Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Albedo Manuals
  4. Test Equipment
  5. Net.Shark
  6. User manual

Albedo Net.Shark User Manual

Gbe frame capture and analysis guide
Hide thumbs

Advertisement

Quick Links

Download this manual
User's Manual
Net.Shark
Net.Hunter
GbE Frame Capture and Analysis Guide

Advertisement

loading
Need help?

Need help?

Do you have a question about the Net.Shark and is the answer not in the manual?

Questions and answers

Related Manuals for Albedo Net.Shark

Summary of Contents for Albedo Net.Shark

  • Page 1 User’s Manual Net.Shark Net.Hunter GbE Frame Capture and Analysis Guide...
  • Page 3 © ALBEDO Telecom S.L. 2013 All rights reserved Issue 4, 10/13 For any query or requirement regarding the Net.Shark GbE Filtering & Aggregation Tap or the Net.Hunter Network Capture Device, contact with ALBEDO Telecom using the following contact details: ALBEDO Telecom S.L.
  • Page 4 User Guide...
  • Page 5 Table Of Contents Chapter 1: Introduction ..................... 1 Important Notice ....................2 Warranty....................2 Battery Safety..................2 WEEE Notice ..................3 The Equipment ....................3 Network Connectors................4 Platform Connectors ................5 The Graphical User Interface ................6 Running Drops / Captures ................9 Upgrading the Unit....................
  • Page 6 User Guide Chapter 5: Capturing Traffic..................51 Configuring the Capture..................51 Controlling the Capture ...................52 Capture Management ..................54 Using Export Filters ................56 SSD Aging Indication ..................58 Chapter 6: Test Management ..................59 File Management ....................59 Saving Configurations .................59 Renaming Files..................60 Deleting Files ..................60 Exporting Configurations to External Devices ........61 Importing Configurations ..............61 Using the Embedded Web Server ............62...
  • Page 7 Chapter 1 Introduction The ALBEDO Telecom Net.Shark is a handheld intelligent tap which is capable to filter, select and capture Ethernet traffic in optical or electrical interfaces up to 1 Gb/s. Thanks to these capabilities, Net.Shark is useful both for protocol analysis and content analysis.
  • Page 8 User Guide Net.Shark / Net.Hunter has an external DC input but it also has internal batteries. This makes this equipment suitable both for laboratory applications and field applications which require versatile and reliable operation. Within your Net.Shark kit you will find the following items: •...
  • Page 9 1.2.The Equipment Interaction with Net.Shark / Net.Hunter is based on a high resolution colour screen, different kinds of status LEDs, and a keyboard. These are the keyboard elements: •...
  • Page 10 Finally, the LED is switched of when the port is disabled. 1.2.1. Network Connectors Net.Shark is connected to the DUT / SUT through the network connector panel. Ports and elements included in this panel are described in the following list:...
  • Page 11 SFP module. This port is identical to the RJ-45 Port • Mirror port A. This is the secondary Net.Shark mirror port. Traffic from the line port A is selectively copied and dropped to this interface. This port is an Ethernet 10/ 100/1000BASE-T interface enabled for transmission only (it ignores all the traffic it receives).
  • Page 12 (10/100BASE-T). It is used for remote management of the unit. 1.3.The Graphical User Interface The Net.Shark / Net.Hunter graphical user interface is based in a 480 x 272 colour screen and a set of keys attached to the front panel. Some of these keys have a permanent purpose but the specific function for some other keys depend on the context.
  • Page 13 Softleds. Both the Summary panel and the LEDs panel can be displayed at any moment by pressing the SUM and LEDS buttons. Figure 1.5: Net.Shark /Net.Hunter frame statistics represented as a counter list Menus and submenus are organized in a tree. The root of the tree is the Home panel and the leaves are configuration or result panels.
  • Page 14 User Guide is possible. Keyboards are available if selection through lists is not possible. There is one keyboard for numeric settings and one for alphanumeric settings. Figure 1.6: Different kinds of configuration panels: (a) Selection list, (b) Alphanumeric keyboard, (c) Numeric keyboard.
  • Page 15 That means that is not really necessary to wait for the current capture / drop to fin- ish to check the results. 6. Download the capture by removing the SD card from the unit (Net.Shark only) or using the web interface (See section 5.3, See section 6.1.6).
  • Page 16 User Guide 4. Press ENTER to continue with the installation process. 5. Select Install or Upgrade. Install regenerates all the software in the unit even if it is up to date. Upgrade regenerates only the software that has changed since the last upgrade.
