Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

module_1.2

advertisement 
Module 1.2: Introduction (cont.)
•
•
Characterizing Network Traffic
Server Placement
K. Salah
1
Characterizing Network Traffic
K. Salah
2
Characterizing Network Traffic
•
•
•
Sniffing Network Traffic and performing Traffic Characterization
Application Profiles
Application Monitoring
K. Salah
3
Sniffing Network Traffic
K. Salah
4
Sniffing Network Traffic
•
•
•
•
By looking at what is going on inside the network wire - called
“sniffing”
By analyzing on how the network is being used - looking at
application use
We do this to better understand how the network resource,
bandwidth, is being used and how its use impacts the network’s
design
By capturing traffic you can really see how your network is
performing
K. Salah
5
Sniffing Network Traffic
•
•
•
•
There are several ways to collect data to determine our network
traffic
One way is to look inside the wire - otherwise known as “sniffing”
the network traffic
Lets look at how Windows NT does this as an example of how
you do this
Experiments with Etherreal Sniffer Tool
K. Salah
6
Sniffing Network Traffic
Analyze
Optimize
K. Salah
Predict
7
Characterizing Services
•
•
Traffic Characterization
– What kind of traffic is generated?
– How often is it generated?
– What is the relative impact on the network?
Method for Characterizing a Service
– Use a network capturing and analysis tool
– Capture the appropriate traffic
– Identify each frame in the capture
K. Salah
8
Frame Types
Broadcast Deliver to all hosts
Multicast
Deliver to registered
members
Directed
K. Salah
9
Deliver to specified address
Using the NT Network Monitor
Software Installation
•
•
Network Monitor Application
Network Monitor Agent
Network Adapter Card
•
•
Must Support Promiscuous Mode for Network-Wide Traffic
Local-only Mode Will Capture Traffic to and from the Local Host
K. Salah
10
The NT Network Monitor Interface
Network Monitor - [\Ethernet\NET1 Capture Window (Station Stats)]
File
Capture
Tools
Options
Window
Time Elapsed: 00:01:44.659
% Network Utilization:
0
0
Graph
Pane
0
Help
Network Statistics
100
# Frames: 35
# Broadcasts: 4
# Multicasts: 0
# Bytes: 3450
# Frames Dropped: 0
Network Status: Normal
Frames Per Second:
0
100
0
2180
Bytes Per Second:
0
Broadcasts Per Second :
Captured Statistics
# Frames: 35
# Frames in Buffer: 35
# Bytes: 3450
# Bytes in Buffer: 3730
% Buffer Utilized: 0
# Frames Dropped: 0
Network Address 1->2 1<-2 Network Address 2
BACKUP
9
11 WFW Client
Session
BACKUP
INSTRUCTOR
Statistics
Pane
INSTRUCTOR
WFW Client
1
2
4
3
1
4
Total
Statistics Pane
*BROADCAST
WFW Client
BACKUP
*BROADCAST
Per Second Statistics
% Network Utilization: 0
# Frames/second: 0
# Bytes /second : 0
Network Address Frames Sent Frames Rcvd Bytes Sent Bytes Rcvd Directed Frames Sent
*BROADCAST 0
4
0
423
0
Multicasts Sent Broadcasts Sent
0
0
BACKUP
INSTRUCTOR
WFW Client
0
0
0
14
6
15
15
5
11
1336
432
1682
1513
402
112
13
6
12
Network Monitor V1.1 (built on Jun 23 1995 at 17:49:57)
K. Salah
11
1
0
3
Station
Statistics Pane
Displaying Data with Network Monitor
Network Monitor- [Capture:1 (Summary)]
File
Edit
Display
Tools
Options
Window
Help
Frame
Time
Src MAC Addr
Dst MAC Addr
Protocol
Description
19
20
21
22
23
66.276
66.277
66.278
66.279
66.281
WFW Client
WFW Client
BACKUP
WFW Client
BACKUP
BACKUP
BACKUP
WFW Client
BACKUP
WFW Client
TCP
NBT
NBT
SMB
SMB
.A..S., len: 0, seq: 282193079, ack:1312173
SS: Session Request, Dest: BACKUP
, So
SS: Positive Session Response, Len: 0
C negotiate, Dialect = Windows for Workgroups
R negotiate, Dialect # = 3
Summary Pane
+ IP: ID = 0xE204; Proto = TCP; Len: 186
+ TCP: .AP..., len: 146, seq: 282193151, ack: 1312173868, win: 8756, src: 1029 dst: 139 (NBT Session)
+ NBT: SS: Session Message, Len: 142
- SMB: C negotiate, Dialect = Windows for Workgroups 3.1a
+SMB: SMB Status = Error Success
+SMB: Header: PID = 0x36DB TID = 0x0000 MID = 0x4F81 UID = 0x0000
- SMB: Command = C negotiate
SMB: Word count = 0
SMB: Byte count = 107
SMB: Byte parameters
- SMB: Dialect Strings Understood
SMB: Dialect String = PC NETWORK PROGRAM 1.0
00000050
00000060
00000070
00000080
00000090
000000A0
000000B0
00
20
20
4E
53
20
6F
00
4E
31
45
20
4C
77
00
45
2E
54
4C
41
73
00
54
30
57
4D
4E
20
DB
57
00
4F
31
4D
66
36
4F
02
52
2E
41
6F
00
52
4D
4B
32
4E
72
00
4B
49
53
58
32
20
81
20
43
20
30
2E
57
4F
50
52
33
30
31
6F
00
52
4F
2E
32
00
72
6B
4F
53
30
00
02
6B
00
47
4F
00
02
57
67
SMB dialects this node understands
K. Salah
02
52
46
02
44
69
72
50
41
54
44
4F
6E
6F
43
4D
20
4F
53
64
75
. . . . | 6. . u0 . k . . PC
NETWORK PROGRAM
1 . 0 . . MICROSOFT
NETWORKS 3 . 0 . . DO
S LM1 . 2X002 . . DOS
LANMAN2 . 1 . . Wind
ows for Workgroups
F#: 22/35
12
Off: 93(x5D)
Detail Pane
Hex Pane
L: 107 (x6B)
Ethereal Demo
K. Salah
13
Application Profiles
K. Salah
14
Application Profiles
•
•
The other way to characterize network traffic is by looking at the
applications that users utilize on the network and figuring out
their impact on the overall network
