Network Critical @ Sharkfest 2008


Published on

Founded in 1997 by President and CEO Alastair Hartrup, Network Critical is a UK-based company that has grown into a global leader, developing premier network access solutions for the enterprise security and network management marketplace. A channel-friendly company, Network Critical operations continue to grow world-wide, with new offices in Buffalo, New York and Amsterdam, The Netherlands. Network Critical provides proper enterprise access wherever monitoring is critical—maximizing the value of customer monitoring investments, and giving customers the assurance that traffic is always seen and always available.

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Network Critical @ Sharkfest 2008

  1. 1. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris Bihary Managing Director | Network Critical SHARK FEST '08 Foothill College March 31 - April 2, 2008
  2. 2. Agenda <ul><li>Introduction </li></ul><ul><li>Network Monitoring Basics </li></ul><ul><li>How do I connect Wireshark to my network? </li></ul><ul><li>What is Access Technology? </li></ul><ul><li>New Access Technology </li></ul><ul><li>Questions & Answers </li></ul>SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
  3. 3. Introduction <ul><li>Chris Bihary, Network Critical </li></ul><ul><ul><li>Managing Director, Americas </li></ul></ul><ul><ul><li>716-558-7282 direct </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>Mark Manion, Network Critical </li></ul><ul><ul><li>Channel Manager, West Coast </li></ul></ul><ul><ul><li>716-558-7282 direct </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>Sam Battaglia, Network Critical </li></ul><ul><ul><li>Technical Manager </li></ul></ul><ul><ul><li>(716) 558-0881 direct </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>Network Critical </li></ul><ul><ul><li>Network Critical is the creator of the premier TAP (Traffic Access Point) solution; advancing enterprise network monitoring, device deployment, and management through a best-practice approach. Network Critical develops smarter ways to access traffic for monitoring, data capture and analysis for any enterprise mission: compliance, security, quality of service, legal intercept, analysis, and much more. </li></ul></ul><ul><ul><li>Office 716-558-7280 </li></ul></ul><ul><ul><li> or </li></ul></ul>SHARKFEST '08 | Foothill College | March 31 - April 2, 2008
  4. 4. Network Monitoring Basics SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Three Basic Components with any Network Monitoring Solution
  5. 5. Network Monitoring Solutions Network Appliances ◊ Software Tools ◊ Network Tools Network Monitoring, Network Analyzers, Sniffers, Security, Compliance, Analysis, Lawful Interception, Forensics, Quality of Service, Data Leakage, Intrusion Detection, Intrusion Prevention, Bandwidth Shaping, Content Filtering T1-1 I’ve downloaded Wireshark…Now what? Instructor: Betty DuBois, Wireshark U T2-2 Analyzing the TCP/IP Resolution Processes - Port, Name, Route and Hardware Address Resolution Instructor: Laura Chappell, WSU T2-4 Trace File Analysis - Identifying Wire Latency, Client Latency and Server Latency Issues (Includes Charting Techniques) Instructor: Laura Chappell, WSU T1-3 Case Studies: Solving Network Performance Problems with Wireshark Instructors: Laura Chappell, WSU and Loris Degioanni, CTO, CACE Technologies T1-3 Case Studies: Solving Network Performance Problems with Wireshark Instructors: Laura Chappell, WSU and Loris Degioanni, CTO, CACE Technologies T1-10 Expose VOIP Problems Using Wireshark Instructor: Sean Walberg
  6. 6. Network Monitoring Solutions <ul><li>Line Rate Capture Appliances ◊ Data Storage ◊ Databases </li></ul><ul><li>Network Appliances, High Speed Network Interface Cards, Storage Solutions, Disk / Server Farms, On-line and Off-line Storage </li></ul>T1-2 The Virtue of Continuous, Complete Packet Capture &Stream-to-Storage for Enhanced Network Forensics Capability Instructor: Paal Tveit, VP of Engineering, Solera Networks T2-5 Advanced Capture and Display Filtering Instructor: Tony Fortunato, WSU
  7. 7. Network Monitoring Solutions How do I access the data on my Network?
  8. 8. <ul><li>A network appliance / software / network tool is only as good as the access it gets. </li></ul><ul><li>Downtime can stem from poor management practices, often where access is an afterthought. </li></ul><ul><li>A Gartner study found that the typical large business experienced an average of 87 hours of downtime a year, at $42,000 per hour = $3.6 million annually </li></ul>Why worry about Network Access?
  9. 9. Access Technology is the Foundation
  10. 10. How do I connect to Wireshark to the Network? <ul><ul><li>10/100 Hub </li></ul></ul><ul><ul><li>SPAN or Mirrored Ports (switches) </li></ul></ul><ul><ul><li>TAP – Traffic Access Point </li></ul></ul>It’s simple, I need access to the data!
