Cisco Rich Media Communications Specialist, IBM Deployment Professional, Cisco VPN Security Specialist, EC-Council Certified Ethical Hacker, Cisco CCIE Data Center
CompTIA CompTIA Linux+ [Powered by LPI] Exam 2 Exam Training Software
100% Success Guaranteed At CompTIA Linux+ [Powered by LPI] Exam 2 Exam
LX0-102 Questions & Answers
Was 138.59 USD
Today 125.99 USD
Exam Code: LX0-102
Exam Name: CompTIA Linux+ [Powered by LPI] Exam 2
Certs Covered: CompTIA Linux+
No of Questions: 119
Last Updated: March 19, 2015
Monitoring Performance and Network Traffic through Task Monitor and Network Monitor
Understanding Task Monitor
Task Manager provides information on the programs, applications, and processes running on your computer. It also shows CPU and memory usage information, and a few common performance measures. Task Manager can be used to manage applications, performance, processes and networking tasks. The Windows Server 2003 Task Manager interface has an Applications, Processes, Performance, Networking, and Users tab that it uses classify data.
You access Task Manager by
Pressing Ctrl + Alt + Delete, and then clicking the Task Manager button, OR
Clicking Start, Run and typing taskmgr.exe OR
Right-clicking an empty area in the taskbar, and then selecting Task Monitor from the shortcut menu.
Applications tab: The applications tab shows all the applications running on the computer. A name and the current status of each individual task are displayed. On the Applications tab you can start a new application or program by
Clicking the New Task button
This displays the Create New Task dialog box
You can click the Browse button to select the program you want to start, or you can enter the name of the program
You can end a program by choosing it, and then clicking the End Task button. You can switch to another program by selecting it, and then selecting the Switch To button. If you want to move to the process of a particular application on the Processes tab, right-click the application, and select Go To Process from the shortcut menu.
Processes tab: The Processes tab shows all the processes currently running on the computer. This includes user applications, services, and system processes. The information displayed on each process includes the user name related to the process, and CPU and memory being used by the process. You can add and remove columns of data by choosing Select Columns from the View menu. You can also sort a column according to usage by clicking the column header.
You can manage a process by right-clicking it, and selecting one of the available options from the shortcut menu. You can end the particular process, end the process tree, set the processor affinity, or change the priority of the processor time of the process.
You can specify the counters that are displayed, by choosing Select Columns from the View menu. The following counters can be tracked:
Image Name, the process name indicated by Task Manager
PID (Process Identifier), the identifier used by Task Manager to identify the process
CPU Usage, the time utilized by the process as from last update (percent)
CPU Time, the time used by the process from start time (seconds)
Memory Usage, the memory being used by the process (kilobytes)
Memory Usage Delta, the change in memory as from last update (kilobytes)
Peak Memory Usage, the peak memory used by the process from start time
Page Faults, the instances where information had to be retrieved from disk
USER Objects, indicates the user objects being used by the process.
I/O Reads, indicates the read input/output (I/O) events of the process
I/O Read Bytes, indicates the bytes which the read input/output (I/O) events of the process generated
Session ID, indicates the Terminal Services ID for the process, if applicable
User Name, indicates the user name of the Terminal Services session that initiated the process, if applicable
Page Faults Delta, the number of page faults as from last update
Virtual Memory Size, indicates the amount of virtual memory retained for the process
Paged Pool, indicates the amount of virtual memory provided by physical memory for the process
Non-Paged Pool, indicates the amount of virtual RAM being used
Base Priority, indicates how the process’s threads are lined for the processor.
Handle Count, indicates the object handles utilized by the process
Thread Count, indicates the number of threads which the process produced
GDI Objects, indicates the number of objects created from the GDI library of the APIs.
I/O Writes, indicates the number of generated write I/O events.
I/O Write Bytes, indicates the number of bytes generated by the I/O write events.
I/O Other, indicates the number of I/O events that were not write or read events
I/O Other Bytes, indicates the number of bytes generated by the other I/O events.
