Heterogeneous Environments. Paul Long/Microsoft

Similar documents
Introduction. Interoperability & Tools Group. Existing Network Packet Capture Tools. Challenges for existing tools. Microsoft Message Analyzer

PCI Express IO Virtualization Overview

Microsoft Message Analyzer Packet Analysis at a Higher Level. Neil B Martin Test Manager WSSC- Interop and Tools Microsoft Corporation

Cloud File Services: October 1, 2014

Cloud Data Management Interface (CDMI) The Cloud Storage Standard. Mark Carlson, SNIA TC and Oracle Chair, SNIA Cloud Storage TWG

Storage Cloud Environments. Alex McDonald NetApp

DFS For Not-So Dummies. Matthew Geddes

Block Storage in the Open Source Cloud called OpenStack

Configuring and Monitoring SharePoint Servers

MS Windows DHCP Server Configuration

Active Directory Domain Controller Location Service. Anthony Liguori IBM Linux Technology Center

HP Device Manager 4.7

Configuring and Monitoring Event Logs

Scale and Availability Considerations for Cluster File Systems. David Noy, Symantec Corporation

Integrating LANGuardian with Active Directory

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Cloud Storage Clients. Rich Ramos, Individual

Configuring User Identification via Active Directory

HP A-IMC Firewall Manager

Configuring and Monitoring SiteMinder Policy Servers

Network Traffic Analysis

HP IMC Firewall Manager

Visions for Ethernet Connected Drives. Vice President, Dell Oro Group March 25, 2015

WAN Optimization and Thin Client: Complementary or Competitive Application Delivery Methods? Josh Tseng, Riverbed

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

CUSTOMER Presentation of SAP Predictive Analytics

Deploying Public, Private, and Hybrid Storage Clouds. Marty Stogsdill, Oracle

LANDesk Management Suite 8.7 Extended Device Discovery

How to Create a Basic VPN Connection in Panda GateDefender eseries

Cloud and Big Data initiatives. Mark O Connell, EMC

SSD and Deduplication The End of Disk?

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.

How To Understand And Understand The Risks Of Configuration Drift

Understanding Enterprise NAS

How To Take Advantage Of Active Directory Support In Groupwise 2014

HP Device Manager 4.6

Active Directory LDAP Quota and Admin account authentication and management

StarWind iscsi SAN & NAS: Configuring HA Shared Storage for Scale- Out File Servers in Windows Server 2012 January 2013

HP IMC User Behavior Auditor

ADS Integration Guide

Deltek Touch Time & Expense for Vision 1.3. Release Notes

Configuring and Monitoring Citrix Branch Repeater

How it can benefit your enterprise. Dejan Kocic Hitachi Data Systems (HDS)

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Trends in Application Recovery. Andreas Schwegmann, HP

Using Oracle Data Integrator with Essbase, Planning and the Rest of the Oracle EPM Products

RSA Security Analytics Netflow Collection Configuration Guide

RSA Security Analytics Netflow Collection Configuration Guide

Big Data Storage Options for Hadoop Sam Fineberg, HP Storage

Configuring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6

Comtrend 1 Port Router Installation Guide CT-5072T

An Introduction to Storage Management. Raymond A. Clarke, Oracle

Hands-On Microsoft Windows Server 2008

PineApp Surf-SeCure Quick

Enterprise Architecture and the Cloud. Marty Stogsdill, Oracle

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Synology NAS Server Windows ADS FAQ

Sage Accpac CRM 5.8. Self Service Guide

Oracle Fusion Middleware

SOA Software: Troubleshooting Guide for Agents

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token

Application Security Policy

SECURITY DOCUMENT. BetterTranslationTechnology

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

Portal Administration. Administrator Guide

Trouble Shooting SiteManager to GateManager access

Strong Authentication for Microsoft SharePoint

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Enabling Remote Management of SQL Server Integration Services

StarWind iscsi SAN & NAS: Configuring HA File Server on Windows Server 2012 for SMB NAS January 2013