  • Page 17 The tap and the filter modes constitute two separate configuration modes in the equipment. The procedure to configure Net.Shark / Net.Hunter as a tap or as a filter is as follows: 1. From the Home panel, go to Setup,...
  • Page 18 2.2.Traffic Aggregation and Storage Net.Shark / Net.Hunter can be configured to aggregate traffic from the forward and backward transmission directions and present them as a single stream. This kind of stream aggregation is useful to check interactions between the communication ends like for example requests and replies in a web application.
  • Page 19 Also, matching traffic does not need to be forwarded to a mirror port. As an alternative, traffic is captured and stored in an SD card (Net.Shark) or high speed internal storage (Net.Hunter). If the SD card is used for storage, matching traffic throughput is limited to 3.2 Mb/s.
  • Page 20 Also, interfaces to be connected to ports Line A and Line B must support full duplex operation. If these two conditions are met, Net.Shark / Net.Hunter will be able to forward traffic between ports A and B. Bit rate configuration can be automatic using Ethernet auto- negotiation but users are allowed to force a fixed bit rate as well.
  • Page 21 100 Mb/s. You are not allowed to enable auto-negotiation in this interface. Figure 2.2: ALBEDO Net.Shark / Net.Hunter auto-negotiation results panel. Once the tester has been connected to the network and the right connector type as been configured, follow these steps to check auto-negotiation: 1.
  • Page 22 User Guide Table 2.3: Auto-negotiation results Result Description Remote Displays the bit rate and duplex mode supported by the remote device connected to Port A or Port B. It is one or sev- eral of the 1000FD, 1000HD, 100FD, 100HD, 10FD, 10HD set.
  • Page 23 “B” shown in the Current row. 2.3.3. Using the SFPs for the Line Interfaces Net.Shark / Net.Hunter has two SFP ports to connect the equipment to the link to be analysed. They can be used for both for electrical and optical operation if compatible SFPs are connected.
  • Page 24 Tap & Filter mode but the equipment is connected to the network in a different way. In filter mode the traffic does not pass through the Net.Shark / Net.Hunter line ports, for this reason it has to be connected so that it does not interrupt the network traffic.
  • Page 25 EVENT LEDS Mirror B Mirror A External storage or protocol analysis Figure 2.3: ALBEDO Net.Shark connection when operating in Filter mode: (a) Capture with storage in internal memory, (b) Capture and aggregation to mirror port A, (c) Capture without aggregation.
  • Page 26 User Guide 2.5.USing the PoE / PoE+ Bridge It could be desirable to install Net.Shark / Net.Hunter between a PoE or PoE+ Power Sourcing Equipment (PSE) and a PoE / PoE+ Powered Device (PD) without interrupting the DC current and voltage required to keep the PD operation. To achieve this objective, Net.Shark / Net.Hunter can be configured to allow a DC power signal to...
  • Page 27 (Mirror & aggregate mode) the traffic flow to mirror port A is suppressed. Figure 2.5: Two examples of Net.Shark / Net.Hunter block diagram panel. (a) Connectors and traffic flows when the equipment is configured in Drop mode. (b) Connector usage and traffic flows when the equipment is configured in Capture mode.
  • Page 28 User Guide...
  • Page 29 Chapter 3 Traffic Statistics The ALBEDO Telecom Net.Shark / Net.Hunter can be used to get basic traffic statistics about Ethernet networks operating at rates up to 1 Gb/s. These statistics include frame and error counts. Statistics for line Port A and Port B are identical. Some statistics are referred to the...
  • Page 30 User Guide Table 3.1: Mirror Frame Analysis Metric Description Frames Total number of frames stored / transmitted by one mirror port since the capture / drop action started. Bytes Total byte count stored / transmitted by the mirror port from the beginning of the capture / drop.
  • Page 31 Note: Each field contains one counter for line port A frames and the second one for line port B. Net.Shark does not automatically discards frames with errors. If configured in pass- through mode, errored frames are forwarded if possible. Errored frames are also dropped or stored whenever possible.
  • Page 32 The ALBEDO Telecom Net.Shark / Net.Hunter provides frame size results as described in standard RFC 2819. The procedure for displaying the received frame size histogram is as follows: 1.
  • Page 33 B. 3.4.The LEDs Panel The LEDs panel offers a quick view of the current Net.Shark / Net.Hunter connection and operation status. They are permanent indicators. That means that no action has to be started to get the information from the LEDs.
  • Page 34 At least one frame was received during the current second in the current interface. At least one frame was transmitted during the current second in the current interface. Transmitted frames always come from the second line port receiver. No frames are internally generated by Net.Shark...
