Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A

Similar documents
Troubleshooting LANs with Wirespeed Packet Capture and Expert Analysis

T-BERD / MTS-4000 Multiple Services Test Platform. Enterprise Solutions

Troubleshooting LANs with Network Statistics Analysis

Non-intrusive, complete network protocol decoding with plain mnemonics in English

RFC 6349 Testing with TrueSpeed from JDSU Experience Your Network as Your Customers Do

Burst Testing. New mobility standards and cloud-computing network. This application note will describe how TCP creates bursty

Testing VoIP on MPLS Networks

Lab VI Capturing and monitoring the network traffic

T-BERD /MTS-4000 Multiple Services Test Platform Enterprise Services Application Module (ESAM)

Using TrueSpeed VNF to Test TCP Throughput in a Call Center Environment

Gaining Operational Efficiencies with the Enterasys S-Series

Installation, Commissioning, and Maintenance of Metro Ethernet Networks Using T-BERD/MTS 8000 and NetComplete (QT-600) Metro Ethernet Service Solution

Auditing the LAN with Network Discovery

Central Office Testing of Network Services

EKT 332/4 COMPUTER NETWORK

Application-Centric Analysis Helps Maximize the Value of Wireshark

Cover. White Paper. (nchronos 4.1)

Question: 3 When using Application Intelligence, Server Time may be defined as.

Network Troubleshooting with the LinkView Classic Network Analyzer

Best Practices for Testing Ethernet and Network Synchronization at the Cell Site

CMA5000 SPECIFICATIONS Gigabit Ethernet Module

BASIC ANALYSIS OF TCP/IP NETWORKS

Lab Module 3 Network Protocol Analysis with Wireshark

Diagnosing the cause of poor application performance

Network Master Gigabit Ethernet Tester. Network Master Gigabit Ethernet Tester. Introduction. By Ole Sørensen Product manager.

Lab 1: Packet Sniffing and Wireshark

Monitor network traffic in the Dashboard tab

Application Note Gigabit Ethernet Port Modes

Simplify VoIP Network Setup and Troubleshooting with NetTool VoIP

THE IMPORTANCE OF TESTING TCP PERFORMANCE IN CARRIER ETHERNET NETWORKS

Introduction to Network Security Lab 1 - Wireshark

The Elements of GigE Vision

Expert Reference Series of White Papers. Troubleshooting Slow Networks with Wireshark

Diagnosing the cause of poor application performance

Observer Probe Family

Ethernet/IP Test Solutions

Applications. Network Application Performance Analysis. Laboratory. Objective. Overview

CT LANforge WiFIRE Chromebook a/b/g/n WiFi Traffic Generator with 128 Virtual STA Interfaces

White Paper: Troubleshooting Remote Site Networks Best Practices

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

FST-2802 TestPad Gigabit Ethernet Services Module Now able to test Ethernet, Fibre Channel, and IP services in a single test instrument!

OptiView. Total integration Total control Total Network SuperVision. Network Analysis Solution. No one knows the value of an

OptiView. Total integration Total control Total Network SuperVision. Network Analysis Solution. No one knows the value of an

UPPER LAYER SWITCHING

FST-2802 TestPad Gigabit Ethernet Services Module Test Ethernet, Fibre Channel, and IP services using one test instrument!

Cisco Prime Network Analysis Module Software 5.1 for Nexus 1010

JDSU Network Analyzer 10 Gigabit Ethernet Analysis Solution Wireline Protocol Test

Module 1: Reviewing the Suite of TCP/IP Protocols

Gigabit Ethernet Turn-up Procedure using the JDSU T-BERD 8000 or T-BERD 6000A March 4, 2009

inet Enterprise Features Fact Sheet

Sniffer s Network Packet Analyzer. Basics

Cisco Bandwidth Quality Manager 3.1

CT LANforge-FIRE VoIP Call Generator

The OSI and TCP/IP Models. Lesson 2

A New Paradigm for Network Problem Solving

Troubleshooting TCP/IP Networks with Wireshark

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

LESSON Networking Fundamentals. Understand TCP/IP

APPLICATION NOTE 183 RFC 2544: HOW IT HELPS QUALIFY A CARRIER ETHERNET NETWORK. Telecom Test and Measurement. What is RFC 2544?