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Web Proxy Auto Discovery (WPAD) Configuration Guide. Revision Warning and Disclaimer

Configuring and Monitoring SNMP Generic Servers. eg Enterprise v5.6

Solution of Exercise Sheet 5

DMZ Network Visibility with Wireshark June 15, 2010

How To Configure A Microsoft Virtual Server On A Microsoul.Com (Windows) 2005 (Windows 2005) (Windows Vvirtual) (Powerpoint) (Msof) (Evil) (Microsoul) (Amd

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

DNS: How it works. DNS: How it works (more or less ) DNS: How it Works. Technical Seminars Spring Paul Semple psemple@rm.

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

Best Practice and Deployment of the Network for iscsi, NAS and DAS in the Data Center

Tenrox and Microsoft Dynamics CRM Integration Guide

Data Center Convergence. Ahmad Zamer, Brocade

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

How to Make the Client IP Address Available to the Back-end Server

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

M86 Authenticator USER GUIDE. Software Version: Document Version:

RSA Event Source Configuration Guide. McAfee Database Security

Quality Center LDAP Guide

How it can benefit your enterprise. Dejan Kocic Netapp

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

Information on Syslog For more information on syslog, see RFC Released: December 2006 Interoperability issues: None. Table 1: Syslog at a Glance

Transcription:

Message PRESENTATION Analysis TITLE and GOES Visualization HERE in Heterogeneous Environments Paul Long/Microsoft

SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may use this material in presentations and literature under the following conditions: Any slide or slides used must be reproduced in their entirety without modification The SNIA must be acknowledged as the source of any material used in the body of any document containing material from these presentations. This presentation is a project of the SNIA Education Committee. Neither the author nor the presenter is an attorney and nothing in this presentation is intended to be, or should be construed as legal advice or an opinion of counsel. If you need legal advice or a legal opinion please contact your attorney. The information presented herein represents the author's personal opinion and current understanding of the relevant issues involved. The author, the presenter, and the SNIA do not assume any responsibility or liability for damages arising out of any reliance on or use of this information. NO WARRANTIES, EXPRESS OR IMPLIED. USE AT YOUR OWN RISK. 2

Abstract Message Analysis and Visualization in Heterogeneous Environments Microsoft Message Analyzer is the next generation tool for analyzing messages from almost any source. Diagnosis of heterogeneous systems has continued to evolve as we explore new ways to visualize information for any type of trace data, be it a text log file, comma or tab separated data, network capture, or ETW component. Discover how to import Samba debug logs directly or define Text Log adapters, then inspect, filter, and organize as structured data. Learn how to analyze your file systems interoperability with Windows without having to read documentation. Expand your understanding of the interactions by including Windows component-specific information to gain insight into deep protocol and system behaviors. 3

Message Analyzer Activities Capture Analyze Share 4

Message Analyzer differences? Simulates protocol behavior Diagnosis messages for finding misbehavior 5

Message Analyzer differences? Coalesces network information Full defragmentation of messages High level performance info, like Server Response Times 6

Homogeneous Environments Different types of systems Windows Unix/Linux Apple Different kinds of traces and logs Text logs Network traces Events for Windows Traces (ETL) Different machines and parts of the world Time shifts Time zones 7

Sharing Create and save assets Filters, Trace Scenarios, Sequences, View Layouts, etc. Share assets through feeds Via network shares Later via service 8

PRESENTATION Sharing TITLE GOES Demo HERE 9

Capturing with Message Analyzer SMB Client/Server Very concise, no noise Runs forever No network related traffic like DNS, DHCP, ICMP, ARP Firewall Less overhead than capturing at the network layer Can capture Loopback Requires configuration 10

PRESENTATION Capture TITLE GOES Demo HERE

Analysis Importing Data Importing Homogeneous Data Text Logs, CAP, ETL, CSV, PCAP, PCAPNG Time Shifting By time zone or just a smidge 12

