To capture network traffic between two different computers using IPv4 source and destina-tion addresses, as shown in Figure 7.7, complete the following steps: 1.. Windows Reliability and
Trang 1FIGURE 7.5 Choosing to copy a cell as a filter
FIGURE 7.6 Sample capture with red-highlighted filtered data
as shown in Figure 7.5 Figure 7.6 shows a sample capture with a DNS capture filter
applied and all RDP packets color-coded in red using a color filter
Trang 2To remove a filter, just highlight the correct filter from the Filter menu and select Remove
Filter, click the Remove button in the Capture Filter pane, or press the Ctrl+Shift+Enter
keys simultaneously
NOTE
Removing a filter does not remove it from the filter list It just removes it from being
applied
Capturing Network Traffic Between Computers
As outlined previously, Network Monitor 3.1 includes the ability to capture wireless,
remote, local area network (LAN), and wide area network (WAN) traffic using a remote
agent In some cases, network administrators want to diagnose or monitor a conversation
between two computers The steps necessary to monitor traffic between two different
computers are outlined in the following list
To capture network traffic between two different computers using IPv4 source and
destina-tion addresses, as shown in Figure 7.7, complete the following steps:
1 In Network Monitor, click the Create a New Capture Tab button on the left
2 Click the Filter menu, select Capture Filter, Load Filter, Standard Filters
3 Select IPv4SourceandDestination
4 Edit the filter to specify the IP addresses that should be filtered in the Capture Filter
window (for example, 192.168.1.5 and 192.168.1.2)
Trang 3FIGURE 7.8 Parsers tab of Network Monitor 3.1
5 Click the Apply button in the Capture Filter pane
6 Click the Play button on the main Network Monitor menu bar or press the F10 key
to start the capture
Parsing Captured Network Traffic Data
Parsing captured data allows the information to be converted into a format that is more
legible to the naked eye Parsing captured data makes analysis of the captured data
easier—in fact, it’s almost essential The Network Monitor parsing engine was completely
rewritten to support the new functionality of Network Monitor 3.1
To parse captured data in Network Monitor 3.1, complete the following steps:
1 With a capture running or loaded from a saved file, select the Parsers tab in Network
Monitor, as shown in Figure 7.8
2 Expand the appropriate parsing category and double-click the selected criteria, such
as tables, data types, protocols, and so on
For more detailed information about parsing with Network Monitor 3.1, review the online
help in Network Monitor 3.1 or reference the ParserLanguage.doc file located in the
C:\Program Files\Network Monitor 3.1\Help\ folder
Trang 4FIGURE 7.9 Reliability and Per formance Monitor
Windows Reliability and Performance Monitor
The Reliability and Performance Monitor in Windows 2008, shown in Figure 7.9, replaced
the Performance Monitor that was included with Windows Server 2003 The Reliability
and Performance Monitor bears a similarity to the Task Manager and previous
Performance Monitor and highlights components that are critical to system performance
The Reliability and Performance Monitor is a combination of the previous Windows Server
tools: System Monitor, Performance Monitor, and Server Performance Advisor The
Reliability and Performance Monitor is composed of four main components: Performance
Monitor, Reliability Monitor, Data Collector Sets, and a reporting component The
Reliability and Performance Monitor can be launched from within the Windows 2008
Server Manager or from Start, All Programs, Administrative Tools
Using the Reliability and Performance Monitor, administrators can identify bottlenecks
and pinpoint resource issues with applications, processes, or hardware Monitoring these
items can help to identify and resolve issues, to plan for capacity changes, and to establish
baselines for use in future analysis Upon launching the Reliability and Performance
Monitor, a summary of system performance displays, showing current memory, disk,
processor, and network loads
Trang 5Reliability and Performance Monitor includes the following new features:
system performance and marks any errors, failures, and other problems for analysis
by the administrator
window, which is presented when launching the Reliability and Performance
Monitor The Resource Overview displays real-time status of processor usage, disk
usage, network throughput, and memory status
monitored You can use one of the predefined sets or create your own to group
together items that you want to monitor
reporting mechanism and several template performance and diagnosis reports for
use In addition, reports can also be created manually or generated from Data
Collector Sets
Performance Monitor
Many IT professionals rely on the Performance Monitor because it is bundled with the
operating system, and it allows you to capture and monitor every measurable system
object within Windows 2008 The tool involves little effort to become familiar with it You
can find and start the Performance Monitor from within the Reliability and Performance
Monitor program under Monitoring Tools in the console view The Performance Monitor,
shown in Figure 7.10, is by far the best utility provided in the operating system for
capac-ity-analysis purposes With this utility, you can analyze data from virtually all aspects of
the system both in real time and historically This data analysis can be viewed through
charts, reports, and logs The log format can be stored for use later so that you can
scruti-nize data from succinct periods of time
Reliability Monitor
As mentioned previously, the Reliability Monitor establishes and monitors a baseline of
system performance and marks any errors, failures, and other problems for analysis by the
administrator The Reliability Monitor is quite useful for identifying how a new
applica-tion, update, or system change might behave and to correlate any errors or failures with
possible causes that occurred around the same time The Reliability Monitor is shown in
Figure 7.11
Trang 6FIGURE 7.10 The Per formance Monitor
FIGURE 7.11 The Reliability Monitor
Trang 7FIGURE 7.12 Data Collector Sets in the Reliability and Per formance Monitor
Data Collector Sets
As mentioned previously, Data Collector Sets are a collective grouping of items to be
monitored You can use one of the predefined sets or create your own to group together