Again, the goal is to figure out how the bandwidth is being used
and the adequacy of the network design
K. Salah
15
Application Usage Patterns
•
•
•
•
Need to identify the number of users per application
Need to identify the frequency of application sessions
Length of an average application session
Number of simultaneous users of an application
K. Salah
16
Application Assumptions
•
If it is not practical to research the application details, some
assumptions you can make:
– number of application users = simultaneous users
– all applications are used all the time
– each user opens just one session and the session lasts all
day
K. Salah
17
Size of Data Objects
–
–
–
–
–
–
–
–
–
–
K. Salah
Terminal session - 4 Kbytes
E-mail message - 10 Kbytes
Web page with graphics - 50 Kbytes
Spreadsheet - 100 Kbytes
Word processing document - 200 Kbytes
Graphical computer screen - 500 Kbytes
Presentation document - 2 Mbytes
High resolution image - 50 Mbytes
Multimedia object - 100 Mbytes
Database backup - 1 Gigabyte or more
18
Application Monitoring
K. Salah
19
Application Monitoring
•
•
•
•
Using software tools can be used to determine application
performance statistics
Uses “agents” to collect data and send information to a
“management” station
Agents run on the different OS where the applications are
installed
Usually very expensive
– $10,000 to $25,000
K. Salah
20
Application Monitoring
•
•
•
The idea is to be able to predict what will be the effect on the
network of rolling out a new software application
For existing application, the profiling software transforms raw
application data captured from the network into an application
profile. This is used for scalability.
Allows you to do what-if scenarios, to ensure the planned
application can be run across your LAN or WAN.
K. Salah
21
Application Monitoring
•
•
CACI Products Company
– Application Profiler
– www.caci.com
Ganymede Software
– Pegasus 2.1
– www.ganymede.com
K. Salah
22
K. Salah
23
K. Salah
24
K. Salah
25
K. Salah
26
K. Salah
27
K. Salah
28
Server Placement
K. Salah
29
Server Placement
•
•
•
Can have a major effect on capacity planning, depending on the
applications run on the servers and the way the workstations are
connected.
Network problems can be prevented when the designer
understands the traffic patterns
Since servers use the bandwidth, placement becomes critical
K. Salah
30
Server Types
•
•
Identified by Function and Users they support
Common Servers
– Enterprise Server
– Distributed Server
– Network Computer Server (Terminal Server)
– WEB Application Server
K. Salah
31
Enterprise Server
•
•
•
•
Centralized Server
Supports all or majority of network users
– example is e-mail server for company
Most often located in the Data Center near the network backbone
All users’ traffic travels through the backbone devices (routers &
switches)
K. Salah
32
Enterprise Server Example
K. Salah
33
Distributed Server
•
•
•
Local or Workgroup servers
Supports a specific group of users
– Payroll server that supports only the accounting group
Placed on the same network subnet as the users that it supports
– located usually in the wiring closet
K. Salah
34
Distributed Server
•
•
Can effectively reduce the amount of traffic traveling across the
network core
– Traffic does not need to be routed through the network
Can be used to direct traffic on the network, e.g. NAT.
K. Salah
35
Distributed Server Example
K. Salah
36
Terminal Server
•
Fileserver to support “thin” Clients
– Network PC or Low End PC’s
– Applications run on the server, graphic information sent to
the client, no applications “run” on the client machine
– Use NT Server to provide windows applications to the Unix
client machines
•
Like the “mainframe” model of old
K. Salah
37
Terminal Server
•
•
Can be either Distributed or Enterprise
Needs to be a high powered server in order to service the user
with applications
– imagine all users running Word on the Terminal Server vice
on their own client machine
K. Salah
38
WEB Server
•
•
Normally set up as an Enterprise level server as many users
need access for common information
May also be set outside the company’s internal network for
outsiders (untrusted) to get information from. Usually protected
by different network devices.
K. Salah
39
Server Placement Summary
•
•
As you can see, the location and purpose of a server can have a
major impact on traffic
Need to understand where traffic is going in order to place the
servers in the right location in order to ensure network
“bottlenecks” are not created
K. Salah
40
Related documents
The coolness of my eye is Salah Part 1
The coolness of my eye is Salah Part 1
Mohammed Fareed Raffee #085
Mohammed Fareed Raffee #085
EPC vs EPCM - DMS Energy Forum: Debates
EPC vs EPCM - DMS Energy Forum: Debates
module_21
module_21
Module 1.0: Introduction
Module 1.0: Introduction
module_1.0
module_1.0
1-13b Method of Salah
1-13b Method of Salah
articles of the incorporation
articles of the incorporation
index_life_0901_91-110
index_life_0901_91-110
Download
advertisement