July 01, 2001

Network Uptime - July 1, 2001

===================== Network Uptime =====================

The Resource for Network Management and Protocol Analysis Professionals
A Newsletter of http://www.NetworkUptime.com
Issue 02 00 00 01 00 07 00 01
July 1, 2001
ISSN: 1529-6938

This Issue:

* Starting Delimiter - The Beginning of Summer and the Fall of the Network
* Surf Report - Tek-Tips Forums
* Network Tutorial - Basic Packet Filtering (www.Packet-Level.com)
* Network Security - Security Auditing with dsniff
* Network Uptime Analysis Tip - Multi-Segment Network Analysis
* Ending Delimiter

*** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Starting Delimiter
- The Beginning of Summer and the Fall of the Network -

For those of us in the Northern Hemisphere, it's officially Summer. The air conditioning is working overtime, the flowers are in bloom, and the networking industry has hit bottom (this is hopefully the beginning of the rebuilding process). The Ciscos and potential Cisco-killers have either abandoned ship, or have downsized to a smaller vessel. Purchasing patterns for nearly every organization have changed in the last year, and they all have the same goal - do more with less.

If you managed to get those infrastructure changes completed last year, good for you. If you're trying to get your new hardware _this_ year, I wish you the best of luck. New equipment purchases in the United States are met with raised eyebrows; it's tough to justify new equipment purchases in our current economic climate.

Many network managers are using creative ways to get more for less. There's an amazing amount of hardly-used dot-com infrastructure for sale at bargain prices (much to the manufacturer's chagrins). Routers and switches have become commodities, and you can almost visit the local farmer's market to get the best price on dairy cows, extra-large eggs, and 2900 series Cisco switches.

Where does that leave us, the network troubleshooting team? In most environments, the network analysis experts are also the router configuration team, the switch maintenance crew, and/or the end-user support staff. Those of us who focus solely on network analysis and troubleshooting are a rare find, and usually only in the largest of organizations.

If the integration of new network equipment begins to decline, some work usually shifts into 'maintenance mode.' There are _always_ ways to make the network more efficient with a minimum of effort. For those who want a definition for 'minimum of effort,' that's management-speak for 'don't spend any money.'

Almost every network can benefit from some minor tweaking around the edges, and sometimes throughout the heart of the backbone. Superfluous broadcasts can be eliminated, routing configurations can be optimized, and unnecessary spanning-tree configurations can be eliminated. In many cases, small changes
to the devices connected to the network can create a much more efficient end-user experience. It's amazing how much overhead can be created by poorly written device drivers, mis-matched application versions, non-optimized switch configurations, or incorrectly sized application servers.

It's this network efficiency auditing that should be the silver-lining of our cloudy Internet-suffering networking economy. Network efficiency experts are now the most-wanted individuals in today's organizations. In a rare convergence of an organization's political and technological objectives, network propeller-heads are now in a position to make a very powerful contribution to the bottom line.

Here's our challenge as technical people - _quantify_ these network efficiency improvements into real-money cost savings. Dollars speak much louder than any other bullet-point on your annual review. If changing the MTU or window size of a server's TCP stack allowed an organization's mission-critical application to run more efficiently, how much money did the organization save? What other money-making processes can now occur because of this increase of efficiency? How much more salary will you make at the end of the year because of your efficiency studies?

The savvy network analysis team should already be in the process of creating a real-world political spin that will move up the management chain. If you're working on real savings for the organization, then you deserve some recognition. It's now more difficult to move between jobs and get that big raise, so here's a great way to create some visible self-worth before the end-of-year job evaluations. Don't miss this opportunity - your organization will be in a different economical and political climate by this time next year.

- James 'Carpe Diem' Messer
Editor, Network Uptime

*** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Network Uptime Surf Report
- Tek-Tips Forums -
- http://www.tek-tips.com -

As propeller-heads, we're often tasked with testing, managing, or using a product with which we're not familiar. Although training classes are a powerful learning tool, not everyone is in a position to attend a training course for every possible product that falls within their realm of responsibility.

Tek-Tips bills itself as 'Technical Work Forums for Computer Professionals,' and I've found their forums to be a wealth of information. End-users, technical professionals, and vendors keep the forum information updated and informational.

Network Uptime is a member of the Tek-Tips partner program. To sign up for your free Tek-Tips membership, use the form on the Network Uptime Links page:


*** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Network Tutorial
- Basic Packet Filtering -
- http://www.Packet-Level.com -

Laura Chappell has created a number of helpful network analysis tips on her web site. This tutorial on Basic Packet Filtering uses screen-shots from the Network Associates Sniffer, but the information in the tutorial can be applied to almost any network analyzer.

A PDF of the Basic Packet Filtering tutorial can be found at:


Visit the Packet-Level.com archives for more tutorials!


*** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Network Security
- Security Auditing with dsniff -
- http://www.monkey.org/~dugsong/dsniff/ -

How secure is _your_ network? You may be surprised after running a few of the tools included with dsniff, a powerful collection of network auditing and penetration tools. If you thought your network was safe from prying eyes due to the directed-traffic nature of layer-2 network switching, then you'll probably be amazed at the capabilities of dsniff to spoof your local gateway to obtain access to the data traversing your network!

Are you concerned about network security? You should be. These dsniff tools are available to help secure or audit existing network configurations. The unique twist to these tools are the included arpspoof that redirects traffic from the local workstation to the dsniff machine. IP Forwarding at the dsniff system sends the traffic to the router, completing the redirect. With this system in place, traffic can be analyzed without making any changes to switches, routers, or adding additional 'taps' to the network!

ARP spoofing is effective, but it can affect network availability if improperly implemented. Be SURE to test and verify before using this tool on your network!

Find dsniff at:


*** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Network Uptime Analysis Tip
- Multi-Segment Network Analysis -

Most network analyzers are designed to provide information about a single network at a time. However, some of the latest software-based network analyzers can provide analysis from multiple links simultaneously. If this feature is supported in your analyzer, it can provide a method of watching the connections into and out-of a router or switch.

Since this kind of multi-segment analyzer uses a single clock source, precise packet timings can be compared across traces taken from different networks. This can be very helpful in determining router latency, since a WAN link and a LAN link can be captured simultaneously. Multi-tiered applications using multiple network links can be examined to determine exact latency time in a server.

Not all analyzers support data capture across multiple cards simultaneously. Check with your analyzer manufacturer to determine the capabilities and resource requirements for your analyzer!

*** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

Ending Delimiter

If you're reading a forwarded copy of Network Uptime, sign up for your own FREE subscription:


Promote Network Uptime! Add Network Uptime graphics and banners to your web page:


To unsubscribe from Network Uptime, use the above URL, or email Majordomo@NetworkUptime.com with the following text in the body of the message:

unsubscribe NetworkUptime

For questions or comments, email us at James@NetworkUptime.com or visit the Network Uptime web page at http://www.NetworkUptime.com!

==== End of Network Uptime ISSN: 1529-6938 Issue 02 00 00 01 00 07 00 01 (c)2001, NetworkUptime.com, Inc. http://www.NetworkUptime.com ====

Posted by james_messer at July 1, 2001 02:44 PM