items that you want to monitor Data Collector Sets are useful for several reasons First,
data collectors can be a common theme or a mix of items For example, you could have
one Data Collector Set that monitors only memory or a Data Collector Set that contains
myriad items such as memory, disk usage, processor time, and more Data Collector Sets
can also be scheduled to run when needed The Data Collector Sets section of the
Reliability and Performance Monitor is shown in Figure 7.12
Reports
As previously discussed, the Reliability and Performance Monitor includes an updated
reporting mechanism and several template performance and diagnosis reports for use In
addition, reports can be created manually or generated from Data Collector Sets Three
system reports are included for diagnosing and assessing system performance: LAN
Diagnostics, System Diagnostics, and System Performance The following steps outline the
process to view a System Diagnostics report Figure 7.13 shows a sample System
Diagnostics report
To create and view reports in the Reliability and Performance Monitor, complete the
following steps:
1 Expand Data Collector Sets and System in the console tree of the Reliability and
Performance Monitor
Trang 8FIGURE 7.13 System Diagnostics repor t in the Reliability and Per formance Monitor
2 Right-click the LAN Diagnostics, System Diagnostics, or System Performance sets and
select Start Windows will begin collecting data for the report
3 When you have collected enough data, right-click the collection set again and
select Stop
4 Expand Reports, System and click the collection set you chose earlier Double-click
the report listed under that performance set
5 The report will be compiled and displayed
Other Microsoft Assessment and Planning Tools
Several other products and tools are available from Microsoft to assist with proper capacity
analysis and performance monitoring Some of these tools are available for purchase
sepa-rately or can be downloaded for free Selecting the right tool or product depends on the
goal you are trying to accomplish For example, the Windows System Resource Manager
would be used if you want to implement thresholds for the amount of resources an
appli-cation or process is allowed to consume, and System Center Operations Manager might be
deployed if you want to be notified when critical processes behave abnormally on
produc-tion servers
Discussing each of these tools in depth is beyond the scope of this book; however, a basic
understanding and overview of their purposes will help you make an informed decision
Trang 9FIGURE 7.14 Windows System Resource Manager
Windows System Resource Manager
Windows System Resource Manager (WSRM) is included in the feature set of Windows
2008 and provides an interface that enables you to configure how processor and memory
resources are allocated among applications, services, and processes Having the ability to
control these items at such a granular level can help ensure system stability, thus
improv-ing system availability and enhancimprov-ing the user experience Assignimprov-ing thresholds to
services, applications, and processes can prevent issues such as high CPU consumption
WSRM is installed as a feature in Server Manager WSRM can manage multiple items on
the local system and remote computers (if Terminal Services is installed) The WSRM
inter-face is shown in Figure 7.14
To install WSRM, complete the following steps:
1 Launch Server Manager by choosing it in the Administrative Tools folder
2 Click Features in the Scope pane on the left
3 Click Add Features in the central Details pane; the Select Features window opens
4 Scroll down and select Windows System Resource Manager
5 If it isn’t already installed, a notification window opens stating that the Windows
Internal Database feature must also be installed Click the Add Required Features
button to accept the addition of the feature
6 Click Next
Trang 107 Click Install to install WSRM and required components
8 Click Close when the installation completes
NOTE
A warning appears in Ser ver Manager if the WSRM ser vice is not star ted This ser vice
must be running to use WSRM
After WSRM is installed, you can start fine-tuning the Windows 2008 server’s processes,
services, applications, and other items to ensure CPU cycles and memory usage are
allo-cated appropriately WSRM provides administrators with a means of adjusting the system
to meet the demands of those accessing it WSRM can allocate CPU time and memory
usage through the use of the included resource allocation policies or a customized one
Observed system usage and data obtained from tools such as the Reliability and
Performance Monitor can be applied directly to WSRM policies For example, if system
monitoring reveals that a particular application is in high demand but the same server is
busy providing other services, making the application sluggish, the WSRM can allocate
enough resources to both items to ensure that neither the system nor the items being used
are negatively impacted
Resource-allocation policies are used in WSRM to divide processor and memory usage
among applications, services, processes, and users Resource-allocation policies can be in
effect at all times, or they can run on a scheduled basis If certain events occur or the
system behaves differently, WSRM can switch to a different policy to ensure system
stabil-ity and availabilstabil-ity Resource-allocation policies can be exported and imported between
Windows 2008 servers, and the policies can also contain exclusions when something
doesn’t require specific resource assignments
When accounting is enabled in WSRM, administrators of the servers can review data
collected to determine when and why resource allocation policies were too restrictive or
too loose Accounting can also help identify problems with the items in the policy and
peak access times Administrators can use the information obtained by the accounting
component of WSRM to make adjustments to the policies WSRM resource-allocation
poli-cies can manage local and remote computers as well as Terminal Services sessions
WSRM comes packaged with four predefined policies These templates provide
administra-tors with a way to quickly allocate resources, leaving room for fine-tuning later The
prede-fined resource allocation policy templates are as follows:
preventing one process from consuming all available CPU and memory resources
from consuming all available CPU and memory resources
preventing one session from consuming all available CPU and memory resources