troubleshooting with the sniffer portable analyzer tnv-101-gui

51
Sniffer University 1-1 Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Upload: jacqueline-williamson

Post on 03-Jan-2016

62 views

Category:

Documents


2 download

DESCRIPTION

Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI. Housekeeping. Cell Phones in Silent Mode. Breaks. Lunch. Rest Rooms. Emergency Information. Telephones. Beepers in Silent Mode. Questions. Student Reference CD. Contents of CD: Sniffer Portable trace files - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-1

Troubleshooting with theSniffer Portable Analyzer

TNV-101-GUI

Page 2: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-2

Breaks

Lunch

Telephones

Rest Rooms

EmergencyInformation

QuestionsBeepers inSilent Mode

Cell Phones inSilent Mode

Housekeeping

Page 3: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-3Student Reference CD

Contents of CD:• Sniffer Portable trace files

– Subdirectory for each Sniffer University course containing all of the trace files referenced in that course

• Reference documents– IETF Request for Comments (RFCs)– Appendix material– ATM Forum specifications and glossary– Miscellaneous reference materials

• Sniffer analyzer productdocumentation– Sniffer Portable 4.7– Sniffer Distributed 4.1– Sniffer Watch– Sniffer Reporter

Page 4: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-4No Copying...

Thank You!

Page 5: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-5Curriculum Map

• Troubleshooting with the Sniffer Portable Network Analyzer • Ethernet Network Analysis & Troubleshooting (10, 100, 1000

Mbps) • WAN Network Analysis and Troubleshooting• Sniffer Portable Switch Expert Analysis & Troubleshooting• ATM Network Analysis and Troubleshooting  • Wireless LAN Analysis and Troubleshooting• TCP/IP Network Analysis and Troubleshooting • Microsoft Windows NT Network Analysis & Troubleshooting • Microsoft Windows 2000 Network Analysis & Troubleshooting• Sniffer Distributed Enterprise Management• Sniffer Watch Reports and Management

Sniffer University's Total Network Visibility Curriculum

Page 6: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-6Sniffer Certified

Professional Program

• The Sniffer Certified Professional Program (SCPP) recognizes network professionals who can demonstrate an in-depth understanding of Sniffer Technologies software

• There are three levels of certification in the program:1. Sniffer Certified Professional (SCP)

• The first level is designed to test the candidate’s knowledge in the use of the Sniffer Portable Network Analyzer

2. Sniffer Certified Expert (SCE)

3. Sniffer Certified Master (SCM)• The second and third levels evaluate the candidate’s

knowledge of various networking technologies

Page 7: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-7www.sniffer.com/education

You will find links for:• The SCPP online resource center

– Test preparation materials– Practice tests– Product documentation

• Course schedule and catalog– Class listings

• Registration Information– Register online

• Sniffer University survey– Let us know what you think

• Sniffer University contacts

Page 8: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-8Table of Contents

Course Overview 1-9Introduction and Concepts 1-14Starting Sniffer Portable 1-27Monitoring Network Health and Performance 2-1Monitor Applications 2-5Troubleshooting the Network 3-1Managing Alarms 3-10Capturing Network Traffic 3-19Expert Analysis 3-31Using Capture Filters to Narrow the View 3-67Triggers 3-84Analyzing Network Issues 4-1Decode Window 4-10Using Display Filters to Narrow the View 4-40Exercises 5-1

Page 9: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-9

Course Overview

Page 10: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-10

Course Objectives

At the end of this course, you will be able to:• Effectively use the Sniffer Portable Network

Analyzer in a logical step-by-step process as a network troubleshooting tool

• Employ effective troubleshooting techniques to quickly resolve problems in your networks

• Partner with Sniffer Portable to proactively monitor and baseline your networks

• Optimize your network and applicationsusing the information you have gainedfrom Sniffer Portable

Page 11: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-11Major Topics

•We’ll show you how to:– Use the Monitor functions to check the health

and performance of your networks– Troubleshoot problems by capturing traffic

and using the Expert’s help– Analyze the issues by viewing the frames

that were captured– Proactively manage the network with Sniffer

Portable’s tools and reporting capabilities

•And we’ll give you troubleshooting tips along the way

Page 12: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-12

Vital Troubleshooting Skills

• Your network – Use Sniffer Portable to monitor segments – Have an accurate logical drawing of your entire network

