What kind of cable are you going to use if you want to network to computer units only?

Other Network Troubleshooting Tools

The most common hardware testers and tools that you should be aware of include the following:

Crossover cables These are used to connect two computers or similar devices directly together, such as computers or hubs. To create a crossover cable is to rearrange the wires on one end of a standard Ethernet cable, so that they are in the following order (starting at pin 1):

White/green

Green

White/orange

White/brown

Brown

Orange

Blue

White/blue

Oscilloscope An oscilloscope is used to monitor the electrical signal levels as they pass through the Ethernet cable and then display a small graph that shows how electrical signals change over time. This helps you determine the voltage and frequency of an electrical signal, and if any malfunctioning hardware components are distorting the signal.

Tone generator A piece of software or a hardware device that generates the tones that are used in a telephone system, including a dial tone, busy signal, and ring tone. You can plug a tone generator into a telephone jack to determine if the jack is functioning and able to make and receivecalls.

Cable testers A cable tester is used to test for any faults or breaks in an Ethernet cable. Cable testers are designed to allow you to plug both ends of a cable into the tester. If the cable is in good condition, light emitting diode (LED) lights on the tester will light up. If there is a break in the cable (or if the wires are in the wrong order) the LED lights on the tester will notlight.

System Area Networks

The computers in a cluster must be connected via a system area network (SAN). This should be 100Mbps Fast Ethernet at a minimum but preferably fiber optic or Gigabit Ethernet. In a two-server cluster, use a short cross-over cable (TX pairs wired to corresponding RX pairs on the other end) for best results. For a four-node cluster, use a small, high-performance switch not connected to the rest of the network.

All network interfaces used on all nodes in a server cluster must be on the same network. All cluster nodes must be on the same subnet.

SANs are not TCP/IP based 100Mbps and are not required for heartbeat configuration. SANs are ultra-high-speed, hardware-controlled communications networks between servers that are possible configurations but not required. A heartbeat link can be implemented using standard switched 100Mbps Ethernet. Don’t confuse SANs with standard private network links.

Configuring Digital Video Encoders and IP Cameras

The vast majority of digital video encoders can be configured using a DB9 RS232 serial port, using their own software, or Telnet using a default IP address assigned to the unit at the factory (see Figure 3-17). The RJ45 Ethernet port can only use Telnet and/or a Web interface (if they include a built-in Web server) if the unit was assigned the default IP address at the factory. The RS232 serial port also opens up the unit for the manufacturer's own configuration tool, using another protocol other than TCP/IP to communicate with the device. Many of the digital video encoder manufacturers have their own software application specifically designed to communicate with their product for the initial installation process and for troubleshooting and more advanced configuration.

Installation and Configuration Applications

The location of existing CCTV analog cameras may deter integration as existing assets because the power or data runs may be too far or traveling in the wrong direction from the assigned IDF. In that case, create an “environmental box” (“E-Box”), which is simply a Type 4 outdoor-rated NEMA enclosure with the single encoder and/or wireless radio inside to transmit the data long distances without having to run long runs of cabling and conduit (see Figure 3-18).

Figure 3-18. Outdoor enclosure with digital video encoder (to convert the CCTV analog signal into digital), a 24 VAC power transformer for the CCTV camera, a surge protector, and wireless radio to transmit the data wirelessly at great distances without the need of new cabling and conduit.

Most digital video encoders and IP cameras, like any computer electronics, come with a CD-ROM for configuration. The CD may include the tools required for installation and a soft copy (PDF) of both the installation procedures and the operation manual. These application tools make it possible to communicate with the digital video encoder or IP camera rather than using Ethernet and TCP/IP. They may be configured using the RS232 serial port, USB port, or the RJ45 Ethernet port located on the front of the unit (see Figure 3-17). The device will include the power connector or terminal block, video BNC connector and/or connectors (if multiple ports), and optional audio connections.

