1
00:00:00,270 --> 00:00:01,140
In this video,

2
00:00:01,140 --> 00:00:02,969
we're going to discuss various software tools

3
00:00:02,969 --> 00:00:04,050
that are used in troubleshooting

4
00:00:04,050 --> 00:00:06,660
and configuring our networks and network devices.

5
00:00:06,660 --> 00:00:08,167
This includes wifi analyzers,

6
00:00:08,167 --> 00:00:11,010
protocol analyzers and packet captures,

7
00:00:11,010 --> 00:00:13,470
bandwidth speed tests, port scanners,

8
00:00:13,470 --> 00:00:15,960
NetFlow analyzers, and IP scanners.

9
00:00:15,960 --> 00:00:18,138
First, we have wireless analyzers,

10
00:00:18,138 --> 00:00:20,370
which is a specialized piece of software

11
00:00:20,370 --> 00:00:22,350
that can be used to conduct wireless surveys

12
00:00:22,350 --> 00:00:23,850
to ensure you have the proper coverage

13
00:00:23,850 --> 00:00:26,250
and it helps you prevent any non-desired overlap

14
00:00:26,250 --> 00:00:28,230
between wireless access point coverage zones

15
00:00:28,230 --> 00:00:29,340
and channels.

16
00:00:29,340 --> 00:00:31,290
Now, if you're concerned with the channels in use

17
00:00:31,290 --> 00:00:33,150
and their signal strength for a given area,

18
00:00:33,150 --> 00:00:36,000
you can use a view inside of a wifi analyzer

19
00:00:36,000 --> 00:00:39,450
to display the SSID of each network detected in that area,

20
00:00:39,450 --> 00:00:40,860
their relative signal strength,

21
00:00:40,860 --> 00:00:42,450
and the channel they're using.

22
00:00:42,450 --> 00:00:43,890
Here, you can see that most

23
00:00:43,890 --> 00:00:45,697
of the 2.4 gigahert wifi networks

24
00:00:45,697 --> 00:00:48,450
are in use and are centered on channel one,

25
00:00:48,450 --> 00:00:50,930
with four others being located on channel six.

26
00:00:50,930 --> 00:00:53,730
Now, channel 11 is not being heavily utilized at all.

27
00:00:53,730 --> 00:00:56,310
It only has one network called home.

28
00:00:56,310 --> 00:00:59,490
This is being located on Channel 11 as the home network,

29
00:00:59,490 --> 00:01:01,440
but there are four other wireless networks

30
00:01:01,440 --> 00:01:04,110
located at channel nine, and this could cause interference

31
00:01:04,110 --> 00:01:06,300
for both channel six and channel 11,

32
00:01:06,300 --> 00:01:08,640
as you can clearly see their overlapping frequencies

33
00:01:08,640 --> 00:01:10,320
on this visualization.

34
00:01:10,320 --> 00:01:11,850
Now, in addition to this view,

35
00:01:11,850 --> 00:01:14,610
you can also overlap the coverage zones on a floor plan

36
00:01:14,610 --> 00:01:18,090
using a wifi analyzer as part of a wireless site survey.

37
00:01:18,090 --> 00:01:20,667
This displays the location of the wireless access points

38
00:01:20,667 --> 00:01:21,780
and the signal strength

39
00:01:21,780 --> 00:01:24,150
that's radiating from each of those access points.

40
00:01:24,150 --> 00:01:26,369
In this example, you can see the entire office building

41
00:01:26,369 --> 00:01:28,470
is pretty well covered in wifi

42
00:01:28,470 --> 00:01:30,360
as it's shown by the green coverage areas,

43
00:01:30,360 --> 00:01:32,459
but there is a small area of yellow and orange

44
00:01:32,459 --> 00:01:34,350
on the leftmost wall.

45
00:01:34,350 --> 00:01:35,208
As you exit the building,

46
00:01:35,208 --> 00:01:37,560
you'll see more areas of orange and red,

47
00:01:37,560 --> 00:01:40,500
which indicates areas of lower signal strength too.

48
00:01:40,500 --> 00:01:41,430
Due to the left wall

49
00:01:41,430 --> 00:01:43,590
having a large orange and yellow coverage area,

50
00:01:43,590 --> 00:01:45,750
we may want to suggest adding another access point

51
00:01:45,750 --> 00:01:47,340
in this area of the building.

52
00:01:47,340 --> 00:01:48,300
This would allow us to have more

53
00:01:48,300 --> 00:01:49,650
wireless networking capabilities

54
00:01:49,650 --> 00:01:52,080
on that part of the building if we needed to.

55
00:01:52,080 --> 00:01:55,159
Next, we have protocol analyzers and packet capturing tools.