You can change the priority of a particular process on the Processes tab,
Right-click the particular process
Select Set Priority from the shortcut menu
The options you can choose are: Realtime, High, AboveNormal, Normal, BelowNormal, and Low
Alternatively, you can use the following syntax of the start command-line utility to simultaneously start an application, and set the applications’ priority: Start /option(s) [Filename]
The options for the syntax are detailed below:
/low, the application is started in the low priority group
/normal, the application is started in the normal priority group
/high, the application is started in the high priority group
/abovenormal, the application is started in the above normal priority group
/realtime, the application is started in the real time priority group
/belownormal, application is started in the below normal priority group
/min, the application is started in a minimized window
/max, the application is started in a maximized window
/separate, the application is started in separate memory
/shared, the application is started in shared memory
Performance tab: The Performance tab provides a real time indication of the CPU and memory usage of the computer. A graph is shown for each processor on the system. The performance tab contains the following information:
The CPU Usage section displays the CPU usage of the system as a percentage of maximum CPU utilization
The CPU Usage History section, displays CPU usage in a graphical format to illustrate how the CPU is being utilized.
The Page File Usage section, displays paging file usage in megabytes
The Page File Usage History section, displays Page File usage in a graphical format to illustrate how the page file is being utilized.
The Totals section displays the total handles, total threads, and total processes running on the system. A handle is a value used to identify a resource, a thread is a single execution unit used to execute instructions generated by the application, and a process is an executable program or service.
The Physical Memory section displays physical memory statistics - the total memory available, the physical memory currently available, and the size of the System Cache.
The Commit Charge section displays information on all memory allocated to the OS
The Kernel Memory section displays the memory used by the OS kernel and device drivers.
Networking tab: This tab shows network activity, by providing information on the adapters that are being used, the line speed, and the status and percentage utilization of each individual adapter.
Users tab: The Users tab shows information on the users currently connected to the computer. The name of the user, the numeric ID that identifies the session number of the computer and the status of the session is displayed. You can disconnect, log off, or send a user a message by right-clicking the user’s name, and selecting the option from the shortcut menu.
Understanding Network Monitor
You should monitor network performance to ensure that the network performs efficiently. You can use Network Monitor to monitor network traffic, and to troubleshoot network issues or problems. You can also use Network Monitor to gather network information that can be used in capacity planning efforts, and to establish baselines. Network Monitor shipped with Windows Server 2003 allow you to monitor network activity and use the gathered information to manage and optimize traffic, identify unnecessary protocols, and to detect problems with network applications and services.
In order to capture frames, you have to install the Network Monitor application and the Network Monitor driver on the server where you are going to run Network Monitor. The Network Monitor driver makes it possible for Network Monitor to receive frames from the network adapter. A frame contains the source address of the machine that transmitted the frame, header information on the protocol that transmitted the frame, the destination address of the receiving machine, and the data sent to the receiving machine. Network Monitor saves captured data to a temporary capture file that you then save with a .CAP extension. This enables captured data to be examined in Network Monitor. You can design a capture filter to capture only specific frames, or you can configure it to respond to a specific condition.
How to install the Network Monitor driver
Open the Network Connections folder
Right-click Local Area Connection, and select Properties
When the Properties dialog box is displayed, click the Install button.
When the Select Network Component Type dialog box is displayed, click Protocol in the Component list, and click the Add button
When the Select Network Protocol dialog box is displayed, click Network Monitor Driver.
How to install the Network Monitor application
Click Start, click Control Panel, and click Add or Remove Programs
When the Add Or Remove Programs dialog box is displayed, click Add/Remove Windows Components
This initiates the Windows Component Wizard
Select Management and Monitoring Tool, and click the Details button
Select the Network Monitor Tools check box, and click OK
Click Next and Click Finish
The first time you open Network Monitor, you are presented with a message requesting you to select the network to monitor. If you do not select a network to monitor, Network Monitor selects the network to monitor.
You use the Frame Viewer window to view the contents of any captured frames. To view captured data during the capture, select Stop And View from the Capture menu. The Frame Viewer window has the following panes:
Summary pane, displays general information on the frames which were captured. The frames are portrayed in the order that they were captured in.
Detail pane, displays the contents of the frames
Hex pane, displays the ASCII and hexadecimal representation of the captured data
If you want to closely examine a particular pane, select the pane, and then choose Zoom Pane from the Windows menu.
The Capture window of Network Monitor displays information on the frames’ statistics. This window has the following panes:
The Graph pane is located in the upper left corner, and updates only when a capture is taking place. The pane displays the total capture statistics of current network activity in a bar graph format. Statistics displayed include the available network resources being used by the current capture, and the number of frames, bytes, broadcasts, and multicasts captured per second.
