Network Analysis Using Wireshark 1
-
Upload
yoram-orzach -
Category
Services
-
view
90 -
download
1
Transcript of Network Analysis Using Wireshark 1
![Page 1: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/1.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 1
Network Analysis Using Wireshark
Lesson 1:
Introduction & TS Basics
![Page 2: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/2.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 2
By the end of this lesson you will:
• Understand how to approach a network problem
• Understand the difference between GO-NOGO and performance problems
• Understand the tools that assist us in the network troubleshooting process
Lesson Objectives
![Page 3: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/3.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 3
What is network troubleshooting
Troubleshooting tools
Troubleshooting methodologies
Chapter Content
The network is guilty until proven otherwise…
![Page 4: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/4.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 4
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the
Symptoms Stop
Document the Results
Start
End
TS Algorithm
YES
NO
![Page 5: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/5.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 5
TS Algorithm – Define the Problem (1)
• Draw the network
▫ Servers, switches, routers, firewalls etc.
• Draw the traffic flow chart
▫ Packets goes to servers, to Internet, between sites ….
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 6: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/6.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 6
TS Algorithm – Define the Problem (2)
• Define the problem
▫ Does the problem happens always or occasionally
▫ Does it happen in one application or all applications
▫ Does it happened with all users, group of users or single user
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 7: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/7.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 7
TS Algorithm – Gather Facts
• Collect data about:▫ How often does the problem
happens ?
▫ When did the problem first occur ?
▫ What changes were made before the problem have started ?
▫ Is the problem reproducible ?
• Collect data from:▫ Affected users, administrators,
managers, and any key people involved with the network etc.
▫ Network management tools, protocol analyzers, diagnostic commands etc.
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 8: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/8.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 8
TS Algorithm – Consider Possibilities
• What can it be:▫ System/OS ?
▫ Application ?
▫ Network ?
▫ Hardware ?
• What tools to use ?▫ Networking tools ?
▫ System/OS tools ?
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 9: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/9.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 9
TS Algorithm – Create Plan
• Develop a plan for how you will test the most likely causes of the problem.
• Plan to change just one variable at a time
• Document your action plans. Each plan should describe a set of steps to be executed.
• Prepare a roll-back plan in case your actions make matters worse.
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 10: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/10.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 10
TS Algorithm – Implement the Plan and Observe the Results
• Follow the steps that you created in your action plan and observe the results.
• Make sure you document which plan you are currently trying otherwise it is too easy to repeat yourself.
• Test all fixes that you make. Be sure you do not make the problem worse or introduce new problems.
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 11: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/11.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 11
TS Algorithm – Implement the Plan
• When you have resolved the problem, you have one more important step remaining -documenting the results.
• Documenting the resolution will help you in the future when a similar problem occurs.
• In addition to documenting the resolution, be sure to save any configuration changes you made. If necessary, update your network maps.
Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe ResultsDoes the Symptoms
Stop
Document the Results
Start
End
![Page 12: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/12.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 12
What is the Problem Nature
Go / No GoProblem
PerformanceProblem
Problem Nature
![Page 13: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/13.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 13
What is network troubleshooting
Troubleshooting tools
Troubleshooting methodologies
Chapter Content
Don’t forget: user responses are relative …
![Page 14: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/14.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 14
• By the end of this lesson, you will be able to understand and use:
1. PC tools – Ping, Tracert ,Netstat, ARP …..
2. Communication equipment – Switches, Routers, Firewalls ….
3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..
4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..
5. Special tools – Netflow, Sflow, Port mappers, …..
6. Dedicated analyzers – Agilent, Spirent, IXIA…..
Network TS Tools
![Page 15: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/15.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 15
• End to end basic connectivity
• First “filling” of the network behavior
1. PC Tools - Ping, Tracert ,Netstat, ARP …..
To ISP
server pc
router
![Page 16: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/16.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 16
• Local data – counters in equipment itself
• For local problem isolation
2. Access to communication equipment's –Switches, Routers, ….
To ISP
![Page 17: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/17.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 17
• Local, in-depth, packet-by-packet protocol analysis of network traffic
• Network, hardware and application behavior
3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..
To ISP
![Page 18: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/18.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 18
• Continues monitoring and mapping
• Events and notifications
• Maps system
• Mostly SNMP based
4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..
To ISP
![Page 19: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/19.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 19
• Traffic analysis, engineering tools etc …
5. Special tools – Netflow, IP tools …..
To ISP
![Page 20: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/20.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 20
• Simulators, applications tests etc …
6. Dedicated analyzers – Agilent, Spirent, …..
To ISP
![Page 21: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/21.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 21
What is network troubleshooting
Troubleshooting tools
Troubleshooting methodologies
Chapter Content
Applications are typically developed in a “Golden Environment” -Fastest possible PCs, High Bandwidth, low latency etc. When they move from test (LAN) to production (WAN/WIFi/Cellular) the phone starts ringing…
![Page 22: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/22.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 22
T.S. Approaches
• Theoretical – “Scientist” approach
• Practical – “Caveman” Approach
![Page 23: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/23.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 23
• The “Scientist” approach will be to analyze and re-analyze the situation until the exact cause of the problem has been identified
• This approach will finally lead for solving the problem, but although this process is fairly reliable.
Theoretical - Scientist Approach
![Page 24: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/24.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 24
• The “Caveman” first instinct is start swapping cards, cables, hub's, and everything available, until miraculously, the network begins to work, even though not always properly.
• The problem with the “caveman” approach is that most of the times the root cause of the problem will still be present.
Practical - The Caveman Approach
![Page 25: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/25.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 25
• Analyze the network as a whole - rather than in pieces.
• Ask the questions - then collect the information - concentrate on
the problem - and then replace one broken ring in the chain to
solve it.
• Do not forget to verify that the problem have been truly fixed.
• Many problems can be user problems or mental problems that do
not involve anything in the network. Eliminate these problems at
the beginning!
The Right Approach
![Page 26: Network Analysis Using Wireshark 1](https://reader034.fdocuments.in/reader034/viewer/2022042706/58ac06871a28abb6718b68a5/html5/thumbnails/26.jpg)
Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 [email protected]
Network analysis using Wireshark V2 [email protected] 26
Summary
• In this lesson we talked about:
▫ Work in order
▫ Document, Document, Document!
▫ Scientist or Caveman? Both, as required
Thanks for your timeYoram [email protected]
Many examples, case-studies, capture files and more on my classroom course or online on:https://www.eknower.com/