nG1 EE LabGuide v634
nG1 EE LabGuide v634
Essentials
Lab Guide
Trademark Attributions
NETSCOUT, the NETSCOUT logo, Network General, the Network General logo, NETSCOUT University, nGenius, nGeniusONE,
Sniffer, InfiniStream, Business Container, Business Forensics, TrueCall, NetVigil and Quantiva are trademarks of NETSCOUT
SYSTEMS, INC. Other brands product names and trademarks are property of their respective owners. NETSCOUT reserves the
right, at its sole discretion, to make changes at any time in its technical information and specification, and service and support
programs.
The information presented in the course and in this training guide is for educational purposes only, and the appropriate
manual or NETSCOUT representative should be consulted for issues relating to actual operation and maintenance of the
products described in the course.
Copyright
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any
language in any form or by any means without the written permission of NETSCOUT SYSTEMS, INC. or its suppliers or affiliate
companies.
Overview
Description
The purpose of this lab is to teach you how to interpret the vast array of
values and numbers you will come across while using nGeniusONE.
Objectives
After completing this lab, you will be able to:
• Understand how to read and interpret displayed numeric values
• Quickly identify what data is good, bad, or critical
• Clearly understand displayed graphs and their data
Connecting to nGeniusONE
Logging on
1. Use a web browser and connect to the IP address assigned to you by the
instructor.
2. The instructor will provide your login/password credentials.
You should see something like this:
3. There are many icons available to you, and you will get the opportunity
to take a more detailed look at them during this course. First, let’s look
at some useful areas. Locate the settings menu wheel in the upper
right-hand corner and select it.
4. The Setting Menu allows you to access various tasks and features that
will prove useful to you during this course. The first one we’ll look at is
Help. Select Help from the menu to launch the nGeniusONE Online
Help page.
16. This concludes this lab exercise, minimize the nGeniusONE Server
window, do not logout.
Review
Questions
Write down any questions or observations for discussion during the lab review.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Answer Sheet
Understanding Numeric Values
7 – KPI metrics are collected when response time is enabled for the
monitoring appliance and for supported applications in Global Settings.
8 – Any 4 of the following is correct: Successful Transactions, Failed
Transactions, Response Time, Timeouts, Request Retries, Error Codes, and
Applicable Unified Communications KPIs.
9 – In nGeniusONE, KPI statistics are displayed in Service Monitors
10 – a. Average response time for the application in milliseconds, b. TCP
round-trip delay time in milliseconds from client to server and back, c.
Ratio of retransmitted TCP packets in relation to total packets, d. Average
response time for the client to acknowledge a request.
11 – ACK
12 – SYN/ACK
Overview
Description
The purpose of this lab is to familiarize you with Service Settings, Service
Dashboard, and Service Alerts.
Objectives
After completing this lab, you will be able to do the following:
• Navigate through some nGeniusONE Service Settings
• Become familiar with the Service Dashboard
• Launch the Notification Center
4. Click on the Data Center domain tile to display the lower associated service domain and /
or services
5. Click in the filter field, clear out the search string, then click on the filter icon to close the filter
field
6. Click on the Data Center Boston domain tile, follow by clicking on the Enablers domain tile
7. Visually, locate the LDAP Services tile. Make a note of the Percentage failures ______ and the
Transactions count __________.
8. Change the Duration to Last 24 Hours. Make a note of the Percentage failures ______ and
the Transactions count _______. Comparatively speaking, are the percentage failed
transactions at the Last Hour and the Last 24 Hours duration roughly close?
_____________________________________________________________________________
9. Click the Toggle Tiles / Over Time mode button. Change it to Over Time.
The Over Time mode provides a data sample plot over time duration graphical display with the
intent to provides a trends analysis
10. Set the Duration to Last Hour. Visually, locate the LDAP Services tile. As you move the mouse
cursor from left to right across each of the 5-minute duration percentage failed samples; are
the readings roughly close?
_____________________________________________________________________________
11. Set the Duration to Last 24 Hours. As you move the mouse cursor from left to right across
each of the 1-hour duration percentage failed samples; are the readings roughly close?
(NOTE: You may have to adjust to see the view more clearly)
_____________________________________________________________________________
12. Set the Sample Resolution to 5 Min. As you move the mouse cursor from left to right across
each of the 5-minute duration percentage failed samples; comparatively speaking are the
readings similar to when the Duration was set to Last Hour?
