monotoring Basics2

NETWORK MONITORING I:BASIC NETWORKING

Today’s Agenda

Introduction to Networking Technology Network Architecture Network Protocols TCP/IP Stack TCP/IP Protocol Suite and Utilities

Course Objectives

This course teaches the fundamentals ofnetworking, what the TCP/IP protocol stackconsists of and how the different layers of thenetwork stack influence, what are theapplication supported by TCP/IP and what isthe impact of these application on the overallnetwork performance…etc. This course is to give

basicnetwork fundamental in order to use iNetmon

solutions tothe fullest.

Introduction to Networking Technology

Many different ways of Connections. Different needs require different solutions.

A network consists of two or more computers that are linked in order to share resources (such as printers and CD-ROMs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams

Result

Local Area Network

LAN is a network limited to a small geographic area such as a writing lab, school, or building.

On most LANs, cables are used to connect the network interface cards in each computer

Many LANs are divided into logical groups called subnets.

Local Area Network …

Networking hardware includes all computers, peripherals, interface cards and other equipment needed to perform data-processing and communications within the network such as

- Bridges- Switches- Routers.- Repeaters

Networking hardware

Networking hardware

File Servers

Stands at the heart of most networks.

• Very fast computer with a large amount of RAM and storage space

• Fast network interface card.

• Controls the communication of information between the nodes.

http://fcit.usf.edu/network/glossary.htm

Networking hardware

Workstations

•Computers connected to a network are called workstations.

A typical workstation is a computer that is configured with a network interface card, networking software, and the appropriate cables.

•Almost any computer can serve as a network workstation .

•Workstations do not necessarily need floppy disk drives because files can be saved on the file server

Networking hardware

Network Interface Cards

•NIC provides the physical connection between the network and the computer workstation.

•NIC are a major factor in determining the speed and performance of a network .

•Examples

- Ethernet cards, LocalTalk connectors, and Token Ring cards ..etc

Networking hardware

Ethernet Cards

* Ethernet cards contain connections for

either coaxial or twisted pair cables

* If it is designed for coaxial cable,

the connection will be BNC. If it is

designed for twisted pair, it will

have a RJ-45 connection

Networking hardware

Switch

•A concentrator is a device that provides a central connection point for cables from workstations, servers, and peripherals

•Electrically amplify the signal as it moves from one device to another.

•Switches doesn't broadcast network packets as hubs did in the past, they memorize addressing of computers and send the information to the correct location directly.

•Usually configured with 8, 12, or 24 RJ-45 ports

Networking hardware

Repeaters

•The repeater electrically repeats the signal it receives and rebroadcasts it .

•Repeaters can be separate devices or they can be incorporated into a concentrator

•are used when the total length of your network cable exceeds the standards set for the type of cable being used (The length limit for unshielded

twisted-pair cable is 100 )

Networking hardware

Bridges

•To segment a large network into two smaller, more efficient networks.

• Monitors the information traffic on both sides of the network so that it can pass packets of information to the correct location.

•Manages the traffic to maintain optimum performance on both sides of the network .

•Can be used to connect different types of cabling

Networking hardware

Routers

•A router translates information from one network to another.

•Routers select the best path to route a message, based on the destination address and origin

•smart enough to know when to direct traffic along back roads and shortcuts.

•Route messages between any two protocols

•Route messages between different topologies

Networking hardware

Unshielded twisted pair

RJ-45 connector Coaxial cable

BNC connector Fiber optic cable

Wireless LAN

Network Architecture

Network Topology

Physical topology refers to the configuration ofcables, computers, and other peripherals.

1- Linear Bus

-Consists of a main run of cable with a terminator at each end.

Network Architecture …

Advantages of a Linear Bus Topology Easy to connect a computer or peripheral to a linear bus. Requires less cable length than a star topology.

Disadvantages of a Linear Bus Topology Entire network shuts down if there is a break in the main cable. Terminators are required at both ends of the backbone cable. Difficult to identify the problem if the entire network shuts

down. Not meant to be used as a stand-alone solution in a large

building.


2- Star - Designed with each node connected directly to a

central network hub or concentrator

This configuration is common with twisted pair cable; however, it can also be used with coaxial cable or fiber optic cable.

Advantages of a Star Topology- Easy to install and wire. - No disruptions to the network then connecting or removing devices. - Easy to detect faults and to remove parts.

Disadvantages of a Star Topology- Requires more cable length than a linear topology. - If the hub or concentrator fails, nodes attached are disabled. - More expensive than linear bus topologies because of the cost of the concentrators.


3- Tree - Combines characteristics of linear bus

and star topologies

- Consists of groups of star-configured

workstations connected to a linear bus

backbone cable.

-Allow for the expansion of an existing

network



Advantages of a Tree Topology Point-to-point wiring for individual segments. Supported by several hardware and software venders.

Disadvantages of a Tree Topology Overall length of each segment is limited by the type of

cabling used. If the backbone line breaks, the entire segment goes down. More difficult to configure and wire than other topologies.


Considerations When Choosing a Topology: Money. A linear bus network may be the least expensive

way to install a network; you do not have to purchase concentrators.

Length of cable needed. The linear bus network uses shorter lengths of cable.

Future growth. With a star topology, expanding a network is easily done by adding another concentrator.

Cable type. The most common cable in schools is unshielded twisted pair, which is most often used with star topologies.


Carrier sense multiple access withcollision detection (CSMA/CD) is a network control protocol in which :a carrier sensing scheme is used and a transmitting data stationthat detects another signal while transmitting a frame, stopstransmitting that frame, transmits a jam signal, and then waitsfor a random time interval (known as "backoff delay" anddetermined using the truncated binary exponential backoffalgorithm) before trying to send that frame again

Carrier sense multiple access with collision detection (CSMA/CD)



The Ethernet network may be used to provide shared access by a group of attached nodes to the physical medium which connects the nodes (Collision Domain ).

