Assignment-2 Network management
smartman1212
IT340Assignment2.docx|
Pg. 06 |
|
Question Three |
|
|
|
|
Deadline: Tuesday 19/03/2019 @ 23:59
Network Management
IT340
College of Computing and Informatics
|
|
|
|
|
|
|
|
Question One
2 Marks
Learning Outcome(s):
Evaluate different SNMP tools, network statistics tools, and protocol analyzer for network management.
Discuss in details how remote network monitoring plays an important role in network management.
Answer:
· Each remote network monitoring device monitors the local network segment and does the necessary analyses. It relays the necessary information in both solicited and unsolicited fashion to the NMS.
· More reliable information if polling is local (RMON could be locally polling network elements in a segment. If it detects an abnormal condition, such as heavy packet loss or excessive collisions, it would send an alarm.)
· Permits monitoring on a more frequent basis and hence faster fault diagnosis (Individual segments can be monitored on a more continuous basis. This provides better statistics and greater ability for control. Thus, a fault could be diagnosed quicker by the RMON and reported to the NMS. In some situations, a failure could even be prevented by proactive management
·
· Implementing RMON technology in a network ensures higher network availability for users and greater productivity for administrators.
· Local monitoring and reporting to a remote NMS, reduces SNMP traffic in the network segment in which the NMS resides.
· RMON reduces the necessity of agents in the network to be visible at all times to the NMS and so no needs for direct visibility by NMS.
Question Two
2 Marks
Learning Outcome(s):
Evaluate different SNMP tools, network statistics tools, and protocol analyzer for network management.
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
Download the Wireshark software from their official website https://www.wireshark.org/download.html and setup the program
A) Capture the packets for the WIFI interface when access the internet by using WIFI connection. (Take screenshot for captured packets).
B) Capture the packets for the Ethernet interface when access the internet by using Ethernet connection. (Take screenshot for captured packets).
C) Display the statistics for protocol hierarchy in the previous captured packets. (Take screenshot).
Wireless network connection
Ethernet network connection
D) Capture the packets when run Ping command for any IP address in the network and determine its protocol. (Take screenshot for Ping command in the command prompt window and another screenshot captured packets in the Wireshark).
Using the filter ip.addr==192.168.8.103 and ip.addr==192.168.8.1 to display the information exchanged between the 192.168.8.1( my device ) and 192.168.8.103 ( my router )
The ping command sends four echo requests and receives four echo replies. Ping uses ICMP protocol
Question Three
2 Marks
Learning Outcome(s):
Evaluate different SNMP tools, network statistics tools, and protocol analyzer for network management.
·
Why network manager needs network traffic monitoring tools? As a network manager, cite and describe at least three tools for heavy traffic monitoring.
Answer:
الحل من الكتاب Traffic monitoring tools can be used for
1. Measuring round-trip packet transmission time and the percentage of packet loss and hence the throughput with “ping” command
2. Measuring point-to-point bandwidth of a link with “bing ” Command
3. Measuring the raw throughput of a link by calculating the difference in round-trip times for different packet sizes from each end of the link.
4. Capturing network traffic for different protocols such as TCP/IP
5. Saving and inspecting network traffic as in ethereal and Wireshark
6. Discovering all host/Ethernet address pairs on the LAN segment as in getethers
7. Measuring performance of gateways using iptrace in Unix
الحل من الانترنت
Network manager needs traffic monitoring tools to
· Avoid bandwidth and server performance bottlenecks
· Discover which applications use up your bandwidth
· Be proactive and deliver better quality of service to your users
· Reduce costs by buying bandwidth and hardware according to actual load
· Easily troubleshoot network problems
· Identifying Top Talkers and Conversations in the network: Determine which users and what applications are using maximum bandwidth, and drill down for conversational details.
· Monitoring and projecting Traffic Trends and Usage Patterns: View trends in network traffic, and determine top applications and peak usage times.
· Defining Applications to Monitor Specific Traffic: Use a combination of ports and protocols to define unlimited applications, and recognize this traffic exclusively in traffic reports. You can also mention a particular IP address to map an application.
· Increased accounting: Improve resource utilization accounting with real-time bandwidth and network usage statistics.
· Detection of spyware and other hacks
· provides details on network traffic sources, potential security threats and bandwidth consumption data
اختر ثلاث برامج على الاقل وعدل فى الصياغة وتاريخ الرفرنس
1. Cloud Shark
A web based application that provides a secure storage, organization, user and group access control, and elegant, powerful analysis tools that can analyze packet from any device.
Cloudshark.io. (2019). CloudShark: Network Analysis Evolved. [online] Available at: https://cloudshark.io/ [Accessed 11 Mar. 2019].
2. PRTG
PRTG is All in one network monitoring tool that can monitor and classify system conditions like bandwidth usage or uptime and collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications.it helps to detect problems before they deteriorate into faults and by alerting these problems to a network administrator, many costly service outages can be avoided.
