A help desk is typically staffed with help desk analysts—people profi-cient in basic but not usually advanced workstation and network troubleshooting.. For example, a company that provid
Trang 1Identify the Results and Effects of the Solution
Upon testing your solution, you should be able to determine how and why the solution wassuccessful and what effects it had on users and functionality For example, suppose you identi-fied a symptom of excessively slow performance when saving and retrieving files to and from
a server on your LAN You determined that all users were affected by the problem and that ithad worsened steadily in the past month Your proposed solution was to replace the serverwith one that contained a faster processor, more memory, greater hard disk capacity, and dualNICs You implemented the solution and then tested its outcome to make sure all users couldsave and retrieve files to and from the new server If all went well, the effect of the solutionmight be an 80% increase in performance between clients and the server
Most importantly, you want to avoid creating unintended, negative consequences as a result ofyour solution For example, in the process of diagnosing a problem with a user’s access to amail directory, you might have reconfigured his mail settings to log on with your own user name
to rule out the possibility of a physical connectivity error After discovering that the problemwas actually due to an IP addressing conflict, you might fix the IP addressing problem but for-get that you changed the user’s e-mail configuration Having the user test your solution wouldreveal this oversight—and prevent you from having to return to the workstation to solve anotherproblem
After you have implemented and tested your solution and identified its results and effects, municate your solution to your colleagues, thus adding to the store of knowledge about yournetwork The next section discusses how best to document your troubleshooting efforts andnotify others of changes you’ve made
com-Document the Solution and Process
Whether you are a one-person network support team or one of 100 network technicians at yourorganization, you should always record the symptoms and cause (or causes) of a problem andyour solution Given the volume of problems you and other analysts will troubleshoot, it will
be impossible to remember the circumstances of each incident In addition, networking sonnel frequently change jobs, and everyone appreciates clear, thorough documentation Aneffective way to document problems and solutions is in a centrally located database to whichall networking personnel have online access
per-Staff Involved in Troubleshooting
Many staff members may contribute to troubleshooting a network problem Often the division
of duties is formalized, with a help desk acting as the first, single point of contact for users tocall in regarding errors A help desk is typically staffed with help desk analysts—people profi-cient in basic (but not usually advanced) workstation and network troubleshooting Larger orga-nizations may group their help desk analysts into teams based on their expertise For example,
a company that provides users with word-processing, spreadsheet, project planning, ing, and graphics software might assign different technical support personnel at the help desk
schedul-to answer questions pertaining schedul-to each application
NET+
4.9
Trang 2The help desk analysts are often considered first-level support, because they provide the firstlevel of troubleshooting When a user calls with a problem, a help desk analyst typically cre-ates a record for the incident and attempts to diagnose the problem The help desk analyst may
be able to solve a common problem over the phone within minutes by explaining something
to the user On other occasions, the problem may be rare or complex In such cases, the level support analyst will refer the problem to a second-level support analyst A second-levelsupport analyst is someone who has specialized knowledge in one or more aspects of a network.For example, if a user complains that she can’t connect to a server, and the first-level supportperson narrows down the problem to a failed file server, that first-level support analyst wouldthen refer the problem to the second-level support person
first-In addition to having first- and second-level support analysts, most help desks include a helpdesk coordinator The help desk coordinator ensures that analysts are divided into the correctteams, schedules shifts at the help desk, and maintains the infrastructure to enable analysts tobetter perform their jobs They may also serve as third-level support personnel, taking responsi-bility for troubleshooting a problem when the second-level support analyst is unable to solve it
Record Problems and Resolutions
For documenting problems, some organizations use a software program known as a call
track-ing system (also informally known as help desk software) Such programs provide user-friendly