• The protocols being used on your network – Sniffer University has a series of protocol-specific

classes to teach you the fine details of troubleshooting and maintaining each type of network

– Learn how routers and switches are configured to keep them where they belong

• Resources available to help you find answers quickly

In addition to having a protocol analyzer, you need to have an understanding of:

Page 13: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-13

Additional Resources

•Industry Standards, Protocol Specifications, and Product Documentation

•Technical Support•Networking Professional Organizations•Fellow Troubleshooters•Books

Page 14: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-14

Introduction and Concepts

Page 15: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-15

Section Objectives

At the end of this section, you will be able to:

•Describe the system requirements and supported interfaces of the Sniffer Portable Network Analyzer suite

•Relate the OSI Reference Model to a frame on the wire

•Start the Sniffer Portable Network Analyzer •Configure a Sniffer Portable local agent•Identify menu items and icons on

the Toolbar and Status bar•Generate traffic with Packet Generator

Page 16: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-16

What is a Sniffer Analyzer?

• A network troubleshooting tool that assists you in finding and solving network communication problems, analyzing and optimizing network performance, and planning for future growth – Monitor application provides statistics in real time– Capture does real time Expert Analysis as frames are

gated into the capture buffer– Profiles make loading complex filters and settings

easy to save and activate– Post-capture packet display allows you to analyze the

frames in-depth using multiple views– Active tools allow you to generate frames, buffers or

perform other tests

Page 17: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-17

Sniffer Analysis Suites

• Portable Analysis Suite– Sniffer Portable LAN– Sniffer Portable WAN – Sniffer Portable High-

Speed

• Distributed Analysis Suite– Sniffer Distributed

Agent– Sniffer Distributed

Console

No matter which Sniffer suite you choose, the user interface is the same

Page 18: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-18

San Francisco

Tokyo

Paris

Sniffer Distributed Consoles

Router

Frame RelayX.25Switch/Router

Sniffer Distributed Agents on local segments

Sniffer Distributed Agent on remote segment

Sniffer Distributed Agent on remote segment

Sniffer Distributed

Page 19: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-19

Standard EthernetNIC 10/100

Topology-SpecificInterface Module

SnifferbookPod

Power

WANbook

Power 1 2 3 4 5 6 7 8 TO TO TOSNIFFER SNIFFER HUB

….…..

Snifferbook

• Analyze T1/E1• RS/V with LM2000

Adapter

Page 20: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-20

Troubleshooting Flowchart

Monitor Apps

• Dashboard

• Host Table

• Matrix

• ART

• History Samples

• Protocol Distribution

• Global Statistics

Alarms

Capture Frames

Expert Analysis

Expert Options

Filters

Triggers

Display Frames

• Summary

• Detail

• Hex

Navigation

Select Frames

Find Frames

Filters

Display Setup

Address Book

Packet

User Tools

• Ping

• Trace Route

• DNS lookup

• Finger

• Who Is

• Scripts

Monitor Decode ManageTroubleshoot

Generator

Page 21: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-21

Adapter Tools

Ping

Trace Route

DNS Lookup

Finger

Who Is

Trigger

Name Discovery

Alarms

Monitor Filters

Monitor Applications

Dashboard

Host Table

Matrix

ART

History Samples

Protocol Distribution

Global Statistics

Capture Filters

Display Filters

Displays

Decode

Matrix

Host Table

Protocol Dist

Statistics

Probe Dir

Profiles

Configs

Addr Bk

Database

Traces

Exported Data

Sniffer Portable Operation

Page 22: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-22

System Requirements

• Windows 98 SE, 2000, or NT 4.0• Sniffer Portable Software (Provided by Network

Associates)• Microsoft Internet Explorer with MS Virtual

Machine and media player• Pentium 400 MHz CPU with minimum 128 MB

RAM (256 MB recommended) and minimum 125 MB free disk space

• Network Interface Card with NDIS 3.0+ driver• Enhanced NAI drivers for selected cards

enhance performance and allow error frames to be captured and analyzed

Page 23: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-23

Supported Interfaces

•Ethernet 10/100•Token Ring 4/16•FDDI•HSSI•Full Duplex (supported with a pod) •ATM•WAN•Gigabit Ethernet•802.11b Wireless LAN