Paessler.com. (2019). PRTG Network Monitor » All-In-One Network Monitoring Software. [online] Available at: https://www.paessler.com/prtg [Accessed 11 Mar. 2019].
3. Zabbix
Zabbix is an open source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides monitoring metrics, such as network utilization, CPU load and disk space consumption. The software monitors operations on Linux, Hewlett Packard Unix (HP-UX), Mac OS X, Solaris and other operating systems
Zabbix.com. (2019). Zabbix:: The Enterprise-Class Open Source Network Monitoring Solution. [online] Available at: https://www.zabbix.com/ [Accessed 12 Mar. 2019].
4. Debookee Network Traffic Interception
Debookee is able to intercept and monitor the traffic of any device in the same subnet, thanks to a Man-in-the-middle attack (MITM). It allows capturing data from mobile devices on Mac (iPhone, iPad, Android, BlackBerry...) or Printer, TV, Fridge (Internet of Things!) without the need of a proxy. The interception is done transparently, without network interruption.
Debookee Analyze VoIP calls (SIP signaling & RTP for voice)and performs Real time IP network traffic monitor & packet sniffer: HTTP, DNS, TCP, DHCP, SIP...
Debookee.com. (2019). Network traffic analyzer & SSL/TLS decryption for iPhone, iPad, Android, PC on macOS. [online] Available at: https://debookee.com/ [Accessed 11 Mar. 2019].
5. Omnipeek
Omnipeek is a packet analyzer software tool used for network troubleshooting and protocol analysis. It supports an application programming interface for plugins. It decodes over 1,000 protocols so network engineers can monitor distributed networks remotely to quickly identify and remedy performance bottlenecks without leaving the office.
Liveaction.com. (2019). Omnipeek. [online] Available at: https://www.liveaction.com/products/omnipeek/ [Accessed 11 Mar. 2019].
6. Ettercap
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. It can be used for computer network protocol analysis and security auditing
Ettercap-project.org. (2019). Ettercap Home Page. [online] Available at: https://www.ettercap-project.org/ [Accessed 11 Mar. 2019].
7. SmartSniff
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers.
Nirsoft.net. (2019). SmartSniff: Packet Sniffer - Capture TCP/IP packets on your network adapter. [online] Available at: https://www.nirsoft.net/utils/smsniff.html [Accessed 11 Mar. 2019].
8. solar winds netflow traffic analyzer
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. By analyzing flow data, a picture of network traffic flow and volume can be built. SolarWinds NetFlow Traffic Analyzer (NTA) is an example of a software-based NetFlow collector that collects traffic data, correlates it into a useable format, and then presents it to the user in a web-based interface.
Solarwinds.com. (2019). NetFlow Analyzer | SolarWinds. [online] Available at: https://www.solarwinds.com/netflow-traffic-analyzer [Accessed 11 Mar. 2019].
9. Microsoft Message Analyzer
Message Analyzer captures, displays, and analyzes protocol messaging traffic; and to trace and assess system events and other messages from Windows components.
Microsoft.com. (2019). Download Microsoft Message Analyzer from Official Microsoft Download Center. [online] Available at: https://www.microsoft.com/en-sa/download/details.aspx?id=44226 [Accessed 11 Mar. 2019].
10. Nagios
Nagios. (2019). Nagios Network Analyzer. Netflow Analysis and Monitoring. [online] Available at: https://www.nagios.com/products/nagios-network-analyzer/ [Accessed 11 Mar. 2019].
11. Colasoft Capsa Network Analyzer
Capsa, a portable network performance analysis and diagnostics tool, provides tremendously powerful and comprehensive packet capture and analysis solution with an easy to use interface allowing both veteran and novice users the ability to protect and monitor networks in a critical business environment. Being able to support more than 300 protocols, Capsa make it easy to analyze protocols in network and understand what is happening.
Colasoft.com. (2019). Network Analyzer, Packet Sniffer, Network Sniffer - Colasoft. [online] Available at: https://www.colasoft.com/capsa/ [Accessed 11 Mar. 2019].
12. wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
Wireshark.org. (2019). Wireshark · Go Deep.. [online] Available at: https://www.wireshark.org/ [Accessed 11 Mar. 2019].
13. Ethereal for Windows
Ethereal is a packet analyzer that can be fully recommended for professionals, as it even displays all the information sorted by types. You can capture the data from both the network, and a disk capture, as it supports over 20 different formats and more than 300 protocols.
Ethereal.com. (2019). Ethereal.com. [online] Available at: http://www.ethereal.com/ [Accessed 11 Mar. 2019].
14. EtherApe
EtherApe is a packet sniffer/network traffic monitoring tool, developed for UNIX. EtherApe is free, open source software. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read packets from a file as well as live from the network. Etherape.sourceforge.io. (2019). EtherApe, a graphical network monitor. [online] Available at: https://etherape.sourceforge.io/ [Accessed 11 Mar. 2019].