  • Page 35 An oversized frame is a frame which has a size larger than the configured MTU. Some Net.Shark / Net.Hunter LEDs are referred to the line ports and some others to mirror ports / captures. There are currently nine LED for line ports (1000, 100, 10, Rx,...
  • Page 36 User Guide Table 3.4: Mirror Port LED Indications Metric Description At least one frame was transmitted during the current second in the current mirror interface. Note: This LED applies to captures in the same way that it does for drop actions. In a capture, this LED indicates that at least one frame has been sent to the capture device during the current second.
  • Page 37 The result of the filtering process is one or several traffic streams called flows. This chapter describes how to configure Net.Shark / Net.Hunter for packet filtering and how to get basic flow statistics. 4.1.Enabling and Disabling Filters Traffic selection or filtering is configured by first enabling one or several filtering blocks and after that setting the filtering criteria.
  • Page 38 ‘1’ followed by a sequence of ‘0’ like IP network masks are. The generic procedure to configure one or several matching rule with Net.Shark / Net.Hunter is the following: 1. From the Home panel, go to Setup, The test port settings panel is displayed.
  • Page 39 IEEE 802.3 Ethernet MAC Frame Figure 4.2: IEEE 802.3 frame structure The ALBEDO Telecom Net.Shark / Net.Hunter provides frame selection based on the MAC address source and destination and Ethertype value. It is possible to configure a matching mask for all three fields to select a value set rather than a single value.
  • Page 40 User Guide Table 4.1: MAC Selection Parameter Description • Ignore: The source MAC address is ignored and not taken into account for the purpose of the filter. All frames are allowed to pass through the filter when Ignore is config- ured if they are not blocked by other selection rule.
  • Page 41 Filtering Table 4.1: MAC Selection Parameter Description Ethertype match Enables selection by Ethertype value in the current filter. The value configured here is used to determine which frames are allowed to pass through the filter and which ones are blocked. The available configuration values for this field are the same that for the Source address selection and Destina- tion address selection settings.
  • Page 42 User Guide bits bits bytes bytes Preamble Preamble (0xaa-aa-aa-aa-aa-aa-aa) (0xaa-aa-aa-aa-aa-aa-aa) SDF (0xab) SDF (0xab) Ethertype (0x88a8) Ethertype (0x8100) S-Tag Q-Tag Ethertype (0x8100) Ethertype C-Tag Ethertype Q frame (IEEE 802.1Q) PB frame (IEEE 802.1ad) bits Figure 4.3: IEEE 802.1Q y IEEE 820.1ad frame structures. VLAN (S-VLAN).
  • Page 43 For this reason is only available for S-VLAN matching rules. Net.Shark provides frame selection based on the VLAN tag based either in the VID or the priority bits. Net.Hunter support both the single-level Q-frame and the two-level Q- in-Q-frame.
  • Page 44 Pad: Padding, fills out the 32 bit words Data: Data, variable length Figure 4.4: IPv4 Datagram structure Net.Shark / Net.Hunter filtering capabilities can be programmed to match fields within the IPv4 datagram. It is currently supported IP datagram matching based on source IP...
  • Page 45 Filtering address, destination IP address, protocol and DSCP. Source and destination IP addresses can be matched by means selection masks. Table 4.3: IPv4 Selection Parameter Description Source address Enables selection by source IPv4 address in the current filter. match The value configured here is used to determine which frames are allowed to pass through the filter and which ones are blocked.
  • Page 46 User Guide Table 4.3: IPv4 Selection Parameter Description Destination address This is the mask for the source IPv4 address filter selection mask rule. Before comparing the Source address field with the frame addresses, bit wise AND operations are carried out between the value configured here and the Source address field so that only the values surviving the AND are taken into account for matching the filter.
  • Page 47 Filtering Table 4.3: IPv4 Selection Parameter Description Protocol This setting contains an 8-bit word that constitutes the proto- col identifier to be matched in the incoming traffic. Configur- ing this field to 17 is equivalent of setting the Standard protocol selection to UDP. TCP uses 6 as the protocol number and ICMP uses number 1.
  • Page 48 User Guide Net.Shark / Net.Hunter supports filtering based on various IPv6 packet fields including addresses, CoS marks, flow labels and higher layer protocol identifiers. Table 4.1: IPv6 Selection Metric Description Source IPv6 address Enables selection by source IPv6 address in the current filter.
  • Page 49 Filtering Table 4.1: IPv6 Selection Metric Description Destination IPv6 This is the mask for the destination IPv6 address filter selec- address mask tion rule. Before comparing the Destination IPv6 Address Match field with the actual IPv6 addresses, bit wise AND operations are carried out between the value configured here and the source address so that only the values surviving the AND are taken into account for matching addresses.
