Network Analysis Boot Camp using OBSERVER® Analyzer
Objective: (On Site Only)

This 5 day course is geared to teach students solid, network management and troubleshooting skills using the GigaStor™ network analyzer. This class provides the logical installation and configuration information necessary to ensure that the GigaStor™ is setup properly and capturing data from the network environment. Manage and troubleshoot TCP/IP environments. Know how IP addressing provides for the delivery of packets to the intended destination address. Know how to use the significant bits and bytes in the protocol headers to assist in troubleshooting. Analyze the operations of the TCP layer and look for solutions. Understand the functions of important upper-layer protocols to analyze trace files for erroneous conditions and solve them. The course also covers methodologies to baseline application transactions, profiling specific applications and how to optimize applications. Students learn to troubleshoot common application problems and analyze application components and application performance using a network analyzer.

Course Agenda - Day 1

- Deployment

- Interface Overview

- Understanding Instances

- Active vs. Passive Instances

- Virtual Adapters

- User Configurations

- Capture Configuration

- Acquiring Data in a switched environment (SPAN, TAPs, Aggregation TAPs)

- Network Baseline Techniques

- Response Time Measurement (Determining Network Latency)

- Identifying Common Network Problems

- Importing Snort Rules

- Network Forensics

Course Agenda - Day 2

- Packet Decode Viewer

- Finding Frames / Go-to Frames

- Filtering (Pre, Post, Capture)

- Expert Observer

- Setting Expert Thresholds

- Expert Help

- Connection Dynamics

- SSL Decryption

- Stream Reconstruction

- Server Analysis

- What if Analysis

- Multi Hop Analysis

Course Agenda - Day 3

- Internet Protocol Suite (Background, RFCs, TCP/IP Suite, Addressing)

- Network layer protocols

- IP [Internet Protocol] (IP functions and addressing)

- Sub netting and subnet masks, IP routers, IP Type of Service, Differentiated Services


- IP fragmentation and reassembly, IP options and common problems

- Voice Over IP (VOIP, Jitter, RTP, H.323, SCCP, SIP)

- IP Version 6

- IP Multicasting

- ARP and Reverse ARP [Address Resolution Protocol] (Frame formats)

- DHCP [Dynamic Host Configuration Protocol] (Options and frame format)

- Internet Gateways (Routing algorithms – static and dynamic)

- ICMP (Internet Control Message Protocol)

- Vector distance and link state routing protocols

- RIP [Routing Information Protocol] (Slow Convergence)

- OSPF [Open Shortest Path First] (Frame formats and message types)


- Troubleshooting IP problems with a network analyzer

Course Agenda - Day 4

- Transport layer protocols

- TCP [Transmission Control Protocol] (Functions of TCP, TCP header fields)

- TCP ports and sockets, common ports

- 3 Way Handshake (Starting a connection, Flow control, Sliding Window)

- Adaptive retransmission, Closing TCP connections, Optimizing segment sizes

- Windows TCP stack, Selective Acks and Window Scaling

- Common TCP problems and troubleshooting tips

- User Datagram Protocol [UDP] header

Course Agenda - Day 5

- How to baseline an application

- Application Profiling

- Measuring Application Performance

- Defining Application Transactions

- Measuring Transaction Delay

- Measuring Response time

- Measuring Round trips or Application Turns

- Application Threads and Flows

- Network Errors causes and actions

- Application layer protocols that use TCP

- Troubleshooting HTTP Application Protocol Problems

- Multi Tiered Application Troubleshooting