Shulou(Shulou.com)06/01 Report--

Kelai, a network analysis tool

First, what is Kelai

Kelai network analysis system provides a comprehensive and reliable data basis for network management. It can help users to troubleshoot network faults, avoid network risks, improve network performance, improve fault handling capacity, reduce fault losses and reduce management costs. Therefore, Kelai network analysis system is a necessary product in network management.

Kelai network analysis system is a network management scheme that enables network managers to prescribe the right remedy to all kinds of network problems. it detects, analyzes and diagnoses all the data transmitted in the network, and helps users to eliminate network accidents. avoid security risks, improve network performance, and increase the value of network availability.

Managers no longer have to worry about network accidents difficult to solve, Kelai network analysis system can help enterprises to minimize network failures and security risks, and network performance will be gradually improved. It brings network managers:

1. Quickly find and troubleshoot network problems

two。 Find the network bottleneck and improve the network performance

3. Discover and solve various network abnormal crises and improve security

4. Manage resources, count and record the traffic and bandwidth of each node

5. Standardize the network, view the connections of various applications, services, hosts, and monitor network activity

6. Analyze various network protocols and manage the quality of network applications; Kelai Network Analysis system integrates the industry-leading expert analysis technology to provide accurate analysis of the current complex networks. it provides the most comprehensive and in-depth data basis in the aspects of network security, network performance and network failure, which is the key product needed by enterprises, governments, schools and other network management.

2. Basic usage course

First of all, you can go here to download the latest technology exchange version of Kelai 9, which has no node restrictions and is free of activation.

Http://www.colasoft.com.cn/download/capsa.php

1. Open Kelai and follow the instructions in the screenshot to select the network card to grab the package and start grabbing the package.

2. Click the filter to select the condition to be filtered or customize the filter condition.

3. Basic view

4. Packet analysis

5. Basic diagnostic analysis.

6. Choose the diagnosis scheme

III. Deployment Topology

IV. Case study

4.1, fault description

Colleagues of the June 22 system group reported that the Guangzhou jump board 192.168.10.243 was slow to access the server of the Beijing branch and could hardly be operated. (note: the total bandwidth of Guangzhou-Beijing special line is only 4m, and the speed limit is 1m per IP. )

4.2. Troubleshooting

4.2.1, Port mirroring

Make the port of the switch connected to the Beijing dedicated line as a mirror to the switch port connected to one of the network cards of the Kelai client, so that the Kelai client can grab the traffic to the Beijing dedicated line.

4.2.1. View port traffic usage

Open the Kelai network analysis software to grab the package, from the "my icon" → "TopIP host total traffic", we can see that the proportion of total traffic of 192.168.10.243 is obviously much higher than that of other IP. The preliminary judgment is that the 1Mbps of 192.168.10.243 which exceeded the speed limit of the firewall caused it to fail to access the server in Beijing normally.

4.2.2. Analyze the packet type

Filtering "192.168.10.243" in the "IP session" chart shows that port 80 of 10.243 is constantly sending data to 192.168.90.249, 192.168.90.252, 192.168.90.254. 22.72MB, 22.75MB and 17MB were sent in 4 minutes. It is initially doubtful whether any http downloads are in progress.

4.2.3, system level troubleshooting

After feeding back the above information to the colleagues of the system group, the colleagues of the system group found that due to the batch deployment of a log slicing program at the application level, due to the slow network speed, the download was not finished and then downloaded again, resulting in an endless cycle, so the bandwidth of 10.243 of the connection to Beijing has been full, resulting in the inability to access the server in Beijing. After stopping the http service, 10.243 can access the server in Beijing normally.

V. Summary

The function of Kelai network analysis software is very powerful, which can be used not only to analyze traffic, but also to analyze whether there is a problem or whether there is any behavior in the network through the characteristics of data packets. Of course, the preset analysis scheme can not meet all our needs, and we finally have to find out the problem through our own network knowledge and experience combined with network analysis tools. the case in this article is only a very common case in Daqian network world. If you are interested, you can dig deep into the functions of such network analysis tools to help you better troubleshoot and analyze in your daily work.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.