Connectivity Testing & Packet Capture(M6.2)

 Connectivity Testing

Cabling

Software Testing with Ping

Path Characteristics

Path characteristics deals with investigating a paths behavior and performance.

Path Discovery with traceroute

Traceroute, a tool used to discover the links along a path. While this is the first step in investigating a path’s behavior and performance, it is useful for other tasks as well.

Path discovery is also an essential step in diagnosing routing problems. 

While you may fully understand the structure of your network and know what path you want your packets to take through your network, knowing the path your packets actually take is essential information and may come as a surprise.

Once packets leave your network, you have almost no control over the path they actually take to their destination. You may know very little about the structure of adjacent networks. Path discovery can provide a way to discover who their ISP is, how your ISP is connected to the world, and other information such as peering arrangements. traceroute is the tool of choice for collecting this kind of information. 

#Options
Two options control how much information is printed. Name resolution can be disabled with the -n option. This can be useful if name resolution fails for some reason or if you just don’t want to wait on it. The -v option is the verbose flag. With this flag set, the source and packet sizes of the probes will be reported for each packet. If other ICMP messages are received, they will also be reported, so this can be an important option when troubleshooting.
Several options may be used to alter the behavior of traceroute.

#Complications with traceroute
The information traceroute supplies has its limitations. In some situations, the results returned by traceroute have a very short shelf life. This is particularly true for long paths crossing several networks and ISPs. 

Path Performance

Once you have a picture of the path your traffic is taking, the next step in testing is to get some basic performance numbers. Evaluating path performance will mean doing three types of measurements. 

Bandwidth measurements will give you an idea of the hardware capabilities of your network, such as the maximum capacity of your network. 

Throughput measurements will help you discover what capacity your network provides in practice, i.e., how much of the maximum is actually available. 

Traffic measurements will give you an idea of how the capacity is being used.

#Performance Measurements

Two factors determine how long it takes to send a packet or frame across a single
link. The amount of time it takes to put the signal onto the cable is known as the
transmission time or transmission delay. This will depend on the transmission rate
(or interface speed) and the size of the frame. The amount of time it takes for the
signal to travel across the cable is known as the propagation time or propagation
delay. Propagation time is determined by the type of media used and the distance
involved.

Once we move to multihop paths, a third consideration enters the picture—the
delay introduced from processing packets at intermediate devices such as routers
and switches. This is usually called the queuing delay.

#Bandwidth Measurements

Bandwidth really measures the capabilities of our hardware. If bandwidth is not adequate, you will need to reexamine your equipment.

ping revisited

pathchar

bing

Packet pair software

#Throughput Measurements

Throughput is typically measured by timing the transfer of a large block of data.
This may be called the bulk transfer capacity of the link.

Poor throughput can result not only from inadequate hardware but also from
architectural issues such as network design. For example, a broadcast domain that
is too large will create problems despite otherwise adequate hardware. The solu-
tion is to redesign your network, breaking apart or segmenting such domains once
you have a clear understanding of traffic patterns.

ttcp - One of the oldest bulk capacity measurement tools is ttcp.

netperf

iperf

Other related tools

You may also want to consider several similar or related tools. treno uses a
traceroute-like approach to calculate bulk capacity, path MTU, and minimum RTP.

treno is part of a larger Internet traffic measurement project at NLANR. treno
servers are scattered across the Internet. 

In general, netperf, iperf, and treno offer a wider range of features, but ttcp is gen-
erally easier to find.

#Traffic Measurements with netstat

There are three basic approaches you can take. 

First, the quickest way to get a summary of the activity on a link is to use a tool such as netstat. Or you can use packet capture to look at traffic. Finally, you could use SNMP-based tools like ntop. 

Packet Capture

 

• Packet capture and analysis is the most powerful technique which is the ultimate troubleshooting tool. 
• If you really want to know  what is happening on your network, you will need to capture traffic. 
• No other tool provides more information.

#Traffic Capture Tools

Packet capture is the real-time collection of data as it travels over networks. Tools for the capture and analysis of traffic go by a number of names including packet sniffers, packet analyzers, protocol analyzers, and even traffic monitors.

 

Although there is some inconsistency in how these terms are used, the primary difference is
in how much analysis or interpretation is provided after a packet is captured.

 

Packet sniffers generally do the least amount of analysis, while protocol analyzers
provide the greatest level of interpretation. Packet analyzers typically lie somewhere in between. All have the capture of raw data as a core function. Traffic monitors typically are more concerned with collecting statistical information, but many support the capture of raw data. Any of these may be augmented with additional functions such as graphing utilities and traffic generators.

 

While packet capture might seem like a low-level tool, it can also be used to examine what is happening at higher levels, including the application level, because of the way data is encapsulated. 

 

#Access to Traffic

You can capture traffic only on a link that you have access to. If you can’t get
traffic to an interface, you can’t capture it with that interface.

 

Lack of access to data can become a serious problem, however, when you must
capture that traffic. There are several basic approaches to overcome this problem.

 

• First, you can try to physically go to the traffic by using a portable computer to collect the data. This has the obvious disadvantage of requiring that you travel to the site. This may not be desirable or possible 
• Another approach is to have multiple probe computers located throughout your network.

When dealing with switches, there are two common approaches you can take.

--One approach is to augment the switch with a spare hub.

--A second possibility with some switches is to duplicate the traffic from one port onto another port.

 

#Capturing Data

•  Packet capture may be done by software running on a networked host or by hardware/software combinations designed specifically for that purpose. 
• Devices designed specifically for capturing traffic often have high-performance interfaces, that can capture large amounts of data without loss. These devices will also capture frames with framing errors—frames that are often silently discarded with more
  conventional interfaces. 
• More conventional interfaces may not be able to keep up with high traffic levels so packets will be lost.

#tcpdump

#Analysis Tools

#Packet Analyzers

#Darkside of Packet Capture