  11. 11. How do I connect to Wireshark to the Network? <ul><li>10/100 Ethernet Hub </li></ul><ul><li>Shared 10/100 collision based topology </li></ul><ul><li>Cannot monitor full duplex traffic </li></ul><ul><li>Drop Packets </li></ul><ul><li>Does not support gigabit or fiber applications </li></ul><ul><li>Hard find a hub </li></ul><ul><li>Single port makes it easy when using with a laptop or portable application with Wireshark </li></ul>001100100111001110110101010111100 Server ` ` Server 0011 0 0 1 1 1 0 Wireshark SHARED ETHERNET 10/100MB TOPOLOGY
  12. 12. How do I connect to Wireshark to the Network? <ul><li>Mirrored Port or Cisco Term SPAN ( S witch P ort An alyzer) </li></ul><ul><ul><li>With SPAN, traffic from any port on the network switch can be mirrored or copied to another port, which is designated as the SPAN port. You can then connect the SPAN port to the Network Tool </li></ul></ul>Managed Ethernet Switch SPAN Port
  13. 13. SPAN/Mirrored Switch Port <ul><li>Benefits </li></ul><ul><li>Included in the cost of your managed switch </li></ul><ul><li>Internal Switch Traffic Visible </li></ul><ul><li>VLAN’s are visible </li></ul><ul><li>Single port makes it easy when using with a laptop or portable application with Wireshark </li></ul><ul><li>Limitations </li></ul><ul><ul><li>Groomed data (change timing, add delay) </li></ul></ul><ul><ul><li>Extract bad frames as well as ignore all Layer 1 &2 information </li></ul></ul><ul><ul><li>Dropped frames: Monitoring device is missing packets due to port over-subscription </li></ul></ul><ul><ul><li>Full Duplex monitoring is not supported </li></ul></ul><ul><ul><li>Not secure and transporting monitored traffic through the production network may not acceptable </li></ul></ul><ul><ul><li>Not Priority </li></ul></ul><ul><ul><li>Degraded network switch performance when monitoring a busy segment </li></ul></ul><ul><ul><li>Contention for SPAN Ports </li></ul></ul><ul><ul><ul><li>Engineers, Security, VoIP, etc </li></ul></ul></ul><ul><ul><ul><li>I have no SPAN Ports Available </li></ul></ul></ul><ul><ul><li>Requires re-configuration of the network switch </li></ul></ul><ul><ul><ul><li>Authorization Problems </li></ul></ul></ul><ul><ul><ul><li>Switch Configuration Errors can cause major Network Problems </li></ul></ul></ul>
  14. 14. SPAN/Mirrored Switch Port <ul><li>Data Monitoring Access: SPAN Port or Passive TAP? What’s on your Network? </li></ul><ul><li>Part 1 </li></ul><ul><li>Is SPAN port a viable data access technology for today’s business critical networks especially with today’s access needs for Data Security Compliance and Lawful Intercept requirements? </li></ul><ul><li>Not really, see why ! </li></ul><ul><li>by Tim O’Neill from BT Solutions </li></ul><ul><li>From Cisco’ on SPAN port usability –From Cisco’s White Paper – Using the Cisco Span port for SAN analysis </li></ul><ul><li>“ Cisco warns that the switch treats SPAN data with a lower priority than regular port-to-port data. In other words, if any resource under load must choose between passing normal traffic and SPAN data, the SPAN loses and the mirrored frames are arbitrarily discarded. This rule applies to preserving network traffic in any situation. For instance, when transporting remote SPAN traffic through an Inter Switch Link (ISL) which shares the ISL bandwidth with regular network traffic, the network traffic takes priority. If there is not enough capacity for the remote SPAN traffic, the switch drops it. </li></ul><ul><li>Knowing that the SPAN port arbitrarily drops traffic under specific load conditions, what strategy should users adopt so as not to miss frames? According to Cisco, the best strategy is to make decisions based on the traffic levels of the configuration and when in doubt to use the SPAN port only for relatively low-throughput situations. “ </li></ul><ul><li>Read the entire article by accessing </li></ul><ul><li> </li></ul>