graphical interfaces that prompt the user for every piece of information associated with theproblem They assign unique identifying numbers to each problem, in addition to identifyingthe caller, the nature of the problem, the time necessary to resolve it, and the nature of theresolution
Most call tracking systems are highly customizable, so you can tailor the form fields to yourparticular computing environment For example, if you work for an oil refinery, you might addfields for identifying problems with the plant’s flow-control software In addition, most calltracking systems allow you to enter free-form text explanations of problems and solutions Somealso offer Web-based interfaces
If your organization does not have a call tracking system, you should at least keep records in asimple electronic form You can find an example of a network problem record in Appendix D
A typical problem record form should include at least the following fields:
◆ The name, department, and phone number of the problem originator (the personwho first noticed the problem)
◆ Information regarding whether the problem is software- or hardware-related
◆ If the problem is software-related, the package to which it pertains; if the problem ishardware-related, the device or component to which it pertains
◆ Symptoms of the problem, including when it was first noticed
◆ The name and telephone number of the network support contact
◆ The amount of time spent troubleshooting the problem
◆ The resolution of the problem
NET+
4.9
Trang 3As discussed earlier in this chapter, many organizations operate a help desk staffed with sonnel who have only basic troubleshooting expertise and who record problems called in byusers To effectively field network questions, an organization’s help desk staff must maintaincurrent and accurate records for network support personnel Your department should takeresponsibility for managing a supported services list that help desk personnel can use as a ref-
per-erence A supported services list is a document (preferably online) that lists every service and
software package supported within an organization, plus the names of first- and second-levelsupport contacts for those services or software packages Anything else you or your depart-ment can do to increase communication and availability of support information will expeditetroubleshooting
In addition to communicating problems and solutions to your peers whenever you work on anetwork problem, you should follow up with the user who reported the problem Make surethat the client understands how or why the problem occurred, what you did to resolve the prob-lem, and whom to contact should the problem recur This type of education helps your clientsmake better decisions about the type of support or training they need, and also improves theirunderstanding of and respect for your department
Notify Others of Changes
After solving a particularly thorny network problem, you should record its resolution in yourcall tracking system, and also notify others of your solution and what, if anything, you needed
to change to fix the problem This communication serves two purposes: (1) It alerts others aboutthe problem and its solution, and (2) it notifies others of network changes you made, in casethey affect other services
The importance of recording changes cannot be overemphasized Imagine that you are the work manager for a group of five network technicians who support a WAN consisting of threedifferent offices and 150 users One day, the company’s CEO travels from headquarters to abranch office for a meeting with an important client At the branch office, she needs to print afinancial statement, but encounters a printing problem Your network technician discoversthat her user account does not have rights to that office’s printer, because users on your WAN
net-do not have rights to printers outside the office to which they belong The network technicianquickly takes care of the problem by granting all users rights to all printers across the WAN.What are the implications of this change? If your technician tells no one about this change, atbest users may incorrectly print to a printer in Duluth from the St Paul office In a worst-casescenario, a “guest” user account may gain rights to a networked printer, potentially creating asecurity hole in your network
Large organizations often implement change management systems to methodically track
changes on the network A change management system is a process or program that provides
support personnel with a centralized means of documenting changes to the network In smallerorganizations, a change management system may be as simple as one document on the net-work to which networking personnel continually add entries to mark their changes In largerorganizations, the system may consist of a database package complete with graphical interfaces
NET+
4.9
Trang 4and customizable fields tailored to the computing environment Whatever form your changemanagement system takes, the most important element is participation If networking person-nel do not record their changes, even the most sophisticated software is useless.