Consider a LAN with four computers each with a Network Interface Card (NIC) connected by a common Ethernet cable


One computer (Blue) uses a NIC to send a frame to the shared medium, which has a destination address corresponding to the source address of the NIC in the red computer.

The cable propagates the signal in both directions, so that the signal (eventually) reaches the NICs in all four of the computers. Termination resistors at the ends of the cable absorb the frame energy, preventing reflection of the signal back along the cable.


All the NICs receive the frame and each examines it to check its length and checksum. The header destination MAC address is next examined, to see if the frame should be accepted, and forwarded to the network-layer software in the computer.

Only the NIC in the red computer recognises the frame destination address as valid, and therefore this NIC alone forwards the contents of the frame to the network layer. The NICs in the other computers discard the unwanted frame. The shared cable allows any NIC to send whenever it wishes, but if two NICs happen to transmit at the same time, a collision will occur, resulting in the data being corrupted.


Token-Passing Access Method

A special type of packet, called a token, circulates around a cable ring from computer to computer. When any computer on the ring needs to send data across the network, it must wait for a free token. When a free token is detected, the computer will take control of it if the computer has data to send.

The computer can now transmit data. Data is transmitted in frames, and additional information, such as addressing, is attached to the frame in the form of headers and trailers, discussed later in this chapter.

Demand Priority Access Method

Demand priority is based on the fact that repeaters and end nodes are the two components that make up all 100VG-AnyLAN networks. The repeaters manage network access by doing round-robin searches for requests to send from all nodes on the network. The repeater, or hub, is responsible for noting all addresses, links, and end nodes and verifying that they are all functioning. According to the 100VG-AnyLAN definition, an end node can be a computer, bridge, router, or switch.


Introducing the TCP/IP Model

Understanding TCP/IP Client and Server Roles

Most TCP/IP protocols involve communication between two devices, but the two rarely act as peers in the communication; one acts as the client and the other as the server. This simplified illustration shows a common example—a World Wide Web transaction using the Hypertext Transfer Protocol (HTTP). The Web browser is an HTTP client and initiates the communication with a request for a file or other resource sent over the Internet to a Web site, which is an HTTP server. The server then responds to the client with the information requested. Servers will generally respond to many clients simultaneously.

TCP/IP Architecture and the TCP/IP Model

The TCP/IP architectural model has four layers that approximately match six of the seven layers in the OSI Reference Model. The TCP/IP model does not address the physical layer, which is where hardware devices reside. The next three layers—network interface, internet and (host-to-host) transport—correspond to layers 2, 3 and 4 of the OSI model. The TCP/IP application layer conceptually “blurs” the top three OSI layers. It’s also worth noting that some people consider certain aspects of the OSI session layer to be arguably part of the TCP/IP host-to-host transport layer.

IP Datagram General Format

Time To Live (TTL) Field

-Router loops are not supposed to happen

-TTL is a time value (in seconds) when a datagram was originally sent

-Routers would decrease the time value periodically, and if it ever hit zero, the datagram would be destroyed

-Since router fast in forwarding packets then instead, each time a router processes a datagram, it reduces the value of the TTL field by one if it reaches zero then the

datagram is expired.

IP Datagram General Format

Type Of Service (TOS) Field

-one-byte field

Maximum Transmission Unit (MTU) and Datagram Fragmentation

Device A is sending to Device B over a small internetwork consisting of one router and two physical links. The link from A to the router has an MTU of 3,300 bytes, but from the router to B it is only 1,300 bytes. Thus, any IP datagrams over 1,300 bytes will need to be fragmented.

TCP/IP Protocol Suite and Utilities

Ping (Packet INternet Groper): is a computer network tool used to test whether a particular host is reachable across an IP network.

Ping works by sending ICMP “echo request” packets ("Ping?") to the target host and listening for ICMP “echo response” replies .

ping estimates the round-trip time (generally in milliseconds) and packet loss (if any) rate between hosts.

PING can also tell the user the number of hops that lie between two computers and the amount of time it takes for a packet to make the complete trip.

administrator can use Ping to test out name resolution. If the packet bounces back when sent to the IP address but not when sent to the name, then the system is having a problem matching the name to the IP address.


Traceroute: is a computer network tool used to determine the route taken by packets across an IP network.

The traceroute tool is available on practically all Unix-like operating systems. tracert on Microsoft Windows operating systems. Windows NT-based operating systems also provide pathping, which provides similar functionality.

traceroute works by increasing the "time-to-live" value of each successive batch of packets sent. The first three packets have a time-to-live (TTL) value of one (implying that they make a single hop)

When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host


When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender

Traceroute is often used for showing a list of routers traversed, it helps in identifying the path taken to reach a particular destination on the network. This can help identify routing problems or firewalls that may be blocking access to a site

Traceroute is also used to gather information about network infrastructure and IP ranges around a given host.

It can also be used when downloading data, as if there are multiple mirrors available for the same piece of data, one can trace each mirror to get a good idea of which mirror would be the fastest to use.


netstat (=network statistics) is a command-line tool thatdisplays a list of the active network connections the computer currently has, both incoming and outgoing. It is available on Unix, Unix-like, and Windows NT-based operating systems. Information returned includes local and remote IP addresses, local and remote ports, and TCP status codes.


ipconfig Used to control network connections. In Windows, ipconfig is a wrapper for

the command line utility to print the current connection details and to

Control the DHCP Client service.

monotoring Basics2

Education

Transcript of monotoring Basics2