Page 24: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-24

Enhanced Drivers

Topology Adapter with Sniffer Enhanced Drivers O/S

Ethernet

Adaptec PCI (ANA-21140/UC & ANA-6911/UC) Adaptec PCI (ANA-6911A/TX/TXC) Xircom CardBus Ethernet II 10/100 (CBE2) Xircom Realport CardBusXircom Realport2 CardBusIBM 10/100 EtherJet CardBus

Win NT, 2000, 98 SE

Token Ring

Madge PCMCIA Smart 16/4 Ringnode Mk2 (20-01)Madge 16/4 CardBus Adapter Mk2 (20-03) Madge Smart 16/4 PCI Ringnode Mk2/BM2 (51-02) Madge Smart 16/4 PCI Ringnode Mk3 (51-04)

Win NT, 2000, 98 SE

FDDI NuCard PCI FDDI Adapter Win NT

Full Duplex FDX PCI Card Win NT

WAN HSSI PCI AdapterLM2000 ISA Adapter

Win NT, 2000, 98 SE

ATM Sniffer ATM SAR Adapter Win NT, 2000, 98 SE

Gigabit Xyratex PCI Adapter (SX, LX) Win NT, 2000, 98 SE

Wireless

Symbol Spectrum 24 PCMCIA Cisco Aironet 340/350PCMCIA Lucent Orinoco Gold PCMCIA Enterasys RoamAbout PCMCIA

Win NT, 2000

Page 25: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-25

OSI Reference Model

Allows users to transfer files, send mail, etc.Only layer that users can communicate with directlyKey features are ease of use and functionalityStandardized data encoding and decodingData compressionData encryption and decryption

Manages user sessionsReports upper-layer errorsSupports Remote Procedure Call activities

Connection management (e.g., TCP)Error and flow controlConnectionless, unreliable (e.g., UDP)

Internetwork packet routingMinimizes subnet congestionResolves differences between subnetsNetwork access control - MAC addressPacket framingError and flow control

ApplicationApplication77

66 PresentatioPresentationn

55 SessionSession

44 TransporTransportt

33 NetworkNetwork

22 Data LinkData Link

11 PhysicalPhysicalMoves bits across a physical mediumInterface between network medium and network devicesDefines electrical and mechanical characteristics of LAN

Pro

vid

es

Serv

ices

Moves

Data

Connect

spro

cess

es

Page 26: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-26

The OSI Model and Frames

•Frames include headers at several layers of the OSI model – The number of headers in a frame is

protocol-dependent– Each header has multiple fields that are also

protocol-dependent •The Sniffer Network Analyzer reads the

entire frame and decodes each byte (and sometimes each bit) into an English explanation of the values

DLCDLC ApplicationApplicationPresentationPresentationSessionSessionTransportTransportNetworkNetworkLLCLLCRIRI

Page 27: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-27

Starting Sniffer Portable

Page 28: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-28

Starting Sniffer Portable

• Open the SNIFFER.EXE application using your favorite Windows method

• From the File menu, go to Select Settings... and choose the local agent (adapter) you want to use– Adapters must be previously configured in Windows

and use NAI enhanced or NDIS 3.0+ compliant drivers

• The application automatically starts monitoring the traffic seen on the active local agent– Your settings are saved when you exit the application,

so it will automatically begin monitoring on the local agent you last chose

Page 29: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-29

What is a Local Agent?

•A local agent is a logical reference to a collection of settings, addresses, and profiles associated with an adapter– Each local agent has a unique directory

under the Sniffer Program directory – Changes you make are saved in the directory

of the active local agent

Adapter

Local Agent 2ConfigurationsThresholdsAddress BookProfiles (Filters)

Local Agent 1ConfigurationsThresholdsAddress BookProfiles (Filters)

Page 30: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-30

Select Settings...