To configure the digital video encoder or IP camera using the provided application tool, connect the digital video encoder or IP camera to a configuration laptop and insert the CD-ROM (or download the application from the manufacturer's Web site). Save a copy of the application tool's EXE file and install it (if applicable). A few of the application tools may be small, simple tools with the single task of communication with the digital video encoder and/or IP camera, so installation may not be necessary. Power on the digital video encoder and/or IP camera and connect them to the configuration laptop. Double-click on the application tool shortcut (once installed) on your Windows desktop and configure the application to communicate with the devices. This may involve setting the correct serial port settings or IP address (as determined by the documentation provided by the manufacturer).

The following scenario uses the Verint SConfigurator.exe application tool as an example. This tool is specifically designed to locate all Verint-only digital video encoders on the network and/or through the RS232 serial console connection. To configure the encoder using the console option, follow these steps:

1.

Launch SCONFIGURATOR (doesn't require installation).

2.

Choose CONSOLE (see Figure 3-19).

Figure 3-19. Verint's proprietary SConfigurator software is one way to discover a Verint device on the network and configure it. Most of the high-end digital video encoder manufacturers provide similar installation software.

3.

Press CONNECT (make sure the RS232 settings are correct).

4.

The Verint Main Menu appears (see Figure 3-20).

Figure 3-20. Verint SConfigurator console connection through RS232 (or you can use Windows' HyperTerminal).

5.

Choose NETWORK and the network menu appears.

6.

Disable dynamic host configuration protocol (DHCP) and type in the new static IP address.

7.

Type “P” and press ENTER to return the previous menus and choose REBOOT.

Ethernet Configuration

To access any device on a TCP/IP Ethernet network, all equipment must be configured to be part of that network. This means each device must have that specific class of IP address and subnet. If not, there's no way to communicate using Ethernet. This can easily be accomplished with a laptop, one of the most important tools of the trade (more on this later). Once the factory default IP address is uncovered from the device documentation (or Web site), the next step in configuring the unit for the new DVS network is to have a laptop (or desktop) join the subnet network to which the device is already configured. First, follow this path to your computer's network connection icon:

Start≫Control Panel≫Network Connections≫Local Area Connection

Right-click on the local area network icon (see Figure 3-21) and choose PROPERTIES. Once the PROPERTIES dialog box appears (see Figure 3-22), highlight INTERNET PROTOCOL (TCP/IP) and then click PROPERTIES. Another dialog box appears providing two primary choices: (1) Obtain an IP Address Automatically or (2) Use the Following IP Address. If using a company laptop, it may be configured for DHCP, which is the first choice of obtaining the IP address automatically. If not, then an administrator may have provided a static IP address.

Figure 3-21. Right-click on Local Area Connection.

Figure 3-22. Properties for TCP/IP.

If the laptop uses a static IP address, make a note of the IP address, subnet mask, and gateway IP address (write it down somewhere accessible but secure). In its place, type in an IP address that matches the same network as the device in question, except not that same exact IP address. Remember, no two devices can share the same IP address. For example, if the default IP address for the new unit is 169.254.128.130, with a subnet mask of 255.255.0.0, then your laptop can use 169.254.128.131 with a subnet mask of 255.255.0.0. It can't have the same 169.254.128.130 IP address as the new unit. What happens if two devices on an Ethernet network have the same IP address? It depends on how the devices react to such an event. Microsoft Windows will issue a pop-up balloon that indicates a duplicate IP address error, but digital video encoders, switches, and radios each react differently. Many devices just stop communications on the network until the conflict has been corrected; others will drop out of view until physically rebooted/power cycled.

Once you've entered the correct data, click the OK button and then CLOSE. Start any Web browser and enter the default IP address into the location bar, in this case http://169.254.128.130. If the unit is password protected then an ID and password prompt will require the default ID and password (typically “admin” or “root”).

Commissioning Digital Video Encoders and IP Cameras

The commissioning process involves end-to-end testing of components previously installed, assuming the underlying support components are functioning properly. Once the digital video encoder and/or IP camera appear in the application tool, it's configured with the appropriately assigned IP address, subnet mask, and gateway.

