The troubleshooting process can involve many different systems and components. In this video, you’ll learn about protocol analyzers, speed test sites, NetFlow, TFTP servers, and more.
If you’re having problems with your wireless network, you may want to see exactly what packets may be traversing that network. Fortunately, with wireless networks, everything you need to monitor is in the air around you. All you need is software that can show you exactly what’s happening on that wireless network.
You may find that your analysis tool doesn’t send any traffic on the wireless network when it’s performing analysis. This is so the analyzer can hear all of the traffic that may be on the wireless network, instead of transmitting and overloading its local receiver.
If you’re performing wireless analysis on a laptop or mobile device, you may require some additional hardware to be able to gather more of the wireless information. Many network drivers will show you Ethernet information, but they won’t show you any of the wireless protocols. Normally, the documentation for the analysis software will give you some options on what cards would be best to use on a wireless network.
Once you get the software installed and you have the right hardware, you’re able to see all of the wireless information, such as signal-to-noise ratio, channel information, 802.11 management frames, and much more. You should try loading some free software to see what you can find on your wireless network. A good example would be the software available at www.wireshark.org.
Wireshark fits into the category of a protocol analyzer. It takes data that’s received on an Ethernet network, a wireless network, or almost any other kind of network, and displays that information in plain English on the screen. You can see information down at the Ethernet level, or you can watch application traffic.
If you’re using a Linux distribution, you may find that Wireshark is already included as one of the available tools. But it’s a relatively simple installation. And you can run this on almost any operating system.
Using Wireshark or any other protocol analyzer, you can see exactly which frames may be sent across the network. You can identify any unknown traffic that might be on your network. And you can analyze exactly what application communication is occurring and how that’s being affected by your network throughput. This can also be configured to capture this information to a storage device, so you can go back over hours or even days of information to see exactly what happened on the network.
Sometimes it’s useful to know what type of throughput you might be getting through a particular network. Sometimes this can be a relatively easy test. You may want to transfer a file between devices and see what type of throughput is measured during the file transfer.
Or maybe you’re installing a new piece of equipment, so you perform a speed test prior to the installation. You install the equipment. And then you perform the speed test again to make sure you’re still receiving the same throughput. It’s also sometimes useful to perform this test at different times of the day, so you can see if your throughput may be affected by other traffic that may be on the network.
One easy way to perform this test is by using a speed test site. You can connect your browser to a third party site and begin running a speed test to that location. Not every single one of these remote locations will be the same. Each of these POPs, or Point Of Presence, may be a little bit different and in a different location in the world. There may be different bandwidth available at that point of presence and different speed test services may use different criteria to perform their analysis.
If you are using an external speed testing service, I would recommend using one of the servers from your ISP. This would minimize the number of variables that you might receive by going outside the scope of your ISP. So connecting to your Xfinity.net or your AT&T speed test site may be a good representation of what type of throughput you’re getting from your local ISP.
If you would like a second opinion to your ISP, you may use a third party service, such as SpeedOf.Me, speedtest.net or testmy.net. If you don’t want to use a speed testing service from your ISP or a third party, you could perform your own speed testing within your own facility. You can use a utility such as iPerf to be able to perform this performance monitoring on your local network.
You’ll need two computers to perform this test. One will act as the iPerf server, and the other will be the iPerf client. You can connect multiple devices together over different operating systems and measure the throughput that you’re getting over time on your local network. This will help you understand if the problems that you’re seeing might be something that are local on your system or, perhaps, something that’s external to your facility.
One useful tool for any network administrator or security administrator is the ability to search for and identify available IP addresses on the network and what port numbers might be available. You can use IP scanners and port scanners to be able to scan the network and identify devices and open services.
Normally, you would pick a range of IP addresses and have the scanner step through every possible IP address in that range. Once a device responds to a particular scan, you can then go through every port number that might be available on that device to see what might be open.
Some of these tools can even provide you a visual representation of the network, show you all of the IP addresses that may be responding, and then you can select each one of those devices to see the IP address, any open port numbers, and what applications may be in use.
This is also a great tool to be able to identify devices that you aren’t expecting to see on the network. If you’re looking for a rogue device or device that’s not authorized to be on the network, an IP scanner and port scanner can easily locate that. These are always great tools to have on your system. You may want to try installing Nmap, which also comes with Zenmap for the graphical view, or other third party scanners, such as the Angry IP Scanner.
Looking at detailed packet captures or trying to understand what’s happening on the network over an extended period of time can be a challenge. Fortunately, there are monitoring tools that can show you the trends of traffic that are occurring on your network. One way to implement this is through a standard called NetFlow. NetFlow uses probes and collectors to be able to collect data and then create reports on the data that’s been collected.
The probe is usually connected to the network through a tap or a port mirror, and, sometimes, NetFlow probes are built into infrastructure devices, themselves. The probe, then, sends information to a collector. This is usually a device that has a large amount of storage space and is gathering statistics from many different NetFlow probes on the network. There’s usually a reporting tool available on the collector. And you can monitor traffic over time and identify any anomalies that may have occurred.
Here’s a view of some of these NetFlow reports. This is a NetFlow conversation summary that can show you exactly what two devices are communicating to each other and creating the most amount of traffic on this network. You can also see an overview of the NetFlow sources and top NetFlow sources by utilization percentage.
The information on this screen is also dynamic. If we wanted to see more information from a particular NetFlow source, we can click on that source and drill down into more detail. If you want to know exactly what applications might be flowing on your network and how much traffic is being used by those applications, you can view some of that information in your NetFlow console.
Sometimes the most important software tools you keep on your system are the ones that are very simple. A good example of this is a TFTP server. TFTP stands for Trivial File Transfer Protocol, which is a way of transferring files between systems that uses a minimum of overhead. If you’re doing firmware upgrades, or you’re changing the version of software running on a particular switch or router, you often use TFTP to transfer those files to the device.
This means you’ll need a TFTP server running on one of your systems, so that it can store the files that are pulled by the switch, the firewall, router, or whatever is going to be the TFTP client. You won’t find a lot of different types of TFTP servers out there, but you will find that there are some available for almost every operating system.
So if you’re using Windows, you may want to use tftpd64. If you’re in Linux or Mac OS, you may want to use the TFTP features built into the operating system. As the name implies, the configurations for this software is relatively trivial, and it doesn’t take much to get it up and running so that you can then transfer these files and upgrade your systems.
And another relatively simple, but very important, tool to have on your system is a terminal emulator. An example of this might be a Secure Shell Client or SSH client, which allows you to connect to devices and have a terminal screen over an encrypted channel. This allows you to transfer files, view the console, make configuration changes, and be assured that all of that communication over the network is being sent in an encrypted form.
If you’re using Linux or a Mac OS, you may find that an SSH client is already built into the operating system. And if you’re using Windows, you might want to use Windows terminal or one of the many SSH clients available in that operating system.