background image

10-81

Expert Features

Network Layer

10

ICMP Port Unreachable

Counter

ICMP Port Unreachable events are counted in the ICMP All Errors and the ICMP 
Destination Unreachable counters. A count of all destination unreachable ICMP 
symptoms and a count of all ICMP errors displays in the 

Overview

 counters of 

Expert View. A threshold can be set in Expert Alarms for all destination 
unreachable ICMP errors or for all ICMP errors.

Expert Symptom

ICMP Port Unreachable events are automatically logged as expert symptoms. The 

Symptom Summary

 field provides information about the IP addresses involved. For 

example:

Port=22 on [206.250.228.69] cannot be reached by

[206.250.228.11].

SA=[206.250.228.11] DA=[206.250.228.69]

Diagnostic Details

__________________________________________________________________ 

Problem Description: 

An ICMP Destination Port Unreachable message has been sent. 

__________________________________________________________________ 

Probable Cause(s):

1. If a router has a routing table problem, it may send this message. 
2. A host may send this message if a port is unreachable. 
3. The source may have an incorrectly configured subnet mask. 

__________________________________________________________________ 

Recommended Action(s):

1. Check the routing tables of the router that this message was generated from.
2. Check the netmask configuration of the source.
3. Ignore this message if the port is truly unreachable (no action required) 

Ex: SNMP port connection requests.

Содержание Surveyor

Страница 1: ...Surveyor User s Guide ...

Страница 2: ...other transfer of the designated Software from Finisar and shall remain in full force and effect in perpetuity unless terminated pursuant to the provisions of this License This agreement can be terminated at any time by returning or destroying all copies of the Software and related written materials and documentation and by notifying Finisar in writing of your termination of the License If either ...

Страница 3: ...ith designs plans or specifications furnished by or on behalf of the Licensee as to the Products or services 2 alterations of the Products or services by the Licensee 3 failure of the Licensee to use updated Products or services including error corrections and updates provided by Finisar for avoiding infringement 4 use of Products or services in a manner for which the same was neither designed nor...

Страница 4: ... get the most from your Surveyor Be sure to browse on line Help From any location in the Surveyor program and with just a few clicks of the mouse you will find that you can locate the answer to almost any question you might have Specific task information is included in the on line Help system that is not included in this manual Quick Start Surveyor includes a Quick Start guide to get you up and ru...

Страница 5: ...nced Protocol Decodes 1 9 2 Installation 2 1 System Requirements 2 1 Upgrading Surveyor 2 2 Installing Surveyor 2 3 Installing Analyzer Hardware 2 4 Installing Analyzer Hardware in a Desktop PC 2 4 Installing Analyzer Hardware in a Notebook PC 2 5 Installing More Than One Analyzer Card in a Notebook PC 2 8 Compatibility Matrix 2 9 3 Getting Started 3 1 The Surveyor System 3 1 Launching Surveyor 3 ...

Страница 6: ...ndows 4 1 Capture View Display Options 4 2 Histogram Options 4 4 Setting the Monitoring View for a Module 4 5 Configuring Chart Views 4 6 Table Views 4 6 Module Settings Properties 4 7 Buffer Size 4 8 Packet Slice Slicing Size 4 8 Stop and Save Capture Buffer 4 9 Modes 4 9 MAC Control Frame 4 10 System Settings 4 10 Configuring Ports to Scan 4 10 Configuring Remote Communications 4 11 Protocol Col...

Страница 7: ...tor Mode in Detail View 6 6 Capture View 6 7 Capture View Window 6 7 Creating Filters from Capture View 6 8 Exporting and Printing Decodes 6 8 Configuring the Capture View Display 6 8 Using the Histogram Control 6 9 Histogram Color Coding 6 10 Histogram Button Controls 6 14 Histogram Mouse Controls 6 15 Saving Portions of the Data 6 16 Resume Analysis 6 17 Packet Editor 6 17 Data Views 6 18 Ring S...

Страница 8: ...eating Custom Filter Templates 7 8 Filter Creation 7 12 Creating Filter Template Combinations 7 12 Filter Actions 7 13 Counter Conditions for Filters 7 15 Frame Types 7 16 Multi State and Multi Statement Filters 7 17 Filter Structure 7 19 Filter States 7 20 Filter Statements 7 21 Capture and Display Filter Differences 7 22 Activating Display Filters 7 22 Activating Capture Filters 7 22 Filter Exam...

Страница 9: ...ing Alarms with Different Devices 9 7 Thresholds and Alarms 9 8 Alarm Actions 9 9 Log File Settings 9 10 E Mail Settings 9 10 Pager Settings 9 11 SNMP Trap Settings 9 11 Viewing the Alarm List and the Alarm Log 9 14 Hints and Tips for Alarms 9 14 Alarm Examples 9 15 Alarm Example Utilization 9 15 Alarm Example MAC Errors 9 16 Alarm Example Frame Size 9 17 Alarm Example VoIP Calls 9 18 Alarm Exampl...

Страница 10: ...3 NCP Read Write Overlap 10 24 NCP Request Denied 10 25 NCP Request Loop 10 26 NCP Server Busy 10 27 NCP Too Many File Retransmissions 10 28 NCP Too Many Requests Denied 10 29 NCP Too Many Request Loops 10 30 NFS Retransmissions 10 31 No HTTP POST Response 10 32 No Server Response 10 33 Slow HTTP GET Response 10 34 Slow HTTP POST Response 10 35 Slow Server Connect 10 36 Slow Server Response 10 37 ...

Страница 11: ...t Reassembly Time Exceeded 10 70 ICMP Fragmentation Needed D F set 10 71 ICMP Host Redirect 10 72 ICMP Host Redirect for TOS 10 73 ICMP Host Unreachable 10 74 ICMP Host Unreachable for TOS 10 75 ICMP Inconsistent Subnet Mask 10 76 ICMP Network Redirect 10 77 ICMP Network Redirect for TOS 10 78 ICMP Network Unreachable 10 79 ICMP Parameter Problem 10 80 ICMP Port Unreachable 10 81 ICMP Protocol Unr...

Страница 12: ...versized Frame 10 115 Overload Frame Rate 10 116 Overload Utilization Percentage 10 117 Physical Errors 10 118 Runt Frame 10 119 Same MAC Addresses 10 120 Total MAC Stations 10 121 Hints and Tips for Expert Features 10 122 Summary of Expert Counters and Symptoms 10 123 11 Multi QoS 11 1 Protocols Supported by Multi QoS 11 2 Using Multi QoS with Analyzer Hardware 11 2 Multi QoS User Interface Overv...

Страница 13: ...ket Counters 12 1 Custom Counters 12 2 Error Counters 12 2 Expert Counters 12 5 Multi QoS Counters 12 9 Counter Log File Overview 12 9 Log Directory Structure 12 10 13 Utilities 13 1 Name Table Utility 13 2 Building a Name Table From the Network 13 4 NIS to Name Table Conversion Utility 13 5 Sniffer Translator Utility 13 6 Internet Advisor Translator Utility 13 6 Get Version Information Utility 13...

Страница 14: ...ransmit Speed A 5 Counters A 5 Rx Counter Display A 5 Transmit Specification A 5 NDIS Configuration Options A 6 Setting the Interface A 6 Set Capture Buffer and Packet Slicing Size A 6 B Pre Defined Filter Templates B 1 Filter Templates B 1 C Keyboard Shortcuts C 1 Function Keys C 1 Standard and Navigational Keys C 2 D Parser Names D 1 Recognized Parser Names D 1 Glossary Index ...

Страница 15: ...7 4 Example Filter States Design Window 7 18 7 5 Filter Design Window Conversation Example 7 23 7 6 Filter Design Window Template Combination Example 7 25 7 7 Filter Design Window Capture TCP Port Example 7 27 7 8 Advanced Filter Filter States Design Window 7 29 8 1 Transmit Specification Dialog Box 8 2 8 2 Transmit Specification Dialog Box Packet Gaps 8 13 8 3 Transmit Specification Dialog Box Bu...

Страница 16: ...n 11 6 11 3 Multi QoS All Calls Table 11 9 11 4 Multi QoS Jitter Graph Example 11 11 11 5 Multi QoS Configuration Call Jitter Ranges 11 12 11 6 Multi QoS Packets Dropped Graph Example 11 13 11 7 Multi QoS Configuration Packets Dropped 11 14 11 8 Multi QoS R factor Example 11 17 11 9 Multi QoS Configuration R factor Ranges 11 18 11 10 Multi QoS Utilization Graph Example 11 19 11 11 Example Call Det...

Страница 17: ...ware Device Properties 4 7 4 4 Default Module Settings 4 8 4 5 Remote Communications Tab Functions and Default Settings 4 11 4 6 Remote Polling Timers 4 13 4 7 Strip Chart Display Timers 4 13 4 8 Default Display Timer Settings 4 13 4 9 History Log File Settings and Default Values 4 15 4 10 Alarm Actions 4 16 4 11 Default Names for Non WKP TCP Ports 4 25 4 12 Default Names for Non WKP UDP Ports 4 2...

Страница 18: ...ons 6 35 6 20 Application Response Time View Column Descriptions 6 36 7 1 Defining Conversations 7 5 7 2 Defining Port Numbers 7 7 7 3 Operator Buttons for Template Combinations 7 13 7 4 Capture Filter Actions 7 14 7 5 Display Filter Actions 7 15 7 6 Capture Filter Global Values 7 16 7 7 Capture and Display Frame Types Size 7 17 7 8 Logic Sequence for Capture and Display Filter Statements 7 21 8 1...

Страница 19: ...dware Real Time Functions A 3 A 4 Hardware Transmit Functions A 3 A 5 Hardware Capture Functions A 4 A 6 Hardware Connectivity A 4 B 1 Surveyor Filter Templates Ethernet EV2 B 2 B 2 Surveyor Filter Templates IP and IPX over Ethernet EV2 B 3 B 3 Surveyor Filter Templates TCP IP over Ethernet EV2 B 5 B 4 Surveyor Filter Templates UDP IP over Ethernet EV2 B 7 B 5 Surveyor Filter Templates Ethernet LL...