_____________________________________________________________________________
13. Set the Duration to Last Hour, and click the Toggle Tiles / Over Time mode button. Change it
to Snapshot.
2. Let’s take a look at which LDAP Server(s) is experiencing a Total Failures count in the
hour. Click on the “Failures” column label to sort from the highest to lowest in
descending order.
The Communities feature supports adding IP addresses and address ranges to specify server and
client groups that lie within your enterprise. Server communities aggregate both server and client
activity specified in subnets and/or IP addresses while Client communities aggregate client activity-
specified only
Given the LDAP Server(s) Name with the highest Failure counts, what are the client community
IP addresses being serviced by these server(s)?
________________________________________________________________________
________________________________________________________________________
TERM DEFINITION
A. Service Member 1. ____ a service that includes only physical interfaces and
location keys.
B. Application Service 2. ____ an organization of application services, network
services, and service domains in parent-child order.
C. Network Service 3. ____ a grouping of application services, network services,
and other service domains.
D. Service Domain 4. ____ the fundamental unit of a service.
E. Service Hierarchy 5. ____ a service that can include interfaces, applications,
application groups, message IDs, network services, and
location keys.
ICON DEFINITION
1. ____ indicates a network service.
A.
Service Dependency
Service Dependency allows you to see the interdependencies between servers that deliver a
service, as well as how those servers are performing. It also helps identify servers that are
causing problems or that were not expected in the service delivery chain.
4. Click on the Re-Center icon (if you don’t see it, select More then select the Re-Center
icon). Take a moment, of the clients connected to this select LDAP Server, which appear
to be having problems?
_________________________________________________________________________
5. Expand the Client grouping by clicking the plus sign icon. Take a moment to compare
your earlier notes to the displayed client to server connectivity mapping.
6. Move your mouse cursor over the links. You can get information such as errors, rates,
and requests.
Service Dependency provides a map of servers associated with a service or other drilldown
context, along with client communities and other servers that provide an enabling function
(such as DNS or RADIUS). It includes traffic and performance metrics, allowing you to
determine if client communities are being affected by a poorly performing server.
The connections between nodes are represented by lines. The thickness of those lines
indicates the relative transaction load on that link.
7. Right click on one of the links.
What can you also do here that saves time?
________________________________________________________________________
8. Close all running modules.
1. Go to the Service Dashboard, ensure you are at top level (Enterprise). Are any alerts
present? YES / NO
2. Ensure the layout is set to Critical Alert, and toggle to Service View mode.
3. Locate a tile on the dashboard that has both Critical and Warning counts.
4. What tile had both Critical & Warning alerts? _________________________________
5. Select the small triangle in the lower right-hand corner of this tile (see below for example
of a tile with both critical and warning alerts) and then select the Notification Center from
the list.
10. Check in the lower left-hand portion of the browser, you should see the Alert PDF appear,
select it.
You now have a PDF of the Alert that looks like this, it can be saved and/or sent to
associates to use during your triage of the network.
11. Close out the PDF file, and select the first Warning alert displayed.
12. Look closely at the Alert Details window, what is the Set Threshold value shown? ______
13. What was the triggered value? _________________
14. You’ll get a chance to look at Alerts later, for now close out the Notification Center.
15. Select Close All Running Modules, but remain logged into the nGeniusONE console.
Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Launching the Service Dashboard
8 – Yes, the last hour and last 24-hour failure percentages are roughly the
same
10 – No, the readings go up and down over the duration displayed.
11 – No, again the readings go up and down over the duration displayed
(24rs)
12 – Yes, the readings fluctuate up and down over the time period.
Summary Views
2 – a. LDAPSrv1, b. Numbers will vary, c. Auth. method not supported
3 – 192.168.130.31, 192.168.130.32, 192.168.130.33, and 192.168.130.34
4 – 1. = C, 2. = E, 3. = D, 4. = A, 5. = B
5 – 1. = C, 2. = A, 3. = D, 4. = B
Service Dependency
4 – All the clients under CG3 (IPs noted earlier 192.168.130.31 to .34)
7 – Launch Monitors and/or view Node information.
Alerts
4 – Tile that has both may vary (i.e., Microsoft Exchange All)
6 – Threshold Alert type
7 – Number of occurrences will vary (i.e., 19)
12 – The set threshold value shown is 25 ms
13 – The trigged value will vary (i.e., 51.5 ms)
Overview
Description
The purpose of this lab is to familiarize you with Service Dashboards,
Service Monitors, and Enablers.
