Student Name: ___________________________
C
H A B O T
C
O L L E G E
C
I S C O
N
E T W O R K I N G
A
C A D E M Y
I
Preparations
Read this document carefully as you work slowly and step-by-step .
Answer all questions in italic .
To keep track of progress, you may wish to check off each bullet.
Each student will work individually.
Work will be performed at the curriculum workstation
Objective
In this lab, you will become familiar with the basic controls and functions of the Fluke Protocol Inspector software. This product is an example of the software class known as "protocol analyzers", which allow detailed examination of Layer 2 frames on your network. This is a complex program, and you will only begin its exploration in this lab.
Steps

Launch the Protocol Inspector program, which you will find in Start | Programs | Cisco Programs | Protocol
Inspector.

At the left side of the main program window, you will see a sub-window containing tiered folders and files.
The highest folder is the “Resource Browser” folder, and has a computer icon labeled “Local” and a network card icon labeled " NDIS 802.3 Module(1)" branching off “Local”.
1.
What standard is the "802.3" referring to? ____________________________
Monitoring Utilization and Errors

On the screen, you should see a window titled //Local/NDIS 802.3 Module(1). If this window is not present, open it by double-clicking the network card icon. This window will have a green background and will contain two graphs. The top graph is labeled “Utilization: and the bottom one is labeled “Errors”. At this point, these graphs will be empty.

You are now in "Summary View". To learn more about Summary View, go the the Help menu and select
Help | Contents... If necessary, select the Contents tab. Then double-click Views . Read about Summary
View, Be sure to click the Utilization/Error link near the bottom of the help page.
Note that "utilization" is defined as the percentage of the LAN's bandwidth that is being used.
2.
What does the help file say about the scale for the utilization graph? ___________________________
3.
What sort of network errors would be reported in the "Errors" graph? ______________________________

Now start the program capturing frames: Click the Green Start Arrow icon on the left hand side of the tool bar. The graphs will now start showing network transmission information.

Now team-up with a classmate seated near you to create some network traffic to be monitored: While one of you observes Protocol Inspector's Utilization/Error window, the other should start Internet Explorer browser and load a few pages from the curriculum on Academy1. (Take turns and exchange roles.)
 Observe the“Utilization” graph, which depicts the local network traffic as time progresses. Take careful note of the scale (%) and numbers on the y-axis of the graph. Also notice that the graph's strip chart continues to move as time passes during the capture process.
1

Student Name: ___________________________
4.
What is the average level of utilization you see? _____________%
(Utilization will vary over time, so pick a typical level.)
5.
In view of this evidence, would you say utilization of our class network is high, medium, or low?
Explain your answer:
______________________________________________________________________

Select the Rx (received frames) tab at the bottom of the Utilization/Error window. Carefully examine the
MAC counters column and the Errors column.
6.
How many frames have been captured since you clicked the green arrow? _________
How many of them were broadcast frames (FF-FF-FF-FF-FF-FF)? __________
7.
How many CRC or Alignment errors were there? __________
How many collisions occurred? __________

Reselect the Monitor tab at the bottom of the Utilization/Error window to return to summary utilization and error monitoring.

Stop the frame capture process by clicking the Red Stop Button next to the green start arrow.
Monitoring Additional Detail

Now let's change to "Detailed View", which reports much more information: From the menu bar, select
Module | Detailed View. A whole new window will appear, with a graph sub-window and more toolbars with lots of icons.

Once again, team up with a classmate to create some network traffic and monitor it. Perform these tasks, and then exchange roles:

Student 1: Press the Green Start Arrow to begin frame capture.

Student 2: Use you browser to load the page at
. To be sure you retrieve the page from the network, click your browser's Refresh button to reload the page.

Student 1: Press the Red Stop Button to end frame capture.
(Your captured frames will be saved for study and the Utilization graph will freeze.)
Before you go on, be sure you have stopped frame capture by pressing the Red Stop Button!

Study the finished graph. The peaks should represent the time the web page loading occurred.