Страница 20: ...ion Suite D 6 D 11 Parser Names Netware Suite D 6 D 12 Parser Names PPP Suite D 7 D 13 Parser Names XNS Suite D 7 D 14 Parser Names H 323 Suite D 8 D 15 Parser Names ITU Codecs D 8 D 16 Parser Names Cisco IP Telephony Suite D 9 D 17 Parser Names Other Multimedia D 9 D 18 Parser Names Intel Suite D 9 D 19 Parser Names VPN Suite D 9 ...

Страница 21: ... QoS software plug in monitors measures and analyzes QoS of VoIP Voice Over IP calls Multi QoS includes Telchemy s VQMon VoIP call quality analysis engine VQMon enables you to measure call quality from ear to ear using ITU standard passive test methods This feature allows you to accurately predict MOS scores and confirm SLA performance Multi QoS reports over 20 QoS metrics jitter packet loss delay...

Страница 22: ...r and troubleshoot your network As your Surveyor expertise grows you will find that the number of ways you can set up and apply the tool are virtually limitless The basic functions of Surveyor are described in Table 1 1 Table 1 2 on the next page shows the additional functions available with the optional Surveyor software modules called plug ins Table 1 1 Surveyor Functions Function Description Ca...

Страница 23: ...k streams of captured data or you can transmit edited data You can edit a stream of captured data by changing the sequence of the packets deleting or adding inserting pack ets creating bad packets eliminating all packets of a certain type protocol and so on Surveyor also gives you complete control of when how fast how long and how often it transmits the data you want to send over the network Exper...

Страница 24: ...odule PCI bus hardware card that installs in a PC for analyzing 10 100 Ethernet or Gigabit Ethernet networks THGs Analyzer device accessed remotely by Surveyor THGs contains two syn chronized THGm modules for analysis of full duplex 10 100 or Gigabit Ethernet traffic at full line rate THGsE Analyzer device accessed remotely by Surveyor THGsE contains two syn chronized THGm modules for analysis of ...

Страница 25: ... DNS MIME TELNET Echo Mobil_IP A11 TFTP PPP Suite EGP MOUNT TPKT PPPCHAP Finger NetBIOS UDP PPPIPCP FTP NFS UNIX Remote Svcs PPPIPX GGP NIS lpr rcp rexec login rsh PPPLCP Gopher NNTP VRRP PPPNBFCP HTTP NTP WebNFS PPP over Ethernet HTTPS OSPF WhoIs ICMP PH XDR Cisco Suite POP3 XDMCP CDP IPX SPX Suite PORT MAPPER Xwindows DISL Diagnostic RARP EIGRP Error RIP Version 2 XNS HSRP IPX Echo Protocol IGRP...

Страница 26: ...hdog Fujitsu Suite ATP DECnet Phase IV FNA AURP CTERM LNDFC SNA Protocol Suite DDP DAP 3270 DDP EIGRP DRP Applications FDC LAP FOUND cc Mail FID2 NBP LAT Lotus Notes FM PAP LAVC Finisar RSP NC RTMP MOP XWIN XID ZIP NICE SC NSP IPV6 IpSec VPN Bridge Protocols DHCPng AH L2TP BDPU ICMPng ESP LDP IEEE 802 1D IDRPng ISAKMP PPPOEDS IEEE 802 1Q VLAN IPng KERBEROS PPPOESS GARP 802 1p OSPFng RADIUS GMRP RI...

Страница 27: ...LNP MTP2 CR LDP NetBIOS CONP MTP3 RSVP TE ESIS RTSP ISIS TCAP ISO Multi Media ITU H 323 IETF Cisco Codec ASN 1 H 248 Megaco RUDP CellB GK DISC MGCP SCCP G 711 H 225 0 RTCP SSP G 721 H 245 RTP G 722 H 323v4 RTSP G 723 H 450 1 SGCP G 728 Q 921 SIP G 729 Q 931 H 261 RAS H 263 T 120 JPEG T 38 MPEG v1 v2 PCMU PCMA ...

Страница 28: ...hat capture to disk at full line rate is not supported for 100Mbps or Gigabit Ethernet speeds Disk Caching Large capture segments when opened are now saved to a Cache location on the local hard drive This is a useful performance enhancement since capture segments from a remote module are now handled locally Capture segments no longer need to be downloaded again when decoding filtering editing or s...

Страница 29: ...Such calls are listed with a protocol type of UNKNOWN This can be useful to see calls where signaling packets are unsupported or for probing end points that do not see signaling packets SMNP Extended Agent The SNMP agent for Surveyor has been expanded to include management fields other than alarms The new Surveyor agent implementation uses SNMPv2 New and Enhanced Protocol Decodes The following pro...

Страница 30: ...1 10 Surveyor User s Guide ...

Страница 31: ...hernet applications Pentium 1Ghz for Gigabit Ethernet applications see processing memory below for type of processor required Operating System Software Windows 2000 Windows NT 4 0 with Service Pack 3 4 5 and 6 plus administrative privileges or Windows XP System Memory for Opening Capture Files Capture Buffer Size Pentium Virtual Local or Remote Processor RAM Memory 16MB PII 64MB 64MB 32MB PII 128M...

Страница 32: ... may work without upgrading you may see data that is out of order or missing in Surveyor tables Table 2 2 Supported Analyzer Cards and Network Adapter Cards Network Analyzer Cards Desktop PC THGm Ten Hundred Gigabit module analyzer card THGm analyzer cards require an available PCI slot Analyzer cards require processing memory based on the capture buffer memory available on the card Network Adapter...

Страница 33: ...he installation program instructions to install the software Enter your serial number and software license key code when prompted Approximately 20MB of free disk space is required to install the Surveyor software 4 When you install over a previous version of Surveyor in the same directory you are given the option to save existing files to a different location You may want to save capture files nam...

Страница 34: ...low Installing the THGm Windows NT 1 Power down your system 2 Install the THGm card in your system This requires opening the case of your computer inserting the card in an available PCI slot and closing the case of your computer Refer to the THGm Hardware Installation Guide and your computer s documentation for instructions 3 Secure the network connectors to the THGm RJ 45 for 10 100Mbps Ethernet ...

Страница 35: ...ase consult your Windows manual for possible reasons for this occurrence before contacting Finisar Technical Support 5 Insert the Surveyor CD in the CDROM drive 6 Use the Browse button to find the Ethernet Driver directory CDROM drive letter drivers on the Surveyor CDROM The name of the driver is ww_w2000 inf 7 The Update Device Driver Wizard window will appear with the name of the driver Click th...

Страница 36: ...ce conflicts Installing Portable Surveyor 10 100 Ethernet Analyzer Card Windows NT Use the procedures below for installing Finisar adapter cards in a notebook PC running Windows NT 1 Install CardWizard V5 00 10 software to your notebook computer Follow the installation instructions that come with the software CardWizard is available from SystemSoft Corporation If you have other card installation s...

Страница 37: ...exists highlight the problem adapter in the Network folder and press the Remove button Reboot the notebook computer and attempt the installation again If the problem persists contact Technical Support 13 Reboot your system Installing the Portable Surveyor 10 100 Ethernet Analyzer Card Windows 2000 XP The Portable Surveyor 10 100 Ethernet Analyzer Card is not recognized automatically by Windows 200...

Страница 38: ... Signature Not Found dialog box Click Yes Note You can safely ignore the warning message The message appears because Windows 2000 does not recognize the card properly at this time 15 The Finisar driver will be copied to the hard drive Windows 2000 XP may request the Windows CDROM to install system files Many of these system files can be found directly on the hard drive in the C windows system and ...

Страница 39: ...3 Hardware Software Compatibility Matrix Finisar THGm Portable Surveyor 10 100 Ethernet Analyzer Card Ethernet NDIS 3rd party Desktop Win NT Yes Yes Desktop Win 2000 Yes Yes Desktop Win XP Yes Yes Notebook Win NT Yes Yes Notebook Win 2000 Yes Yes Notebook Win XP Yes Yes ...

Страница 40: ...2 10 Surveyor User s Guide ...

Страница 41: ... following steps to set up your environment and launch the Surveyor software 1 Launch the Surveyor program Double click on the icon in the Surveyor group or other group where you installed the Surveyor application 2 The first time you launch Surveyor you ll be asked if you have any local analyzer or tap devices If you do not have any local analyzer devices do not check any boxes click OK and skip ...

Страница 42: ...e resources If a remote resource will not permit access with either of these accounts then get the user name and password from the resource owner and establish an account on that resource To access a remote resource you must have an account and password set up on the remote system containing the resource or use the remote system s guest account You can also password protect local resources See the...

Страница 43: ...g Links for THGm on page 20 of this chapter Basic Navigation Tips There are three main windows in Surveyor Surveyor Main Window Summary View Detail View Window Capture View Window Summary View is used primarily for monitoring as it shows a single view of many different resources It also contains the docking windows for selecting resources Resource Browser setting alarms Alarm Browser and viewing s...

Страница 44: ... include these tips in the help system and pass these tips on to other customers and to user groups Here are some tips to help you use the Surveyor interface Click on a resource in the Resource Browser to select that resource Press the button to bring up Detail View for a resource You can also bring up Detail View by double clicking with the left mouse button on the active monitor view displayed w...

Страница 45: ...g up the expert views If you have the Multi QoS plug in use the button in Detail View to bring up the charts and tables for Voice over IP and Multimedia protocols If you are running Packet Blaster plug in use the in Detail View to bring up the Transmit Specification dialog box to create data streams for transmit ...

Страница 46: ...select the file name and directory Print button Prints the contents of the current view Name Table button Brings up the Name Table dialog box for editing the current name table saving a name table to a file or loading a name table from a file Help button Displays the help contents Module Toolbar Summary View Start button Starts a module The module captures or transmits packets depending on whether...