The types of changes that network personnel should record in a change management systeminclude the following:
◆ Adding or upgrading software on network servers or other devices
◆ Adding or upgrading hardware components on network servers or other devices
◆ Adding new hardware on the network (for example, a new server)
◆ Changing the network properties of a network device (for example, changing the IPaddress or host name of a server)
◆ Increasing or decreasing rights for a group of users
◆ Physically moving networked devices
◆ Moving user accounts and their files and directories from one server to another
◆ Making changes in processes (for example, a new backup schedule or a new contactfor DNS support)
◆ Making changes in vendor policies or relationships (for example, a new hard disksupplier)
It is generally not necessary to record minor modifications, such as changing a user’s password,creating a new group for users, creating new directories, or changing a network drive mappingfor a user Each organization will have unique requirements for its change management sys-tem, and analysts who record change information should clearly understand these requirements
Help to Prevent Future Problems
If you review the troubleshooting questions and examples in this chapter, you can predict howsome network problems can be averted by network maintenance, documentation, security, orupgrades Although not all network problems are preventable, many can be avoided Just aswith your body’s health, the best prescription for network health is prevention
For example, to avoid problems with users’ access levels for network resources, you can prehensively assess users’ needs, set policies for groups, use a variety of groups, and communi-cate to others who support the network why those groups exist To prevent overusing networksegments, you should perform regular network health checks—perhaps even continual networkmonitoring (discussed in the next section), with filters that isolate anomalous occurrences—and ensure that you have the means to either redesign the network to distribute traffic or pur-chase additional bandwidth well before utilization reaches critical levels With experience, youwill be able to add more suggestions for network problem prevention When planning orupgrading a network, you should consciously think about how good network designs and poli-cies can prevent later problems—not to mention, make your job easier and more fun
com-NET+
4.9
Trang 5Troubleshooting Tools
You have already learned about some utilities that can help you troubleshoot network lems For example, you can learn many things about a user’s workstation connection by attempt-ing to ping different hosts on the network from that workstation However, in some cases, themost efficient troubleshooting approach is to use a tool specifically designed to analyze and iso-late network problems Several tools are available, ranging from simple continuity testers thatindicate whether a cable is faulty, to sophisticated protocol analyzers that capture and interpretall types of data traveling over the network The tool you choose depends on the particularproblem you need to investigate and the characteristics of your network
prob-The following sections describe a variety of network troubleshooting tools, their functions,and their relative costs
Crossover Cable
As you have learned, in a crossover cable the transmit and receive wire pairs in one of the nectors are reversed This reversal enables you to use a crossover cable to directly interconnecttwo nodes without using an intervening connectivity device A crossover cable is useful forquickly and easily verifying that a node’s NIC is transmitting and receiving signals properly.For example, suppose you are a network technician on your way to fix urgent network prob-lems A user flags you down and says that over the last week he occasionally had problemsconnecting to the network and as of this morning, he hasn’t been able to connect at all He’svery frustrated, so you kindly say that if you can help him in 10 minutes, you will; otherwise,he’ll have to call the help desk You follow him to his workstation and, by asking around, youdetermine that he is the only one suffering this problem Thus, you can probably narrow theproblem down to his workstation (either hardware or software) or his cabling (or less likely, hisport on the hub in the telecommunications closet) Because you have your laptop and trou-bleshooting gear in your bag, you quickly connect one plug of the crossover cable to his work-station’s network adapter and the other plug to your laptop’s network adapter You then trylogging on to your laptop from his workstation Because this process is successful, you suggestthat the problem lies with his network cable, and not with his workstation’s software or hard-ware You quickly hand him a new patch cable to replace his old one and rush off to your orig-inal destination
con-Tone Generator and con-Tone Locator
Ideally, you and your networking colleagues would label each port and wire termination in atelecommunications closet so that problems and changes can be easily managed However,because of personnel changes and time constraints, a telecommunications closet often is dis-organized and poorly documented If this is the case where you work, you may need a tone gen-erator and a tone locator to determine where one pair of wires (out of possibly hundreds)terminates
NET+
3.3
4.8
Trang 6A tone generator is a small electronic device that issues a signal on a wire pair A tone
loca-tor is a device that emits a tone when it detects electrical activity on a wire pair By placing the
tone generator at one end of a wire and attaching a tone locator to the other end, you can ify the location of the wire’s termination Figure 12-4 depicts the use of a tone generator and
ver-a tone locver-ator Of course, you must work by triver-al ver-and error, guessing which terminver-ation sponds to the wire over which you’ve generated a signal until the tone locator indicates the
corre-correct choice This combination of devices is also known as a fox and hound, because the
loca-tor (the hound) chases the generaloca-tor (the fox)
FIGURE 12-4 Use of a tone generator and tone locator
Tone generators and tone locators cannot be used to determine any characteristics about a cable,such as whether it has defects or whether its length exceeds IEEE standards for a certain type
of network They are only used to determine where a wire pair terminates
A tone generator should never be used on a wire that’s connected to a device’s port
or network adapter Because a tone generator transmits electricity over the wire, itmay damage the device or network adapter
CAUTION
NET+
3.3
4.8
Trang 7Cable testing tools are essential for both cable installers and network troubleshooters, as faultycables are often the cause of network problems Symptoms of cabling problems can be as elusive asoccasional lost packets or as obvious as a break in network connectivity You can easily testcables for faults with specialized tools In this section and in the ones following, you will learnabout different tools that can help isolate problems with network cables The first device you
will learn about is a multimeter, a simple instrument that can measure many characteristics of
an electric circuit, including its resistance and voltage
If you have taken an introductory electronics class, you are probably familiar with a voltmeter,
the instrument that measures the pressure, or voltage, of an electric current Recall that age is used to create signals over a network wire Thus, every time data travels over a wire, thewire carries a small voltage In addition, each wire has a certain amount of resistance, or oppo-sition to electric current Resistance is a fundamental property of wire that depends on a wire’smolecular structure and size Every type of wire has different resistance characteristics Resis-
volt-tance is measured in ohms, and the device used to measure resisvolt-tance is called an ohmmeter.
