Network Analysis Using Wireshark 1

Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 1
Network Analysis Using Wireshark
Lesson 1:
Introduction & TS Basics

By the end of this lesson you will:
• Understand how to approach a network problem
• Understand the difference between GO-NOGO and
performance problems
• Understand the tools that assist us in the network
troubleshooting process
Lesson Objectives

What is network troubleshooting
Troubleshooting tools
Troubleshooting methodologies
Chapter Content
The network is guilty until proven otherwise…

Define the Problem
Gather Facts
Consider Possibilities
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Document the Results
Start
End
TS Algorithm
YES
NO

TS Algorithm – Define the Problem (1)
• Draw the network
▫ Servers, switches,
routers, firewalls etc.
• Draw the traffic flow
chart
▫ Packets goes to servers,
to Internet, between sites
….
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

TS Algorithm – Define the Problem (2)
• Define the problem
▫ Does the problem happens
always or occasionally
▫ Does it happen in one
application or all applications
▫ Does it happened with all
users, group of users or single
user
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

TS Algorithm – Gather Facts
• Collect data about:
▫ How often does the problem
happens ?
▫ When did the problem first occur ?
▫ What changes were made before
the problem have started ?
▫ Is the problem reproducible ?
• Collect data from:
▫ Affected users, administrators,
managers, and any key people
involved with the network etc.
▫ Network management tools,
protocol analyzers, diagnostic
commands etc.
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

TS Algorithm – Consider Possibilities
• What can it be:
▫ System/OS ?
▫ Application ?
▫ Network ?
▫ Hardware ?
• What tools to use ?
▫ Networking tools ?
▫ System/OS tools ?
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

TS Algorithm – Create Plan
• Develop a plan for how you will
test the most likely causes of the
problem.
• Plan to change just one variable at
a time
• Document your action plans. Each
plan should describe a set of steps
to be executed.
• Prepare a roll-back plan in case
your actions make matters worse.
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

TS Algorithm – Implement the Plan and
Observe the Results
• Follow the steps that you created
in your action plan and observe
the results.
• Make sure you document which
plan you are currently trying
otherwise it is too easy to repeat
yourself.
• Test all fixes that you make. Be
sure you do not make the problem
worse or introduce new problems.
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

TS Algorithm – Implement the Plan
• When you have resolved the
problem, you have one more
important step remaining -
documenting the results.
• Documenting the resolution will
help you in the future when a
similar problem occurs.
• In addition to documenting the
resolution, be sure to save any
configuration changes you made.
If necessary, update your network
maps.
Define the Problem
Gather Facts
Create a Plan
Implement the Plan
Observe Results
Does the
Symptoms
Stop
Start
End

What is the Problem Nature
Go / No Go
Problem
Performance
Problem
Problem Nature

What is network
troubleshooting
Troubleshooting
methodologies
Chapter Content
Don’t forget: user responses are relative …

• By the end of this lesson, you will be able to understand and use:
1. PC tools – Ping, Tracert ,Netstat, ARP …..
2. Communication equipment – Switches, Routers, Firewalls ….
3. Protocol analyzers – Wireshark (former Ethereal), Sniffer® …..
4. SNMP tools – SNMPc, Whatsup Gold, HP-OV NNM …..
5. Special tools – Netflow, Sflow, Port mappers, …..
6. Dedicated analyzers – Agilent, Spirent, IXIA…..
Network TS Tools

• End to end basic
connectivity
• First “filling” of the
network behavior
1. PC Tools - Ping, Tracert ,Netstat, ARP …..
To ISP
server pc
router

• Local data – counters in equipment itself
• For local problem isolation
2. Access to communication equipment's –
Switches, Routers, ….
To ISP

• Local, in-depth, packet-by-packet protocol analysis
of network traffic
• Network, hardware and application behavior
3. Protocol analyzers – Wireshark (former
Ethereal), Sniffer® …..
To ISP

• Continues monitoring and mapping
• Events and notifications
• Maps system
• Mostly SNMP based
4. SNMP tools – SNMPc, Whatsup Gold,
HP-OV NNM …..
To ISP

• Traffic analysis, engineering tools etc …
5. Special tools – Netflow, IP tools …..
To ISP

• Simulators, applications tests etc …
6. Dedicated analyzers – Agilent, Spirent, …..
To ISP

What is network troubleshooting
Troubleshooting methodologies
Chapter Content
Applications are typically developed in a “Golden Environment” -
Fastest possible PCs, High Bandwidth, low latency etc. When they
move from test (LAN) to production (WAN/WIFi/Cellular) the
phone starts ringing…

T.S. Approaches
• Theoretical – “Scientist”
approach
• Practical – “Caveman”
Approach

• The “Scientist” approach will be to
analyze and re-analyze the situation
until the exact cause of the problem
has been identified
• This approach will finally lead for
solving the problem, but although this
process is fairly reliable.
Theoretical - Scientist Approach

• The “Caveman” first instinct is start
swapping cards, cables, hub's, and
everything available, until
miraculously, the network begins to
work, even though not always
properly.
• The problem with the “caveman”
approach is that most of the times
the root cause of the problem will
still be present.
Practical - The Caveman Approach

• Analyze the network as a whole - rather than in pieces.
• Ask the questions - then collect the information - concentrate on
the problem - and then replace one broken ring in the chain to
solve it.
• Do not forget to verify that the problem have been truly fixed.
• Many problems can be user problems or mental problems that do
not involve anything in the network. Eliminate these problems at
the beginning!
The Right Approach

Summary
• In this lesson we talked about:
▫ Work in order
▫ Document, Document, Document!
▫ Scientist or Caveman? Both, as required
Thanks for your time
Yoram Orzach
yoram@ndi-com.com
Many examples, case-studies, capture files and more on
my classroom course or online on:
https://www.eknower.com/

Network Analysis Using Wireshark 1

More Related Content

What's hot

Viewers also liked

Similar to Network Analysis Using Wireshark 1

Recently uploaded

Network Analysis Using Wireshark 1