Engineer Instructions

2hr Sniff

 Scope Of Work

 

PROJECT OUTLINE

 

I.                     Attach to network in one place

II.                   Run a Capture

III.                  Show data to customer

IV.               Things to avoid

 

DETAILED SCOPE OF WORK

 

I.                     Attach to the network in one place

A.     Find a suitable location

1.      Find a network line where most traffic converges

a.      Do not plug into a switch

                                                                                                                                      i.      A switch divides the collision domain

                                                                                                                                    ii.      You will miss all non-broadcast traffic

b.       Insert a hub inline where necessary

c.      This is typically on the way to a resourse

                                                                                                                                      i.      Central server

                                                                                                                                    ii.      Internet connection

2.      Do not disconnect anyone without permission

B.     Boot the Sniffer

C.    Configure the network information

1.      Get a correct IP and/or IPX address for the current segment

2.      Set the correct gateways

D.    Reboot to make the changes take effect

 

II.                   Run a Capture

A.     Open data display windows

1.      Host Table

2.      Matrix

3.      Global Statistics

4.      Applications

B.     Start capture

1.      Let the capture run for at least 15 minutes

a.      Add 30 seconds per node

b.      Never go longer than 30 minutes

2.      Discuss the customer’s network drawing

a.      Determine if it is correct

b.      Make changes to the drawing as needed in pencil

C.    Stop and Display, and save the capture

 

III.                  Show data to customer

A.     Open the Expert window

B.     Objects

1.      Look at each icon on the left

2.      Note any irregularities in the text window

3.      Show them the protocol distribution and the host table

a.      Show the top talkers

b.      Show the top protocols in use

c.      Show them the graph

d.      Print the graph and related spread sheet

4.      Do not spend more than 20 minutes in this area

C.    Symptoms

1.      Look at the icons with numbers

2.      Explain that these are warning signs

3.      Give a 45 second description of some of the major problems

a.      Look at the top 5 addresses or issues causing problems

b.      Give a possible example of a cause

4.      Do not spend more than 20 minutes total in this area

D.    Diagnosis

1.      Look at the icons with numbers

2.      Explain that these areas are normally critical

3.      Give a 45 second description of some of the major problems

a.      Look at the top 5 addresses or issues causing the problems

b.      Go to the decoder for these 5 items

c.      Show them more details that verify your hunches

4.      Do not spend more than 20 minutes total in this area

 

IV.               Things to avoid

A.     Do not disconnect anything from the network

1.      Consult with customer if this is necessary to insert a hub to overcome a broadcast and collision domain issue

2.      Take good notes so the network will be returned to its exact configuration before the Sniff

B.     Do not change any configurations of network equipment

1.      This should never be done

2.      If the customer needs a configuration change for a Sniff to be done, the project must be bid on appropriately and scheduled for a different day

C.    Do not offer any advice to the client

1.      The purpose of a Sniff is to show the exact condition a network is in

2.      Any changes to the network that need to be made by us will be bid on appropriately and scheduled for a different day.

 

CUSTOMER RESPONSIBILITIES:

 

1.      Configuration Information

 

Customer must provide the necessary network addressing (IP, IPX) and protocol information prior to technician’s arrival.

 

Customer must provide a valid network address for the Sniffer to use.

 

Customer must provide a detailed, accurate, network drawing to facilitate plugging the Sniffer into a port that will maximize its data collection capabilities.

 

Customer must include any firewall information, access lists, etc. that may impede the Sniffer from gathering network information.

 

Customer must provide a detailed list of the types of traffic (a list of the programs running) that the servers and clients use.

 

2.      Environmental Factors

 

Customer is responsible for providing a sufficient space in the Computer Room for setting up the Sniffer.

 

Customer is responsible for providing a sufficient number of power outlets to run the equipment. These outlets should be isolated from an electrical circuit that may create electronic interference with data communications equipment.

 

Customer is also responsible for providing the appropriate operating environment for these products as described by the manufacturer of the equipment.

 

EXCLUSIONS:

 

1.      Hours Of Work

All work must be done within normal business hours (Monday to Friday, 8:00am to 5:00pm). Projects requiring labor outside of these hours will be charged at a premium overtime rate.