Ronald A. Weist
Network Engineer Candidate
Network Experience | Hardware Experience | Software Experience | Resume Home | Network Diagrams | Scopes of Work | Internal Proposals |
Customer Scopes of Work
Intrusion Detection System | Packeteer Packetshaper | Network Sniffer |
Dial Backup Scope | Line Upgrade | Site-to-site PIX VPN Scope |
Network Sniffer Scope of Work
Logo Removed
|
Address Removed
City, State and Zip Removed Phone Number Removed Fax Number Removed |
|
Date
|
Engineer Instructions
2hr Sniff
Scope Of Work
I.
Attach to
network in one place
II.
Run a Capture
III.
Show data to
customer
IV.
Things to avoid
I.
Attach to the
network in one place
A. Find a suitable location
1. Find a network line where most traffic converges
a. Do not plug into a switch
i.
A switch divides
the collision domain
ii.
You will miss
all non-broadcast traffic
b. Insert a hub
inline where necessary
c. This is typically on the way to a resourse
i.
Central server
ii.
Internet
connection
2. Do not disconnect anyone without permission
B. Boot the Sniffer
C. Configure the network information
1. Get a correct IP and/or IPX address for the current
segment
2. Set the correct gateways
D. Reboot to make the changes take effect
II.
Run a Capture
A. Open data display windows
1. Host Table
2. Matrix
3. Global Statistics
4. Applications
B. Start capture
1. Let the capture run for at least 15 minutes
a. Add 30 seconds per node
b. Never go longer than 30 minutes
2. Discuss the customer’s network drawing
a. Determine if it is correct
b. Make changes to the drawing as needed in pencil
C. Stop and Display, and save the capture
III.
Show data to
customer
A. Open the Expert window
B. Objects
1. Look at each icon on the left
2. Note any irregularities in the text window
3. Show them the protocol distribution and the host
table
a. Show the top talkers
b. Show the top protocols in use
c. Show them the graph
d. Print the graph and related spread sheet
4. Do not spend more than 20 minutes in this area
C. Symptoms
1. Look at the icons with numbers
2. Explain that these are warning signs
3. Give a 45 second description of some of the major
problems
a. Look at the top 5 addresses or issues causing
problems
b. Give a possible example of a cause
4. Do not spend more than 20 minutes total in this area
D. Diagnosis
1. Look at the icons with numbers
2. Explain that these areas are normally critical
3. Give a 45 second description of some of the major
problems
a. Look at the top 5 addresses or issues causing the
problems
b. Go to the decoder for these 5 items
c. Show them more details that verify your hunches
4. Do not spend more than 20 minutes total in this area
IV.
Things to avoid
A. Do not disconnect anything from the network
1. Consult with customer if this is necessary to insert
a hub to overcome a broadcast and collision domain issue
2. Take good notes so the network will be returned to
its exact configuration before the Sniff
B. Do not change any configurations of network equipment
1. This should never be done
2. If the customer needs a configuration change for a
Sniff to be done, the project must be bid on appropriately and scheduled for a
different day
C. Do not offer any advice to the client
1. The purpose of a Sniff is to show the exact condition
a network is in
2. Any changes to the network that need to be made by us
will be bid on appropriately and scheduled for a different day.
Customer must provide the
necessary network addressing (IP, IPX) and protocol information prior to
technician’s arrival.
Customer must provide a
valid network address for the Sniffer to use.
Customer must provide a
detailed, accurate, network drawing to facilitate plugging the Sniffer into a
port that will maximize its data collection capabilities.
Customer must include any
firewall information, access lists, etc. that may impede the Sniffer from
gathering network information.
Customer must provide a
detailed list of the types of traffic (a list of the programs running) that the
servers and clients use.
Customer is responsible for
providing a sufficient space in the Computer Room for setting up the Sniffer.
Customer is responsible for
providing a sufficient number of power outlets to run the equipment. These
outlets should be isolated from an electrical circuit that may create electronic
interference with data communications equipment.
Customer is also responsible
for providing the appropriate operating environment for these products as
described by the manufacturer of the equipment.
All work must be done
within normal business hours (Monday to Friday, 8:00am to 5:00pm). Projects
requiring labor outside of these hours will be charged at a premium overtime
rate.