  • Page 50 TCP also offers a communication channel for IP applications. Applications speak through special 16-bit identifiers called ports in the same way that hosts use IP addresses. Net.Shark / Net.Hunter filtering capabilities include matching of TCP source and destination ports in each of the filtering blocks.
  • Page 51 Filtering Table 4.2: TCP Selection Parameter Description Source port match Enables selection by source TCP port in the current filter. The value configured here is used to determine which frames are allowed to pass through the filter and which ones are blocked.
  • Page 52 User Guide Net.Shark / Net.Hunter features related with UDP are equivalent to the TCP capabilities, including matching of the source and destination UDP ports. 4.2.7. Fixed Offset Selection Fixed offset selection is part of a family of protocol-independent filtering criteria classified under the designation of Generic Selection.
  • Page 53 Filtering Table 4.3: Fixed offset Selection Parameter Description Offset (bytes) This field defines the offset expressed in bytes from the refer- ence point defined with the Frame start control. The value 0 corresponds with the first byte of the MAC, IPv4, UDP or TCP payload (or the first frame byte, if Frame start is set to Start).
  • Page 54 User Guide Table 4.4: Length Selection Parameter Description Filter mode Enables length selection in the current filtering block: The value configured here is used to determine which frames are allowed to pass through the filter and which ones are blocked. The available configuration values for this field are: •...
  • Page 55 “A”, “B”, “C” and “D” let- ters. Net.Shark has 16 fixed pattern filters per port, one for each filtering block. Net.Hunter has only one fixed pattern filter per port (Filter 1 block of each port). However, the matching pattern is allowed to be longer in Net.Hunter (128 bytes) than in Net.Shark...
  • Page 56 User Guide 1. From the Home panel, go to Results, The test port results panel is displayed. 2. Select Filter statistics. Counts of all frames matching the selection rules for all filters and line port A and B are displayed.
  • Page 57 5.1.Configuring the Capture Capturing with Net.Shark / Net.Hunter is pretty much the same than mirroring traffic to a mirror port. The equipment is connected in the same way (line ports) and filter configuration is the same. It follows a high level description of capture configuration in Net.Shark / Net.Hunter:...
  • Page 58 Net.Shark storage capacity depends on the particular SD card used to save capture files. Capture throughput is limited to a few Mb/s in the case of Net.Shark but it is large enough to enable wirespeed data captures (1 Gb/s + 1 Gb/s) in most situations.
  • Page 59 Note: For Net.Hunter, this result applies both to captures and drop actions. In Net.Shark, this result applies to copies to mirror ports. The relevant Net.Shark suppressed frame coun- ter for captures is the Suppressed frames result.
  • Page 60 Capture exporting with Net.Hunter is slightly different to capture downloading from Net.Shark. This section is devoted to Net.Hunter capture file exporting. Details about file downloading with Net.Shark can be found on the sections devoted to generic file management (See section 6.1.6).
  • Page 61 Capturing Traffic fied with a unique file name. The exact time and date the file was generated and the approximative file size is shown for each PCAPNG file. Note: The exported file size is always smaller than the value indicated in the screen.
  • Page 62 User Guide 5. Select the capture file format (*.pcap or *.pcapng) with the help of the Options menu and, if necessary, press Apply to confirm your selection. 6. Optionally, configure one or several export filters (See section 5.3.1). 7. Download some or all the PCAP / PCAPNG files by clicking at the corresponding hyper links or select the files with the help of the check boxes and download all them at the same time as a TAR package file.
  • Page 63 These marks can be used to choose which frames to export once the capture has finished. Figure 5.2: Net.Shark / Net.Hunter web interface: (a) Filter by period panel (b) Filter by stream panel.
  • Page 64 Very long or very intensive usage of the Net.Hunter SSDs would cause the equipment to lose part of the initial capture speed. Please, contact with the Albedo Telecom staff or with your Albedo Telecom sales representative to get more information about potential limitations of the Net.Hunter SSD based captures.
  • Page 65 Note: If you select External devices, you will be asked to choose the specific stor- age device (USB device or SD card). Note: If there is no external device connected to the Net.Shark / Net.Hunter unit, a No devices present popup panel is displayed.
  • Page 66 Note: If you select External devices, you will be asked to choose the specific stor- age device (USB device or SD card). Note: If there is no external device connected to the Net.Shark / Net.Hunter, a No devices present popup panel is displayed.
