TTC Shelbyville – Technical Blog

Microsoft Research TCP Analyzer (Link) is a network analyzer that allows you to analyze network traces of Transmission Control Protocol (TCP) connections. Given a Microsoft Network Monitor trace, the analyzer provides various performance statistics and visualizations for the captured TCP connection. This app also gives a time plot and an explanation of the individual plots.

You must have Microsoft Network Monitor installed before installing TCP Analyzer and you must download the SDK for Experts.   You should also install Charting.   Download

Below is an Example of Microsoft Network Monitor capturing packets on a wireless network.  Notice the information about the wireless (-60 dBm) in the first picture.   In the second picture you can see information on a captured packet (firefox.exe and the destination IP address).

TCP Analyzer which as stated requires Microsoft’s Network Monitor to installed first.

To USE TCP Analyzer

• Start Microsoft’s Network Monitor
• Capture packets for ? (general over a period of time you decide at peak usage of your network or when transferring and using data across your network.
• Stop the Capture
• Open the Captured File
• Go to Experts Menu (this appears after you stop, save and reopen a capture file
• Open the TCP Analyzer

Want to see the TOP Users of your Network?

You can also find your Top Users (top 10) by using this expert (download)-

Charting Download (must have .NET 3.5)

*this software was tested on Windows 7 Professional but will work with Windows Vista or Windows XP.

Have Windows Vista or Windows 7?  Are you disconnected from the internet randomly?  Here’s what it could be-

• Turn off the Adapter’s Power Management feature in the device manager
• Turn off the USB hub Power Management in the device manager
• Look at your power plan and click on the advanced options.  Scroll down to the wireless adapter.  Change it to Low.

• Make sure you don’t have a virus or any malware
• The latest wireless drivers should be loaded
• Use TCPOptimizer to make sure your MTU settings are the same in your router and on your wireless card.
• Also In adhoc mode, both computers should be the same (MTU Settings).
• TCPOptimizer is found here.

What is MTU?  – Link

So you need to fill a Network Administrator’s position.   You’re looking for someone with advanced skills and dedication that works through the holidays, after hours and has the drive to make you company competitive.   Don’t risk hiring your friend’s cousin Eddie who setup a network at his grandma’s house.  Look for the following qualities and skills:

• On call 24/7
• Skills that include-
  • Active Directory
  • Network Security
  • Microsoft Exchange
  • Expert Level Networking
  • SQL
  • E-Commerce
  • Expert Level Wireless Networking
  • Disaster Recovery and Planning
  • A million other skills….

With over 1400 positions available nationwide, it is estimated that over 4000 jobs are available as network administrator’s alone.  Link Here’s a list of questions that could be asked – Questions

Connectify is a Beta Software designed for Windows 7.   It allows you to create a hotspot with your computer.

Watch the YouTube Video Link

Finally found a small problem with Windows 7.  After upgrading, we have discovered that Windows 7 was responding slow to our SQL Server 2005.  What we discovered is below.

Slow response times in Windows 7 to a SQL Server can be due to the LLMNR protocol.  This may be resolved by turning off the LLMNR protocol.

LLMNR is a protocol that allows both IPv6/4 computers to perform name resolution for the NetBIOS names of other computers without requiring a DNS server.

IPv4 hosts can use NetBIOS over TCP/IP (NetBT) to resolve computer names to IPv4 addresses for neighboring computers by broadcasting a NetBIOS Query.

All IPv4-based LLMNR hosts listen on the IPv4 multicast address 224.0.0.252 instruct their Ethernet network adapters to listen for Ethernet frames with a destination multicast address.

Windows Vista and 7-based LLMNR computers do not send or respond to unicast queries.

To disable LLMNR:

Modify Group Policy – Go to Search – Type GPEdit.msc – Enter – Navigate to the following and make sure Enabled is checked -

Computer Configuration\Administrative Templates\Network\DNS Client
\Turn off Multicast Name Resolution = Enabled

How does Multicasting Work?  Here’s a good explanation

Update -

 

LLMNR

Dawn M. Babian, GSAE
Instructor

This small tutorial will be an on going project.

The internet to your location is provided by your ISP.  Generally a router is supplied but a ‘heavier’ router may be required by your organization (i.e. Cisco)

Several static ip addresses should be supplied to your organization for remote logins or for webservers.

A load balancer can be used to have dual ISP lines for redundancy and increased bandwidth.

• Xincom
• Syswan

Load balancers will have more than one IP address (load balancers are NOT used at all locations)

A firewall (hardware) should be put into place.

• Cisco
• Baracuda
• Watchguard

Firewalls will have more than one IP address.  Generally a firewall will have a public and a private IP address.

Managed Switches should be put into place to monitor and control computers. (Cisco)  Manage switches allow ports to be turned on or off and network traffic and utilization to be montiored.

A Small Tutorial on Networking

The server room is environmentally controlled and should be secured both physically and logically.

DHCP Servers give out IP addresses to your network.  Generally through a process of Network Address Translation and private networking, DHCP Servers give out IPs in the 10.x.x.x or 172.16.x.x or 192.168.x.x range.   Each of these IP address ranges can give out 16 million, 65,000 or 254 ip addresses(in the order found above).