Another characteristic of electrical circuits is impedance—the resistance that contributes tocontrolling the signal Impedance is also measured in ohms Impedance is the telltale factor forascertaining where faults in a cable lie A certain amount of impedance is required for a signal
to be properly transmitted and interpreted However, very high or low levels of impedance cansignify a damaged wire, incorrect pairing, or a termination point In other words, changes inimpedance can indicate where current is stopped or inhibited
Although you could use separate instruments for measuring impedance, resistance, and age on a wire, it is more convenient to have one instrument that accomplishes all of these func-tions The multimeter is such an instrument Figure 12-5 shows a multimeter
volt-FIGURE 12-5 A multimeter
NET+
3.3
4.8
Trang 8As a network professional, you might use a multimeter to:
◆ Verify that a cable is properly conducting electricity—that is, whether its signal cantravel unimpeded from one node on the network to another
◆ Check for the presence of noise on a wire (by detecting extraneous voltage)
◆ Verify that the amount of resistance presented by terminators on coaxial cable works is appropriate, or whether terminators are actually present and functional
net-◆ Test for short or open circuits in the wire (by detecting unexpected resistance or loss
of voltage)Multimeters vary in their degree of sophistication and features Some merely show voltage lev-els, for example, whereas others can measure the level of noise on a circuit at any moment withextreme precision Costs for multimeters also vary; some, such as those available at any homeelectronics store, cost as little as $30, while others cost as much as $4000 Multimeters capa-ble of the greatest accuracy are most useful to electronics engineers As a network technician,you won’t often need to know the upper limit of noise on a cable within a small fraction of adecibel, for example However, you do need to know how to check whether a cable is con-ducting current Another instrument that can perform such a test is a continuity tester, which
is discussed next
Cable Continuity Testers
In troubleshooting a Physical layer problem, you may find the cause of a problem by simplytesting whether your cable is carrying a signal to its destination Tools used to make this deter-
mination are said to be testing the continuity of the cable and may be called cable checkers or
continuity testers They may also be called cable testers The term cable tester, however, is a
general term that also includes more sophisticated tools that can measure cable performance,
as discussed in the following section
When used on a copper-based cable, a continuity tester applies a small amount of voltage toeach conductor at one end of the cable, and then checks whether that voltage is detectable atthe other end That means that a continuity tester consists of two parts: the base unit thatgenerates the voltage and the remote unit that detects the voltage Most cable checkers pro-vide a series of lights that signal pass/fail Some also indicate a cable pass/fail with an audibletone A pass/fail test provides a simple indicator of whether a component can perform its statedfunction
In addition to checking cable continuity, some continuity testers will verify that the wires in aUTP or STP cable are paired correctly and that they are not shorted, exposed, or crossed Recallthat different network models use specific wire pairings and follow cabling standards set forth
in TIA/EIA 568 Make sure that the cable checker you purchase can test the type of networkyou use—for example, 10BASE-T, 100BASE-TX, or 1000BASE-T Ethernet
Continuity testers for fiber-optic networks also exist Rather than issuing voltage on a wire,however, these testers issue light pulses on the fiber and determine whether they reached the
NET+
3.3
4.8
Trang 9other end of the fiber Some continuity testers offer the ability to test both copper and optic cable.