  • Page 67 3. Select External devices to list the files currently stored in the external device. A popup menu to select the source external device is opened. Note: If there is no external device connected to the Net.Shark / Net.Hunter unit, a No devices present popup panel is displayed.
  • Page 68 USB and SD interfaces are still available. Note than if you are using Net.Shark, you can export the PCAP capture files with the help of the SD card you use for storage but if you are capturing data with Net.Hunter, the only way to copy captures to an external location is through the web interface.
  • Page 69 (See section 5.3). 6.2.Programming Tests Net.Shark / Net.Hunter is able to start and finish tests without direct user intervention. All automatic testing features are included within the Autostart/stop menu Follow these steps to program an automatic measurement in the test unit.
  • Page 70 User Guide Table 6.1: System Settings Panel Setting Description Start time Enter the start date and time for the next automatic measure- ment with the following format: dd/MM/yyyy hh:mm:ss. To configure Start time, you have to set Start mode to Auto before.
  • Page 71 Test Management • Licensed options: This is a menu that displays the software versions installed in the tester and enables their management. Table 6.2: System Settings Panel Setting Description Brightness (%) Sets the screen brightness from 10% to 100%. Within the Brightness panel, the left and right cursors are used to set the correct value and a contextual key (Done) is used to con- firm selection.
  • Page 72 • Maintenance and factory configuration: The ALBEDO Telecom staff use the Ether- net interface to configure or verify the equipment in the factory. This feature is not available to ordinary users.
  • Page 73 Test Management Table 6.4: Network Configuration Panel Setting Description Gateway address IP address corresponding to the IP default gateway in four dotted format. There is only one default gateway for all the network inter- faces (wired and wireless). By setting up this field, the user decides which management port is used by the system to reach remote networks.
  • Page 74 User Guide 10. Optionally, check from a remote computer that the equipment is responding to ping requests. Table 6.5: Ethernet Interface Configuration Setting Description Enable interface Enables or disables the network interface. Note that the link led placed in the Ethernet platform connector is lit even if the interface is not enabled.
  • Page 75 6.3.2. Installing Software Options New software for Net.Shark / Net.Hunter can be licensed after the unit as been purchased when new testing needs arise. To install new software options for your unit follow this procedure.
  • Page 76 Net.Shark / Net.Hunter users can manually set the system time and date by entering the correct values but they can also synchronize the clock with an external NTP server.
  • Page 77 This is a not editable field. It is only active if Time Source has ben configured to NTP. To configure the system time and date in your Net.Shark / Net.Hunter unit follow these steps: 1. From the Home panel, go to System, The general system menu is displayed in the screen.
  • Page 78 They must have a VNC client installed. Currently, there are VNC clients for most OS in the market. Some of them are free. The remote control is an optional feature for Net.Shark / Net.Hunter that is supplied by ALBEDO Telecom with an special license.
  • Page 79 Test Management Table 6.8: Remote Control Keys Description It is equivalent to the Esc key. It leaves the current panel and displays the previous one in the panel hierarchy. Enter It is equivalent to the ENTER key. It confirms settings. Ctrl+L It is equivalent to LEDS.
  • Page 80 User Guide...
  • Page 81 A.2. Operation Modes • Tap & filter: Traffic is forwarded between line ports, traffic is selectively copied to the mirror ports, stored in an SD card (Net.Shark) or stored the internal high speed storage device (Net.Hunter). • Filter: Traffic is filtered and forwarded to the corresponding mirror port, stored in an SD card (Net.Shark) or stored in high speed internal storage device...
  • Page 82 MAC address: source, destination. • MAC address group: subset of addresses filtered by a mask. • Ethertype field with selection mask. • VID (Net.Shark) or C-VID and S-VID (Net.Hunter) • VLAN priority or C-VLAN priority and S-VLAN priority. • S-VLAN DEI.
  • Page 83 A.7.6. Statistics • Frame counters for each configured filter. A.8. Capture • Traffic capture to SD card (Net.Shark). • Wirespeed traffic capture to internal SSD with capacity of 60 or 120 GB (Net.Hunter). • Capture format is PCAP or PCAP Next Generation (Net.Hunter only).
  • Page 84 User Guide • Configuration and report storage and export through attached USB port. • 4.3’’ TFT colour screen (480 x 272 pixels). • Dimensions: 223 mm x 144 mm x 65 mm. • Weight: 1.0 kg (with rubber boot, one battery pack).

This manual is also suitable for:

Net.hunter