Objectives
After completing this lab, you will be able to:
• Navigate the nGeniusONE Console
• Launch a Service Monitor
• Change Dashboard Metrics
2. You can display modules with names that match the search text
entered. Type the letter M, and notice the console icons change to
match anything with the letter M.
3. Continue on, and type the word Monitor.
4. How many icons are shown? ________________________________
5. Go to the Online Help tab, and search for Overview of nGeniusONE
Monitors, and locate “Overview of” it should be near the top entry
listed.
NOTE: if you closed the help tab, select the settings wheel in the upper
right of the console, and Help.
6. Identify the following Monitor types (the first one is done for you):
a. LDAP Monitor =
Service Enabler, useful for analyzing protocol-specific details.
b. DHCP Monitor =
___________________________________________________________
c. Certificate Monitor =
___________________________________________________________
d. Universal Monitor =
___________________________________________________________
7. From the Console, clear out the search window and go back to the
default view.
8. From the Console, select the Universal Monitor.
9. Under the Monitors tab on the left, do all the monitors shown match
the monitors shown in step 4 earlier? YES / NO
10. Which monitor shown was not seen earlier in step 4?
_________________________________________________________________
11. Select the Applications Services tab, and then select the Service Name
to change the view so it looks like this.
12. Scan down through the list under Universal, and select Office-365,
notice on the right-hand side, you have User Defined Service Details.
13. Select Launch in the lower right, you should see something like this:
14. You have the ability to launch more than one Universal Monitor, select
the home icon in the lower left-hand portion of the monitor.
15. From the Applications Services tab, choose another Service, and select
Launch.
16. Select the More Views drop down in image above, you should now see 2
monitors listed with both showing the Application Service you chose.
17. Next, we’ll look at launching specific Service Monitors, select Close all
running modules, but do not logout.
Service Monitors
You are now familiar with launching the Universal Monitor, next we’ll take a look at the
different ways a Service Monitor can be launched from nGeniusONE.
3. Click the in the lower right-hand corner of the very first tile
displayed on the Dashboard.
4. What monitor does it show can be launched? Launch that monitor.
_____________________________________________________________
5. Go back to the Service Dashboard, and find another tile that
launches a different monitor, and launch it.
Since you launched two different Service Monitors, notice the
column headings are different. Later in the lab, you’ll take a closer
look at that.
6. Select Close all running modules to close the monitors.
2. The first area we’ll concentrate on is the Title bar of the Summary
Table pane.
The time toolbar allows you to adjust the duration of results you
want to display at a time. The circled areas here allow you to
navigate forward or backward in time.
3. Make note of the time and select the left circled icon.
4. Did the values in the charts increase? YES / NO
Remember, all you are doing is sliding the viewed time up or down,
it’s still 1 hour of time, just different starting and ending points.
5. Select the Duration menu, and change the time to Last 6 Hours.
6. Now, did the values in the charts increase? YES / NO
7. Change the Duration back to 1 Hour.
8. Set the Shift By to 30 minutes, did you notice a change? YES / NO
9. Make note of the time, and select the left time. It should have
changed by 30 minutes. Try it also with the time on the right side.
19. Select the Expand icon, and click on Summary to go back to the
DNS Services screen.
20. From the DNS Services, ensure the entry with the highest failures
is still selected, and launch the Location keys icon with the
following:
23. Next select the Switch to icon , this allows you to change the
views being displayed. Select Universal from the list.
24. Now go back to the Switch to icon (NOTE: you may have to choose
the More icon) and choose TCP Analysis.
By default, monitors display metrics based on Key Performance
Indicators, but you may want to view TCP metrics, such as Latency,
TCP Window Size, Retransmissions, Resets, etc.
25. Select the More icon, and spend a few minutes looking at each of the
options available to you. Once you’re done, select Close all Running
modules from the top, but remain logged in.
Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Looking at the Console
4 – at least 14 icons are displayed (numbers may vary)
6 – There are four (4) dashboards:
b. DHCP = Service Enabler, useful for analyzing protocol-specific
details
c. Certificate = application based service monitor, tracks certificates
in use across the Enterprise, including which are coming up for
expiration and the server to which they are assigned.
d. Universal = special function monitor, offers a means to launch
other monitors and is also a generalized “view” that can be switched to
within specialized monitors.
