1. 5_1- Specialized Maintenance and Troubleshooting Tools
In this section, we are going to focus on specialized maintenance and troubleshooting tools. There are three types of troubleshooting tool categories. The first is information gathering tools. Such tools have the ability to analyses and improve network performance or security. Tools that continuously collect the information mentioned to establish a baseline are tools that statically transform data by pulling data from network devices with SNMP and Net Flow.
These tools have information on how the network’s natural behaviour is due to its key performance indicators on the network and constant data gathering. The tools in the category of notification of network events are the ones that use syslog, message, or SNMP to inform the administrator about network failures, etcetera. Let’s take a look at the traffic-capturing tools right now. For example, Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and display that packet data as thoroughly as possible. You could think of a network packet analyzer as a measuring device used to examine what is going on inside a network cable. just like a voltmeter is used by an electrician to examine what is going on inside an electric cable, but at a higher level. Of course, in the past, such tools were either very expensive, proprietary, or bought. However, with the advance of Wireshark, all that has changed. Here are some applications for Wireshark. For example, network administrators use it to troubleshoot network problems. Network security engineers use it to examine security problems. Developers use it to debug protocol implementations.
People use it to learn network protocol internals, and let’s take a look at the span. Switch Port Analyzer is an efficient, high-performance traffic monitoring system. It directs or mirrors traffic from a source port or villain to a destination port. This is sometimes referred to as “session monitoring” too. As well, Span is used for troubleshooting connectivity issues and calculating network utilisation and performance, among many others. And here is a summary of the range we have. As you can see, in Port Five, we have some traffic. If we want to mirror this traffic to our 9th port, we need to use a network analyzer, maybe a Wireshark machine. Here, the traffic on a switch segment is mirrored to a predefined spam port, as you can see. And a network analyzer connected to the spam port can monitor traffic from any of the other catalyst switch ports as well. And there are two kinds of spans: local spans and remote spans. The traffic between ports on the same switch is mirrored by a local span. Remote span is similar to span, but it supports source ports, source villains, and destination ports on different suites, which provide remote monitoring of traffic from source ports distributed over multiple suits and allow destination centralised network capture devices.
Each Rspend session carries the spin traffic over a user-specified dedicated Rspend villain in all participating suites. This villain is then tracked to other suites, allowing the RSPAN session traffic to be transported across multiple suites and delivered to the destination capturing station. RSPAN consists of an RSPAN source session, an RSPAN villain, and an RSPAN destination session. Simple Network Management Protocol SNMP is an Internet standard protocol for collecting and organising information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switchservers, workstations, printers, and more. SNMP is widely used in network management for network monitoring. SNMP exposes management data in the form of variables on the management systems organised in a management information base, which describe the system status and configuration. Three significant versions of SNMP have been developed and deployed. SNMP version one is the original version of the protocol. More recent versions, SNMP versions 2 and 3, feature improvements in performance, flexibility, and security. The SNMP Community String is like a user ID or password that allows access to a router’s or other devices’ statistics. If the community string is correct, the device will respond with the requested information.
If the community string is incorrect, the device simply discusses the requests and does not respond. And the SNMP community string is used in SNMP version one and version two. In addition, there are two kinds of SNMP commit strings: read-only and read-write. In the read-only type, you can access the management information base, but you cannot make any changes. You can access and modify data with the Read-Write type. Also included is the management information base. NetFlow is an embedded instrumentation that characterizes network operation within Cisco’s IOS software. Visibility into the network is an indispensable tool for IT professionals in response to new requirements and pressures.
Network operators are finding it critical to understand how the network is behaving, including application and network usage, network productivity and utilisation of network resources, the impact of changes to the network, network anomalies and security rule variations, and long-term compliance issues. And we have Caslon, and this is the standard for keeping message locks, as you know, in competition. Syslog is a standard for message logging, as IT told you, and it allows separation of the software that generates the messages, the system that stores them, and the software that reports and analyses them. Each message is labelled with a facility code indicating the software type generating the message and assigning a severity label. The meaning of severity levels other than emergency and debugging is relative to the application.
For example, if the purpose of the system is to process transactions to update customer account balance information and the error occurs in the final step, it should be assigned the alert level. However, an error occurring in an attempt to display the zip code of the customer may be assigned an error or even a warning level. The message is usually handled by the server process that includes all levels; for example, if messages are separated by individual server ID, a warning entry will be included in notice info and debug processing. In addition, we have a Syslog Server option. Syslog Server helps collect locks and warnings and send them to a central syslog point. Maybe a NOC network Administrators can easily navigate the large amount of data compiled on a syslog server. And lastly, we have EEM, an embedded event manager. Furthermore, you can define customized custom events and their corresponding actions with this option.