Import PRESENTATION Data TITLE GOES Demo HERE 13

Text Log Configuration RegEx expressions and OPN to parse a text log file Resources http://msdn.microsoft.com/en-us/library/az24scfc.aspx http://derekslager.com/blog/posts/2007/09/a-better-dotnetregular-expression-tester.ashx 14

Text Log Configuration Netlogon log Sample Netlogon.log 01/19 17:04:53 [MAILSLOT] Ping response 'Sam Logon Response Ex' (null) to \\mphewqtbx308.hew.us.ml.com Site: 1-NewYork-HUB on UDP LDAP 01/19 17:04:53 [LOGON] SamLogon: Transitive Network logon of CORP\NBKTIYN from B80C16EFD31D0 (via enycvc03dfs01) Entered 01/19 17:04:53 [LOGON] NlPickDomainWithAccount: CORP\NBKTIYN: Algorithm entered. UPN:0 Sam:1 Exp:0 Cross: 0 Root:0 DC:0 01/19 17:04:53 [LOGON] NlPickDomainWithAccount: Username CORP\NBKTIYN is in forest bankofamerica.com (found via LsaMatch) 01/19 17:04:53 [LOGON] SamLogon: Transitive Network logon of CORP\NBKTIYN from B80C16EFD31D0 (via enycvc03dfs01) Returns 0x0 15

Text Log Configuration file 01/19 17:04:53 [LOGON] SamLogon: Transitive Network logon of CORP\NBKTIYN from B80C16EFD31D0 (via enycvc03dfs01) Entered // // Message to capture Sam logon request. // message SamLogonRequest with EntryInfo { Regex = @"(?<nlts>[/0-9]+\s[/:0-9]+) \[(?<msgtype>[\s]+)\] SamLogon: Transitive Network logon of (?<UserName>[\S]+) (?<RemainingText>.*) Entered" } : BaseNetLogon { string UserName; string RemainingText; } { } override string ToString() return ("SamLogonRequest" + RemainingText); 16

Text Log Configuration file 17

Text PRESENTATION Log TITLE Adapter GOES HERE Demo 18

Analysis Analyzing Data Validating Implementation Diagnosis to understand adherence Viewpoints Hiding operations and exploring other network layers Sequence Expressions Describing complex patterns Visualizations Exposing patterns via pictures 19

Validation 20

Viewpoints Hide operations Remove operations so request/responses aren t grouped Alternate viewpoint Change your viewpoint to see traffic from a different layers perspective 21

Viewpoint: Default 22

Viewpoint: Link Layer 23

Viewpoint: Network 24

Viewpoint: Network 25

Viewpoint: SMB 26

Viewpoint PRESENTATION TITLE GOES Demo HERE

Sequence Expressions Like a filter, but over a set of messages 28

Sequence Expression Example using SMB2; scenario SequenceExpression = backtrack (SMB2.VirtualOperations.Create) ( SMB2.VirtualOperations.Create{FileId is SMB2.SMB2Fileid{Persistent is var myfileid }} -> ( SMB2.VirtualOperations.Read{FileId is SMB2.SMB2Fileid{Persistent == myfileid }} ) interleave [1,] until SMB2.VirtualOperations.Close{FileId is SMB2.SMB2Fileid{Persistent == myfileid }} ); 29

Sequence PRESENTATION TITLE GOES Demo HERE 30

Visualizations 31

Chart Editor Chart and editor to create visualizations 32

Visualization PRESENTATION TITLE GOES HERE Demo

PRESENTATION Questions? TITLE GOES HERE

References Message Analyzer Blog http://blogs.technet.com/messageanalyzer Message Analyzer Support Forums http://social.technet.microsoft.com/forums/en- US/home?forum=messageanalyzer Message Analyzer Beta on Connect http://connect.microsoft.com/site216 Message Analyzer Documentation http://technet.microsoft.com/en-us/library/jj649776.aspx 35

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information