9 – NO
10 – RTP Monitor
Overview
Description
The purpose of this lab is to learn how to read/interpret Traffic Monitor,
select the proper Service Monitor, and understand how to perform packet
analysis.
Objectives
After completing this lab, you will be able to:
• Develop familiarity with throughput analysis modules
• Identify Service Monitor selection
• Drill down to Packet Analysis
Throughput Analysis
Traffic Monitor
The Traffic Monitor is supplied data from InfiniStream appliances enabled
for ASI classification.
1. From the nGeniusONE Console, launch the Traffic Monitor with the
following selected.
2. With the 2 interfaces now displayed, it should be easy to see which one
is receiving more traffic, but are the applications on them the same?
YES / NO
3. Make sure DC-Inf:if3 is selected, and record the top 3 applications
_________________________________________________________________
4. Perform the same for DC-Inf:if4.
_________________________________________________________________
5. Are the top 3 applications the same? YES / NO
6. With DC-Inf:if3 selected, from the Summary tabs area, select the
Discovered Applications tab.
7. What happened to the charts?
_________________________________________________________________
8. Which port is the top discovered application?
_________________________________________________________________
9. Select the Vital Signs tab.
10. Now you see link layer traffic information, do you see any dropped
packets? YES / NO Take a minute to review the chart.
11. Select the Applications tab and then Launch Conversation View.
12. Locate and record the IP addresses of the conversation with the highest
total volume.
Host A: ___________________ Host B: _________________________
13. Select the Location Keys icon and enter the following and Apply.
Monitor Selections
Selecting Service Monitors
1. Here are some examples of problems you may receive, what Service
Monitor would you choose to look deeper into the issue?
a. Customers can’t access Web Server _____________________________
b. Remote learning videos not playing _____________________________
c. Users aren’t getting IP addresses via DNS ______________________
d. SharePoint Users can’t access network _________________________
2. Remember the Service Monitors can be launched from multiple
locations. From the Service Dashboard, locate the following tile, and
launch the Service Monitor associated it:
6. What if you wanted to find out which of the error codes displayed,
had the highest count and highest % of Errors? Select the Analyze icon,
Top 10 – Pie, and identify which Error Code had the highest Count and
% of Errors.
________________________________________________________________
7. Launch the Notification Center and select the first Critical Alert for the
Service: Microsoft Exchange All and launch the Universal Monitor
What is the Alert ID?
________________________________________________________________
8. What Error Codes are associated with this Service Monitor? NOTE:
You might need to launch the Monitor associated with this Alert.
________________________________________________________________
9. Leave the Universal Monitor up, and go back to the nGeniusONE
Console, do not close out this Service Monitor.
10. Launch and familiarize yourself with a few other Service Monitors,
taking time to pay attention to the Summary Tabs area.
Drilling Down
Performing Packet Analysis
Now that you’re becoming more familiar with launching various Service
Monitors, the next step will be looking deeper into the Sessions, and
ultimately drilling down to the Packets.
1. The Session Analysis tab provides a correlated view of ___________
selected for drilldown from the table or charts in the _____________ tab
of Monitors or Enablers, or certain nGenius UC Server views.
2. T or F Session Analysis drill down is supported from Traffic Monitors
3. Go back to the Universal Monitor you launched from the Notification
Center (see step 7 on previous page).
4. From the Error Code Distribution window, select the Launch Session
Analysis icon.
NOTE: If you are seeing an error, make sure the time is for last hour.
5. What 3 main areas are viewable?
_________________________________________________________________
6. You may have to adjust the bottom area – Session Summary, select the
Maximize icon to make that section bigger. What is listed as the failure
under the Session Information area on the lower left-hand side?
_________________________________________________________________
7. From the Session Trace section in the middle, select the Server side to
drilldown into Packet Analysis.
8. You should now see the packet decode for the selected entry.
9. You’ll spend more time diving deeper into Packet Decodes later, for now
select Close all running modules from the top and stay logged into
nGeniusONE.
Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Traffic Monitor
3 – The top 3 applications on if3 may vary (i.e., Audio 39.01%, HL7 15.40%,
IP_OTHER 11.39%)
4 – The top 3 applications on if4 may vary (i.e., SMB 50.05%, InvWebHTTP
27.76%, and Audio 9.23%)
5 – No, the top 3 applications on each interface are different.