56
00:01:55,159 --> 00:01:57,306
Now, a protocol analyzer is used to capture

57
00:01:57,306 --> 00:01:59,021
and analyze signals and data traffic

58
00:01:59,021 --> 00:02:01,050
over a communication channel.

59
00:02:01,050 --> 00:02:03,069
In networking, we most commonly use a software tool

60
00:02:03,069 --> 00:02:05,406
known as Wireshark as a protocol analyzer.

61
00:02:05,406 --> 00:02:06,889
Now, a packet capturing tool

62
00:02:06,889 --> 00:02:09,180
is going to be used to capture packets running

63
00:02:09,180 --> 00:02:11,430
over a network connection in real time,

64
00:02:11,430 --> 00:02:13,254
and then save them for later analysis.

65
00:02:13,254 --> 00:02:14,790
This lets you intercept,

66
00:02:14,790 --> 00:02:17,190
log and analyze the network traffic and data

67
00:02:17,190 --> 00:02:19,019
in order to fully identify, classify,

68
00:02:19,019 --> 00:02:20,970
and troubleshoot network traffic

69
00:02:20,970 --> 00:02:24,090
based on its application type, source, and destination.

70
00:02:24,090 --> 00:02:26,460
A tool like Wireshark contains both a protocol analyzer

71
00:02:26,460 --> 00:02:28,330
and a packet capture functionality,

72
00:02:28,330 --> 00:02:31,440
making it a great all-in-one tool for you to use.

73
00:02:31,440 --> 00:02:33,232
Now, Wireshark and other protocol analyzers

74
00:02:33,232 --> 00:02:35,340
are going to be used to troubleshoot your networks

75
00:02:35,340 --> 00:02:37,003
when they're experiencing performance issues.

76
00:02:37,003 --> 00:02:40,050
By using Wireshark, you can see a breakdown of each packet

77
00:02:40,050 --> 00:02:41,217
that's flowing across the network,

78
00:02:41,217 --> 00:02:43,080
and you can validate if things are operating

79
00:02:43,080 --> 00:02:44,880
as they should inside your network.

80
00:02:44,880 --> 00:02:46,661
Cybersecurity professionals also use Wireshark

81
00:02:46,661 --> 00:02:49,336
and other packet captures and protocol analyzers

82
00:02:49,336 --> 00:02:51,060
to be able to trace connections,

83
00:02:51,060 --> 00:02:53,640
view the content of suspected network transactions,

84
00:02:53,640 --> 00:02:56,940
and identify bursts of network traffic as either suspicious,

85
00:02:56,940 --> 00:02:58,620
malicious, or benign.

86
00:02:58,620 --> 00:02:59,850
In addition to Wireshark,

87
00:02:59,850 --> 00:03:01,366
there are many other protocol analyzers

88
00:03:01,366 --> 00:03:03,612
out there in the field, including Ethereal,

89
00:03:03,612 --> 00:03:07,021
Protocol Expert, Netasyst, Network Analyzer,

90
00:03:07,021 --> 00:03:09,030
Network Instruments Observer,

91
00:03:09,030 --> 00:03:11,100
LANHound, and EtherPeek.

92
00:03:11,100 --> 00:03:13,388
As for packet capture or packet sniffing tools,

93
00:03:13,388 --> 00:03:15,840
Wireshark can also perform this function,

94
00:03:15,840 --> 00:03:19,631
but so does tcpdump, WinDump, PRTG network monitor,

95
00:03:19,631 --> 00:03:23,310
SolarWinds Network Performance Monitor, and NetworkMiner.

96
00:03:23,310 --> 00:03:25,386
Next, we have bandwidth speed testing tools.

97
00:03:25,386 --> 00:03:28,260
There are several local area network speed test tools

98
00:03:28,260 --> 00:03:29,999
that exist, and there's also many websites

99
00:03:29,999 --> 00:03:32,460
that will allow you to conduct an end-to-end speed test

100
00:03:32,460 --> 00:03:34,860
from your client to their internet servers.

101
00:03:34,860 --> 00:03:36,360
Now, a bandwidth speed test tool

102
00:03:36,360 --> 00:03:37,710
should be more accurately described

103
00:03:37,710 --> 00:03:40,740
as a throughput test tool though because remember,

104
00:03:40,740 --> 00:03:43,380
real-world throughput is the speed from your client

105
00:03:43,380 --> 00:03:45,240
to the endpoint device and back,

106
00:03:45,240 --> 00:03:47,520
whereas bandwidth is the theoretical limit.

107
00:03:47,520 --> 00:03:49,320
Essentially, these tools are going to download

108
00:03:49,320 --> 00:03:51,300
a large random file from a server,

109
00:03:51,300 --> 00:03:54,060
and then turn around and upload it back to that same server.

110
00:03:54,060 --> 00:03:56,010
During this download and upload process,

111
00:03:56,010 --> 00:03:57,690
the server measures the amount of time it took

112
00:03:57,690 --> 00:04:00,270
to download that file and then upload it again.

