1 / 19

BAI513 - PROTOCOLS

BAIST – Network Management. BAI513 - PROTOCOLS. Introduction to Network Analysis and WireShark. Objectives. At the end of this presentation, the student will be able to: Describe the roles and purposes of Network Analysis.

saraphillips
Download Presentation

BAI513 - PROTOCOLS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BAIST – Network Management BAI513 - PROTOCOLS Introduction to Network Analysis and WireShark

  2. Objectives • At the end of this presentation, the student will be able to: • Describe the roles and purposes of Network Analysis. • Describe the “how, where and why” of installing Protocol Analysers. • Describe the main features / functions of the WireShark application.

  3. About Protocol Analysis • Protocol analysis (also referred to as network analysis) is the process of tapping into the network communications system, capturing packets that cross the network, gathering network statistics, and decoding the packets into readable form • In essence, a protocol analyzer eavesdrops on network communications • Many protocol analyzers can also transmit packets—a useful task for testing a network or device

  4. Useful Roles for Protocol Analysis • Protocol analyzers are often used to troubleshoot network communications • Typically, analyzers are placed on the network and configured to capture the problematic communication sequence • Protocol analyzers are also used to test networks • Testing can be performed in a passive manner by listening to unusual communications, or in an active manner by transmitting packets onto the network

  5. Protocol Analyzer Elements • The following diagram depicts the basic elements of a protocol analyzer • The basic elements are: • Promiscuous mode card and driver • Packet filters • Trace buffer • Decodes • Alarms • Statistics

  6. Network Analyzer Elements

  7. Promiscuous Mode Card & Driver • The network interface card and driver used on the analyzer must support promiscuous mode operation • A card that runs in promiscuous mode can capture broadcast packets, multicast packets, and unicast packets sent to other devices, as well as error packets • An analyzer running with a promiscuous mode card and driver can see Ethernet collision fragments, oversized packets, undersized packets (a.k.a. runts), and packets that end on an illegal boundary

  8. Packet Filters • If you are interested in the type of broadcasts that are crossing a network, you can set up a filter that allows only broadcast packets to flow into the analyzer • When filters are applied to incoming packets, they are often referred to as capture filters, or pre-filters

  9. Packet Filters • Filters can be based on a variety of packet characteristics including, but not limited to: • Source data link address • Destination data link address • Source IP address • Destination IP address • Application or process

  10. Trace Buffer • The packets flow into the analyzer’s trace buffer, a holding area for packets copied off the network • Typically, this is an area of memory set aside on the analyzer, although some analyzers allow you to configure a “direct to disk” save option • Most analyzers have a default trace buffer size of 4 MB

  11. Decodes • Decodes are applied to the packets that are captured into the trace buffer • These decodes enable you to see the packets in a readable format with the packet fields and values interpreted for you • Decoders are packet translation tools

  12. Viewing Packet Decodes

  13. Alarms • Many analyzers have a set of configurable alarms that indicates unusual network events or errors • The following lists some typical alarms that are included with most analyzer products: • Excessive broadcasts • Utilization threshold exceeded • Request denied • Server down

  14. Statistics • Many analyzers also display statistics on network performance, such as the current packet-per-second rate, or network utilization rates • Network administrators use these statistics to identify gradual changes in network operations, or sudden spikes in network patterns

  15. Placing a Protocol Analyzer on a Network • A protocol analyzer can only capture packets that it can see on the network • On a network that is connected with hubs, you can place the analyzer anywhere on the network • There are basically three options for analyzing switched networks: • Hubbing out • Port redirection • Remote Monitoring (RMON)

  16. Hubbing Out • By placing a hub between a device of interest (such as a server) and the switch, and connecting the analyzer to the hub, you can view all traffic to and from the server

  17. Port Redirection • Many switches can be configured to redirect (actually, to copy) the packets traveling through one port to another port • By placing your analyzer on the destination port, you can listen in on all the conversations that cross the network through the port of interest

  18. Remote Monitoring (RMON) • RMON uses Simple Network Management Protocol (SNMP) to collect traffic data at a remote switch and send the data to a management device

  19. Summary • This presentation covered information that allowed the student to: • Describe the roles and purposes of Network Analysis. • Describe the “how, where and why” of installing Protocol Analysers

More Related