7 – The charts now display the TCP & UDP port numbers for the top 10
discovered applications.
8 – The TCP port number will vary (i.e., TCP 4983 75.40%)
15 – A display of “-“ indicates that the port number is not known or not
applicable (i.e., for peer-to-peer applications).
18 – Transport Protocol with highest In-Volume will vary (i.e., TCP)
20 – Location with highest amount of traffic will vary (i.e., Data Center)
22 – Location % will vary (i.e., 31.50%)
Overview
Description
The purpose of this lab is to familiarize you with the Grids and other visual
aids.
Objectives
After completing this lab, you will be able to:
• Create and Modify a Grid.
• Create and Modify Over Time View
• Launch Notification Center and identify problems
Time to Complete
20 minutes
10. This initial Grid was created using a Template, and consists of the
following 8 charts:
Worst Servers (Slow Transaction Percent) Worst Client Communities (Slow Transaction Percent)
11. We might want to look to see if this Grid consisting of these 8 charts
will support what we need. First, let’s create a few more and then
we can revisit this initial Grid.
12. Select the Expand icon, located just under the Grid name, and then
choose the Context Builder.
Notice only a single interface was used, and you accepted all the
defaults for the Charts.
13. Now we’ll create another Grid. From the lower left select the Home
icon, and then select Add Grid, using the same interface as before,
but choose Template – Server Performance.
14. What did you notice when you selected Template – Server
Performance?
______________________________________________________________
15. What is it asking you to review?
______________________________________________________________
16. With DC-Inf:if3 highlighted, select Add to Filter + in the top right
corner of the window.
17. What tabs do you see on the left portion now?
______________________________________________________________
18. Select the Server Site tab, making sure to only highlight
OracleSrvFarm, and Add to Filter +
19. Select the Application tab, highlight OracleInv, and Add to Filter +.
20. From the Server Tab, select the entry displayed, but don’t add to
filter this time.
21. You should see something like this, and the Add to Scratchpad is no
longer greyed out, select Add to Scratchpad.
7. Are any charts displayed, if not what might be the problem? (Note:
if you see charts, proceed to step 10).
___________________________________________________________
8. If you selected a Domain that doesn’t display any charts, expand the
Domain, and select the sub-domain with the most alerts.
9. Do you see charts now? YES / NO
10. Pin the Service Hierarchy tree and compare the number of charts
displayed against the services for the selected Domain.
11. Once done comparing the numbers, unpin the Service Hierarchy
tree, and refresh your view.
12. What do you notice about all the charts displayed?
____________________________________________________________
Next, we’ll look at creating a customized Over Time View, using the
same Domain/Sub-Domain you selected.
5. You should now see all the charts, remove any charts that displayed
no data by selecting the Remove View icon in the upper right corner
of the view.
6. Switch back to the Service Hierarchy and identify those services
within the Domain/Sub-Domain being used, that have the highest
number of alerts.
7. Write down 4 Services with the highest Alerts.
_______________________________________________________________
8. We will only be using views for the 4 services you identify, remove
all other charts at this time.
9. Your screen should now look something like this:
10. You will be adding 2 more views with metrics Alerts &
Successful/Failed Transactions to the 4 services you identified in
step 7 above.
(i.e., If Active Directory was the Service, you’d have % Failures,
Successful/Failed Transactions, and Alerts)
11. As you add the new views, ensure they are placed together by
placing the mouse in the top of the view, right clicking, and
dragging it into place.
12. From the View Options icon, change the Columns layout to 3, and
enable Fit to window.
13. Once you are done configuring all the views, there should be
___________ views on the display.
14. Select the Save icon from the toolbar, and then Exit to leave
Configure mode.
15. From the Options, check or adjust Fit to window, so you can clearly
see values displayed. Your Over Time View should look like this:
16. Take a few minutes to try making changes to the Options fields and
review the display output.
Launching
1. From the nGeniusONE Console, launch the Notification Center,
and filter on only Critical Severity levels.
2. How many are displayed for the last hour? ____________
3. From the right-hand side of the screen, select the Column
Management button and ensure to configure this way, and select
OK.
9. Review the Cause and Impact Metric Over Time chart; it should
look something like this.
10. Place your mouse on the Avg. Response Time Threshold line and
make note of the Threshold value of 100.
11. Next, do the same for the highest point above the Threshold line,
and make note of that value.
