434 posts categorized "Test & Measurement" Feed

The Bootup Baseline (by Tony Fortunato)

Since 1995, I have been promoting the idea of a “Bootup Baseline”. The exercise is very straightforward, you power on a device and capture all the packets generated.

I want to take a moment to explain what we will not cover. As you look at the packets you will see several types of traffic:

  • Unicast to the bootup device. This is what we want to focus on
  • Broadcast or Multicast from other hosts. We will ignore these for the most part.
  • Flooded traffic. These are unicast packets that are addressed to other hosts that are on your switch port. This is good to note and possibly take aside to determine why it is happening and of its ‘normal’.

The traffic gathered is there for only two reasons; either the host transmitted them, or the devices on the network sent them back to the booting host.

The most important step in this process is to document how you captured the data. There are many ways to capture packets from a booting device, but the most popular are:

  • SPAN or port mirroring. Since we are not concerned with capturing errors or timings, this works well. The most convenient if you have proper access to the switch.
  • In my opinion this is the best way but it requires you to be physically close to the device and you have to break the connection to that device.
  • 10/100 Hub serves the same purpose as a TAP but no full duplex, fibre or 1 Gb support. We are only interested in the details of the traffic and not timings this works in a pinch. Ensure that the switch port connected to the hub is properly configured to support half duplex.

Continue reading "The Bootup Baseline (by Tony Fortunato)" »

Some Easy Ways To Improve Network Troubleshooting (by Keith Bromley)

Some Easy Ways To Improve Network Troubleshooting

Author:  Keith Bromley, Senior Solutions Marketing Manager, Keysight Technologies 

According to the Enterprise Management Associates report, Network Management Megatrends 2016, IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. This is for good reason. Network and application troubleshooting can be one of the most high-profile and aggravating activities there is for IT personnel. Pressure increases exponentially on IT personnel as problem resolution times increase, since this directly correlates to network and application slowness and downtime.

This blog post, a video podcast, and an ebook provide suggestions on how you can improve your troubleshooting activities. The first thing you will want to do to reduce your troubleshooting time is to implement a visibility architecture. A visibility architecture is an end-to-end infrastructure which enables physical and virtual network, application, and security. Improved visibility is what allows you to optimize your network data capture and analysis techniques. A visibility architecture typically yields immediate benefits such as the following:  eliminating blind spots, improving data flow to security tools, and maximizing network and tool availability

Specifically, there are three layers to a visibility architecture. The first layer is data access. This is where you will want to insert taps into the network between the network data flow and your monitoring tools (or network packet broker) to improve the quality of monitoring data and time to data acquisition. Once the tap is installed into the network, it is a permanent and passive device that gives you data access. This means you don’t have to ask the Change Board for permission to touch the network again. You touch it once to install the tap and then you are done.

The second layer is the monitoring data manipulation layer. This is where you will want to deploy network packet brokers (NPBs) between those taps and the security and monitoring tools to optimize the data sent to the tools. After that, you can perform data filtering, deduplication, packet slicing, header stripping, and many other functions to optimize the data before it is sent to your tools. Just by implementing taps and NPBs, it is possible to reduce your mean time to repair (MTTR) by up to 80%. A significant portion of that time reduction comes by the reduction (and probable elimination) of Change Board approvals.

Continue reading "Some Easy Ways To Improve Network Troubleshooting (by Keith Bromley)" »

Baselining and Configuring an IOT Device (by Tony Fortunato)

For those of you who have followed my articles and rants, I've talked about baselining equipment now for many years. in this particular article, I will spend a little bit more time showing you how I baselined a webcam – yup another webcam - what it was doing, and how I reconfigured it to stop the unwanted traffic

A common question I get asked is, “How do you baseline wireless equipment?” You've got several options; you can obviously get a wireless analyzer and capture those packets over the air. Another approach is to work from the access points LAN side by using an inline analyzer between the access point and its switch port. Lastly spanning or mirroring that port to an analyzer works just as well.

It's important to remember that every piece of equipment on your network should be profiled or baselined. You should be familiar with what it should communicate with as well as what it is communicating with.

As I said in the video it doesn't matter if it's a refrigerator, a camera, or a thermostat.  You should always find out how these devices behave because at some point you will have to troubleshoot them.



Continue reading other LoveMyTool posts by Tony Fortunato »

NetBeez Quickstart (by Tony Fortunato)

There is no shortage of utilities, applications and full blown network troubleshooting systems out there.  Some are free, and some cost a pretty penny.  Spoiler alert, they ALL have their place in the analysts’ toolbox.

When I present or work with a client, I explain the tools only accounts to 50% of the equation to successfully fixing a problem.  The other 50% is split between knowledge and practice. Think about it for a moment, anyone can buy a pocket knife, but only a few of us can carve something recognizable out of a block of wood.

NetBeez provides a very helpful free version of its product so you can get a feel of what it can do and where it might fit into your specific environment.  In the past I would have to figure out how to schedule, report results and then compile them for a report. Any one of those challenges would immediately turn off most analysts since we have plenty on our plates already.

Look at good old ping for a moment. Sure anyone can ping something

I tested the free virtual appliance, which you can find here https://netbeez.net/product/plans/netbeez-free. The free version supports; one agent, three targets, 1 user, Cloud server account, SMTP alerts, 1 and week data storage which is plenty for me and some of my clients who tried it.

Setup is pretty simple, go to NetBeez and create a cloud account and download their ova file. I used VMWARE workstation with no issues.

Some of the measurements that I tested are:

  • PING, Packet Loss, Round-Trip Time,
  • TCP-based PING test, Round-Trip Time, Packet Loss, Custom port numbers

Continue reading "NetBeez Quickstart (by Tony Fortunato)" »

How To Rename Your Network Interfaces In Windows (by Tony Fortunato)

From ipconfig to Wireshark, there are many situations where you find yourself referencing your network interfaces. I find it annoying and confusing when I see many Ethernet Adapter’s or Local Area Adapters listed on my screen.

This can be a major issue if you are not physically close to a computer that you have set up as a remote probe or capture agent. Some people I spoke to about fixing this issue reply that they don’t know anything about hacking the registry and worry that it may break something on their computer.

In this video I show you how to quickly and easily fix this issue so there is just one less thing to make your job difficult.




Continue reading other LoveMyTool posts by Tony Fortunato »