JDSU Ethernet Testing

SSVP SIP School VoIP Professional Certification

IP Office Technical Tip

Networks - EtherNet IP Course (Version 5.1)

Overview - Using ADAMS With a Firewall

VMWARE WHITE PAPER 1

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Overview - Using ADAMS With a Firewall

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

Test Equipment Depot Washington Street Melrose, MA TestEquipmentDepot.com. Application Advisor

Intrusion Detection, Packet Sniffing

Managing Application Delivery from the User s Perspective

Lecture Computer Networks

Configuring Network Address Translation (NAT)

Analyzing 6LoWPAN/ZigBeeIP networks with the Perytons Protocol Analyzer May, 2012

Observer Analysis Advantages

Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services

How To: Diagnose Poor VoIP Calls through diagnostics.

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark

Network Simulation Traffic, Paths and Impairment

Using IPM to Measure Network Performance

Verifying Metro Ethernet Quality of Service

CCT vs. CCENT Skill Set Comparison

AIRAYA offers several customer support options to assist you with difficulties you might experience with your WirelessGRID wireless bridge:

Accelerating Development and Troubleshooting of Data Center Bridging (DCB) Protocols Using Xgig

APPLICATION NOTE 209 QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS. Quality of Service Drivers. Why Test Quality of Service?

Computer Networks/DV2 Lab

Best Practices for NetFlow/IPFIX Analysis and Reporting

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

1. Whatdo you use? 2. Speed Tests?

Ten top problems network techs encounter

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

Measure wireless network performance using testing tool iperf

NetComplete Ethernet Performance Management. Ethernet Performance and SLA Monitoring Application

How do I get to

Troubleshooting Tools to Diagnose or Report a Problem February 23, 2012

SSVVP SIP School VVoIP Professional Certification

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

How To Monitor And Test An Ethernet Network On A Computer Or Network Card

Transcription:

Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A By Barry Constantine Introduction As network complexity grows, network provider technicians require the ability to troubleshoot problems within the various layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack. Previously, the capability to capture and decode network packets was a feature found only in high-end protocol analyzers and required the corresponding network expertise to use such complex tools. The ideal network field tool should provide both network installation and troubleshooting capabilities. Additionally, the troubleshooting capabilities should be easy enough for less experienced technicians to use, yet provide the advanced capabilities for experienced network engineers. Advantages of a dual-purpose field installation tool are: Increased workforce productivity: Installation technicians can use the dual-purpose field tool for initial turn-up/basic troubleshooting, and network engineers can remotely access the field tool for advanced troubleshooting Reduced test set costs: Eliminates the need to purchase dedicated (and expensive) protocol analyzers for occasional use This application note describes the new workflow enabled by the T-BERD /MTS-6000A Multi-Services Application Module (MSAM) with the Packet Capture and J-Mentor options. Technicians can perform packet capture decodes directly on the T-BERD/MTS-6000A user interface with the industry-standard open-source tool Wireshark (protocol decoder). The J-Mentor option allows less experienced technicians to troubleshoot basic network problems with its embedded packet capture diagnostic capabilities. Another key feature of the T-BERD/MTS-6000A is the capture file format. It stores captures natively in standard packet capture (PCAP) format, eliminating the need for time-consuming post-capture conversion. Traditional Turn-Up Testing Workflow Using the T-BERD/MTS-6000A MSAM as part of traditional Layer 2/Layer 3 (L2/L3) installation (i.e., RFC 2544), Tier 1 technicians can verify endto-end connectivity, measure bit error rate (BER), and determine whether throughput, utilization, frame loss, packet jitter, and round-trip delay (RTD) characteristics meet service level agreements (SLAs). Instead of requiring a dedicated troubleshooting test set such as a protocol analyzer, the T-BERD/MTS-6000A MSAM can also be used to troubleshoot during deployment and in operational networks. Application Note