Once an IP address is assigned, a list of specific configurations must be done within the Web interface (or Telnet, if a Web interface isn't available) prior to adding the camera/encoder into the VMS software. Those steps for the IP cameras (using an Axis camera as an example) are as follows:

1.

Under Basic Configuration

a.

Assign the new password to the User Permissions.

b.

Change the default Time settings to use the computer's time and date.

c.

Turn on the Daylight Savings Time radio button and choose Central Time: Chicago from the drop-down menu.

d.

Under Video and Image, make the following changes:

i.

Change resolution

-

4CIF (702 × 480)

-

Compression at 30% (the lower the compression, the better the quality)

ii.

Choose the following Overlay Settings:

-

Check Include Date.

-

Check Include Time.

-

Check Include Text (type in the camera name/location in text field).

-

Text Color: White.

-

Text background color: Transparent.

-

Place text/date/time at: Bottom (see Figure 3-23).

Figure 3-23. Web interface of an IP camera.

iii.

Under Video Stream change Maximum Frame Rate to: Unlimited

-

Click on SAVE.

Broadcasts in Switched LAN Internetworks

As mentioned earlier in the chapter, be careful not to fall into the trap of thinking that installing a switch will solve your network traffic problems. It could create some as well, so be careful with your designs. When you do install the switches, make sure you take the time to optimize what you have put into production.

First and foremost, switches do not filter broadcasts, multicasts, or unknown address frames. They go right through. Switches are susceptible to broadcast storms (the circulation of broadcasts through the switched network, which cause very high utilization) and can bring a network to its knees very quickly. Let's look at problems with switched networks with the Sniffer Pro and ways to analyze and optimize those problems. In Figure 12.21, you can see a Cisco Switch Interface showing that a switch will pass its fair share of broadcast and multicast traffic. For this example, I created a Broadcast storm, which is why the Broadcast count is so high. When viewing the packets input, it's clear that the switch interface has seen roughly 22 million packets since its last clearing, both in and out. Of those packets, almost 7 million were broadcast based and almost 350 of them were multicast based.

This goes to show that you are not immune to broadcast problems when using switches; if anything, you are more susceptible to them through misconfiguration.

SECURITY ALERT

For security purposes, if you decide to disable STP, you had better lock the doors to your closets and make sure nobody has access to your switch ports. I generated a systemwide broadcast storm that paralyzed a test segment with a simple crossover cable and STP disabled. You do not want this to happen to you.

When viewing Figure 12.22, you can see that although the Sniffer Pro is connected to a switch with Spanned Ports, you still get broadcast traffic traversing the monitored port that Sniffer Pro is attached to. Traffic is inevitable, and it is hard to fully eliminate all broadcast traffic on your LAN, so it's best to be familiar with what applications do broadcast traffic and why they do it. Make sure you baseline what traffic is normal for your LAN segments.

EMI

Electricity generates magnetism, so any electrical conductor emits electromagnetic interference (EMI). This includes circuits, power cables, network cables, and many others. Network cables that are shielded poorly or are installed too closely together may suffer crosstalk, where magnetism from one cable crosses over to another nearby cable. This primarily affects the integrity of the network or voice data, but it might also affect the confidentiality.

Proper network cable management can mitigate crosstalk. Therefore, never route power cables close to network cables. The type of network cable used can also lower crosstalk. For example, unshielded twisted pair (UTP) cabling is far more susceptible than shielded twisted pair (STP) or coaxial cable. Fiber optic cable uses light instead of electricity to transmit data and is not susceptible to EMI.

6.4.3.5 Network Performance Analysis

Network performance analysis has been conducted by means of “iPerf3.” “iPerf3” allows the evaluation of both TCP and UDP throughput. It can act either as a server or as a client. A second machine was directly connected to the Cubieboard2 via an ethernet crossover cable, and used as a server, with the Cubieboard2 acting as a client. The DomU, KVM guest, or LXC container was connected to the network interface of the respective host system via a virtual network bridge.