The title bar indicates the active local agent

Page 31: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-31

Select the Adapter

•Settings dialog contains local agents that you have defined

•Creating a new local agent allows you to maintain separate settings for each network you analyze– The settings for each

will be maintained inseparate “Local”directories under theProgram directory

Page 32: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-32

Create a New Local Agent

New... from previous menu shows this screen

Assign a name

Choose theadapter

Specify the Pod

Copy settings fromanother agent

Page 33: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-33User Interface

Status BarStatus Bar

Title BarTitle BarMenu BarMenu Bar

ToolbarToolbar

Toolbar Capture Icons

Toolbar Capture Icons

Page 34: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-34The Toolbar

File Open

Save

AddressBook

Abort Print

DashboardHosts

ApplicationResponseTime

Matrix

History

ProtocolDistribution

GlobalStats

Alarms

CapturePanel

Print

Page 35: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-35

Watch the lower right corner of window for real-time counts

Status Bar

Printing FramesGenerated

Frames Captured

Alarms

Page 36: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-36Getting Help

Three ways to get help in Sniffer Portable:

1. Use the Help on the menu bar to access the comprehensive on-line User’s Guide

2. Highlight an area on the screen and press F1 for context-sensitive help

3. Click on the icon

Page 37: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-37

Monitor

Major Components

Dashboard

Host Table

Matrix

Protocol Distribution

History

Global Statistics

Monitor Applications

CaptureReal-Time Expert AnalysisDisplay

Expert Analysis

Host TableMatrixProtocol Distribution

Decode

Statistics

Display Tabs

NIC

Application Response Time

Page 38: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-38Exercise 1-1

Launch Sniffer Portable

Page 39: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-39

Using Packet Generator

Page 40: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-40

What is Packet Generator?

•The main purpose of the packet generator is to stress test your network

•You can configure it to generate:– A buffer of previously captured data– A frame from the displayed data– A new frame you configure before generating– A frame with no data

•Monitor and Capture while generating to view the effect of the new data on the network

•We will use it in class to generate trace files while viewing Monitor and Capture screens

Page 41: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-41

Loopback Mode

•Transmitting frames from the buffer with the Packet Generator to “replay” a trace file can be very useful to quickly showMonitor or Capture statistics

•WARNING: Make sure that you enable Loopback Mode before starting traffic generation

Page 42: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-42

The Packet Generator

•Capture or load and display a trace file•Tools > Packet Generator

Send current buffer

Repeat

Stop

Configure andsend new packet

Send current packet

Page 43: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-43

Packet Generator Views

Animation View—shows data being “pumped” into the network:

Detail view—displays statistics:

Counter in the lower right corner:

Page 44: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-44

Monitoring and Capturing from a File

•To enable Monitor in the classroom when a live network is not available, we must– Set the local agent to Loopback Mode– Load a trace file– Generate traffic from the trace file

•Monitor will accept the data as if it came from the network and give us statistics to view

•The next couple of slides show the process to make that happen…

Page 45: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-45

Generating From a File

•Under Files:– Select Loopback Mode if no is visible– Open the trace file

• Frames will be stored in the Capture buffer• Display the data

•From the Tools pull-down menu: – Choose Packet Generator– Select the Send Buffer icon– Configure the number of times to send the

buffer– Note the counts in the lower right counter as

frames are generated

Page 46: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-46

Generate Buffer Configuration

Configure how often to send:

Page 47: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-47

CorruptTables

Dummy Multicast Broadcast Bad Good NIC Data DataAddress (Broadcast)

Effects on Network Performance

What happens when you transmit data into a live network?

CPUInterrupt

Process (discard data)

Page 48: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-48

Generating Traffic

So, why would you want to generate traffic?• Test new equipment in a lab before installing it

in a live network• Test vendor’s claims for new equipment

performance, e.g., packets/frames persecond forwarded by a particular brandand model of router/switch

• Play back a trace file and observe its operation• Induce a known load of null traffic to see how

a network will react to increased bandwidthusage

• Test a Network Interface Card’s operation• Laboratory testing of suspect routers, switches,

gateways, and NICs to ensure proper performance

Page 49: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-49

Summary

In this section, you learned how to:•Describe the system requirements and

supported interfaces of the Sniffer Portable Network Analyzer suite

•Relate the OSI Reference Model to a frame on the wire

•Start Sniffer Portable •Configure a Sniffer Portable local agent•Identify menu items and icons on the

Toolbar and Status bar•Generate traffic with Packet Generator

Page 50: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-50

Group Discussion

•When would you create/use a local agent?

•Why might there be multiple local agents for the same NIC?

•How does a frame on the wire relate to the OSI 7 layer model?

•When troubleshooting, is itbetter to start with theApplication layer orthe DLC layer? Why?

Page 51: Troubleshooting with the Sniffer Portable Analyzer TNV-101-GUI

Sn

iffe

r U

niv

ersi

ty

1

-51