fiber-Figure 12-6 depicts a basic continuity tester and a more sophisticated continuity tester
FIGURE 12-6 Cable continuity testers
Whether you make your own cables or purchase cabling from a reputable vendor, test the cable
to ensure that it meets your network’s required standards Just because a cable is labeled “CAT6,” for example, does not necessarily mean that it will live up to that standard Testing cablingbefore installing it may save many hours of troubleshooting after the network is in place
For convenience, most continuity testers are portable and lightweight, and typically use one volt battery A simple continuity tester can cost between $100 and $300, and it may save manyhours of work Popular manufacturers of these cable testing devices include Belkin, Fluke,Microtest, and Paladin
Trang 10Cable Performance Testers
If you need to know more than whether a cable is simply carrying current, you can use a cable
performance tester The difference between continuity testers and performance testers lies in
their sophistication and price A performance tester accomplishes the same continuity and faulttests as a continuity tester, but can also perform the following tasks:
◆ Measure the distance to a connectivity device, termination point, or cable fault
◆ Measure attenuation along a cable
◆ Measure near-end crosstalk between wires
◆ Measure termination resistance and impedance
◆ Issue pass/fail ratings for CAT 3, CAT 5, CAT 5e, CAT 6, or CAT 7 standards
◆ Store and print cable testing results or directly save data to a computer database
◆ Graphically depict a cable’s attenuation and crosstalk characteristics over the length
of the cable
A sophisticated performance tester will include a TDR (time domain reflectometer) A TDR
issues a signal on a cable and then measures the way the signal bounces back (or reflects) to theTDR Connectors, crimps, bends, short circuits, cable mismatches, or other defects modify thesignal’s amplitude before it returns to the TDR, thus changing the way it reflects The TDRthen accepts and analyzes the return signal, and based on its condition and the amount of timethe signal took to return, determines cable imperfections In the case of a coaxial cable network,
a TDR can indicate whether terminators are properly
installed and functional A TDR can also indicate the
dis-tance between nodes and segments
In addition to performance testers for coaxial and
twisted-pair networks, you can also find performance testers for
fiber-optic networks Such performance testers use OTDRs
(optical time domain reflectometers) Rather than issue an
electrical signal over the cable as twisted-pair cable testers
do, an OTDR transmits light-based signals of different
wavelengths over the fiber Based on the type of return light
signal, the OTDR can accurately measure the length of the
fiber, determine the location of faulty splices, breaks,
con-nectors, or bends, and measure attenuation over the cable
Because of their sophistication, performance testers for both
copper and fiber-optic cables cost significantly more than
continuity testers A high-end unit may cost from $5000 to
$8000, and a low-end unit may cost between $1000 and
$4000 Popular performance tester manufacturers include
Fluke and Microtest Figure 12-7 shows an example of a
high-end performance tester that is capable of measuring
the characteristics of both copper and fiber-optic cables FIGURE 12-7 A performance tester
NET+
3.3
4.8
Trang 11Network Monitors
A network monitor is a software-based tool that continually monitors network traffic from a
server or workstation attached to the network Network monitors typically can interpret up toLayer 3 of the OSI Model They can determine the protocols passed by each frame, but can’tinterpret the data inside the frame By capturing data, they can provide either a snapshot ofnetwork activity at one point in time or a historical record of network activity over a period oftime
Some NOSs come with network monitoring tools Microsoft Network Monitor is the tool that
ships with Windows Server 2003 as well as with Windows NT and Windows 2000 Server
Novell NETMON, an NLM (NetWare Loadable Module), comes with NetWare 5.x and 6.x.