Страница 47: ...y Detail View button Brings up Detail View for the currently active resource Load Filter button Brings up a dialog box to select a saved capture filter CFD extension If a capture filter is opened that filter is applied to the currently selected resource This button is gray if the resource is currently active started Unload Filter button If a filter is loaded for the currently selected module press...

Страница 48: ...e started Monitor Mode button Activates the monitor functions for the currently selected resource If the resource does not support monitoring functions the resource is put into capture mode This button is gray if the resource is currently active started Cap Disk Mode button Places the currently selected resource in Cap Disk mode Captured data is automatically saved to disk This button is gray if t...

Страница 49: ...isplay Filter button Display the Display Filter window The window displays a previously opened filter or the default filter Unload Display Filter button Unloads the current display filter All frames in the current capture will display Transmit Specification button Brings up the Transmit Specification dialog box to define load a transmit specification Packet Blaster plug in only Transmit from Buffe...

Страница 50: ...ize Distribution View button Selects Frame Size Distribution View for viewing the distribution of frame sizes Protocol Distribution View button Selects Protocol Distribution View for viewing a chart of the distribution of major protocols Control buttons in this view allow you to customize the way you view the protocol distribution Utilization Error View button Rx Brings up a strip chart that plots...

Страница 51: ...ts Host Matrix View for viewing information You can see all conversations between MAC stations in this view Network Layer Matrix View button Selects Network Layer Matrix View for viewing information You can see all network layer conversations and their associated traffic in this view Application Layer Matrix View button Selects Application Layer Matrix View for viewing information You can see all ...

Страница 52: ...ted There are two views of the expert information The Analysis tab shows all expert symptoms detected The Overview tab shows the total number of expert symptoms detected in each expert category Application Response Time Button Expert plug in only Brings up a table showing the applications detected and their minimum maximum and average response times The number of connections for each application i...

Страница 53: ...ters are saved as CFD files and display filters as DFD files Load Filter button Load the current filter to the currently active module Disable Filter button Disable the current filter Subsequent starting of the module will capture all packets use default filter Filter Window Toggle button Brings up the Filter States Design window The Filter States Design window is used to create advanced filters w...

Страница 54: ...packets use default filter Filter Window Toggle button Brings up the Filter Design window for the current statement The Filter Design window is used to edit the statement Cut button Cut the selected State or ELSE IF statement The button does not work if other types of statements are selected Add button Adds a new level if an ELSE statement or ROOT statement is selected Adds a new ELSE IF statement...

Страница 55: ...e contents for an ASCII text string Specify the string in the search box to the left The first instance of the string is found starting from the current position in the capture file Copy button Copies the current contents of the Summary pane for pasting into other documents A window displays with the text converted to ASCII format Use the window to select the text you want and copy it to the clip ...

Страница 56: ...utton Selects Frame Size Distribution View for viewing the distribution of frame sizes Protocol Distribution View button Selects Protocol Distribution View for viewing a chart of the distribution of major protocols Control buttons in this view allow you to customize the way you view the protocol distribution Host Table View button Selects Host Table View for viewing captured information You can se...

Страница 57: ...associations between MAC station names and addresses and network station names and addresses Duplicate Address Button Expert plug in only Brings up a table showing all duplicate IP and IPX addresses The duplicate network and MAC addresses associated each duplicate are displayed Expert View Button Expert plug in only Brings up a table showing all expert symptoms detected There are two views of the ...

Страница 58: ...nal files used within HST files Older CAP files opened in Surveyor are converted to the new format and are then available as HST files NAM Extension Name Table Files Name table files contain equivalencies between symbolic names and hexadecimal names The name table file format is identical to ini file format The default hosts nam file contains names associated with well known hexadecimal repre sent...

Страница 59: ...h for this variable NameTable install directory hosts nam 4 Delete the hosts nam text on that line 5 Replace text with your default name table file It should have the nam extension 6 Save the surveyor ini file exit your editor and start Surveyor application Address and symbolic name associations can be discovered by Surveyor This table can be saved as a file with the nam extension and used as the ...

Страница 60: ...Make sure the No Auto Negotiation item is selected from the menu Auto negotiation enabled is the default value The Module menu also has a Fiber Link Link Status option which provides information about a 1000 Mbps link If the carrier wave is present this option returns a link OK message If there is a problem with the link a message screen appears with diagnostic information that may help you troubl...

Страница 61: ...se sub windows can be minimized maximized expanded reduced and tiled within the area of the Summary or Detail View You can open as many windows as you have resources in Summary View You can have all available views of a single resource in Detail View You can have one view per resource open within Summary View Docking Windows Summary View opens when Surveyor is started The Summary View window is co...

Страница 62: ...complete description of docking windows It is suggested that you do not undock windows Capture View Display Options When using Capture View you can control the display of data for packet decoding You can view the time as absolute as a delta as elapsed or any combination of the three You can show hide most fields in the decode display You can also show hide protocol information about packets and se...

Страница 63: ... will display in reverse video in Capture View Table 4 1 Configurable Capture View Columns Capture View Column Description Abs Time The absolute time of arrival for each packet taken from the system clock when the capture was performed format hh mm ss mmm uuu nnn where ss seconds mmm milliseconds uuu microseconds nnn nanoseconds Delta Time The time between each packet interpacket gap format s mmm ...

Страница 64: ...The table below shows the graphic elements of the histogram display and the default colors for each Table 4 2 Histogram Color Defaults Graphic Element Description Default Color Line Color Color of the line graph showing frames time in the histo gram Red Back Color Background color for the histogram Sections that are not currently part of any other category are shown in this color Black Current Sec...

Страница 65: ...ce each time a request is made for new capture data The download size can be set between 1 and 50 10MB increments The default is 6 or 60MB of data Set this value high if you need to load and view large sections of data at one time A greater download size will increase the time it takes to perform each download Surveyor also has a setting for local disk cache size which will also affect the perform...

Страница 66: ...nt to customize is the currently active window 2 Choose Table from the tab at the bottom of the view 3 The data view appears as a table Click on the column you want to use to create a top ten list Note that the information in the table sorts in descending order for the column you selected If the column you want is not there see Customizing Table Views for information on how to insert a column into...

Страница 67: ... device type Hardware devices can have properties set according to Table 4 3 below This option affects the display of tables for local devices only for 10 100 networks Table 4 3 Hardware Device Properties Hardware Device Set Buffer Size Packet Slice Stop and Save Capture Modes Expert Mode Modes Non WKP Modes M QoS Only MAC Control Frame THGm NO YES YES YES YES YES YES THGs NO YES NO YES NO YES YES...

Страница 68: ...tion layer or the full length of the packet Packet slicing can be set separately for monitor and capture except for THGm For monitor packet slicing can improve performance when monitoring the entire packet contents is not required For capture packet slicing can save space in the capture buffer for more packets when analysis of the entire contents of each packet is not required Table 4 4 Default Mo...

Страница 69: ... save the capture buffer to disk Modes Select the Modes tab from the Configuration Module Settings to set the modes for a module Expert Analysis Mode Expert Views and Alarms can be disabled When disabled no Expert Views or Alarms will display in Surveyor software Uncheck the Enable Expert Analysis Mode box to disable Expert Views and Alarms The default is to enable Expert Analysis If you do not ha...

Страница 70: ... to any local analyzer device For remote devices Monitor M QoS Only mode can only be set for THGm THGs THGp devices MAC Control Frame For Gigabit Ethernet a MAC Control Frame is sent to ensure that sending devices do not overflow receive buffers For THGm devices you can select to capture these frames or ignore them The default is to capture MAC Control Frames This setting applies only to THGm devi...

Страница 71: ...rypt RSP Packets check box Select encryption if there is a need for security in the network when transferring packets between the remote resource and the local system The default setting is Not Selected No Autodiscovery check box Select this box to prevent auto discovery of remote resources If selected you will only be able to access remote resources by manual discovery of resources using the Conn...

Страница 72: ... required for other protocol layers 5 Make sure that the Use Color Coding box is checked 6 Click the OK button Use the Default All button to return all color settings to their default values Use the Set Default button to reset the default to the colors currently displayed Setting Update Timers Timers control how often counters tables and displays are updated There are two types of timers display t...

Страница 73: ...Views Sets the interval for polling devices for information on MAC network and application layer conversations Expert Data Sets the interval for polling devices for expert data Remote Name Table Sets the polling interval for refreshing the local copy of the name table for a remote resource Display Timers Description Strip Chart Display Timer Local Sets the time between refreshing counters in strip...

Страница 74: ...ion for the cache directory and use the slider to specify its maximum size Surveyor will not allow you to specify a size greater than the available free space on your disk drive The minimum cache size is 40MB The cache directory is cleared of files containing information related to a capture when you close the capture or exit the Surveyor application Disk Capture Location To support local disk cap...

Страница 75: ... and new counter information is recorded starting with the first line of the file History files are named by date and time The format for the name of history files is mmddhhmm ss mm month dd day hh hour mm minute ss second The minimum time between creation of unique history files is one second If you disable the creation of history files and the log file for the module is full a new log entry caus...

Страница 76: ...its icon will be visible in the resource browser The port of the tap or switch currently being monitored will show under the resource If you cannot see the tap or switch icon refer to the analyzer or tap hardware documentation for more information on connecting these devices to the network Although the taps and switches show as a resource to the Surveyor software they do not directly perform monit...

Страница 77: ... current port being monitored will display under the tap or switch resource The example below shows a switch with the LAN Segment connected to port 5 selected 2 Double click on the tap or switch icon in the resource browser 3 A list box appears showing the port pairs on the tap or switch You must know which LAN segments are connected to the port pairs on the tap or switch Use the radio buttons to ...