The Session Statistics pane is located in the middle left window of the Capture window, and displays statistics for the current individual sessions. The information displayed includes the source network address, the destination network address, and the number of frames sent between the two addresses.
The Station Statistics pane is located at the bottom of the window, and displays information on the activities taking place to and from the machine running Network Monitor. It shows the number of frames and bytes transmitted from and received by the network address, multicasts, and the broadcasts transmitted from the network address to other network computers
The Total Statistics pane is located at the right of the window and displays statistical information on all the network activity from the time that the capture started. Network Statistics indicates all network traffic that took place since the Network Monitor capture began, and include information on total frames, bytes, broadcasts, and multicasts transmitted to the network. The number of frames that were dropped is also displayed. Capture Statistics shows information on the current capture occurring, and include statistics on the number of frames/bytes captured, the number of frames/bytes in the temporary capture file, the number of frames dropped, and the buffer space being used by the capture. Per Second Statistics shows information on the current per second activity, and include information on the average percentage of network utilization. It also shows the average frames, bytes, and broadcast and multicasts frames messages identified per second. Network Card (MAC) shows average activity detected by the network adapter, while Network Card (MAC) Error Statistics shows the network adapter card errors as from when the capture was initiated.
Customizing Network Monitor
Network Monitor is added to the Administrative Tools menu after it is installed. To run Network Monitor, you must have administrative rights. Because Network Monitor can display a large quantity of information, you can customize Network Monitor to suit the organization’s requirements.
With Network Monitor, you can create:
When data is captured, a buffer is being filled as the frames turn up. The size of the capture buffer determines the quantity of data that can be viewed in Network Monitor. The buffer setting that you configure should not surpass your actual available physical memory. To customize the buffer setting
Open Network Monitor
Select Buffer Settings from the Capture menu
The Capture Buffer Settings dialog box appears
Change the Buffer Size (MB) setting and Frame Size (Bytes) setting to meet your requirements
You can also specify that the address names and not the hexadecimal network addresses of the computers be displayed in Network Monitor:
Open Network Monitor
Select Show Address Names from the Options menu
When the option is enabled, a check mark is displayed alongside Show Address Names
Similarly, you can specify that the vendors’ names of the adapter cards on the computers from where the frames were captured be displayed instead of the hexadecimal computer addresses.
Open Network Monitor
Select Show Vendor Names from the Options menu
When the option is enabled, a check mark is displayed alongside Show Vendor Names.
You typically need to discover IP address of a computer(s) when you need to capture frames sent to, or received by a particular computer(s). You can use the Ping command to find the IP address of a computer(s), or you can use Network Monitor. Network Monitor provides the capability of connecting the addresses of the computers with their related user defined names. Once this information is obtained, you can choose to store the information in an address database. The advantage of storing the information in an address database is that you can use it at a future date when you need to create a capture filter or display filter. To use this capability:
Open Network Monitor
You use the Frame Viewer window to find IP address
Select Find All Names from the Display menu
The information is then processed from the current frames
Select Addresses from the Display menu to view the addresses
Proceed to save the address database to a file
You can define the amount of information you want to print for each captured frame as well:
Open Network Monitor
You use the Frame Viewer window to configure the amount of information that should be printed
Select Print from the File menu
When the Print dialog box appears, click the Netmon tab
In the Output Detail section, you can select between the following options: Print Frame Summary Lines, Print Protocol Details and Print Hex Data.
In Network Monitor, you can also add comments or any additional information to the capture file in the Frame Viewer Window. You do this by adding a comment frame to a capture.
Open Network Monitor
Select Insert Comment Frame from the Tools menu
The Insert Comment Frame dialog box is displayed
In the Frame Number field, specify the frame position where Network Monitor should insert the comment frame in the capture
In the Type Of Frame To Insert drop down list, select the protocol parser that will be used to process the comment frame. You can select either the Comment or Bookmark option. The default parser setting is Comment.