Using Packet Capture to Conduct Basic Troubleshooting In the ever-changing Ethernet and Internet Protocol (IP) world, providers must be able to troubleshoot problems at all layers of the stack quickly, cost-efficiently, and reliably. Troubleshooting basic network issues can become time-consuming. Frequently IP connectivity problems occur when first attaching a host to a network, including test instruments. When installation tests fail (i.e., RFC-2544, TCP testing, etc.), technicians can spend a significant amount of time adjusting IP stack settings and pinging, etc., which often results in higher costs for providers. Similarly, conducting service-oriented network installation requires more advanced troubleshooting capabilities. Troubleshooting IP networks effectively requires line rate packet capture capabilities at wire speeds to 10 GigE. Few if any field testers can perform capture and decode even at 1 Gb/s, and are virtually non-existent at 10G line rate. The T-BERD/MTS-6000A MSAM from Viavi offers powerful filter and packet capture at all Ethernet line rates (10 Mb/s to 10 GigE). It is important to capture all the packets on the link to ensure retrieval of all important information. Once information has been captured, it can be viewed directly on the unit using the popular open source network analysis tool Wireshark to display the packet decodes. Viewing Packets Directly on the T-BERD/MTS-6000A using Wireshark Once the packets are captured, technicians typically must carry additional equipment in the field to decode and conduct analysis. The T-BERD/ MTS-6000A provides capture and decode analysis using Wireshark directly on the test set; and it also allows for export of the packet capture (pcap) files for expert analysis. Using the integrated packet capture and decode provided on the test instrument itself greatly simplifies the troubleshooting process. Tier 3 technicians can remotely access the unit with a standard web browser and analyze the data or perform additional testing capabilities to resolve the problem. Using J-Mentor to Automate Troubleshooting Wireshark is an extremely powerful open-source protocol analyzer but requires a knowledgeable/senior staff member to troubleshoot many problems, which led Viavi to create a post-capture Expert Engine called J-Mentor that includes embedded network engineering best practices. This easy-to-navigate Expert Analysis tool provides graphs, charts, and tables to expedite diagnosis of network issues. With the J-Mentor expert diagnostic tool, technicians can use the T-BERD/MTS-6000A to resolve common network issues because the tool provides recommendations for further isolation and resolution. Troubleshooting with Wireshark versus J-Mentor Applications such as Wireshark often require technicians to carry a laptop computer to transfer files and to perform packet decodes. Often Tier 3 technicians are called in to perform the analysis or to run additional, more complicated tests. These extra steps incur further costs for providers. A considerably more cost-effective approach is to offer Tier 1 technicians an easy-to-use testing device that features Tier 3 testing expertise and analysis and eliminates the need for additional equipment, such as a laptop computer. Also, while packet decodes are useful, actually diagnosing the network problems remains difficult. 2 Packet Capture and Expert Troubleshooting with the T-BERD/MTS-6000A

The following screen shots compare Wireshark analysis with J-Mentor. Note that the Wireshark example in Figure 1 has several menu items and requires an advanced level of expertise to debug; whereas, the screen shown in Figure 2 demonstrates the simplicity of the J-Mentor analysis tool. Technicians can quickly see the network layer where a suspected problem is detected and click for details about the diagnosis and receive recommendations for resolution. Figure 1. Wireshark screen shot for comparison Figure 2. Example of a Capture file health screen with J-Mentor 3 Packet Capture and Expert Troubleshooting with the T-BERD/MTS-6000A

Simple User Interface and Intuitive Diagnostics Using the T-BERD/MTS-6000A with J-Mentor, technicians can view a simple network dashboard for Layers 1-4 that includes relevant graphs and tables complete with problem identification and recommendations. Technicians can select the capture file to analyze and receive summary statistics for the packet capture file as shown in Figure 3. Figure 3. Choosing a capture file to analyze After selecting the Analyze function, J-Mentor provides a simple dashboard results screen that quickly highlights the problem layers in the capture file and provides details if users want to drill down into the diagnostics as Figure 4 shows. Figure 4. J-Mentor Dashboard Results Screen 4 Packet Capture and Expert Troubleshooting with the T-BERD/MTS-6000A

Half-Duplex Port Detection Half duplex port issues remain a cause for significant problems. The J-Mentor analysis option automatically detects switch advertisement messages and provides a list of Source MAC addresses, similar to those shown in Figure 5 below, that advertise Half-Duplex settings during the packet capture timeframe. The test set eliminates the need to filter or decode complex advertising protocols letting technicians focus on the problem ports with the click of a mouse. Figure 5. J-Mentor Half-Duplex Testing Results TCP/IP Retransmissions For applications that use TCP as the Layer 4 protocol (versus User Datagram Protocol, UDP), packet loss manifests itself in the form of TCP retransmissions. J-Mentor automatically detects retransmission issues and provides both a graph and table to diagnose the source(s) that are encountering the retransmissions. Figure 6 shows a network experiencing serious retransmission issues with the blue line indicating network utilization plotted along the red line showing retransmissions. Figure 6. Graph Showing Network Utilization vs Retransmissions 5 Packet Capture and Expert Troubleshooting with the T-BERD/MTS-6000A