Страница 78: ...he port for a Finisar multi port tap or switch Select the Local COM Port for Switch Device tab to set the port for a switch 3 Set the COM port value to the COM port COM1 through COM4 where the tap or switch is connected to the PC Only one port can be selected The tap or switch is connected to the PC using a standard 9 pin serial cable Only one tap or switch device can be connected to the PC Connec...

Страница 79: ... site http www finisar com Go to the software updates section of the Web site to find the new analyzer image Place the software on the server that runs the TFTP protocol Before you can update the analyzer address information automatically you must have a server that contains the new address information and runs the BOOTP proto col Use the following procedure to update the analyzer image software 1...

Страница 80: ...on surveyor ini File Surveyor uses configuration settings from a ini file called surveyor ini If you want to run the product with different configurations you can save different sets of configuration information in different ini files Sur veyor always looks for the file named surveyor ini in the directory where Sur veyor is installed and will use that file for its configuration If no surveyor ini ...

Страница 81: ...INI file allow you to Rename the protocols that are currently being detected For protocols that use TCP or UDP as their transport protocol the protocol can be assigned a name to override it s default name Extend the list of protocols that are monitored by Surveyor You can extend the monitoring of protocols that use TCP or UDP as their transport protocol See the section on How Surveyor Assigns Prot...

Страница 82: ...ng name is an alpha numeric string that should be between 1 and 50 characters This string is used as the name of the protocol where Surveyor displays a long name The structure of the MONITOR INI file is TCP mapping port num short name long name mapping port num short name long name UDP mapping port num short name long name mapping port num short name long name MONITOR INI Examples Example 1 Assume...

Страница 83: ...e Protocol Distribution table would report that 300 hundred XWIN packets were detected If the network manager wanted the Protocol Distribu tion table to report the number of packet seen on each of the 64 X Window ports the MONITOR INI would need the following 64 entries TCP mapping 6000 XWIN6000 X Windows on port 6000 mapping 6001 XWIN6001 X Windows on port 6001 mapping 6063 XWIN6063 X Windows on ...

Страница 84: ...been assigned a name TCP OTHER or UDP OTHER By changing the MONITOR INI file you can change names of generic names of WKPs and assign names to non WKPs that are not assigned names by default Monitoring Well Known Ports Surveyor monitors all protocols that fall in the WKP Well Known Port range ports with a value between 0 and 1023 If Surveyor detects a TCP or UDP with a port in the WKP range inform...

Страница 85: ...treats all other non WKP as a single entity given a single generic name The name for TCP non WKP ports is TCP OTHER The name for UDP non WKP ports is UDP OTHER For example if 900 occurrences of the TCP port 11964 was detected and 200 occurrences of the TCP port 10564 there would be a single name to identify these 1100 occurrences of the TCP non WKPs called TCP OTHER Table 4 11 Default Names for No...

Страница 86: ...tries with the following format mapping port num ip addr parser name name port num is any valid 2 byte value that represents a TCP or UDP port value It identifies the protocol by port number to be parsed in Surveyor s decode views ip addr is a valid IP address in dotted decimal notation This field can have an asterisk to represent all IP addresses parser name is the name of a valid Surveyor built ...

Страница 87: ...t Protocol Assume that one of the applications uses UDP port 10564 and the other uses 11964 Both of the UDP ports differ from the default port of 5004 The entries in the ANALYSIS INI file would be UDP mapping 10564 RTP RTP APPLICATION 1 mapping 11964 RTP RTP APPLICATION 2 Parser Names The tables in Appendix D contain the Parser Names that are built into Surveyor Each parser is responsible for deco...

Страница 88: ...4 28 Surveyor User s Guide ...

Страница 89: ...urces in a hierarchical relationship Branches can be expanded or collapsed via point and click so you can quickly customize your view of available resources Remote systems containing resources are listed by IP address unless there is a Surveyor name table on the system If an entry exists in the name table for the IP address of a resource the symbolic name in the name table is used to represent the...

Страница 90: ...Both the local and the remote resource require Remote plug in software for remote access to function Access to remote resources are controlled from the PC that contains the resource For example if your PC contains two THGm modules accounts privileges and passwords for the modules are established at your PC Remote users must have access to a valid account to use the THGm modules in your PC A remote...

Страница 91: ...l Host Storage Device NDIS CMM or CMM2 Board Remote Host Local Monitor Transmit Capture TCP IP Connection LAN modem etc Remote Monitor Transmit Capture Surveyor Software TCP IP Connection LAN modem etc Data Stream Data Stream Network Finisar Analyzer Card or NDIS Adapter Finisar Analyzer Card or NDIS Adapter TCP IP Connection LAN modem etc Surveyor Software Surveyor Software ...

Страница 92: ...erties dialog box Right click with the mouse on a top level node IP Address Alias Name and select the Properties option from the popup menu This brings up the Host Properties dialog box for setting the alias Within the Host Properties dialog box set the alias name and any optional comment An example of the Host Properties dialog box is shown below Additional fields may be available in this dialog ...

Страница 93: ...those described in Table 5 1 below Table 5 1 Remote User Privileges Privilege Description Monitor Only Allows a remote user to use the local device to monitor network activ ity only You can access real time monitor views on an armed started module but cannot start stop a module or define load a filter Capture Monitor Allows a remote user to use the local device to monitor activity or cap ture netw...

Страница 94: ...ry of all differences between hardware devices Table 5 2 Surveyor Resource Modes Mode Description Resource Type Monitor Provides real time views and decodes of packets received by a device All Capture Allows packets received by a device to be stored in a buffer for analysis All Capture Monitor Provides both real time monitoring views and the ability to store packets for later analysis Viewed captu...

Страница 95: ...er system consisting of a Note book PC running analyzer software and a portable undercarriage containing two THGm cards The THGm modules in THGnotebook support all features and functions in Surveyor THGm supports all capture functions at full line rate and has a monitoring capability When two THGm modules are present they are synchronized so you can analyze a full duplex network seg ment from a si...

Страница 96: ...only or Capture only mode to improve performance Capture rates can approach full line rate for 10 Mbps networks if other PC functions are limited NDIS Surveyor NDIS supports up to four adapters The first adapter found during system initialization is seen by Surveyor software as module 1 the second as module 2 and so on Standard Ethernet or Token Ring adapters can be used to capture transmit or mon...

Страница 97: ...witch between segments Contact customer support for more information on Finisar tap products Hints and Tips for Resources The following are a collection of hints and tips you may find useful when using resources or the Resource Browser When launching Surveyor be sure to enter the password on the log in screen so you can see remote devices If you fail to enter a password Surveyor will not allow you...

Страница 98: ...source Browser If the host for the remote resource is not there the connection has been lost with the remote host and the resource is not available Red Xs appearing over a host in the Resource Browser indicate that the host is disconnected To see which capture filter or transmit specification is associated with a particu lar resource choose Active TSP and Capture Filter from the Module menu Use al...

Страница 99: ...n a data view is virtually identical no matter which primary view you are using Table 6 2 shows which data views are supported from each primary window Table 6 1 Surveyor s Primary Windows for Viewing Information Primary GUI Window Description Summary View From Summary View you can see one view of many different resources Viewing options include configurable charts and tables Detail View From Deta...

Страница 100: ...ureView Static Data MAC Statistics Y Y N Utilization Errors Strip Chart Y Y N Frame Distribution Y Y Y Protocol Distribution Y Y Y Host Table Y Y Y Network Layer Host Table Y Y Y Application Layer Host Table Y Y Y Host Matrix Y Y Y Network Layer Matrix Y Y Y Application Layer Matrix Y Y Y VLANs Y Y Y Address Mapping Y Y Y Duplicate Address Expert plug in only Y Y Y Expert Expert plug in only Y Y Y...

Страница 101: ... etc The first tab contains the monitoring view which can be configured to display any of the views listed on the following page Multiple monitoring views are available from within Summary View Each view can display as a table or a chart with the exception of Address Map View or Expert Views These two views only display as tables Remember that in Summary View the view you set applies to all resour...

Страница 102: ... one monitoring view of many different resources Use Detail View to get many different views of a single resource or to perform detailed analysis functions on captured data Double click on the view for the resource or press the button to go to Detail View Detail View Detail View is the tool for performing detailed analysis of network data You can view real time data from the resource for which you...

Страница 103: ... resource For example if you open the capture file it automatically puts you into Capture View Buttons for capture transmit and monitor are grayed out on the Detail View toolbar since these functions make no sense for a file If you select another view of the information in the file it will appear in a table with a gray background indicating its a view of a static resource Detail View can display m...

Страница 104: ...data and also view a host table for the contents of the capture buffer Because the formatting of the data in both of these views is identical Surveyor provides the following visual distinctions to help you distinguish between capture and monitor views For table information of the capture buffer data all data in the table is grayed For monitor data the column and row titles are gray but the data in...

Страница 105: ...iew also opens automatically when you open a capture file file with CAP extension If opening a large capture file or buffer a window will display showing the progress of decoding packets The initial Capture View display provides a protocol decode of all packets Other views of captured information are available from the Capture View toolbar Although similar to the Monitoring View toolbar buttons th...

Страница 106: ...filter Click the right mouse on the field you want to filter on Selections for copy to a capture or display filter appear Select the option and the Create Modify Filter window appears with the field values inserted in the display See Chapter 7 for more complete information on creating filters Exporting and Printing Decodes You can export packet decode information to another source You can also pri...

Страница 107: ...s how much data is downloaded from external capture devices when the data is requested by pressing the down load button in the histogram window See Histogram Options on page 4 4 for complete information on setting up capture view histogram options Other Options You can enable or disable Expert Analysis views from the Configuration Capture View Options menu You can also enable or disable the Packet...

Страница 108: ...ve the decodes appear in the Summary area of Capture View Note Capture files are now saved in a new file format with the extension of HST Capture files created with previous releases of Surveyor in CAP format are automatically converted to the new format when you open and save them Captures are now stored as one HST file and a folder containing a series of CAP files that are part of the HST file f...