12. Now, launch the Database Monitor.
13. What name or value is shown once the Database Monitor launches?
__________________________________________________________
14. With the highest failures highlighted, launch Session Analysis,
what happened? (NOTE: Make sure you are set to 1 hour).
__________________________________________________________
15. Go back to the Summary window of the Database Monitor and
notice in the Error Code Distribution window, there are multiple
Error Codes displayed.
16. Highlight the Error Code with the highest count, and launch
Session Analysis. What is the Failure reason displayed?
__________________________________________________________
17. Go back to the Notification Center tab, and launch the Universal
Monitor for the same Critical Alert.
18. Did you notice any changes in the Error Code chart? YES / NO
19. From within the Error Code Distribution graph, launch Session
Analysis. (NOTE: Make sure you are set to 1 hour).
20. Select the Avg RT (ms) column in descending order and highlight
the top entry.
21. Review the Session Information data at the bottom, what Failure
Reason are you seeing?
___________________________________________________________
22. We’ll look at Packet Analysis and Decodes later. Close the
Universal and Database Monitors and go back to the Notification
Center.
23. Filter only Warning Severity, and choose the first Sharepoint entry.
24. What is the Configured Threshold value for this entry?
_____________________________________________________
25. What was the triggered value?
____________________________________________________
26. Take a few minutes to look at some of the other displayed Alerts.
27. Once you are done, select Close All Running Modules, but remain
logged into the nGeniusONE Console.
Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Creating a Grid
14 – The Review and Add area requires additional information, items show
up in Red that requires attention. The Add to Scratchpad is greyed out
and can’t be selected until additional information is added.
15 – It’s asking to add an Application, Server, or Network Service,
Application, Server, or Application Group, Server, or Network Service,
Application Group, Server.
17 – Application, Application Group, Site, Client Site, Server Site, QoS
22 – Interfaces seen (Top ifns by Server Volume), Successful & Failed
Transactions Overtime, Worst Client Communities (Response Time (ms)),
and Response Time Distribution.
Notification Center
2 – The number of Critical Alerts will vary (i.e., 11).
6 – The Avg. Response Time Threshold was 100ms
7 – Triggered Value higher than 100ms (i.e., 137.75ms)
8 – Configured Threshold has been repeatedly exceeded over a # minute
period
13 – The Alert ID is shown in the Database Monitor.
14 – Session Analysis launches, showing Session Overview, Trace, and
Summary information.
16 – Failure 1653: Undefined
18 – NO, same Error Codes displayed as before
21 – Failure Reason 942: Undefined
24 – Configured Threshold Value 125ms
25 – Triggered Value over 125ms (i.e., 238.46ms)
Overview
Description
The purpose of this lab is to familiarize you with Reports.
Objectives
After completing this lab, you will be able to do the following:
• Create a report
• Run a report
• Modify a report
Reports
Creating a Report – For New Service Launch
Your organization is rolling out a new service (Office 365) for their
customers, and one of the key stakeholders will be the management staff.
The operations folks who monitor the network in the NOC also have an
interest with this new service roll out.
Create a report for each, making sure you include the following:
AUDIENCE NEED
Management Team These key stakeholders will need weekly reports
that outline the Service Load & Response Time
metrics, particularly successes and failures for
the new service, and metrics on Top Servers the
service is running on.
Network Operations The NOC team members will need daily reports
Center on anything to do with the new service.
5. The second step is to choose a Data Source. Select the filter icon on the
right, and in the Search… area, enter Office.
17. Next, create the second report, and name it: New Service O365 – NOC
– <your initials>.
18. Ensure you create this second report using the Service Message
Summary template.
19. Choose Office-365 for Application Services.
20. Review all the views, and if all looks good, select Finish.
21. Schedule this report to run Hourly at 8am, Daily at noon, and Weekly
at 4:30pm on Friday.
22. Set the Sharing parameters as follows:
23. Select Save and then Save and exit, you should now see both reports.
Launching Reports
Now you have both reports created, and scheduled, next we’ll launch them
and take a look at the information they provide.
1. Select Generate Instance for the Managers report.
Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Launching Reports
7 – 5 views should be present (Service Load, Service Response Time, Top
Servers By Worst Average Response Time, Top Servers By Transaction,
and Top Servers By Worst Error Count).
12 – Top Applications for each interface may vary.
13 – Top Talkers for each interface may vary.