Indicate whether statistics should be generated for the comment frame by enabling or disabling the No Statistics checkbox. This checkbox is enabled by default
Specify whether statistics should be calculated using the display filter by enabling or disabling the Apply Current Filter To Statistics checkbox. This checkbox is enabled by default
In the Enter In A Comment For This New Frame field, type a comment for the frame
Capture filters basically disregard frames that you do not want to capture before they are stored in the capture buffer. When you create a capture filter, you define settings that can be used to detect the frames that you do want to capture. When you design your capture filter, you specify your capture conditions by means of capture filter protocols, address pairs, and data pattern matches.
You design capture filters in the Capture Window, by selecting Filter from the Capture menu. The Capture Filter dialog box that is displayed; groups all filters in a decision tree. You can specify capture filter protocols by double-clicking the default filter, SAP/ETYPE = Any SAP Or Any ETYPE. The default setting is that all protocols are enabled. Use the Capture Filter SAPs And ETYPEs dialog box to enable and disable protocols for the capture filter.
You can use address pairs to capture frames sent from, and received by a particular computer(s). You can also use address pairs to screen out traffic between computers. A maximum of 3 address pairs can be configured:
Double-click AND (Address Pairs) in the tree
When the Address Expression dialog box appears, enter address pair properties
You can either edit or delete an address pair. Use Edit or Delete from the Capture Filter dialog box for this.
You define pattern matches if you want to capture packets that contain a particular pattern. A maximum of 4 patterns can be configured.
Double-click AND (Pattern Matches) in the tree
When the Pattern Match dialog box appears, define your pattern matches.
You can only create a display filter once you have captured data. A display filter basically enables you to decide what is displayed. You can define the captured data that you want to view in the Frame Viewer window, and you can specify which data should be saved to a file. To create a display filter:
Open Network Monitor
Select Filter from the Display menu
The Display Filter dialog box appears
When you click OK, the expression option is added to the filter decision tree
The tree has a Protocol branch and a Computer Address Pairs branch
If you want to add an expression to define the address pairs, protocols, and protocol properties that should be displayed in Network Monitor, use the Expression option located in the Add group of the Display Filter dialog box. The following tabs are found:
Address tab: On this tab, you configure the address you want to locate. You can add or edit an address expression.
Protocol tab: On this tab, you configure the protocols that should be displayed. The Enabled Protocols list and the Disabled Protocols list show the protocol names. Use Disable, Enable, Disable All, and Enable All to specify protocols.
Property tab: On this tab, you can define the protocol properties you want to discover. You can add or edit a protocol property expression.
You can configure a capture trigger through Network Monitor to specify that specific actions should be initiated when certain conditions are met. If a trigger is configured when data is being captured, Network Monitor examines the contents of the frame and triggers the particular action when a condition is met. The actions that can be configured are: the computer beeps, the capturing of frames is stopped, a command-line program is executed.
To configure a capture trigger:
Open Network Monitor
Select Trigger from the Capture menu
The Capture Trigger dialog box appears
The options available in the Trigger On section are Pattern match, Buffer size, Pattern match then buffer space, and Buffer space then pattern match.
The options available in the Trigger Action area are Audible Signal Only, Stop Capture, and Execute Command Line.
Network Monitor Best Practices
If you want to effectively use Network Monitor, you must have a clear understanding of your network topology and the Network Monitor features and operations. You should know how data flows in your network, and should try to determine where possible points of failure are. By doing this, you will know what to monitor. In order to evaluate captured data, you should establish a baseline that indicates normal conditions. The baseline in this case would detail the traffic that usually passes through different points in the network at various times during the day. You would then be in a position to identify potential problems.
Capture data during quiet intervals on the network. If you have to capture data at busy network times, consider designing a capture filter that would only capture the data you are interested in. In actual fact, try to always use capture filters to simplify your search, and to ensure that network resources are not being wasted.
Certay IT Certification Questions and Answers are prepared by vastly experienced and qualified professionals hired by Certay and also these Q&As are updated on a regular basis in order to provide you with the latest Exam material. The IT Certification Training Kit provided by Certay is way Cheaper than the ordinary IT Certification books available in the market; also the IT Certification Training Kit is dull and monotonous.
Your purchase with Pass4sure is safe and fast. Your products will be available for immediate download after your payment has been received.
The Pass4Sure website is protected by 256 -bit SSL from McAfee, the leader in online security.
Experience Pass4Sure exam testing engine for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your CompTIA CompTIA Linux+ [Powered by LPI] Exam 2 exam.
Customizable, interactive testing engine
Simulates real exam environment