In that way, the VM was transparently accessible from the machine that acted as a server. In order to measure latencies introduced by the virtualization solutions, two tests were performed: one for the host and another one for the guest, for the three virtualization solutions taken in exam. The results are depicted in Fig. 6.12. Fig. 6.12 shows how all of the different virtualization solutions have similar performances, both hosts and guests. KVM guests that achieve slightly poorer results represent the only exception.

Binding Order

Binding is the process of linking the various communications components togethe, in the proper order to establish the communications path. To configure the binding order of communication protocols and services to the network interface, select Start | Control Panel | Network Connections. Click the Advanced menu and select Advanced Settings…. When establishing the order of network connections, you should ensure that the public interfaces appear highest on the list, followed by interconnects, and then any other interfaces. Figure 9.25 shows this binding order.

Adapter Settings

All network interfaces in a server cluster should be manually set for speed and duplex mode. Do not allow the network adapters to attempt to auto-negotiate these settings. If the controllers negotiate differently, your communications can be disrupted. Also, in many cases, a crossover cable is used on the interconnects. In these cases, an auto-negotiation may fail entirely, and the interconnect may never be established, affecting cluster operation.

As mentioned earlier, teamed network adapters must not be used for interconnects. However, they are perfectly acceptable for the public network interfaces. A failover or load-balanced configuration increases redundancy and reliability.

TCP/IP Settings

Static IP addresses (along with the relevant DNS and WINS information) should be used on public network interfaces. For the interconnects, you must use static IP addresses.

It is also a good practice to assign private IP addresses on interconnects from a different address class than your public class. For example, if you are using class A addresses (10.x.x.x) on your public interface, you could use class C addresses (192.168.x.x) on your interconnects. Following this practice helps easily identify the type of network you may be troubleshooting just by looking at the address class. Using addresses this way is not required, but it does prove useful.

Finally, you should not configure IP gateway, DNS, or WINS addresses on your interconnect interfaces. Name resolution is usually not required on interconnects and, if configured, could cause conflicts with name resolution on your public interfaces. All public interfaces must reside on the same IP subnet. Likewise, all interconnect interfaces must reside on the same IP subnet.

The Default Cluster Group

Every server cluster has at least one cluster group: the default. This group contains the following resources:

Quorum disk (which contains the quorum resource and logs)

Cluster IP address

Cluster name (which creates the virtual server)

When designing your server cluster, you should not plan on using these resources for anything other than system administration. If this group is offline for any reason, cluster operation can be compromised. Do not install applications on the quorum drive or in the default cluster group.

Summary

To prepare for the initial configuration of your Nokia appliance, you need a workstation, laptop, or VT100-capable terminal that you can directly connect to the Nokia using a console cable or perhaps indirectly (through a hub or switch) through a standard Ethernet connection. If you are configuring your Nokia appliance using the DHCP method, you will only need a standard Ethernet connection. Nokia supplies a DB-9 serial cable with all its devices. This cable allows for console connections from properly configured clients. If you do not have one of the Nokia cables, you can always use a standard null-modem cable for the serial connection. You can directly connect a crossover cable from your workstation to any Ethernet port on your Nokia device, or you can indirectly connect a straight-through cable from your workstation to a hub or switch and from there to the appliance over another straight-through cable.

The standard installation procedure is a five-step process. You must power on the appliance and enter the boot manager, initiate the installation process, answer the configuration questions, reboot the appliance, and then continue with the initial configuration steps.

The two methods available to perform the initial configuration carry out the procedure either in an automated fashion, by using the built-in DHCP client, or manually, by using a console (direct serial) connection. If you have a DHCP server in your network, you can configure it to provide your Nokia appliance with a host name, an IP address, and the default route information it requires for the initial configuration. If using the console connection configuration method, you must provide a hostname, password, configuration interface, interface IP address, interface netmask, and default router IP address. Optionally, can also specify interface configuration settings, such as speed and duplex, VLAN settings for the configuration interface, and a new SNMP Community string.