Страница 109: ...ese sections they will appear in a darker shade of purple When either window does not span the last downloaded section this section will appear in a lighter purple magenta The example below shows a capture with seven sections The first section is the Current Section By using the mouse the second section in the capture is now the Selected Section Five of the total seven sections available in the ca...

Страница 110: ... Upper Histogram are now the Selected Section s The gray colored Capture Selection Window defines the Selected Section s The sections that are not the Current Section are not available from the disk cache black and gray colored sections The Lower Histogram always shows all sections in the capture In the example the gray area indicates that the first part of the capture is displayed in the Upper Hi...

Страница 111: ...of the Capture Selection or Capture Detail Window Color When NOT Part of the Capture Selection or Capture Detail Window Meaning of the Color in the Histogram Display Purple Magenta Currently decoded sections of the capture These are the sections that are decoded within the Summary area Green Bright Green Sections of the capture currently in the disk cache on your local system that are not cur rent...

Страница 112: ...s are grayed when you reach the end of the data shown in the Upper Histogram Zoom In Zooms in to show finer granularity of the capture The amount of data viewed is reduced between 20 and 1 depending on the setting for the Zoom Factor Zooming ceases when the Upper Histogram contains 2 capture sections 20MB of data Zoom Out Zooms out to show a larger scope of the capture The amount of data viewed is...

Страница 113: ...ick on an area outside the Capture Selection Window the new section becomes the Selected Section In the Lower Histogram when you double click on an area outside the Capture Detail Window the new section becomes the contents of the Upper Histogram Double Arrow Mouse Icon When you pass the mouse over the Capture Detail Window or the Capture Selection Window the double arrow mouse appears Click and d...

Страница 114: ...h and high to low Stair Step is the default Linear Scale or Logarithmic Scale Linear scale can show larger visual differential between high and low values than the logarithmic scale Linear Scale is the default Options Brings up the dialog box to set the configuration options for the histogram See Histogram Options on page 4 4 for information on the histogram configura tion options Saving Portions ...

Страница 115: ... packet in the Summary Pane of Capture View to edit a packet The editor must be enabled for use To enable the Packet Editor check Enable Packet Edit from the Configuration Capture View Options menu Table 6 5 shows the buttons that are available within the Packet Editor Table 6 5 Packet Editor Buttons Button Description Action Auto CRC Causes the 4 byte CRC error check value to be automatically cal...

Страница 116: ... This provides the option of creating error packets that can t be decoded properly Data Views Ring Statistics View Token Ring Only From Detail View click on the button to open a window with Ring Statistics View This view is available only if the Token Ring protocol is used by the resource Ring Statistics View is not available from Summary View Ring Statistics View is available as two different tab...

Страница 117: ...ences to MAC Statistics Rx to see this view in the first tab MAC Statistics View for capture shows module activity and counters during capture It provides a visual reference for what a resource is doing Counters are incremented as the resource captures packets This view also provides general information about the resource The MAC Statistics View in capture mode is shown in Figure 6 5 Figure 6 5 MA...

Страница 118: ...es a visual reference for module activity The module identifier and the current mode are displayed in the window title bar Counters are incremented as the module performs transmit functions The MAC Statistics View in transmit mode is shown in Figure 6 6 Figure 6 6 MAC Statistics View Transmit Frame Size Distribution View From Detail View click on the button to open a window with Frame Size Distrib...

Страница 119: ...ion View is available as a chart or a table Protocol Distribution View shows the distribution of major network protocol types Chart Protocol Distribution as a chart can be viewed in many different ways depending on the buttons selected in the view There are three types of buttons Protocol Buttons select the types of protocol distribution you want to see There are four protocol buttons that change ...

Страница 120: ...IP Shows percentages of other protocols used within IP packets only IPX Shows percentages of other protocols used within IPX packets only MoIP Shows percentages of multimedia protocols used All Shows percentages of all packets by application Frame Byte Buttons Selects to view the distribution by byte count or frame count or can be used to select distribution relative to network capacity There are ...

Страница 121: ...tton or the Transmit button to open a window with the Utilization strip chart From Detail View the Utilization Error chart is presented with the tables of transmit or receive counters Table 6 9 Protocol Distribution View Graph Type Buttons Display Button Description Action BAR Display distributions as a bar graph PIE Display distributions as a pie chart II Pause the display When pressed again coun...

Страница 122: ...relative percentage of frames The chart can be customized to show the top ten stations based on a different station information field The Bar and Pie buttons toggle the type of graphic display The Pause Resume button allows you to pause or resume real time update of the graph Table Host Table View as a table shows network activity from the view of MAC stations The table lists statistics for all st...

Страница 123: ...d The Bar and Pie buttons toggle the type of graphic display The Pause Resume button allows you to pause or resume real time update of the graph Rel Frames Out Percentage of frames sent by this MAC station relative to the total number of frames Bytes In Number of bytes received by the MAC station Rel Bytes In Percentage of bytes received by this MAC station relative to the total number of bytes Ab...

Страница 124: ...mes received by the network station Rel Frames In Percentage of frames received by this network station relative to the total number of frames Frames Out Number of frames sent by the network station Rel Frames Out Percentage of frames sent by this network station relative to the total number of frames Bytes In Number of bytes received by the network station Rel Bytes In Percentage of bytes sent by...

Страница 125: ...ton allows you to pause or resume real time update of the graph Table Application Layer Host Table View as a table shows network activity from the view of application protocols running on network stations The table lists all application protocols found on each network station Each network station may have many application protocols in use The table lists statistics of all applications within the s...

Страница 126: ...s Out Percentage of frames sent by this network station for this application relative to the total number of frames Bytes In Number of bytes received by the network station for this application Rel Bytes In Percentage of bytes received by this network station for this application relative to the total number of bytes Abs Bytes In Percentage of bytes relative to the total network capacity measured ...

Страница 127: ...ns Table Column Description MAC Station Name 1 Name of a MAC station MAC Station Address 1 MAC station address MAC Station Name 2 Name of a second MAC station MAC Station Address 2 Address of a second MAC station Frames 1 2 Number of frames sent from MAC Station 1 to MAC Station 2 Frames 2 1 Number of frames sent from MAC Station 2 to MAC Station 1 Frames 1 2 Number of frames sent in either direct...

Страница 128: ...tion field The Bar and Pie buttons toggle the type of graphic display The Pause Resume button allows you to pause or resume real time update of the graph Table Network Layer Matrix View as a table shows network activity from the view of network station pairs The table lists statistics for all pairs found The table can be customized to include other columns of information Table columns listed in it...

Страница 129: ...ither direction between Network Station 1 and Network Station 2 Rel Frames 1 2 Percentage of frames sent in either direction between Network Station 1 and Network Station 2 relative to the total number of frames Bytes 1 2 Number of bytes sent from Network Station 1 to Network Station 2 Average size 1 2 Average size of the frames sent from Network Station 1 to Network Station 2 Bytes 2 1 Number of ...

Страница 130: ...re the Application Layer Matrix View default columns Press the right mouse button on any table entry to create a filter using the selected network layer conversation See Chapter 7 for information on filters Table 6 16 Application Layer Matrix View Table Column Descriptions Table Column Description Net Station Name 1 Name of a network station Net Station Address 1 Network layer address of a network...

Страница 131: ...ve to the total number of frames Bytes 1 2 Number of bytes sent from Network Station 1 to Network Station 2 for this application Average size 1 2 Average size of the frames in bytes sent from Network Station 1 to Network Station 2 for this application Bytes 2 1 Number of bytes sent from Network Station 2 to Network Station 1 for this application Average Size 2 1 Average size of the frames in bytes...

Страница 132: ...termine what MAC stations are associated with what network stations Table 6 17 VLAN View Table Column Descriptions Table Column Description VLAN Id Number in decimal of the virtual LAN Click on the VLAN ID to see network layer and application layer host and matrix tables of that VLAN VLAN Type Indicates the VLAN type IEEE 802 1Q or Cisco ISL Frames Total frames captured that are associated with a ...

Страница 133: ... names and addresses and network station names and addresses Duplicate Address View is not available as a chart Use this table if you need to determine what stations may have duplicate addresses If you are monitoring a remote device you must open one of the host tables for that remote device for new duplicate addresses to show in Duplicate Address View MAC Station Address MAC station address Netwo...

Страница 134: ...to find out which applications are responding very slowly in the network To calculate application response time Surveyor causes a stimulus packet to be transmitted so the application layer round trip time can be assessed However the packet cannot be sent if the analyzer device used by Surveyor is connected through a tap device The application response time will only work if the transmit port of th...

Страница 135: ...ort of data in ascending order is not available as a chart A Pause button is available on some charts and tables to freeze the display Click the button again to resume display updating The fields shown in some tables can be customized Choose View Options from the View menu in Detail View to change the columns that display for a table There are many view windows you can open Keep the number of open...

Страница 136: ...n click the right mouse Selections for copy to capture or dis play filter appear Select the option and the Create Modify Filter window appears In Capture View press the F11 key to zoom in on any of the three panes in the window Press F11 again to restore the view to all three panes To see which capture filter or transmit specification is associated with a particu lar resource choose Active TSP and...

Страница 137: ...cified from a single window However if you need to create an advanced filter with multiple states and searches to refine exactly what you re looking for Surveyor supports a complete filtering language Example filters are provided to give you an idea of the types of filters that can be created This section describes both Capture and Display Filters the minor differ ences are noted in the text Getti...

Страница 138: ...Design window is essentially the same for capture or display fil ters See one of the filter examples for a picture of this window and information about its parts You can define a filter using a single filter template There are two types of filter templates Pre defined Filter Templates A pre defined filter template looks for a specific data pattern or a collection of data patterns The filter templa...

Страница 139: ...late There are three key steps to apply a filter template to a hardware resource 1 After creating custom template you must save it using the Save Custom Template button This step is not required if you are using a pre defined template 2 You must add the template to the Template Combination box Select the template and click on the Add button the name of the template will appear in the Template Comb...

