1DV721 System Administration Assignment #1 Flow Analysis
1 Introduction
1DV721 System Administration
Assignment #1 Flow Analysis
You have been hired by LNU. Co. Ltd. as a System Administrator for doing a network re- design. They already have a network that is operational with around one thousand users. You will start with performing several analyses in the existing network depicted in Fig. 1.
2 Preparation
Figure 1: Device map
You arrive at the LNU’s campus and meet the System Administrator there. During your meeting, you realize that the current design is not a product of analysis, architecture and design process. There does not exist any requirements specifications to help you identify the flows in a bottom- up approach. You immediately schedule a RA which will take some time to complete.
Meanwhile you are requested to address couple of performance issues as soon as possible.
Therefore you follow a top-down approach and try to identify the flows via analyzing the current
network traffic.
2.1 Capture network traffic
A fellow network analyst has already captured sample traffic from the network from the point shown in Fig. 1. You can find the capture file in assignment 1 section of Moodle.
3 Flow Analysis
In this section, you are going to process the capture using the knowledge you gained in the course in order to build Flow Analysis. Refer to chapter four in the book for additional assistance. Note that after following the procedures below, you will be able to identify the flows however you may not know (but have an educated guess though) which ones are mission critical. You can assume mission critical operations for our business (LNU’s) according to your understanding.
1
An additional learning outcome expected in this section is to enhance your Wireshark skills.
3.1 Flow Identification
• Provide a summary information regarding the capture process, i.e. how long the capture lasted, how many packets have been captured etc.
• Provide a graph that visually identifies the protocols and their statistics in a hierarchical manner with respect to OSI model.
• Identify the flows. How many are there in total? Pick the ones that you think would likely to drive the architecture and design for proceeding with flow analysis. Motivate and elaborate your reasons for picking those.
• Develop profiles for the flows you chose if applicable. Motivate your reasons for profiling.
• In the Analyze menu of Wireshark, locate” Expert Info”. Explain what information is given and how would it be useful.
• Navigate to Analyze>Enabled Protocols. Locate HTTP, uncheck it and apply. What did change in the capture? Discuss the importance of protocol dissectors in Wireshark.
• Locate a TCP flow destined to port 8880, right-click it then click” Decode As” and choose HTTP. What did change in the capture and what is the role of Decode As? Why is it needed?
3.2 Flow Engineering
Following tasks should be performed on the flows and/or profiles that you picked in section 3.1
• Explain for each flow/profile if it is individual or composite. Explain why.
• Identify the sources and sinks of the flows. Provide detailed information such as how many packets and bytes had been exchanged at what directions.
• Considering the amounts as well as the directionality of the packets exchanged, can you suggest a flow model that each flow/profile may be associated with? Motivate your answer.
• Reconstruct the application layer contents of one of the ERP application flows. Identify some of the protocol specific commands and codes and briefly explain them.
• Graph the flow in previous task. Explain how the start and the end of a flow can be identified?
• Pick a specific part of the conversation happening within the flow (4-5 lines) of the previous task and explain what the source and the sink are speaking to each other.
• Plot five flows/profiles (a mix of them) in a graph where one of the axis denotes bits or packets. Investigate and discuss when to consider bits and when to consider packets as the unit of measurement for capacity planning. How would it assist the analysis process if the units of the other axis is changed to” Time of day”?