Overview
Description
In this lab you will perform Data Mining using the Packet Analysis
features.
Objectives
After completing this lab, you will be able to do the following:
• Perform a packet capture
• Filter on packet types
• Save a packet trace
• View a saved trace file
Time to Complete
15 minutes
Packet Analysis
There may come a time when you need to perform a deeper dive as you
try to determine how your network is performing. This lab exercise is
designed to help you understand what tools are available when
performing packet analysis, as well as help isolate information through
the use of filters.
7. After you’ve run the Decode, the output display is broken up into
what 3 sections?
____________________________________________________________
8. From the Packet Summary toolbar area, select the
Launch Enhanced Decode icon, ensure you select TCP Analysis.
13. From the View Session window that opens, locate the launched
decode session, click it, and select Decode to go back to original
decode.
14. Take a look at some of the other actions that can be performed via the
Summary Tool bar area.
15. Close out Packet Analysis.
©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–3
Data Mining Lab 7
Using Filters
1. How many processed packets does it display? __________________
Mining a Conversation
1. From the Filter Constructor, construct a filter application==SIP.
2. Look for a (SIP) INVITE with IP address 192.168.100.12 and select it.
3. Launch Filter Constructor with that packet highlighted.
4. How many packets are there? __________
5. What do you see here?
________________________________________________________________
9. Select the packets from INVITE through the end of the conversation
and look at the different message types one at a time to see how they
change and where they appear in the ladder diagram.
Trace Files
1. Launch the Packet Analysis module, and select the Trace Files tab.
2. Select the trace file you saved and then Decode to review it.
Graph View
1. From the Monitored Elements tab, ensure DC-Inf:if3 is selected, and
select Graph Decode in lower right..
You should be presented with four-panels (Charts Panel, Summary
Panel, Detail Panel, and Hex Panel) of the Graph View. The Panel at
the top, displays the “segments” pictorially.
2. Select the last segment from the Charts Panel, and write down the
packet number displayed ____________________.
3. When you selected the last segment, did the Slider on the bottom half
of the Charts Panel move? YES / NO
4. Would you expect the Slider to move when selecting the last segment
on the screen? YES / NO
5. Move the slider to the right, by selecting the arrow in lower right
hand corner.
8. From the Detail Panel, select the + to open up the Objects tab.
9. Now with the Objects tab open, record the number of objects for each
layer displayed.
Layer Objects/Segments
Application
Host
Context
Network
10. Select the Application Layer, locate and check the SIP application
from the list, and select Add to Filter.
11. What happened to the segments in the Charts Panel?
_______________________________________________________________
12. From the Tool Bar, select the Launch Filter Constructor icon.
13. Remove the Filter application==sip, and add sip to the Search area,
then select Apply.
18. Add the top 4 Application entries you identified in step 16 and select
Apply.
NOTE: the top 4 entries may be different from image below.
19. Notice under the Objects tab, only 4 applications are displayed.
20. Select the Launch Classic Decode icon from the tool bar.
Review
Questions
Write down any questions or observations you may have to bring up during the lab
review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Data Mining – Direct Decode
7 – After running a Decode, results are displayed in 3 panes (Packet
Summary, Packet Detail, and Packet Hex).
9 – What is displayed is based on a unique IP address and port pair
combination derived from the packet you selected before launching
Enhanced Decode.
10 – The left-hand Y axis displays the TCP Window size in bytes.
11 – The right-hand Y axis displays the TCP Bytes in Flight value in
bytes.
Using Filters
1 – The number of processed packets will vary.
5 – Filtered packet count will vary.
6 – HTTP
Mining a Conversation
4 – Should be a small number of packets (10 or less).
5 – SIP call setup messages
7 – The bounce chart shows the SIP packets used to setup the call.
Graph View
11 – The segments aren’t completely filled up.
14 – A blue dot appears over the segments indicating where the search
value entry was discovered.
21 – The filter used is present on bottom of the screen.
Overview
Description
The purpose of this lab is to familiarize you with Special Function
modules.
Objectives
After completing this lab, you will be able to do the following:
• Launch the Search and Discover Tool
• Launch the Discover My Network Module
• Navigate through the various screen interfaces
Time to Complete
20 minutes
Discover My Network
1. From the nGeniusONE Console, launch Discover My Network.
2. Notice it looks very similar to the Traffic Monitor. From the
Monitored Elements tab, select interfaces DC-Inf:if3 & DC-Inf:if4,
and then Launch.
