Detecting network faults with network protocol analysis Tools (i)

For the small and medium-sized network administrators, the most headache is how to effectively manage the enterprise network, so that the enterprise network operation efficiency is higher. Usually we in the network management is always sandwiched in the middle, we must focus on external network exports to prevent hackers and vulnerabilities virus intrusion enterprise intranet, but also to the internal staff of the overall management ban illegal network applications, to ensure that they are more focused on the work. As the saying goes, the technology is good network administrator if no effective assistant Ching network management work will also be around the wall.

Just happened recently I contacted a good network management tools, from the functional division he belongs to the Sniffer class monitoring software, but because he is developed by the domestic software companies, so in the use and statistics and many other aspects of the performance of the author is very deep impression, the following please you network frequency Tao's readers follow the author together to simplify the network analysis system with the Division to the efficient management of enterprise intranet.

First, the division to analyze the expert introduction:

The network analysis system is a network management scheme which allows network managers to solve the problem of network, it detects, analyzes and diagnoses all the data transmitted in the network, helps the users to eliminate the network accident, evade the security risk, improve the network performance and increase the usability value of the network. The author uses the section to analyze the expert 6.7 version.

On the personal use of the network analysis system for a few months experience the software in the packet analysis of the performance is very good, we can save and back up the data that we monitor, then analyze it for them, and we can classify and filter according to the destination address of the source address according to the protocol. In addition, the network analysis system has added a lot of components and functions suitable for China National Day, which provides us with many network analysis methods and network troubleshooting shortcuts. I believe you IT168 network channel readers will like this network analysis good helper.

Second, the application Environment of Coley network Analysis System:

From the above we know that the network analysis system is a sniffer class of network management tools, to enable the Sniffer class tools to play the most function must be placed to be able to monitor the network of the various port data on the core equipment, at the same time to the core device configuration Mirror Port. So before we start monitoring, we have to log in to the Enterprise core routing switch device to configure the corresponding port as the mirror port. The author takes Huawei 3COM Company's S3100 switch as an example to introduce.

The first step: first we want to determine which ports as the monitored side, which port as the monitoring side. Because we are using the General Computer installation section to network analysis

System, so the number of monitors should not be too much, of course, if the enterprise in the actual situation needs to monitor multiple ports, then we only need to improve the monitoring device hardware configuration can be replaced, if necessary, 1000M network card. The author decided to set port 1 to port 5 to be monitored, and the corresponding port 6 as the monitoring end. The last port 16 interface of the S3100 is connected to the external network.

Step two: After planning the port location and nature, we begin to configure the specific parameters, first log on to the S3100 switch, and then configure a local mirror group with the Mirroring-group 1 Locals command, with the group number 1. Then use the Mirroring-group 1 Mirroring-port Ethernet 1/0/1 to Ethernet 1/0/5 to add port 1 through Port 5 to this local mirror group as the monitored end, The last parameter, both, indicates that both the data inflow port and the outgoing port are monitored. (Figure 1):