Wednesday, June 30, 2010

Network Monitor

Ok I’ve posted enough rants about the state of the Gaming Industry recenetly. Now it’s time get back to the hardcore tech!

Over the past fortnight, I’ve been working like a dog on issues around a new firewall implementation. I won’t go into those issues because quite frankly, they’re pretty boring. However I’ll talk about one thing I’d recommend any IT pro or enthusiast become familiar with.

The art of Network Packet Analysis.

Being the Microsoft fan boy that I am :) ... I’ve been using Network Monitor and it’s been serving me well troubleshooting issues with my bastard firewall implementation.

So to begin your journey into the wonderful world of layers 2 and 3, you can load up NetWork monitor and then select what interface you want it to listen on. Then select New Capture.

Then click start

As soon as you click start you’ll see there’s probably a whole bunch of frames streaming in and your brain will be frozen by data overload (well ok mine usually will be anyway).

In this situation it’s a good idea to filter your data. To start with select the display filter

Now try these filters;

To filter by address Ipv4.address == (or what ever IP your like)
To filter by port tcp.port == 80 (port 80 is for web traffic but we all know that... check this link out for more ports!)
To filter by application Conversation.ProcessName == "wspsrv.exe"
Note you can string multiple filters together by using an “and”.

Once you’ve found data that is relevant you can right click on a frame and select Find Conversations, obviously this will show you all frames in a given conversation.

Interpreting the data provided by an application like this can be tricky but the more you do it the better you become at it. I would encourage anyone working in the field to become at least vaguely familiar with tools like this one.

No comments:

Post a Comment