113
00:04:00,270 --> 00:04:02,460
This gives you a real-world measure of the throughput

114
00:04:02,460 --> 00:04:04,320
across your network from the client

115
00:04:04,320 --> 00:04:05,970
all the way to that server.

116
00:04:05,970 --> 00:04:08,040
Now, a local area network version of this

117
00:04:08,040 --> 00:04:09,457
is going to do the same exact thing,

118
00:04:09,457 --> 00:04:11,940
but it's going to be conducted by a network appliance

119
00:04:11,940 --> 00:04:14,670
or a piece of software that you connect to the network.

120
00:04:14,670 --> 00:04:16,649
This type of speed test works much the same way

121
00:04:16,649 --> 00:04:18,750
as the internet speed test I just described,

122
00:04:18,750 --> 00:04:20,820
except your data transfer only occurs

123
00:04:20,820 --> 00:04:22,170
over the local area network

124
00:04:22,170 --> 00:04:23,910
from one client to another client,

125
00:04:23,910 --> 00:04:25,590
measuring the time it takes to send and receive

126
00:04:25,590 --> 00:04:27,270
that test file locally.

127
00:04:27,270 --> 00:04:29,040
If you need to determine if your internet connection

128
00:04:29,040 --> 00:04:30,360
is performing adequately,

129
00:04:30,360 --> 00:04:32,400
you can use an internet bandwidth speed test

130
00:04:32,400 --> 00:04:34,200
like speedtest.net.

131
00:04:34,200 --> 00:04:36,120
If you need to determine if your local area network

132
00:04:36,120 --> 00:04:37,350
performance is adequate,

133
00:04:37,350 --> 00:04:39,507
then you're going to use a local area network version of this,

134
00:04:39,507 --> 00:04:43,110
something like LAN Speed Test or HELIOS LanTest software

135
00:04:43,110 --> 00:04:44,580
to meet this need.

136
00:04:44,580 --> 00:04:46,290
Next, we have port scanners.

137
00:04:46,290 --> 00:04:48,000
A port scanner is a software tool

138
00:04:48,000 --> 00:04:50,970
that's used to determine which ports are open on a network.

139
00:04:50,970 --> 00:04:52,980
Running a port scan on a network or server

140
00:04:52,980 --> 00:04:55,500
is going to reveal which ports are open and listening

141
00:04:55,500 --> 00:04:57,180
or ready to receive information,

142
00:04:57,180 --> 00:04:59,220
as well as revealing the presence of security devices

143
00:04:59,220 --> 00:05:02,250
such as firewalls that may be present between the sender

144
00:05:02,250 --> 00:05:03,390
and the target.

145
00:05:03,390 --> 00:05:06,060
Now, a port scan can send a carefully prepared packet

146
00:05:06,060 --> 00:05:07,143
to each destination port,

147
00:05:07,143 --> 00:05:09,570
and then analyze the response it receives back

148
00:05:09,570 --> 00:05:12,900
to determine if that port is open, closed, or filtered.

149
00:05:12,900 --> 00:05:14,550
Now, there are many different software-based

150
00:05:14,550 --> 00:05:15,990
port scanning tools available.

151
00:05:15,990 --> 00:05:18,870
One of the most common is Nmap: the Network Mapper,

152
00:05:18,870 --> 00:05:21,000
but there are lots of others out there as well,

153
00:05:21,000 --> 00:05:24,120
including the SolarWinds Port Scanner and Lansweeper.

154
00:05:24,120 --> 00:05:26,142
Next, we have NetFlow analyzers.

155
00:05:26,142 --> 00:05:28,470
A NetFlow analyzer is a software tool

156
00:05:28,470 --> 00:05:30,660
used to perform monitoring, troubleshooting,

157
00:05:30,660 --> 00:05:32,580
in-depth inspection, interpretation,

158
00:05:32,580 --> 00:05:34,950
and synthesis of traffic flow data.

159
00:05:34,950 --> 00:05:36,219
By analyzing NetFlow data,

160
00:05:36,219 --> 00:05:38,760
you can more accurately conduct capacity planning

161
00:05:38,760 --> 00:05:41,010
and ensure that resources are being appropriately used

162
00:05:41,010 --> 00:05:43,290
in support of your organizational goals.

163
00:05:43,290 --> 00:05:45,180
For example, using NetFlow data,

164
00:05:45,180 --> 00:05:46,620
we can see what types of traffic

165
00:05:46,620 --> 00:05:48,641
is consuming all the resources on a network.

166
00:05:48,641 --> 00:05:49,950
Is most of your bandwidth

167
00:05:49,950 --> 00:05:51,690
being used by people going on Facebook?

168
00:05:51,690 --> 00:05:52,680
How about Twitter?

