data and mark it 3. Note the amount of actual user data being transferred 4. Turn on Cumulative bytes 5. Find the final acknowledgment in the Summary View 6. Look at the cumulative bytes in the final acknowledgment 7. Record the cumulative bytes 8. Cumulative Bytes (C) - User Data (D) = Overhead (O) O / C = Percent of Overhead

  24. Exercise 4-2 Application Efficiency

  25. Two-Station Format This optional display format places the summary of the conversation side-by-side for easier viewing • Commonly used after applying a filter on two stations

  26. Detail View The Detail View provides a complete decode of each field in the transmitted frame • Headers may be compressed or expanded:

  27. Vendor Codes andFunctional Address Files • Manufacturer’s IDs are in the .BET files • SNIFFER.BET for Ethernet • SNIFFER.BTR for Token Ring • You can edit them to add more - follow the format • Broadcast and Functional Addresses are in SNIFFER.xxM files • SNIFFER.ETM for Ethernet • SNIFFER.TRM for Token Ring • All are in the Program directory under Sniffer Portable’s directory

  28. Investigating Addressing Problems Q: Is the DLC destination address the correct address for a router that can reach network 128.82? Source node is on network 128.104 Destination node is on network 128.82

  29. Hex View • Protocol layers or fields highlighted in the Detail View will automatically highlight in the Hex View • Conversely, clicking on bytes in the Hex View will highlight the associated field in the Detail View

  30. Hex View Offset Q: What is the word that starts at offset 4A? 0 1 2 3 4 5 6 7 8 9 A B C D E F Offset 004A ASCII or EBCDIC decode

  31. Decode Window Navigation Tips • Keyboard Shortcuts: • Tab to move between the Summary, Detail, and Hex views • Use the F4 key to zoom in or out of a particular view • Use the Home and End keys to go to the top or bottom of the view • Use F7 to go to the previous frame, F8 to go to the next frame in the trace • Use F2 to go to the next selected frame, Shift-F2 to go back • Click the square box next to a frame to select it for further analysis • Right-click over the Summary view for short cut to menu options

  32. Display Options • Right-click on any Decode view to do the following: • Find Frames • Go to Frame • Mark Current Frame • Select Frames • Display Setup • Display Filters • Send Current Frame or Buffer • These capabilities are also available from the main Display menu

  33. Find Frames • Choose Find Frame… from the Display menu or press Alt + F3 • Use the tabs to find frames based on text, data, status, or Expert symptom or diagnosis string

  34. Go To Frame Choose Display from the Menu bar, then Go To Frame… Right-clicking in the Decode window will also give you this option

  35. Mark Current Frame The Mark provides a reference point in the trace and controls the Cumulative Bytes and Relative Time displays

  36. Select Frames Sniffer Portable lets you select individual frames, or a group of frames, in the Summary view of the Decode window, and then optionally save them into a separate decode window

  37. Select Range 1. Select a range of frames by choosing Display from the Menu bar, then Select Range… 2.Then choose the Display menu and either Save the selected frames OR Go to thenext orpreviousselectedframe

  38. Display Setup • Display Setup allows you to customize the Summary Display, Protocol Color, Protocol Expansion, and the font for protocoldecodes • From the Menu bar choose Display > Display Setup...

  39. Display Setup: Summary Display Optional Fields:

  40. Using Display Filtersto Narrow the View

  41. Display Filters • Use display filters to eliminate frames from view or to isolate a specific conversation • When you apply a display filter, Sniffer Portable will default to create a Filtered (x) window attached to the original trace • There are 3 options to create a separate filtered window • You may apply display filters using • Filter profiles (named filters) • Automatic filters • “Quick” filters

  42. Display Filter Profiles To define a display filter profile, select Display > Define Filter from the menu bar

  43. Selecting Display Filters Display > Select Filter from the Menu Bar allows you to select either a display or capture filter for display filtering

  44. Automatic Filters:Expert Display Filter In the Expert, you can filter on any Object, Symptom, or Diagnosis by highlighting the item and clicking on the Expert Display Filter icon

  45. Automatic Filters:Matrix Visual Filter In the Matrix, you can select station addresses and filter on them by clicking on the Matrix Visual Filter icon

  46. “Quick” Filter You can quickly define a filter for use when viewing captured data: 1.Display > Define Filter… 2. Select the “Default” filter 3. Click the Reset button to put options back to original setting 4. Modify options with appropriate selection criteria 5. Click OK when done 6. Right-click and choose Select Filter...

  47. Filtered (x) Tab When you apply a display filter, Sniffer Portable, by default, attaches the window to the original trace as Filtered (x)

  48. Filtered Window Frame Numbers The frames in a filtered window retain their original frame numbers • This makes it easy to go back to the original trace and see where the problem occurred

  49. Viewing Sequential Frame Numbersin a Filtered Window 1. Reduce the box column to nothing by dragging it to the left 2. Double click the left most line next to the heading 3. The sequential number column will appear

  50. Filtered Window Analysis 1 Expert analysis for this filtered window is not available • Expert tab shows the original trace file analysis

More Related