3. What application shows the highest number of transactions?
______________________________________________________________
4. What types of views can you see using the Discover My Network
Module?
______________________________________________________________
5. How many applications did it discover? _________________________
6. Sort the Application Column in descending order and locate the
HTTPS-Corp application.
7. With the HTTPS-Corp application selected, launch the Service
Monitor associated with it.
8. What is the IP Address or Name of this Server?
_______________________________________________________________
9. Go back to the Discover My Network Summary page and sort by
Transactions > Failed. What Application is showing the highest
number of Failed Transactions? (NOTE: If two have the same
number, choose first one)
_______________________________________________________________
10. Close out the Discover My Network module, but remember the
information you collected.
2. From the Search window that appears, enter the IP Address of the
Server Associated with the HTTPS-Corp Application (see step 8 from
previous page).
3. Answer the following questions:
a. What interface is linked to this Server? ___________________
b. What is this IP associated with? _________________________
c. What is available to launch under the interface?
_________________________________________________________
4. Launch Host Analysis, and note the Application and Server Name
displayed.
5. Does this match with what you saw earlier? YES / NO
6. From Location Keys, add Server Site.
7. What is the Server Site shown? (adjust column width if necessary)
____________________________________________________
8. Take a few minutes to look through the displayed output.
9. Select Close All Running Modules.
Review
Questions
Write down any questions or observations you may have to bring up during the lab
review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Answer Sheet
Discover My Network
3 – The Application with the highest transactions count may vary (i.e., CITRIX
ICA)
4 – Using the Discovery My Network module will allow you to see at-a-glance
transaction activity, throughput in terms of application latency, TCP window
sizes, and network volume in both kilobytes and number of packets.
5 – The number of discovered applications will vary (i.e., 81).
8 – The IP Address is 192.168.131.28, and the name is LB2-External.
9 – The Application with the highest failed transactions may vary (i.e., Citrix
Web HTTP, Citrix LDAP, DNS-Active Directory).
Overview
Description
The purpose of this lab is to test what you’ve learned during the
nGeniusONE Enterprise Essentials course you’ve attended. You can use
any materials provided to you as you start this exercise.
Objectives
After completing this exercise, you should be able to:
• Use the nGeniusONE Console and Service Monitors
• Perform Network Triage using multiple workflows
• Create and forward nGeniusONE Reports, Graphs, and Charts
• Perform Packet Analysis and Drilldown
Time to Complete
40 minutes
You can use all the materials you have before you while attempting to solve these
tickets. If you get stuck or have any questions before getting started, please notify
your instructor.
Good luck!
Training Tickets
The Training Tickets are broken down into two main categories:
• Work Request / Configuration / Creation
o Reports
o GRIDs
o Alerts
o Etc.
• Triage / Troubleshooting
o Oracle
o Citrix
o DNS
o Etc.
You will have time to complete each ticket, as well as have time to discuss findings as a
group. You may find more than one way to isolate problems in the network.
Let’s begin…
Ticket #1 – Triage/Troubleshoot
Ticket Details
Your customer NetArch is receiving complaints coming from users in
Washington area who can’t access Active Directory Server. Review the
email from the TAC Manager, and perform triage on this problem. Make
sure to document your findings and answer any/all questions.
Ticket #3 – Triage/Troubleshoot
Ticket Details
Your customer (Topmon99) is receiving a high number of DNS
complaints coming from users isolated in the New York area. Review the
email from the TAC Manager, and perform triage on this problem, make
sure to document your findings and answer any/all questions.
Ticket #4 – Triage/Troubleshoot
Ticket Details
One of your key customers (Ora4orce) is receiving a high number of
complaints about users trying to access their Oracle App Server
Database in the UK. Review the email from the TAC Manager, and
perform triage on this problem. Make sure to document your findings
and answer any/all questions.
1. Remember that the Grid you create needs to cover key areas of the
recent Sharepoint rollout.
2. Also remember that it needs to be easy to understand, as people both
within and outside of your group may view it.
3. It will be displayed on large screens in the NOC, so adjust viewing
parameters as needed.
4. Save this Grid as GRID-0005.
5. Launch the Grid, and ensure it contains all required information.
Review
Questions
Write down any questions or observations you may have to bring up during the lab
review.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Answer Sheet
All Answers to be discussed together.