The DHCP server should have a static IP address and hand out a group of IP addresses beginning several numbers ‘up’ the ip addresses.  Example:   If your network has several switches, servers, critical comptuers, wireless access points or printers that need an IP address, the DHCP server on a 172.16 network should begin handing out numbers (presuming you have a network that requires 50 static ip addresses) around 172.16.0.100 – 172.16.254.254   Workstations booting up will begin receiving the ip address of 0.100 and continue through 31.254.

The DHCP Server should also give out 172.16.0.1 as the gateway (called your router in DHCP, this item will be your firewall), the DNS numbers supplied to you by your ISP and the WINS server address.

WINS Servers help to hold down network traffic and relate NetBIOS names to IP addresses.  When your computer boots up, the wins server address is given to your computer.  Thus your computer will not broadcast across the network.  A network with many computers would be ‘busy’ broadcasting and affecting network throughput and bandwidth.

Active Directory Servers help to manage policies on a network.  Client computers logging into Active Directory are controlled by Active Directory Servers.

File Servers are Windows Server 2003 or Windows Server 2008.  Folders and Resources are shared for end-users on these servers.

SQL (database) Servers are Windows Server 2003 or Windows Server 2008 and require the installation of SQL.  Generally Microsoft’s SQL 2005 or 2008 is installed as a package.  Databases are developed and front end software is installed on each client computer to access the database.

Although there are Exchange Servers, Web Servers (IIS or Apache), these are used for public access to a website (and should have dedicated IP addresses from your ISP)  or for sending email and generally connect directly to the firewall’s DMZ.

Generally network cable (CAT 5 or CAT 6) interconnect each server via the switch.  The switch in turn has a cable going to the firewall.  The firewall is then connects to the load balancer.  The load balancer is then connected to two or more ISP routers.

A long stretch of cable (backbone) will run from the switch to another switch in a room where computers are connected.  Workstations are then wired into this switch using CAT 5 or CAT 6 cabling.  As they boot up, the grab IP information from the DHCP server, are generally required to login to the Active Directory Server (Domain) and then can use network resources.

Connecting to the LAN (Local Area Network) can be backbones from the server room to Wireless Access Points (WAPS).   These devices allow wireless devices on a network to use the network and internet.

While this is a very simple breakdown, there are hundreds of other devices and roles that computers take on in the workplace.

Anyone who knows me knows that I love remote control planes.

Technology and prices have gotten affordable.
Recently I added a camera to my airplane for a Prototype Search and Rescue Airplane for a local organization.

In order to capture live video and record it, I selected a DVR USB for <$20 and a wireless night vision 2.4 Ghz camera for less than $40.  This $60 system will allow a lightweight remote control plane to fly a perimeter and video the area live on a laptop.  Plane of choice – GWS Slowstick with Brushless 2409 engine – 25 minute of flight time.
That is – 20MPH / .6818181818 = 29.33FPS
OR That is a little over 1700 feet per minute  equaling 20 minutes of search time for a total area of around 6 miles in a flight pattern that covers several acres in minutes.

The USB DVR was designed for Windows XP. -  To run it on Windows 7, I ran it in compatibility mode and changed the video to NTSC.  Many people are buying these and having trouble with Vista or 7.  Load the software using compatibility mode and go to the setup making sure to check the NTSC.

USB DVR 4 Channel (4 video inputs)  Link

Wireless Camera w/ Night Vision  Link
(The camera was disassembled to save on weight and a 9v battery adapter added)

Drivers for STK1160 (latest)
http://easycapexpertti.mybisi.com/product/165039/EzCAPEzCAP002-4-Channel-DVR-Motion-Detect_842466.html

My wife and I have Verizon wireless as our internet service.  The problem in the last two weeks has been Windows 7.  Windows 7 works great but the older proxy server software (freeware) isn’t so hot.   To set up her laptop – she dials in with her Verizon card, went to Connect to an Adhoc network (go to search and type Connect to and you will see the network wizard).   Walk through the wizard creating a network and password, and then create an adhoc network.  There will be a recommendation to use internet connection sharing.  Select this option.   On the opposite computer, look for the new network, click connect, type your password and the internet should connect.

Mesh Networking involves the routing of multiple switches or Wireless Access Points so that if a switch or WAP fails, the packets of data in a network will reroute through OSPF or (Open Shortest Path First).

Today in our class we gave an example of this by creating the cables for the switches and linking other switches within the class.  If a cable was broken, the packets would reroute.  This is simply done by pinging a destination computer (one in the class) and disconnecting the cable from a switch.  The ping would stop for a second or so and then start back.

Wikipedia

Xirrus offers an excellent sidebar widget.  The radar type image presents wireless netwoks in range.  Detailed information can be found by clicking on the radar.

From their website:

The Xirrus Wi-Fi Monitor is useful for both IT managers and end users, and is available as a Yahoo! Widget for Windows XP and a Gadget for Windows Vista or Windows 7…

New 1.01 Version (October 2009)

Yep, it will.  Lifehacker had a good article on this. (Thanks Drew)  By going wireless, devices will be accessed from your pc or laptop….

There is truly an advantage to adding multiple NIC cards to a computer.   It won’t speed up a single internet connection but it can help with loss of signal, detecting access points, transferring information to and  from computers.

When adding a second NIC card to a computer, you can highlight both by holding down the CTRL key and clicking on them and then right clicking to bridge the connections so they act as one…this can allow you to bridge a wireless network to a wired network.

Two nic cards on the same network can allow for load balancing.

Dual Wireless Cards