OSTU: How to Start a Broadcast Analysis - Part One (Tony Fortunato)
•Als PPT, PDF herunterladen•
1 gefällt mir•2,119 views
Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.
![Why Bother ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Weitere ähnliche Inhalte
Mehr von Denny K
Mehr von Denny K (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
OSTU: How to Start a Broadcast Analysis - Part One (Tony Fortunato)
- 1. Examining How to start a Broadcast Analysis Part 1 Tony Fortunato, Sr Network Specialist The Technology Firm
- 11. Examining How to start a Broadcast Analysis Part 1 Thank You Tony Fortunato, Sr Network Specialist The Technology Firm
Hinweis der Redaktion
- Hello, It’s Tony Fortunato from the Technology Firm In this session I am going to share some broadcast analysis tips and tricks Enjoy
- Customers typically challenge me that there will always be broadcasts, they are so small and so few, so why bother? When I explain the symptoms I have found surrounding broadcast storms, I get their interest. When I go further to describe a lab I did for a customer where a 10% locked up their Winterms, they get really interested Finally I tell them to remember that a broadcast or multicast packet will cause an interrupt, they start to connect the dots
- In many cases, my customers may not understand how a 10% storm was more damaging than the 90% After showing them some simple math, it becomes apparent that the bandwidth isn’t as important as packet rate and packet size I also explain that I always use the small packet numbers in my charts since most broadcasts are on the small side So we should reduce them, since we can not entirely eliminate them
- Sometimes when I work on some networks with broadcast storms, I wonder why the client ‘piled’ everything into one VLAN? In some cases the customer told me that the vendor ‘baselined’ the network and it was fine Broadcasts will affect different hosts at different rates. I have seen a 2% broadcast storm on the 100Mbps LAN lock up a wireless camera I guess this is where VLANS come in.
- The key with this slide is to understand that anything can send out broadcasts, but you should know what protocols should be out there I will take one of these topics for this presentation. In the future I will cover different protocols
- I’m not a big fan of setting up a discovery PC that send out more of these unwanted protocols. A simple protocol Analyzer will do just fine. I will use Wireshark for my example The process is pretty straight forward; Connect pc to a VLAN and setup a stop capture setting for 8 MB It start and go do something else. No peeking.
- I have witnessed the colorful language when people see 40 or 50 thousand packets and don’t know where to start With Wireshark, I take it a protocol at a time. This way if I find a pattern, like printers that need cleaning up, I can send off an email to the PC department or help desk to clean them up and move on to something else
- In this example, I know this customer is a pure Microsoft shop, so IPX is a bit odd I simply right click on IPX and Apply a filter
- As a bit of background, I have been here before and the first time we did there there were dozens of entries and now my customer is not expecting any IPX. To his surprise there is one printer they missed. He was disappointed there was one, but I told him not to take it that way. The way I see it they got rid of all their IPX and this one is left. My client asked if we can figure out the IP address To do this we filtered on the lexmark mac address
- In this case we see 2 ip addresses, one is the broadcast, and the other is the printer ip address If you find a lot of IP’s you may want to change your mac filter to a unidirectional filter
- Hope this helps you out and I will keep adding to this with various other protocols Enjoy and Good day