3.5 Select the appropriate hardware and software tools to monitor trends in the network.
SNMP (Simple Network Management Protocol) is a widely-used network monitoring and control protocol. In other to collect the information from the network devices such as hub, router, bridge etc, you must have SNMP agent installed in the corresponding device. The SNMP agent can be a software approach or a hardware approach. Some hubs or switches have build in SNMP agent. When preparing Microsoft's exam, some people may think Performance Monitor can monitor everything. However, Performance monitor only runs on the NT server, if you want to network devices such as Hub, switches to be monitored, you must use SNMP protocol. One tricky question regarding the SNMP is if you want to monitor five NT WS from one NT server, where must you install the SNMP agent. Because only the device or computer is monitored need to install SNMP agent, you do not need to install SNMP agent on NT server.
Protocol Analyzer monitors traffic on a network. It can also read unencrypted text transmitted over the network. When you have some problem on the network, please don't shutdown the machine first, it is better to use protocol analyzer to find where the problem came from.
TDR (Time Domain Reflectometer) is used to troubleshoot breaks in cabling. Unlike Protocol analyzer, TDR doesn't concern the contents of transmitted signals. TDR measures the time between the sending of an electrical pulse along the cable to be tested and the pulse's reflection by a potential short or open on the cable. You can determine the broken location from the time difference. TDR works at the physical layer of the OSI model.
SNMP (Simple Network Management Protocol) is a widely used network monitoring and control protocol. In other to collect the information from the network devices such as hubs, routers, bridges etc, you must have a SNMP agent installed in each device that is to be monitored. The SNMP agent can be a software approach or a hardware approach. Some hubs or switches have build-in SNMP agents. The agents monitor various network operation parameters in the critical components mentioned above and acquire statistical data that are stored in a Management Information Base (MIB).
While preparing for the Networking Essentials exam, some people remain with the mistaken belief that Performance Monitor can monitor everything. However, Performance monitor only runs on the Windows NT server, if you want to monitor network devices such as Hubs and switches, you must have an SNMP agent installed on each of these devices.
One tricky question regarding the SNMP goes as follows: If you want to monitor five NT WS from one NT server, where must you install the SNMP agent? Because only the device (or computer) on which the agent is installed can be monitored, you need to install the SNMP agent on all five Windows NT workstations. Since you do not need to monitor the Windows NT server, you do not need to install a SNMP agent on the Windows NT server.
Protocol Analyzer monitors traffic on a network. It can also read unencrypted text transmitted over the network. When you have some problem on the network, please dont shutdown the machine. It is better to use a protocol analyzer to find where the origin of the problem.
TDR (Time Domain Reflectometer) is used to troubleshoot breaks in cabling. Unlike the Protocol analyzer, analysis of network problems with a TDR doesnt involve the contents of transmitted signals. TDR measures the time interval between the sending of an electrical pulse along the cable to be tested and the pulse's reflection by a potential short or open end on the cable. You can determine the location of the brake in the cable from the time difference. A TDR works at the physical layer of the OSI model.
Network Monitor monitors the network frames or packets at any given time. There might be slight differences between a frame and a packet. However in a LAN environment, you can just consider them as the same thing.
Here is the diagram of a typical network packet, which contains four parts:
1 |
2 |
3 |
4 |
Network Monitor supports many popular protocols, including NetBIOS (NetBEUI), IPX, SPX, and many TCP/IP-related protocols such as DHCP. Therefore, you can monitor those protocols by Network Monitor.
Network Monitor stores the frames you want to capture (According to your setup of capture filter) in the capture buffer. In fact, capture buffer residents in the computer memory and the memory size can be configured. Whenever the capture buffer overflows, the newest frame replaces the oldest frame. In most cases, you need to set up the capture filter to capture only those frames meet your criteria. By doing this, you can prevent the capture buffer from overflowing and to make frame analysis easier. For the NT enterprise exam, how to set up the capture filter is the most important part for the Network Monitor.
To install the Network Monitor on a Windows NT server, click Network Applet on the Control Panel. Click the Service Tab and Add "Network Monitor Tools and Agent".
To start the Network Monitor, click start-> Programs ->Administrative tools -> Network Monitor
You will see the following diagram:
The Network Monitor Capture window includes the four panes.
Graph Pane shows current activities on the network
Session Statistics Pane shows the statistics of current individual sessions on the network
Station Statistics Pane shows the statistics about the sessions participated in by the computer running Network Monitor
Total Statistics Pane shows the summary statistics about the network activity detected since the capture process began.
A capture filter specifies what kind of network information you want to monitor. You can see only specific subset of computers or protocols by defining the capture filter.
After the data has been captured, you can display the detail information on captured data via click "Display Capture Data" on "Capture" menu or just press the F12 key. You will see the following diagram:
There are three panes in the above diagram: Summary Pane, Detail Pane and Hex Pane.
Summary Pane lists all frames that are included in the current view of the captured data. You can click a frame in the Summary pane and show the detail information of this frame in the Detail and Hex panes.
The Detail Pane displays the protocol information for the selected frame. You can click plug sign (+) or minus (-) sign to expand or collapse the information.
The Detail Pane consists of Frame and Protocol two sections.
In the Frame section, you can find the base frame properties include:
The protocol section of the Detail pane consists of all information below the end of the Frame section. Because IP is used for most other protocols or services, IP section is very important for the Networking Essentials exam. Let's take a look at the above Networking Monitor diagram. You will find in IP section, it provides the information on Source IP address, destination IP address, IP version etc. Let's expand IP: Flag summary, you will see the following diagram:
Here you can find the fragment information of an IP frame. For same large block of data, IP divides it into small frames and reassemble them at the receiver end. Therefore, you must choose IP as the correct answer for the FTQ 3.5.14.
Server Manager is an application in Windows NT server that is used to view and administer domains, workgroups, and computers. With Server Manager, you can display the member computers of a domain, manage server properties and services for a selected computer, share directories, and send messages to connected users. You can also use Server Manager to reassign a backup domain controller as the primary domain controller; synchronize computers with the primary domain controller; and add or remove computers in a domain. For the networking essential exam, just remember the Server manager is running on Windows NT server and manage the Windows NT workstations or servers on the network. You can find user connection, shared resources information via Server Manager.