MN504 Networked Application Management Wireshark

MN504 Networked Application Management Wireshark

MN504 Networked Application Management Wireshark

Question:

Purpose of the assessment (with ULO Mapping)
This assignment is designed to develop deeper analytical understanding of different distributed network conditions. At the completion of this assessment students should be able to:
a. Analyse performance and deployment issues for networked applications;
b. Compare appropriate industry tools and techniques to manage networked applications;

Answer:

Introduction

Network comprises of network protocols and OSI model layers. Network protocol is set of standard rules and policies with structured procedures and formats that will make communication connection between two or more devices with a network. OSI model layers is network framework that clearly defines the layers of network in 7 layers. The layers has there own and different function. The layers mutually depends on each other and they are arranged and presented in certain way that will relay and pass information to each other without the loss or addition of data. Communications in a network is facilitated by the use of standard software that clearly allows the follow of traffic and packets of data without any interference by any external factors. Information in institutions and organizations is the most important and key factor to be consider  since good communication will facilitate the success of the plans and projects. Therefore, the analysis of network traffics and packets will then give the precise data and any problem can be spotted and solved before the the data is corrupted and interfered by malicious people or generally lose of data by workers within the institutions.

Network management system is software applications that are used by the network engineers and experts to manage and control the small network within a larger network by performing key functions.  The main function of these applications is to identify, configure, update and troubleshot network devices available with the network that is being managed. Both wired and wireless devices are managed by this applications. The data collected will then be used by the network experts and engineers to make the changes where appropriate.  These applications are very important for perfect and precise network management analysis. Wireshark is a great data packet sniffer widely used but is not actually the only tool used to analyze the network. It can be expanded and widely used by the support of the complementary tools. There are several plugins that are widely used and also platforms which enhance the the Wireshark capabilities and functionality. The tool also has friendly user interface that allow users to express their own desired alerts so that they can be informed when the changes occur in a network that are unusual. For instance if the new device tries to connect then the system will automatically detects and give out the signal on the display. The live data that is being generated can be also be converted into reports and it can be used to generate more insights. MN504 Networked Application Management Wireshark

How To Use Wireshark In Analysis Of A Network

Wireshark software can be downloaded in there official website. It is available across all the operating systems such as Windows, MacOS and Linux. It is easy to download since only simple procedures are involved. It also comes with fully packed and required tools hence no more packages downloading and configuring. Wireshark is a great data packet sniffer widely used but is not actually the only tool used to analyze the network. It can be expanded and widely used by the support of the complementary tools [2]. There are several plugins that are widely used and also platforms which enhance the the Wireshark capabilities and functionality. The tool also has friendly user interface that allow users to express their own desired alerts so that they can be informed when the changes occur in a network that are unusual. For instance if the new device tries to connect then the system will automatically detects and give out the signal on the display. The live data that is being generated can be also be converted into reports and it can be used to generate more insights.
Wireshark is a software that captures and display the network analysis in real time then present it in a more readable and understandable format to the experts. They will then perform packets capturing, color coding and packets filtering among others [1].

The application can be used to troubleshoot the suspicious traffics in a network hence the network engineers can quickly solve the issue before its intentions are fulfilled.

Functions Of Wireshark

1) Packets Capturing

After downloading and installing, then the application is ready to use. Now if you want to analyze a specific network for instance wireless then click the name of the wireless network after powering on the application as shown below[3]. MN504 Networked Application Management Wireshark

After clicking on the interface name of the network then the packets will be shown in real time. If by any chance the promiscuous mode is enabled by default, then all packets are in the network will also be visible apart from your packets only of your network to be analyzed. To enable the promiscuous mode then click on Capture > Options and verify by checking all checkbox then click on activate to finalize the process as shown below; MN504 Networked Application Management Wireshark
To stop the process of capturing traffic, then click on the red button near to the left corner as shown below;

2) Color Coding

In this scenario, you will be able to see packets displayed in variety of different colors. Wireshark uses color code to clearly identify the type of the network traffic. The default colors has specific meaning such as, a light purple color is for TCP traffic, light blue color is UDP traffic, and the black shows packets with error.

To clearly view the meaning of the color code then click on View Coloring Rules. Incase you want to customized and modify the color code then you do it using the same procedure.

Incase you want to inspect and analyze specific thing, for instance the traffic program sends when making a phone call to home, then it helps close down all other network applications to narrow down the network traffic. Wireshark filters will then be applicable here were larger amount of packets is to be filtered.

