Clarified Analyzer panOULU Use Cases

Strange Traffic Peak in panOULU

Problem
Find out what generated a huge traffic peak in panOULU-network last evening.
Solution
We go back in time to last evening with Clarified Analyzer and see that the traffic peak was caused by a certain streaming service at one of the educational establishments in Oulu.

Some Devices using old Log Server

Problem
We noticed with Clarified Analyzer that some devices still want to use our old log server address. Why?
Solution
We checked the devices and noticed that they were offline while configuration files were updated and thus had old configurations.

Old Firmware and Configuration Files

Problem
Find out which APs have old firmware and/or configuration files.
Solution
We checked with Clarified Analyzer which devices still try to connect to old log and ntp server addresses. We now have a list of APs which haven't been updated in a while.

Connection Problems between our public IPs and private IPs

Problem
Find out why SSH connections (or any connection) are dropped after a couple of seconds between our public IP and private IP.
Solution
We checked those connections with Clarified Analyzer. We used the association graph, which pointed out that computers with private IP addresses tried to talk trough a gateway, while the destination host communicated directly to the source.

publicvsprivate.png

Figure: Panoulu has both public and private IPs behind one of our gateways. By using Analyzer we were able to detect the reason for weird slowdowns for the traffic between these public and private IP addresses. Some devices got confused as the reply packets came via different route.

Rogue IPv6 router

Problem
We have a large layer-2 network. We have been notified by one of our user that there have been a number of rogue IPv6 routers in panOULU.
Solution
We travel back in time with Clarified Analyzer to discover the rogue IPv6 router's traffic. This way we were able to locate the device. After locating the device, we reported the incident to the administrators of that part of the network. With the information we provided, the admins were able to pinpoint the device and remove it from the network.

Multiple rogue IPv6 Routers

Problem
IPv6 connections are not working correctly
Solution
We started Clarified Analyzer and check all connections to address ff02::1. We found multiple IPv6-routers. We saved the evidence and blocked out those external IPv6-routers from our access points. Clarified Analyzer helped us to find troublemakers easily.

rogues.png

Figure: As this problem often reoccurs, we deployed an alerter to Clarified Recorders which automatically detects rogue IPv6 routers. We used the OpenCollab SDK to create centralised bookmarks in our collaboration environment. Analyzer shows these bookmarks on its timeline.