Click the MAC Statistics button (1 st button in the second toolbar).
(When you hold your cursor still over the button, its label will be displayed.)
8.
How many total frames were received in the capture? ____________
How many bytes were received in the capture? _____________
What was the exact percentage of network utilization? ____________%

Close the MAC Statistics window to clean up your screen.
Then click the Frame Size Distribution button (2 nd button in the second toolbar).
At the left side of the resulting window, notice and try the buttons that let you select bar or pie chart.
Also try the tabs at the bottom of the window; these let you select chart or table.
9.
What was the most common frame size (or range of sizes) in bytes? _________________

Close the Frame Size Distribution window to clean up your screen.
Click the Protocol Distribution button (3 rd button in the second toolbar).
You should see a chart labeled "All Applications (Frames Relative %)"
2

Student Name: ___________________________
10.
Which protocol used the most network bandwidth? ______________________
What was the relative % for this protocol? _______________

Now click the Net button at the top left of the Protocol Distribution window.
You should see a chart labeled "Network Layer (Frames Relative %)".
11.
What was the most common layer 3 protocol? _________
What was its relative %? _________

Close the Protocol Distribution window.
Skip to the 6 th button ( Host Table ) and the 7 th button ( Network Layer Host Table ) and click them both.
Position the resulting two windows so you can see both of them.
12.
Explain the difference between the two similar graphs: ____________________________________
__________________________________________________________________________________
13.
Which station transmitted the most traffic? ____________________

Click the 9 th button ( Host Matrix ) and 10 th button ( Network Layer Matrix ).
14.
What were the IP addresses (or host names) of the two stations involved in the top conversation?
_______________________ and ______________________
What were the MAC addresses?
_______________________ and ______________________
Studying Individual Frames

Now let's change to "Capture View", which allows examination of the contents of individual frames, one at a time. From the menu bar, select Capture View | Capture View. A complex new window will pop up. The uppermost sub-window contains several columns that describe each frame that was captured during your last network monitoring capture.
15.
Which of these columns shows the destination MAC address for the frame? _______________

Click on a frame labeled "HTTP and DATA" in the Summary column.
If possible, choose one with a size > 1400 bytes.

Notice the bottom window that contains two columns labeled "HEX" and "ASCII".
This window shows the actual frame contents.
In this window, the first six bytes (12 hex characters) will already be highlighted.
Click these highlighted characters once with your arrow cursor, and a red outline will appear as a new sort of cursor – a Field Cursor.

Now use your keyboard's right arrow key to move slowly from field to field in the frame.
Notice:

You move through both the HEX and ASCII displays.

The scrolling window above organizes the contents of the frame fields.

The frame fields change color as you move through them:

Ethernet header (purple)

IP Packet header (green) [studied in upcoming chapter]

TCP control information (red) [studied in upcoming chapter]
3

Student Name: ___________________________

Data (blue)

Frame Check Sequence (black)
Spend a few minutes thoroughly exploring several frames. Select frames of several different types and sizes.
Your goal should be to become familiar with the display and to prepare for questions 20 and 21 below. In labs for future chapters, we will use Capture View more extensively, so really explore it.
Reflection: Answer these questions thoughtfully.
16.
Everything seems slow, and I think it is because my network segment is too busy - how could I find out?
17.
The cable installers for my building network were careless. They put in some cables that are longer than the maximum specification, and some of their terminations are of poor quality. I'm wondering if these physical
Layer 1 problems are creating network errors (e.g. CRC or excess collisions). How can I find out?
18.
I'm wondering how much of my network segment's bandwidth is being used for web browsing (HTTP protocol). How could I find out?
19.
The Protocol Inspector application (layer 7) sees all the frames on the network, regardless of which NIC the frames are addressed to. Apparently, Protocol Inspector is causing your NIC to behave abnormally at the MAC sublayer of Layer 2. What is your NIC doing that is strange?
20.
If protocol analyzers work at Layer 2, how can they also report information from Layer 3 and above? (e.g. protocols such as IP, IPX, TCP, and application data.) Explain:
21.
What security risks might result from use of protocol analyzer software by a person with an intention to snoop?
22.
Suppose each computer in our lab was individually connected to a dedicated port on an Ethernet switch.
What frames would you then see when you ran Protocol Inspector?
END | THREE-HOLE PUNCH | SUBMIT
4