In addition, you can purchase or download for free network monitoring tools written by othersoftware companies Hundreds of such programs exist After you have worked with one net-work monitoring tool, you will find that other products work in much the same way Mosteven use very similar graphical interfaces
To take advantage of network monitoring and analyzing tools, the network adapterinstalled in the machine running the software must support promiscuous mode In
promiscuous mode, a device driver directs the NIC to pick up all frames that pass
over the network—not just those destined for the node served by the card You candetermine whether your network adapter supports promiscuous mode by reading itsmanual or checking with the manufacturer Some network monitoring software ven-dors may even suggest which network adapters to use with their software
NOTE
Network monitoring tools can perform at least the following functions:
◆ Continuously monitor network traffic on a segment
◆ Capture network data transmitted on a segment
◆ Capture frames sent to or from a specific node
◆ Reproduce network conditions by transmitting a selected amount and type of data
◆ Generate statistics about network activity (for example, what percentage of the totalframes transmitted on a segment are broadcast frames)
Some network monitoring tools can also:
◆ Discover all network nodes on a segment
◆ Establish a baseline, or a record of how the network operates under normal
condi-tions, including its performance, collision rate, utilization rate, and so on
NET+
4.2
4.8
Trang 12◆ Store traffic data and generate reports
◆ Trigger alarms when traffic conditions meet preconfigured conditions (for example,
if usage exceeds 50% of capacity)How can capturing data help you solve a problem? Imagine that traffic on a segment of thenetwork you administer suddenly grinds to a halt one morning at about 8:00 You no soonerstep in the door than everyone from the help desk calls to tell you how slowly the network isrunning Nothing has changed on the network since last night, when it ran normally, so youcan think of no obvious reasons for problems
At the workstation where you have previously installed a network monitoring tool, you ture all data transmissions for approximately five minutes You then sort the frames in the net-work monitoring software, arranging the nodes in order based on the volume of traffic eachhas generated You might find that one workstation appears at the top of the list with an inor-dinately high number of bad transmissions Or, you might discover that a server has been com-promised by a hacker and is generating a flood of data over the network
cap-Before adopting a network monitor or protocol analyzer, you should be aware of some of thedata errors that these tools can distinguish The following list defines some commonly usedterms for abnormal data patterns and packets, along with their characteristics:
◆ Local collisions—Collisions that occur when two or more stations are transmitting
simultaneously A small number of collisions are normal on an Ethernet network.Excessively high collision rates within the network usually result from cable or rout-ing problems
◆ Late collisions—Collisions that take place outside the window of time in which
they would normally be detected by the network and redressed Late collisions areusually caused by one of two problems: (1) a defective station (for example, a card ortransceiver) that is transmitting without first verifying line status, or (2) failure toobserve the configuration guidelines for cable length, which results in collisionsbeing recognized too late
◆ Runts—Packets that are smaller than the medium’s minimum packet size For
instance, any Ethernet packet that is smaller than 64 bytes is considered a runt
Runts are often the result of collisions
◆ Giants—Packets that exceed the medium’s maximum packet size For example, an
Ethernet packet larger than 1518 bytes is considered a giant
◆ Jabber—A device that handles electrical signals improperly, usually affecting the rest
of the network A network analyzer will detect a jabber as a device that is alwaysretransmitting, effectively bringing the network to a halt A jabber usually resultsfrom a bad NIC Occasionally, it can be caused by outside electrical interference
◆ Negative frame sequence checks—The result of the CRC (Cyclic Redundancy
Check) generated by the originating node not matching the checksum calculatedfrom the data received It usually indicates noise or transmission problems on the
NET+
4.2
4.8
Trang 13LAN interface or cabling A high number of negative CRCs usually result fromexcessive collisions or a station transmitting bad data.