Страница 140: ...tes Box Add Button add Filter Template to Template Combination box Template Description Delete Custom Template Button Add Conversation to Template Area Add Port to Template Area Save Custom Template Button Clear Template Button View Filter Button Template Combination Operator Buttons Button Edit Create Custom Filter Template Area Hex Dec ASCII Displays of Offsets Lengths Set Filter Actions Increme...

Страница 141: ...ame Table window shows all name and address associations including the protocol and the frame type The name and address associations displayed are those in the currently active name table Double clicking on a name table entry will load that name into the currently selected Station Address field Table 7 1 Defining Conversations Conversation Element Description Protocol MAC IP IPX or Atalk AppleTalk...

Страница 142: ... exam ple if you set an address for Station 1 no address for Station 2 and set the direction to all packets having Station 1 as the Source Address are captured regardless of the Destination Address Use wildcards when specifying addresses to capture data on more than one station An X used as a character for an address string means that any value will be accepted for that position for example 343F4A...

Страница 143: ... plate combination Pre defined filter templates are provided that can be used as is or you can define your own filter templates See Standard Filter Templates in Appendix B for the filter templates supplied with Surveyor You cannot alter the pre defined filter templates Most filter templates have a defined offset and pattern within a frame However one template has no specific offset and length Matc...

Страница 144: ...0 Figure 7 2 Template Description Window Showing a Macro Filter Creating Custom Filter Templates Custom filter templates are created from the Filter Design window Custom filter templates display under Custom_Templates in the Available Filter Templates box of this window Custom templates allow precise control over the information captured or displayed Custom templates are created by modifying a pre...

Страница 145: ...ify if the column and row headers display in decimal or hexadecimal Note that although you can display the data in different formats all formats use a byte boundary Only byte quantities can be entered or displayed Any specific value you create for filter templates can have don t care values For example assume you re only looking for FF34 in the first two bytes of the MAC destination address You co...

Страница 146: ...P dot notation this could be expressed as 8 1 2 Set the Data format pull down box in the filter window to Decimal Values in the Data pattern area will be entered in decimal 3 Enter 8 in offset 34 and enter 1 in offset 35 Enter 8 in offset 36 and 1 in offset 37 This sets the filter for both source and destination port If a port number is a decimal value less than 256 then the value of the first byt...

Страница 147: ... Level Pattern dialog box is shown below When you view bytes within the Edit Create Custom Filter Template area those which have bit level filters applied appear with BW in the field If you place the cursor in the byte field and press the Set Bit Pattern button the Bit Level Pattern dia log box pops up allowing you to view change the current bit level filter A portion of the Filter Design window w...

Страница 148: ... counter condition is a special condition for accepting rejecting a packet based on a counter value Logically a counter condition functions like a filter tem plate The settings for counters are test values that can be compared to actual packet counts and thereby determine subsequent actions Filter Packet Types Four types of frames can be collected and displayed Refine your selection crite ria by s...

Страница 149: ... and continue Table 7 3 Operator Buttons for Template Combinations Button Description AND Insert logical AND operator The AND operator has a higher priority than the OR operator i e will be interpreted first OR Insert logical OR operator NOT Insert logical NOT operator Insert Open Parentheses Along with the closed parentheses estab lishes the ordering and interpretation of the operands For example...

Страница 150: ...7 4 Capture Filter Actions Action Description Capture Capture the frame Trigger Capture the frame Continue capture and fill the buffer to the percent age specified by the user in the After trigger continue to capture packets until the buffer is full field Increment Custom Counter Increment the custom counter For THGm any combination of seven counters can be incremented Change Filter Operation Go t...

Страница 151: ...00 the filter will carry out the actions that you have chosen for subsequent packets You can use a counter just like a filter template For example you could create the phrase FTP AND Counter 4 20 in the Template Combination box This would select FTP packets when Counter 4 reaches a value of 20 For THGm one of seven custom counters can be used as the test counter The counter test values set in this...

Страница 152: ...ames leave the Good Frames box checked and deselect all other frame types If you want to capture only error frames leave all frame types selected with the exception of the Good Frames box For other hardware devices other than THGm the values that define Undersize and Oversize packets are fixed Fragments Undersize packets are those with less than 64 bytes and Jabbers Oversize are those over 1518 by...

Страница 153: ...ttempting to create advanced filters Table 7 7 Capture and Display Frame Types Size Frame Type Size Description Good Frames Frames that have no errors CRC Error Frames All frames that contain CRC or Alignment errors default is packets of 64 to 1518 bytes Fragment Undersize All fragments and undersized frames default is packets less than 64 bytes Jabber Oversize All jabbers and oversize frames defa...

Страница 154: ...u add or modify a statement its associated window is displayed All changes and additions to the filter are made from windows Windows appear when you double click on the statements shown in the Filter States Design window Keystrokes and the right mouse button in the Filter States Design window are also context sensitive For example pressing the Insert key when the ROOT statement is selected inserts...

Страница 155: ...ng structure ROOT statement The root statement for capture filters con tains settings for global variables The root statement for display filters contains no variables STATE0 identifier Label for GoTo Action to Change the Fil ter Operation Initial Starting Point IF statement Specify conditions and actions ELSE IF statement optional same structure as IF statement other ELSE IF statements ELSE state...

Страница 156: ...lter2 Counter2 Capture GoTo CurrentState ELSE GoTo State0 Changing States Changing Filter Operation When you select a state other than the current state a GoTo phrase will display as part of the statement in the Filter States Design window showing the next state for example GoTo State1 To change the state based on the conditions in a statement double click on the state ment in the Filter states De...

Страница 157: ...nt you cannot load the filter until you return to the Filter States Design window The Load Filter and Unload Filter buttons on the Filter Design toolbar are disabled The window for the ELSE statement specifies the actions when no conditions for previous statements are satisfied You can only specify actions and the next state to execute Table Table 7 8 shows a synopsis of the logic sequence for sta...

Страница 158: ...play filter ON at all times if you make changes the next time you view data in Capture View the new filter will be used immediately If you already have a Capture View window open for the capture file select the Refresh option from the File menu in Capture View to refresh the view using the new filter You can also create and immediately activate a display filter from Multi QoS tables using the righ...

Страница 159: ...ow in Figure 7 5 shows a template that captures all packets going to and coming from two IP stations The conversation is specified by entering the two IP addresses using the indicator to capture packets in both directions The Apply Conversation to Template check box is selected to apply the conversation to the filter template The filter template is named Station_7and_8_Conversation Note that the f...

Страница 160: ... Save Custom Template button 7 Enter the name of the new filter template in the Add to Available Filter Templates dialog box The name in the example is Station_7and_8_Conversation The new filter template name appears in the Custom_Templates section of the Available Filter Templates box 8 Press the Add button to apply the filter template The filter template appears in the Template Combination box 9...

Страница 161: ...ed with an OR statement to collect both types of protocols The two templates are named HTTP_Activity_Station2 for the user defined HTTP template and FTP_Activity_Station2 for the user defined FTP tem plate The conversation is specified without a second station and uses the indicator Traffic is captured in the sending direction for a single station regardless of the other station in the conversatio...

Страница 162: ...perations 7 Using the FTP pre defined filter template as the starting point repeat steps 1 through 6 to create a similar custom template for FTP 8 Highlight the HTTP_Activity_Station2 template in the Custom_Templates section of the Available Filter Templates box Press the Add button to apply the filter template The filter template appears in the Template Combination box 9 Press the OR operator but...

Страница 163: ...lter Example Capture TCP Port Traffic The Filter Design window in Figure 7 7 shows the capture filter for a specific TCP Port This filter collects all TCP IP traffic that uses the BootPS port number Figure 7 7 Filter Design Window Capture TCP Port Example ...

Страница 164: ...ate area Be sure the Apply Conversation to Template check box is NOT selected in the Add Conversation to Filter Template area No specific stations are associated with the new filter template 6 Press the Save Custom Template button 7 Enter the name of the new filter template in the Add to Available Filter Templates dialog box The name in the example is BootPS_Activity The new filter template name a...

Страница 165: ... Advanced Filter Filter States Design Window Packets are tested first by the IF statement in State0 If the packet matches the broadcast mask FFFFFFFFFFFF in the first six bytes the packet is captured the buffer is triggered and the next packet is filtered by State1 If the packet does not contain the Broadcast address the packet is not captured and the next packet is fil tered State1 is executed af...

Страница 166: ...be used as a counter condition in a filter template For THGm all 7 custom counters can be used as a counter condition The maximum number of states allowed is four for THGm The number of filters allowed depends on the analyzer card hardware A maxi mum of 16 total hardware filters are allowed for THGm modules which can be distributed across its four allowed states Depending on the number of states t...

Страница 167: ... Design window make sure that the templates you want in the filter are displayed in the Template Combination box If a template is not displayed in the Template Combination box it is not part of the filter to be applied Be sure to click the Apply Conversation to Template check box to include a con versation as part of your filter AND operations narrow the search results and are typically used betwe...

Страница 168: ...rrent filter Make sure all templates display in the Template Combination box that you want to use in the filter You can create a new capture file by running an existing capture file through a filter From the Tools menu select Extract Frames From File Using Filter Enter the path name of an existing capture file apply a filter and name the output file Filtering Tips Unique to THG class Devices When ...

Страница 169: ...ll network speed or faster This allows you to set up high traffic conditions and see how the network performs Surveyor can also transmit a variety of user defined packet contents to see their effect on the network With multiple modules transmitted data can be captured by another analyzer card You can use the capture and view features in the Surveyor software to analyze the results all from the sam...

Страница 170: ...a stream middle Buttons for adding modifying or deleting streams editing data Transmission status information Buttons for loading the module opening saving the specifications and adding streams using templates and Magic Packets Figure 8 1 Transmit Specification Dialog Box Defined Streams List Box A defined stream is a specification for transmitting frames from a module Multiple streams can be defi...

