1

Microsoft Windows 2000 Network Infrastructure Administration

• Chapter 4

• Monitoring Network Activity

2

Introducing Network Monitor

• Lesson 1 Topics

• View and detect problems on local area networks (LANs)

• Network Monitor diagnostics

3

Introducing Network Monitor

• Lesson objectives

• To install Network Monitor• To describe the benefits of using Network

Monitor

4

Understanding Network Monitor

• Collects data sent to and from computers.

• Administrator can view and analyze data.

• Captures frames and packets on Data-Link layer.

• Can interpret some Application layer data, such as:

Hypertext Transfer Protocol (HTTP)

File Transfer Protocol

5

Installing Network Monitor

• Must install the following:

• Network Monitor Tools in Microsoft Windows 2000

• Network Monitor driver

• Automatically installs Network Monitor utility and agent

6

Gathering Agent

Network Monitor composed of a gathering agent that collects data, and administrative utility that displays and analyzes the data.

7

Network Monitor Driver

• Gathers frames from network adapter.

• Passes data to Network Monitor utility.

• Forwards frames to remote administrator with Microsoft Systems Management Server.

• Adds Network Segment object.

• For Network Monitor data, must install Network Monitor Tools.

8

Capturing Network Data

Network Monitor uses a process called capturing to examine network frames.

• Capture all network traffic.

• Capture specific subset of frames.

• Respond to events on network.

9

Network Monitor

Network Monitor captures frames and packet on the data-link layer through the application layer and presents it graphically. Frames and packets are composed of many pieces of information:

• Source and destination addresses

• Sequencing information

• Checksums

10

Network Monitor

Network Monitor decodes this information allowing you to analyze traffic and troubleshoot network problems.

Network Monitor can also interpret some application layer data, such as Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP)

11

Network Monitor

Installing the Network Monitor Tools component in Windows 2000 automatically installs both the Network Monitor utility and agent.

12

Network Monitor Driver

The Network Monitor driver gathers frames from a network adapter and passes the information to the Network Monitor utility for viewing and analysis

13

Summary

You can use Windows 2000 Network Monitor to view and analyze problems on your network. You can also store a log of network activity into a file and then sent the file and then send the file to a professional network analyst or support organization.

14

Using Network Monitor

• Lesson 2 Topic

• Troubleshooting network problems

15

Using Network Monitor

• Lesson objectives

• To capture data using Network Monitor• To examine frames using Network Monitor• To view data with Network Monitor

16

Using Network Monitor

When using Network Monitor, you should remember two key points:

1. Run Network Monitor at low-usage times or for short period of time.

2. Capture only as many statistics as you need for evaluation

17

Types of Information

Network Monitor can capture frames sent to and from a network adapter. Frames are made up of many different pieces of information:

• Protocol being used

• Source address of sending computer

• Destination address of frame

• Length of frame

18

Viewing Data

Network Monitor also displays overall network segment statistics, including:

• Broadcast frames

• Multicast frames

• Network utilization

• Total bytes received per second

• Total frames received per second

19

Viewing Data

Network Monitor also displays overall network segment statistics, including:

• Broadcast frames

• Multicast frames

• Network utilization

• Total bytes received per second

• Total frames received per second

20

The Network Monitor User Interface

21

Network Monitor Acts as NDIS Driver

Network Monitor acts as a Network Driver Interface Specification-Compliant (NDIS) driver to copy frames to the capture buffer.

• Default size is 1 MB.

• Size is adjustable.

• Uses local-only mode to keep load down.

22

Statistics Displayed in Capture Window

23

The Capture Filter Dialog Box

24

Descriptions of Capture Triggers

25

Display Filter Types

26

Analysis Routine

Part of your routine for reviewing and analyzing captured data:

• Follow a session using source and destination IP address and port numbers.

• For Reset, focus on the sequence number and acknowledgements.

• Use a calculator to associate acknowledgements with data sent.

• Analyze activity.

27

Using Display Filters

A frame can be filtered based on the following data:

• The frame’s data-link layer of network layer source or destination address.

• The protocols used to send the frame or packet.

• The properties and values the frame contains

28

Reviewing Capture Data

Perform the steps in the following list:

• Follow a session using source and destination IP address and port numbers.

• If you find a Reset, focus on the sequence numbers and acknowledgments that precede it.

• Use a calculator to see which acknowledgments are associated with the data sent.

• Try to understand the activity you are seeing:

29

The Expression Dialog Box

30

Network Monitor Performance Issues

• Network Monitor creates a memory-mapped file for its capture buffer.

• Create a large enough buffer.

• You cannot adjust the frame size, store only part of the frame. For example you can store only the frame header which is in bytes, thereby using less capture buffer space.

31

Detecting Network Monitor

Network Monitor can detect other installations of network Monitor that are running on the local segment of your network by displaying the following information:

• Prevents unauthorized use by displaying

• Name of computer• Name of user logged on• State of Network Monitor• Adapter address of remote computer• Version number of Network Monitor on remote

computer

32

Windows 2000 Administration Tools

• Lesson 3 Topics

• Terminal Services• Remote administration• Simple Network Management Protocol (SNMP)

33

Windows 2000 Administration Tools

• Lesson objectives

• To configure a Terminal Server for remote administration

• To install and configure the Windows 2000 SNMP service

• To describe how the SNMP service works

34

Administration Capabilities

• Terminal Services

• SNMP

35

Selecting a Mode for Terminal Services

36

Terminal Service Option

37

Simple Network Management Protocol (SNMP)

SNMP is a network-management protocol frequently used in TCP/IP networks to monitor and manage computers and other devices such as printers connected to the network.

38

SNMP Agents

39

SNMP Management System and Agent

40

SNMP Management System and Agent