When the initial configuration is complete, you can continue with advanced configurations using the command line, through SSH or Telnet, or using your Web browser and the Nokia Network Voyager interface. The SSH service is enabled, and the Telnet service is disabled, by default for security reasons after a new installation. You can, however, enable the Telnet service using the CLISH interface or Nokia Network Voyager.

As with any software, there might be some caveats or warnings you should review before rushing into the upgrade process. Nokia IPSO is no exception and has some issues you should know about before proceeding with an upgrade. You can use the Nokia Network Voyager to upgrade the IPSO image or you can use the CLI. If you decide to transfer the IPSO image to your Nokia appliance manually, you can use the newimage command to upgrade from the CLI. On some appliances, installing the image can take some time. The newimage command might display the message “Setting up new image…” for several minutes with no other sign of activity.

Using Ethereal in Your Network Architecture

In the previous chapter we talked about various network hardware devices that can be used to attach a sniffer to the network: cable taps, hubs, and switches. Now we will look at some network architectures and critical points to use Ethereal. Network placement is critical for proper analysis and troubleshooting. Most importantly, you need to make sure that you are on the proper network segment as the devices or problems that you are trying to troubleshoot. When you are troubleshooting network issues you may be moving between various wiring closets, or even different buildings. For this reason it is beneficial to run Ethereal on a laptop. It is also a good idea to keep a small hub and a few network cables, crossover and straight-through, with your laptop for a troubleshooting toolkit. Figure 2.3 shows an incorrect placement of Ethereal if you want to capture communication between the external client and the server. The Ethereal laptop, as well as the switch it is connected to, will never see traffic destined for the server because it will be routed over to the server's switch.

Figure 2.4 shows how to capture traffic from the external client to the server by using port spanning. The Ethereal laptop has to be connected to the same switch as the server. Next, port spanning has to be activated on the switch to mirror all traffic to and from the server's port to the port that Ethereal is plugged into. Using this method will not cause any disruption of traffic to and from the server.

Figure 2.5 shows how to capture traffic from the external client to the server by using a hub. You can install a small hub between the server and the switch, and connect the Ethereal laptop to it. Ethereal will then see all traffic going to and from the server. Using this method will temporarily disrupt the traffic to and from the server while the hub is being installed and the cables connected.

Figure 2.6 shows a network architecture that uses a permanent tap installed at the router. Some administrators use this method to have a permanent connection point at critical areas. The Ethereal laptop will then see all traffic going to and from the server, plus any other traffic on this segment. Using this method will not disrupt the traffic to and from the server if the tap is permanent installed and the cables are already connected through it. Taps can also be portable and used like the hub in Figure 2.5.

Most network architectures aren't as simple as the ones depicted in this section. However, these examples should give you a good idea of how to use Ethereal at various points in your network. Some architectures are very complicated and can be fully meshed and include redundancy, as shown in Figure 2.7. Also, network segments can branch out for several levels as your network is expanded to buildings, and even floors within buildings. You must have a good understanding of your network in order to make the most effective choices for sniffer placement.

Methodology

Figure 7.4 is from the NIST Special Publication 800-61: Computer Security Incident Handling Guide (see http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf), which outlines the incident response life cycle in four steps:

Preparation

Detection and analysis

Containment, eradication, and recovery

Postincident activity

Many incident handling methodologies treat containment, eradication, and recovery as three distinct steps, as we will in this book. Other names for each step are sometimes used; here is the six-step life cycle we will follow, with alternate names listed:

Preparation

Detection and analysis (aka identification)

Containment

Eradication

Recovery

Lessons learned (aka postincident activity, postmortem, or reporting)

It is important to remember that the final step feeds back into the first step, as shown previously in Figure 7.4. An organization may determine that staff were insufficiently trained to handle incidents during lessons learned phase. That lesson is then applied to continued preparation, where staff would be properly trained.