Страница 171: ...t box If you modify the values in the current stream and click on Add a new stream is added as the stream after the currently selected stream in the Defined Streams list box If you modify the values in the current stream and click on Modify the definition of the current stream is changed Radio Buttons and Fields for Defining a Stream Specify the contents and the size of the stream using the DA SA ...

Страница 172: ...cification Be sure to use the Load Module button to load the specification to the module before you begin transmission The Template button allows you to use predefined data as a starting point for new stream It also lets you create Magic Packets Table 8 1 Stream Function Buttons Stream Button Stream Function Add Adds a new stream after the currently selected stream in the Defined Streams window Th...

Страница 173: ... template places the values of the template in the fields of the Transmit Specification dialog box You can then change the val ues of the fields in the Transmit Specification dialog box or use the Edit Data button to create exactly the packet you wish Cancel Exit the Transmit Specification dialog box Make sure you have added modified all streams saved new Transmit Specifications and loaded the res...

Страница 174: ... Stream 2 packet gap 200msec no burst The example results in the following Transmit Stream 1 Wait 100msec Transmit Stream 1 Wait 100msec Transmit Stream 1 Wait 100msec Transmit Stream 1 Wait 104msec Transmit Stream 1 Wait 100msec Transmit Stream 1 Wait 100msec Transmit Stream 1 Wait 100msec Transmit Stream 1 Wait 104msec Transmit Stream 2 Wait 200msec If the transmission mode is set to continuous ...

Страница 175: ...lowing example shows how bursts and burst timing work Assume three streams are defined as follows Stream 1 Packet Gap 100msec No burst Stream 2 Packet Gap 20msec Burst Count 3 Burst Gap 4msec Stream 3 Packet Gap 5msec No burst The example results in the following Transmit Stream 1 Wait 100msec Transmit Stream 2 Wait 20msec Transmit Stream 2 Wait 20msec Transmit Stream 2 Wait 24msec Transmit Stream...

Страница 176: ...y active module the number of streams that are active and the total memory in the buffer required to transmit the specification The total memory increments as you add change streams giving you an instant reflection of how much data you are transmitting A warning message is shown if you exceed the transmit buffer size Specifying Transmit Data Data fields for the Transmit Specification can be modifi...

Страница 177: ...rsor location in hex view so offsets remain correct Press the Decode button to display edits made in hex view in the decode view Note that changes to the decode view are not automatic This provides the option of creating error packets that can t be decoded properly Note NDIS modules cannot transmit without a valid CRC Changing Fields Directly in the Dialog Box The values of various fields in the c...

Страница 178: ... the current stream Use the pull down box to see available options In the example stream the packet is an IP packet This field can also be used to enter the packet length for IEEE802 2 or SNAP frames Packet Size Sets the packet size Use the pull down box to view common sizes The size must be from 8 to 15 000 bytes Data Field Specifies the data to be sent as part of the packet Use the pull down box...

Страница 179: ...n the button and open a capture file or use packets within the capture buffer that are displayed in Capture View 2 Find the packet you want to add as a transmit template You must make this packet the first packet in the capture file or capture buffer Either delete all packets that come before the packet you want or filter out all other packets using a display filter 3 Select the first line first p...

Страница 180: ...m field All other fields do not apply when the stream is defined by a capture file Transmit Specification Examples Transmit Specification examples are supplied with Surveyor Open a transmit specification file transmit subdirectory TSP extension from the Transmit Specification dialog box to see examples Two Transmit Specification examples are shown in the following sections The Packet Gaps example ...

Страница 181: ...in Figure 8 2 The dialog box only shows the values for the currently highlighted stream The current stream appears highlighted within the Defined Streams window Multiple streams are defined in the specification All activated streams indicated by the check mark in the Defined Streams window will be transmitted Figure 8 2 Transmit Specification Dialog Box Packet Gaps ...

Страница 182: ...n in Figure 8 3 The dialog box only shows values for one stream the stream that contains a burst Multiple streams are defined in the specification Since a burst of 100 is specified 101 frames will be transmitted even though there are only two streams defined Figure 8 3 Transmit Specification Dialog Box Bursts ...

Страница 183: ...ckets at the receiving end Using bursts is the easiest way to simulate high traffic conditions Always save your defined specification The Transmit Specification can only be saved using the dialog box An NDIS module cannot transmit bad physical layer error packets such as bad CRC packets runt packets oversized packets packets with less than minimum packet size and so on Use Finisar analyzer cards t...

Страница 184: ...8 16 Surveyor User s Guide ...

Страница 185: ...ling interval value and an Enable Disable click box Starting a resource automatically activates the alarms associated with that resource You must have Monitor mode set for a resource to have alarms trigger and have alarm actions occur Actions resulting from alarms are varied and flexible because they are assigned to each individual alarm Whenever an alarm threshold is exceeded an audible beep soun...

Страница 186: ...ppears with a list of alarms set up for the resource If you have no alarms set for the resource no alarms will display Alarms apply to each analyzer card If the host contains two analyzer cards a separate Current Module Alarms dialog box appears for each card Figure 9 1 Current Module Alarms From the Current Module Alarms dialog box you can add modify or delete alarms for the resource ...

Страница 187: ... in the Current Module Alarm window Press Modify Alarm to modify the highlighted alarms From the Modify Alarms dialog box change the characteristics for current alarms The alarm variable name or alarm group name cannot be changed Use the New Alarm option to add an alarm with a different variable Figure 9 3 Modify Alarms To delete one or more alarms select the alarm s and press Delete Alarm in the ...

Страница 188: ...all jitter times call setup times dropped packets and R factors in VoIP calls You can set alarms to test against specific codecs Expert Allows you to modify and enable any of the 35 Expert alarms Alarms test for discrete conditions at different protocol layers such as NFS retransmissions at the application layer overload utilization percent ages at the MAC layer or TCP IP SYN packets at the transp...

Страница 189: ... at the codec type set the Codecs field to All Codecs Multi QoS uses a simple threshold value to trigger the alarm When the threshold value is crossed the alarm is triggered and the alarm action is taken Most alarms trigger when the current value exceeds a threshold such as for call jitter However the R factor alarms trigger when the current value goes below the threshold value The lower the R fac...

Страница 190: ...yer Application Layer Network Layer ICMP All Errors HSRP Coup Resign ICMP Destination Unreachable Duplicate Network Address ICMP Redirect Unstable MST Excessive BOOTP SAP Broadcasts Excessive ARP OSPF Broadcasts NFS Retransmissions RIP Broadcasts Total Router Broadcasts Transport Layer ISL Illegal VLAN ID TCP IP SYN Attack ISL BPDU CDP Packets TCP IP RST Packets IP Time to Live Expiring TCP IP Ret...

Страница 191: ...e at version 4 1 or greater Table 9 3 shows the alarms that can be used with each Finisar analyzer device Table 9 3 Alarms and Hardware Devices Ethernet Token Ring Network Application Response Expert Multi QoS THGm THGs THGsE THGp THGnotebook YES N A YES YES YES YES Local NDIS Module YES YES YES YES YES YES Remote NDIS Module YES YES YES YES YES YES Local Portable Surveyor 10 100 Ethernet Ana lyze...

Страница 192: ...e threshold A delta sample type means that if a difference between samples increases rising or decreases falling over time is more than the specified threshold an alarm event occurs The Interval field sets the time period between samples Samples are actually taken at least twice as often as the interval This allows the detection of threshold crossings that span the sample boundary For example if t...

Страница 193: ...the audible alarm No other actions occur if this setting is selected This is the default value for alarm actions Surveyor THGs THGsE E mail sends the message to pre configured e mail addresses Your e mail application does not need to be running for alarms to generate e mail messages Surveyor THGs THGsE Pager sends alarms to pre configured pager numbers Surveyor only Log records alarms in a pre con...

Страница 194: ... accept a complete path name for the THGs log file E Mail Settings Microsoft Exchange or message utilities must be installed and enabled before E mail and pager actions can occur When sending E mail multiple addresses can be configured from the Host Alarm Setting E mail Settings menu Setting the addresses for alarm actions is a global setting for the host All alarms reported by Surveyor will go to...

Страница 195: ...E Mail Settings for THGs Pager Settings The host must have a modem to use a pager You must set an appropriate delay time when making a call to a pager When making a call to a pager a single number can be configured from the Host Alarm Setting Pager Settings menu Setting the pager number for alarm actions is a global setting for the host All alarms reported for analyzer devices in the host will go ...

Страница 196: ...ears Use the Community Settings area to add or delete communities List all IP addresses for the community in the Trap Destinations area The community does not require read or write privileges to receive SNMP traps containing alarms You can disable any community from receiving traps by setting the Disable radio button When you click the Disable button for a community all IP addresses set as Trap De...

Страница 197: ...nnot perform SNMP Trap Setting for a remote Surveyor host only set alarms and alarm actions Refer to Microsoft Windows documentation for information about how to install run and configure SNMP trap destinations on your Windows system Surveyor has six different traps one for each of the alarm groups The number of alarm variable is the same except for Multi QoS alarms which contain some additional i...

Страница 198: ...m table To set more than one alarm of the same type click on the type you want to duplicate and press the Insert key A new alarm row appears below the current row Fill out the settings in the new row To set one alarm that has multiple actions click on the alarm type you want to duplicate and press the Insert key Change the Actions field of the new row to the additional action you want For example ...

Страница 199: ...cur when for the alarms are triggered Alarm Example Utilization Figure 9 6 Alarm Example Utilization This simple example shows an alarm group consisting of one MAC Layer alarm for Utilization This alarm samples network traffic at five second intervals When the absolute rising value of 50 percent utilization is exceeded Surveyor issues an audible alarm and displays a message in Surveyor s message w...