To apply a filtering, just type the word to be filtered in the filter box that is located on the top corner of the window then click Apply or Press Enter to complete the process. For instance, type the word “dns” and the results are displayed about the DNS packets only. Wireshark applications also has the auto-completion where when you start typing a word then it auto-complete automatically the filter you want to enter[5], [7], [8].

 

You can as well click Analyze Display Filters choose the most preferred filter among the shown default filters that are in the wireshark. Also, you can add your own filters and save them so that you can access them and use in future.

Another way that is also interesting about filtering is that you can right-click a packet and then select the Follow > TCP stream on the traffic.

Full TCP conversations will be shown between the server and the client. You can as well check other network protocols by clicking it on the menu where applicable.

You will automatically find the filter that was used just immediately when you close the window. Wireshark will the summarize and display the conversation packets that took place.

4) Viewing Network Statistics

Network statistics can be viewed by use of drop-down menu on the wireshark. This is the most useful and important part when trying to get more information about the network traffic being analyzed [9], [11]. Then menu provided can is located on the top of the application where the metrics number starting from size and information timing is provided through charts and graphs plotting. To collect the most needed and important information, then you have to apply display filters. Wireshark is a software that captures and display the network analysis in real time then present it in a more readable and understandable format to the experts. They will then perform packets capturing, color coding and packets filtering among others.

The figure below demonstrates how statistics menu viewed using wireshark.

Statistics Menu Selection

The following are the core sections of statistics menu:

Protocol Hierarchy – The Protocol Hierarchy selection gives an option of a window with complete table containing the protocols captured during the process. Also at the bottom the active filters can be shown[15], [16].

IO Graphs – IO Graphs shows the specific user graphs, visualizing the number of packets in the entire process of the data exchange[12], [14].

RTP_statistics – It allows the expert and network engineers to save the content of the RTP audio which are directly streamed to an Au-file [13], [7].

Service Response Time – Service Response Time shows the time between the network’s response and the request time [12].

TcpPduTime – TcpPduTime displays the amount of time taken to transfer data from a protocol data unit and also it can be used to show TCP transmissions [9].

VoIP_Calls – VoIP_Calls shows the VoIP calls captured during the live chat calls.

Multi-cast Stream – Multi-cast Stream are used to detect and capture multi-cast streams sizes bursts and the output of the buffers of certain speed in the stream.

Conversations – This will reveal and show the conversations between two end points. For instance, the IP address exchange traffics between the two end points.

Endpoints – It displays the list of the endpoints such as the the specific layer protocol of the endpoints in a network traffic protocol [8].

5) Using Of IO Graphs To Visualize Networks Packets

The visualization of the data packets can be created and represented using IO graphs. First, open the IO graphs by clicking the statistics menu then select IO graphs. Double click on it or press enter after selecting the IO graphs [3].

 

You can alter and configure the settings of the IO graphs to fit your own desires of the data you want to display. Only graph 1 is enabled by the default function hence if you want to activate 2-5 options then you have to select by clicking the check box. Likewise, if you would like to apply a display filter for a IO graph then click on the icon next to the graph you want to use and the graph selected will be displayed. There is also a column of styles that will allow you to change structure of the graphs the way you want to look like. Several options are provided such as Line, FBar. Impulse and Dot [2], [11].

You can also use the X and Y axis metrics to interact on your graphs as well. On the X axis, you can dictate the intervals of the sections using minutes and seconds. You can alter the time you would like to display by checking on the checkbox. On the Y axis, you can also alter the measurement units by using the following options: Packets/Tick, Bytes/Tick, Bits/Tick, or Advanced depending on the option you want to choose. The scale will then allow you to choose the measurement scale of your choice for the Y axis of the graph [5], [9].

Once you press the save button, the graph will then be stored in a file format of your choice that you had selected earlier.

Wireshark’s capabilities

Wireshark is a great data packet sniffer widely used but is not actually the only tool used to analyze the network. It can be expanded and widely used by the support of the complementary tools. There are several plugins that are widely used and also platforms which enhance the the Wireshark capabilities and functionality. The tool also has friendly user interface that allow users to express their own desired alerts so that they can be informed when the changes occur in a network that are unusual. For instance if the new device tries to connect then the system will automatically detects and give out the signal on the display. The live data that is being generated can be also be converted into reports and it can be used to generate more insights. Wireshark is a software that captures and display the network analysis in real time then present it in a more readable and understandable format to the experts. They will then perform packets capturing, color coding and packets filtering among others[14].