Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Troubleshoot Network Problems via Network Analysis or Sniffing

Troubleshoot Network Problems via Network Analysis or Sniffing

Ratings: (0)|Views: 54|Likes:
Published by smile4ever54

More info:

Published by: smile4ever54 on Sep 15, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





IntroducingNetwork Analysis
Solutions in this Chapter:
What is Network Analysis and Sniffing?
Who Uses Network Analysis?
How Does it Work?
Detecting Sniffers
Protecting Against Sniffers
Network Analysis and Policy
Chapter 1
Solutions Fast Track
Frequently Asked Questions
Reproduced from the book
2004, Syngress Publishing.
Reproduced by permission of Syngress Publishing. Written permission from Syngress Publishingis required for all other uses. For more information, please visit
2Chapter 1 Introducing Network Analysis
“Why is the network slow?”“Why can’t I access my e-mail?”“Why can’t I get tothe shared drive?”“Why is my computer acting strange?”If you are a systemsadministrator,network engineer,or security engineer you have probably heardthese questions countless times.Thus begins the tedious and sometimes painful journey of troubleshooting.You start by trying to replicate the problem from your computer.Sure enough,you can’t get to anything on the local network or the Internet either.Now what? Go to each of the servers and make sure they areup and functioning? Check that your router is functioning? Check each com-puter for a malfunctioning network card?What about this scenario:you go to your main access switch,or border router,and configure one of the unused ports for port mirroring.You plug in your laptop,fire up your network analyzer,and see thousands of User DatagramProtocol (UDP) packets destined for port 1434 with various,apparently random,Internet Protocol (IP) addresses.You immediately apply access filters to blockthese packets from entering or exiting your network until you do more investi-gating.A quick search on the Internet holds the answer.The date is January 25,2003,and you have just been hit with the SQL Slammer worm.You were able tocontain the problem relatively quickly thanks to your knowledge and use of your network analyzer.
What is Network Analysis and Sniffing?
Network analysis is the process of capturing network traffic and inspecting itclosely to determine what is happening on the network.A network analyzer decodes,or dissects,the data packets of common protocols and displays the net-work traffic in human-readable format.Network analysis is also known by severalother names:traffic analysis,protocol analysis,sniffing,packet analysis,and eaves-dropping to name a few.Sniffing tends to be one of the most popular terms inuse today.However,as you will see later in this chapter,due to malicious users ithas had a negative connotation in the past.A network analyzer can be a standalone hardware device with specializedsoftware,or it can simply be software that you install on your desktop or laptopcomputer.Network analyzers are available both free and commercially.Differences between network analyzers tend to depend on features such as thenumber of supported protocol decodes,the user interface,and graphing and sta-tistical capabilities.Other differences include inference capabilities,such as expert
analysis features,and the quality of packet decodes.Although several networkanalyzers all decode the same protocols,some may decode better than others.
Sniffer (with a capital “S”) is a trademark owned by Network Associatesreferring to its Sniffer product line. However, it has become commonindustry usage that a “sniffer” (with a lower case “s”) is a program thatcaptures and analyzes network traffic.
Figure 1.1 shows the Ethereal Network Analyzer display windows.A typicalnetwork analyzer displays the captured traffic in three panes:
This pane displays a one line summary of the capture.Fieldsusually include date,time,source address,destination address,and thename and information about the highest-layer protocol.
This pane provides all of the details for each of the layers con-tained inside the captured packet in a tree-like structure.
This pane displays the raw captured data both in hexadecimal andASCII format.
Introducing Network Analysis Chapter 13
Figure 1.1
Example Network Analyzer Display

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->