The table in Figure 7 clearly shows the source(s) of the retransmissions along with an explanation of the possible problems. It also provides clear troubleshooting next-steps and recommendations. Figure 7. TCP Retransmission Table IP Top Talkers Users who frequently send and receive large files are commonly known as bandwidth hogs or Top Talkers. Testers often search for these users because they are frequently the source of potential issues in poorly performing networks. J-Mentor provides a list like that shown in Figure 8 of the Top Talkers detected within the packet capture file along with the number of bytes and frames for each. Figure 8. List of Top Talkers 6 Packet Capture and Expert Troubleshooting with the T-BERD/MTS-6000A

Packet Capture Modes This section summarizes the network access modes supported by the T-BERD/MTS-6000A for packet capture applications. Single Port Termination Mode IP connectivity problems such as incorrect IP stack setting and unresolved Address Resolution Protocols (ARPs) can occur during end-to-end Ethernet/IP installations. To troubleshoot these links, technicians can use the testers at each end in Terminate Mode to capture packets up to 10GigE from a single test port, using the T-BERD/MTS-6000A as an endpoint or host. The unit simultaneously generates typical throughput test traffic, or RFC 2544 and other application layer tests such as HTTP, FTP, and stateful TCP, at Layers 2 or 3 (IP). It also captures packets on the link, such as J-Proof protocol packets, or CDP and STP. J-Proof is a Viavi term used for packets that prove network connectivity. Figure 9 shows an example of troubleshooting during end-to-end Ethernet service installation. P Figure 9. Troubleshooting end-to-end Ethernet service installation Passive Monitoring from a Single Port Connecting the T-BERD/MTS-6000A to a mirror or spare test port on a switch or router enables the monitoring and capturing traffic up to 10GigE. Figure 10 shows the unit configured for this type of monitoring and testing. Technicians can then analyze the captured packets natively on the test set using Wireshark, or they export them to a USB stick for further offline decode analysis. Single Mon Mode Testing P Figure 10. T-BERD/MTS-6000A monitors traffic forwarded by a router/switch mirror port or network tap 7 Packet Capture and Expert Troubleshooting with the T-BERD/MTS-6000A

In-Line Monitoring Using Two Ports Using the In-line Monitor Mode the T-BERD/MTS-6000A acts as a tap between two network elements, which is useful when a mirror port is unavailable or when higher confidence is desired to capture all packets, as network devices may drop packets in Port Mirror Mode. In this mode, the maximum line rate is 1G using the dual 1G test ports on the unit. Figure 11 shows the T-BERD/MTS-6000A using two ports in In-line Monitoring Mode. Dual Thru Mode Testing C P Figure 11. The T-BERD/MTS-6000A testing in dual Through Mode Conclusion Carrier Ethernet IP field networks present challenges to network providers and those who troubleshoot during installation or when experiencing operational problems. Those who can perform capture and decode analysis at wire speeds up to 10 GigE have the edge over their competitors. Few tools on the market today offer this capability; however, one easy-to-use tester offers capture and decode capabilities as well as expert analysis critical to the application. The T-BERD/MTS-6000A provides best practices testing capabilities in one powerful unit that makes complex testing procedures simple enough for less experienced technicians to function like a specialized pro. They can now troubleshoot basic network issues in significantly less time. It also enables advanced network staff to use the same tool for complex troubleshooting tasks and can be accessed remotely. The T-BERD/MTS-6000A provides everything technicians need to isolate and resolve Ethernet or IP problems in the field using in-depth capture and decode capabilities. Contact Us +1 844 GO VIAVI (+1 844 468 4284) To reach the Viavi office nearest you, visit viavisolutions.com/contacts. 2015 Viavi Solutions Inc. Product specifications and descriptions in this document are subject to change without notice. packetcap6000-an-tfs-tm-ae 30162943 900 1209 viavisolutions.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information