  15. 15. How do I connect to Wireshark to the Network? <ul><li>Traffic Access Port (TAP) </li></ul><ul><ul><li>Provides a copy of the traffic flowing between two (2) Network Devices </li></ul></ul><ul><ul><li>Fail Safe Technology - 100% Network Availability even in an event of power loss </li></ul></ul><ul><ul><li>100 % Visibility of the Full Duplex Network Traffic including Layer 1 & Layer 2 Errors </li></ul></ul><ul><ul><li>Sensor are 100% Isolated & Secure </li></ul></ul><ul><ul><li>TAPs are a layer 1 device – Easy to install & Manage </li></ul></ul><ul><ul><li>Creates a Permanent Access Point for Network Tools </li></ul></ul>TAP
  16. 16. TAP Benefits <ul><li>Provide Easy Network Access (hardware only solution) </li></ul><ul><li>Eliminates the need for SPAN / Mirrored Ports </li></ul><ul><li>Permanent 24/7/365 Access </li></ul><ul><li>10/100/1000 Copper, Fiber 100Base-FX, OC3 – OC192, Gigabit, 10 Gigabit, Fiber to Copper Gigabit TAPs </li></ul>
  17. 17. TAP Benefits <ul><li>Simple Layer 1 Passive Hardware Device </li></ul><ul><li>Easy to Install </li></ul><ul><li>Provides Permanent Access </li></ul><ul><li>100% Network Availability </li></ul><ul><ul><li>No Single Point of Failure </li></ul></ul><ul><li>100% Visibility to Network Traffic </li></ul><ul><li>Eliminate the need for a SPAN Port </li></ul><ul><li>Cost effective </li></ul><ul><li>Save $$$$, No Network Downtime </li></ul>Make your life easier when deploying & managing Wireshark
  18. 18. Tapping Technology Aggregating TAP Many-to-One or One-to-Many TAPs Aggregation or Regeneration V-Line (Virtually In-Line) By-pass TAPs
  19. 19. Aggregation / Many-to-One / One-to-Many CRITICALCONNEX™ MANY TO ONE 10/100 meg network connections 1000 meg monitoring device
  20. 20. Router Switch Network Link Traffic with heartbeat Fail - over path V-Line (Virtually In-Line) By-Pass TAP
  21. 21. TAP Your Network for Wireshark <ul><li>Easily connect your Wireshark Analyzer </li></ul><ul><ul><li>10/100/1000 Copper </li></ul></ul><ul><ul><li>Multi-mode Gigabit Fiber </li></ul></ul><ul><ul><li>Single Mode Gigabit Fiber </li></ul></ul><ul><ul><li>Provide a single copper monitoring port for laptops & single port mobile devices </li></ul></ul><ul><ul><li>Install & Monitor </li></ul></ul>
  22. 22. TAP Your Network for Wireshark
  23. 23. Access Technology Solutions <ul><li>Building a Proper Infrastructure Access Solution </li></ul><ul><ul><li>Building a foundation to support the Monitoring Applications for enterprise customers </li></ul></ul><ul><ul><ul><li>Complex, High Availability, Multi-locations </li></ul></ul></ul><ul><ul><li>Zero Failure Point created by Access Equipment </li></ul></ul><ul><ul><li>100% Visibility to Network Traffic </li></ul></ul><ul><ul><ul><li>No Data Loss </li></ul></ul></ul><ul><ul><ul><li>Data is not groomed, changed or effected </li></ul></ul></ul><ul><ul><li>No Network Latency created by Access Points </li></ul></ul><ul><ul><ul><li>Invisible, non-intrusive access to the network </li></ul></ul></ul><ul><ul><li>Secure Access Points </li></ul></ul><ul><ul><li>Flexible Access Points support multiple Capture & Analysis Tools </li></ul></ul>
  24. 24. Access Technology Solutions <ul><li>Building a Proper Infrastructure Access Solution </li></ul><ul><ul><li>Bandwidth on networks is not unlimited </li></ul></ul><ul><ul><ul><li>Allow Core Switches, Distribution Switches, Access Switches, and Router to be designed for Live Network Traffic Only </li></ul></ul></ul><ul><ul><ul><li>Do not design a Access Point requiring re-transmission over the Live Network </li></ul></ul></ul><ul><ul><li>Build your infrastructure with Access Points from day one </li></ul></ul>
  25. 25. CriticalConneX ™ Modular Chassis CC1000: CriticalConneX 1U Modular Chassis, Four (4) Hot Swappable Slots, Dual AC Power Supplies CC1010: CriticalConneX 1U Modular Chassis, Four (4) Hot Swappable Slots, Single AC Power Supply CC1020: CriticalConneX 1U Modular Chassis, Four (4) Hot Swappable Slots, Dual AC Power Supplies, Aggregating Backplane Add –DC to the part number for -48vdc power supplies
  26. 26. CriticalConneX ™ Modular Chassis
  27. 27. CriticalConneX ™ Modular Chassis
  28. 28. CriticalConneX ™ Modular Chassis
  29. 29. Access Technology Solutions <ul><li>Next Generation TAP Smart Network Access Technology </li></ul>
  30. 30. Any Questions? ACCESS CAPTURE ANALYZE