169
00:05:52,680 --> 00:05:54,480
What about Gmail or Exchange?

170
00:05:54,480 --> 00:05:56,310
Depending on your organizational requirements,

171
00:05:56,310 --> 00:05:58,230
you may not want a lot of your bandwidth being used

172
00:05:58,230 --> 00:05:59,970
by people browsing social media,

173
00:05:59,970 --> 00:06:01,738
but if you're a social media marketing company,

174
00:06:01,738 --> 00:06:03,600
you would expect to have a large number of people

175
00:06:03,600 --> 00:06:05,130
on Facebook all day work,

176
00:06:05,130 --> 00:06:07,050
and that would be completely appropriate.

177
00:06:07,050 --> 00:06:09,480
By using NetFlow, you're going to be able to see that traffic

178
00:06:09,480 --> 00:06:11,550
and determine what looks right to you.

179
00:06:11,550 --> 00:06:13,873
Now, in addition to looking at specific websites being used,

180
00:06:13,873 --> 00:06:16,020
you can also look at the application type

181
00:06:16,020 --> 00:06:17,430
that's generating that traffic,

182
00:06:17,430 --> 00:06:20,610
such as web, NetBIOS, voiceover IP services,

183
00:06:20,610 --> 00:06:22,484
ICMP, or even BitTorrents.

184
00:06:22,484 --> 00:06:24,560
By understanding the data flows in your network,

185
00:06:24,560 --> 00:06:26,640
you can increase your overall performance

186
00:06:26,640 --> 00:06:27,699
or even block traffic types

187
00:06:27,699 --> 00:06:30,415
that are not generating any value for your business.

188
00:06:30,415 --> 00:06:32,380
Lastly, we have IP scanners.

189
00:06:32,380 --> 00:06:34,117
An IP scanner is a software tool

190
00:06:34,117 --> 00:06:36,840
that's used to search for and detect IP addresses

191
00:06:36,840 --> 00:06:39,930
and other information related to devices on your network.

192
00:06:39,930 --> 00:06:41,862
These tools are going to be used to conduct network management

193
00:06:41,862 --> 00:06:43,860
and to identify any rogue devices

194
00:06:43,860 --> 00:06:45,660
that may be connected to your network.

195
00:06:45,660 --> 00:06:47,555
There are many IP scanners available for us,

196
00:06:47,555 --> 00:06:49,860
including Nmap: the Network Mapper,

197
00:06:49,860 --> 00:06:52,590
Free IP scanner, IP Address Manager,

198
00:06:52,590 --> 00:06:56,404
PRTG Network Monitor, Angry IP Scanner, Network Scanner,

199
00:06:56,404 --> 00:06:58,814
and the IP Range Scanner by Lansweeper.

200
00:06:58,814 --> 00:06:59,708
As you may have noticed,

201
00:06:59,708 --> 00:07:02,820
many of these IP scanners are the exact same tools

202
00:07:02,820 --> 00:07:04,530
as we discussed for port scanners,

203
00:07:04,530 --> 00:07:06,630
or at least made by the same companies.

204
00:07:06,630 --> 00:07:08,610
Now, this is because like Nmap,

205
00:07:08,610 --> 00:07:11,026
many of these tools can first scan for the IP addresses

206
00:07:11,026 --> 00:07:12,720
on your network segment,

207
00:07:12,720 --> 00:07:13,996
and then they can conduct a deeper scan

208
00:07:13,996 --> 00:07:15,695
against each of those IP addresses

209
00:07:15,695 --> 00:07:18,468
to scan the ports and the services over those ports.

210
00:07:18,468 --> 00:07:21,000
For the exam, it's important for you to understand

211
00:07:21,000 --> 00:07:22,702
when you might use a wifi analyzer,

212
00:07:22,702 --> 00:07:25,383
a packet analyzer, a packet capture tool,

213
00:07:25,383 --> 00:07:28,200
a bandwidth speed test tool, a port scanner,

214
00:07:28,200 --> 00:07:30,810
NetFlow analyzers, or an IP scanner.

215
00:07:30,810 --> 00:07:32,710
If you can remember which tool is used for which thing

216
00:07:32,710 --> 00:07:34,710
in your network management and troubleshooting,

217
00:07:34,710 --> 00:07:36,480
you're going to do fine on test day,

218
00:07:36,480 --> 00:07:37,892
but you do not have to remember all the names

219
00:07:37,892 --> 00:07:39,169
of all these tools.

220
00:07:39,169 --> 00:07:41,610
The only ones you'll probably need to know by name

221
00:07:41,610 --> 00:07:43,770
are things like Nmap and Wireshark

222
00:07:43,770 --> 00:07:45,330
because those are so heavily used

223
00:07:45,330 --> 00:07:46,680
in network troubleshooting.