◆ Ghosts—Frames that are not actually data frames, but aberrations caused by a
device misinterpreting stray voltage on the wire Unlike true data frames, ghostshave no starting delimiter
Protocol Analyzers
A protocol analyzer (or network analyzer) is another tool that can capture traffic But a
pro-tocol analyzer can also analyze frames, typically all the way to Layer 7 of the OSI Model Forexample, it can identify that a frame uses TCP/IP and, more specifically, that it is an ARPrequest from one particular workstation to a server Analyzers can also interpret the payloadportion of frames, translating from binary or hexadecimal code to human-readable form As aresult, network analyzers can capture passwords going over the network, if their transmission
is not encrypted Some protocol analyzer software packages can run on a standard PC, butothers require PCs equipped with special network adapters and operating system software
As with network monitoring software, a variety of protocol analyzer software is available Onepopular example is the free program called Ethereal Essentially, a protocol analyzer performsthe same features as the network monitor software discussed previously, plus a few extras Itcan also generate traffic in an attempt to reproduce a network problem and monitor multiplenetwork segments simultaneously Its graphical interface makes this product very easy to use,readily revealing the traffic flow across the network In addition, protocol analyzer software typ-ically supports a multitude of protocols and network topologies
Some protocol analyzers are not merely software tools, but hardware tools as well Sniffer nologies has led the way in developing hardware-based protocol analyzers, under the Snifferbrand name (Following the popularity of the Sniffer Technologies product, some networkingprofessionals generically refer to any hardware-based protocol analyzer as a “sniffer.”) Hard-ware-based protocol analyzers usually resemble regular laptops, but are equipped with a spe-cial network adapter and network analysis software The sole job of this device is to identifyand assess network problems Unlike laptops that have a network monitoring tool installed,hardware-based protocol analyzers typically cannot be used for other purposes, because theydon’t depend on a familiar desktop operating system such as Windows They have their ownproprietary operating system Because they do not rely on a desktop operating system such asWindows, hardware-based network analyzers have an advantage over network monitoring soft-ware They do not rely on Windows device drivers (for the NIC), for example, so they can cap-ture information that the NIC would automatically discard, such as runt packets Figure 12-8illustrates how Sniffer Portable software can display network data In this case, the screendepicts the distribution of traffic captured by protocol type
Tech-Hardware-based protocol analyzers are tailored to a particular type of network For example,one may be able to analyze both Ethernet and Token Ring networks, but another may be necessary to analyze fiber-optic networks Still others are designed especially for analyzing
NET+
4.2
4.8
Trang 14wireless network traffic A hardware-based protocol analyzer represents a significant ment, with costs ranging from $10,000 to $30,000.
invest-Protocol analyzers offer a great deal of versatility in the type and depth of information theycan reveal The danger in using this type of tool is that it may collect more information thanyou or the machine can reasonably process, thus rendering your exercise futile To avoid thisproblem, you should set filters on the data gathered For example, if you suspect that a certainworkstation is causing a traffic problem, you should filter the data collection to accept onlyframes to or from that workstation’s MAC address If you suspect that you have a gateway-related TCP/IP problem, you would set a filter to capture only TCP/IP frames and to ignoreother protocols from the gateway’s MAC address
Before using a network monitor or protocol analyzer on a network, it’s important to know whattraffic on your network normally looks like To obtain this information, you can run the pro-gram and capture data for a period of time on a regular basis—for example, every weekdaybetween 8:00 A.M and noon You’ll generate a lot of data, but you’ll also learn a lot about yournetwork From this data, you can establish a baseline to use as a comparison with future traf-fic analyses
FIGURE 12-8 Traffic displayed by protocol type
NET+
4.2
4.8
Trang 15Wireless Network Testers
Cable continuity testers and performance testers, of course, will tell you nothing about the less connections, stations, or APs (access points) on a network For that, you need tools thatcontain wireless NICs and run wireless protocols In fact, you can learn some things about awireless environment by viewing the wireless network connection properties on your worksta-tion For example, after establishing a wireless connection in Windows XP, right-click the wire-less connection icon in your system tray, and then click Status in the shortcut menu TheWireless Network Connection Status dialog box opens The General tab in this dialog boxshows you the duration of your connection, the speed and strength of your signal, and the num-ber of packets that have been exchanged, as shown in Figure 12-9
wire-However, viewing the status of the wireless connection on your workstation tells you only
a little about your wireless environment—and this information only applies to one station Many programs exist that can scan for wireless signals over a certain geographical range
work-Recall that using a switch logically separates a network into different segments If anetwork is fully switched (that is, if every node is connected to its own switch port),your protocol analyzer can capture only frames destined for the port to which yournode is connected The increasing use of switches has made network monitoringmore difficult, but not impossible One solution to this problem is to reconfigure theswitch to reroute the traffic so that your network analyzer can pick up all traffic Obvi-ously, you would want to weigh the disruptive effects of this reconfiguration against thepotential benefits from being able to analyze the network traffic and solve a problem