Страница 200: ... an alarm threshold for any of these five alarms is exceeded Surveyor issues an audible alarm and displays a message in Surveyor s message window Assume that overall error rate is of particular interest in this example The Severity setting instructs Surveyor to include a Warning message with all alarm messages when the error rate is greater than 250 The Actions setting instructs Surveyor to send a...

Страница 201: ...ames 512 1028 Byte Frames and 1024 1518 Byte Frames Each of these alarms samples network traffic at five second intervals When an alarm threshold for any of these four alarms is exceeded Surveyor issues an audible alarm and displays a message in Surveyor s Message window In addition the alarms will be logged to the Log file specified For Oversize Frames the notification is a warning message ...

Страница 202: ...n Surveyor s Message window The Severity setting instructs Surveyor to include Warning message when the call jitter exceeds 200ms A Critical message is included with all alarm messages when the call jitter exceeds 500ms plus instructions to Surveyor to stop and save frame contents to a capture file For the R factor alarm the alarm triggers when the User R factor value drops below the threshold val...

Страница 203: ... consisting of three Application Response and one Expert alarm All of these alarm counters are checked at five second intervals When an alarm threshold for any of these four alarms is exceeded Surveyor issues an audible alarm and displays a warning message in Surveyor s message window Two different alarm groups are represented Expert and Application Response ...

Страница 204: ...9 20 Surveyor User s Guide ...

Страница 205: ...s When Surveyor detects an abnormal or unusual network event it logs a symptom A symptom indicates that a threshold has been exceeded and may indi cate a problem on your network Several symptoms analyzed together high rates of recurrence of specific symptoms or single instances of particular network events causes Surveyor to conclude that the network has a problem These are logged as analyses In a...

Страница 206: ...ime Min Time Maximum Response Time Max Time Average Response Times Avg Time and the Number of Connections Connec tions processed to derive these times Duplicate Network Address View The Duplicate Network Address view depicts each duplicate network IP IPX address detected and its associated MAC layer bindings See Chapter 6 Views for more information on Expert Views Getting Started with Expert View ...

Страница 207: ...10 3 Expert Features Getting Started with Expert View10 Figure 10 1 Expert Overview Example ...

Страница 208: ...s shown in Figure 10 2 The summary area top lists all occurrences of the selected symptom The detail area bottom left shows an object tree view of the symptom selected in the summary area This provides information about the stations and ports that are associated with the selected symptom The vital statistics for the symptom selected in the summary area is shown in the detail area to the right The ...

Страница 209: ...10 5 Expert Features Getting Started with Expert View10 Figure 10 2 Expert Overview Detail Table Example ...

Страница 210: ...ed for this conversation Detailed statistics for each entity in the conversation and statistics for the conversation itself are also included The summary and detail areas are separated by large gray bars one vertical and one horizontal which can be used to size each area as needed Layer Description Application Surveyor checks for application problems These are generally servers running protocols w...

Страница 211: ...10 7 Expert Features Expert Layers 10 Figure 10 3 Expert Application Layer Example ...

Страница 212: ...ader a second time changes the sort order from descending to ascending Double click the network address in Station 1 in the Application Session Layer to jump to the first connection to that server in the Transport Layer Double click the network address in Station 2 in the Application Session Layer to jump to the first connection from the client to that server in the Transport Layer Table 10 1 is a...

Страница 213: ...transmissions NCP Too Many Requests Denied NCP Too Many Request Loops Session TNS Slow Server Connect TNS Slow Server Response No WINS Response Transport Idle Too Long TCP Checksum Errors TCP Fast Retransmission TCP Frozen Window TCP Long Ack TCP Repeat Ack TCP Retransmission TCP SYN Attack TCP Window Exceeded TCP Window Probe TCP Zero Window Non Responsive Station Too Many Retransmissions Network...

Страница 214: ...xpert detects an abnormal or unusual network event it logs a symptom A symptom indicates that a threshold has been exceeded and may indicate a problem on your network Counters for symptoms can be used to trigger alarms Press the Symptoms tab on the Expert window to view network events that may result in network problems See Figure 10 1 and Figure 10 3 for examples of displays of symptoms Tables in...

Страница 215: ...en the two network stations The second list displays the network traffic of the first network station It shows how many packets and bytes of data are sent and received by the station It shows how many broadcast packets the station sent and the MAC addresses associated with the station The third list displays the network traffic of the second network station if present The fourth list displays the ...

Страница 216: ...twork objects discov ered from the current packet analysis The example below shows the entities discov ered for the Transport Layer The detail area shows details for both the conversation and the individual stations in the conversation Figure 10 4 Entities for the Transport Layer Example ...

Страница 217: ...f zero window size events that occurred in this TCP connection The number of diagnoses and symptoms found are also shown The maximum and minimum acknowledge times are displayed if they are present The average acknowledge time is the total acknowledge time divided by the number of acknowledgments The third list displays the same statistics described above for the other station in the conversation N...

Страница 218: ... list displays the protocols this station used the number of packets and bytes of data of that protocol sent and received by the station and the first and last frames in which the protocol occurred The third list displays the network traffic between this station and other physical stations It shows how many packets and bytes of data are passed between the two stations and how many packets and byte...

Страница 219: ...lysis to display an Expert Diagnostic Message Contents of the Expert Diagnosis window include A summary of the symptom or analyses including addresses and frame IDs A description of the Expert symptom or analyses Possible causes Recommended actions Figure 10 5 shows an example of the Expert Diagnosis window Figure 10 5 Expert Diagnosis Example ...

Страница 220: ... in front of each item that can be enabled disabled Disabling an entire branch in the tree such as Data Link disables all expert symptoms that can be disabled for that layer Transport or application symptoms cannot be disabled completely so there is no checkbox by these items The entire expert system can be disabled by removing the top level check next to Expert If the symptom has a threshold valu...

Страница 221: ...ail as with all other Surveyor alarms Alarms test for thresholds at different protocol layers such as the number of NFS retransmissions at the application layer or a specific overload utilization percentage at the MAC layer Some network problems are not single events but are indicated by certain thresholds or counters being exceeded To catch these type of problems use Expert Alarms Many event coun...

Страница 222: ...nt expert data With an Expert window active select Print from the File menu or press the print button on the Detail View toolbar The symptom list in the top panel is printed by default From the Overiew tab all counters are printed If you want to print the Detail data in the bottom right panel of an Expert display click on any field in any table in this panel and select Print from the File menu Dat...

Страница 223: ...in milliseconds ms A threshold can be set in the Application Response Time Alarms for all supported applications Supported applications are DNS FTP Gopher HTTP NFS NNTP POP SMTP TELNET From Detail View press the Application Response Time button to see applica tion response times See Chapter 6 on Views for more information on the Applica tion Response Time table To calculate application response ti...

Страница 224: ...nt For example Rate of change of SMB Mailslot Broadcasts 40 The threshold value for this symptom can be changed The default threshold value is 6 mailslot broadcasts per second Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for SMB Mailslot broadcasts has been exceeded for this segment resulting in an Excessive Mailslot...

Страница 225: ...n attempts 4 3 The threshold value for this symptom can be changed The default threshold value is greater than 3 login attempts Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the number of FTP login attempts has been exceeded __________________________________________________________________ Probable Cause s 1 The ...

Страница 226: ...nged The default threshold value is multiplier of 2 The time interval to use is read from the announcement packet For example assume that the time out value read from an SMB packet is 480 000 ms If the multiplier value is set to 2 then the symptom displays when there is no browser announcement for 960 000 ms 2 X 480 000 ms Diagnostic Details ________________________________________________________...

Страница 227: ...m Summary field provides the two addresses between which the retransmission occurred For example Between 00000010 0207012303E3 and 302A9950 000000000001 Diagnostic Details __________________________________________________________________ Problem Description A part of a file has been retransmitted __________________________________________________________________ Probable Cause s 1 There may be a ...

Страница 228: ...ptom Summary field provides the two addresses between which the overlap occurred For example Between 00000010 0207012303E3 and 302A9950 000000000001 Diagnostic Details __________________________________________________________________ Problem Description A part of a transmitted file overlaps with the other parts __________________________________________________________________ Probable Cause s 1 ...

Страница 229: ...ged The default is 2 requests The interval can be changed by setting the NCP Request Loop time value which specifies the interval of time to look for repeating requests The default is 100 ms Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the number of request denied replies within the request loop time has been exc...

Страница 230: ...me request in 100 ms The interval of time to look for repeating requests can be changed The default is 100 ms Diagnostic Details __________________________________________________________________ Problem Description The same request has been sent repeatedly within the threshold value __________________________________________________________________ Probable Cause s 1 Some reply packets may have b...

Страница 231: ...ackets per second For example Rate of change of NCP Server Busy 5 The threshold value for this symptom can be changed The default value is 10 packets per second Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the number of NCP Server Busy responses has been exceeded for this station _________________________________...

Страница 232: ... number of retransmissions divided by the total number of file requests For example File retransmission ratio is 8 28 28 The threshold value for this symptom can be changed The default value is a 20 retransmission ratio Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the ratio of file retransmissions over file reque...

Страница 233: ...ided by the total number of file requests For example Requests denied ratio is 8 28 28 The threshold value for this symptom can be changed The default value is a 20 requests denied ratio Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the ratio of requests denied over requests sent has been exceeded ________________...

Страница 234: ...request loops divided by the total number of requests For example Requests loops ratio is 8 28 28 The threshold value for this symptom can be changed The default value is a 20 request loops ratio Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the ratio of request loops over requests sent has been exceeded _________...

Страница 235: ...ails __________________________________________________________________ Problem Description There is a retransmission of an NFS request packet The RPC identifier for this connection has been reused __________________________________________________________________ Probable Cause s 1 An NFS data may be transmitted over several fragmented IP packets If any of the IP fragments is missing it will resu...

Страница 236: ... as expert analyses For example HTTP POST request not responded Diagnostic Details __________________________________________________________________ Problem Description There is no HTTP server response to a POST request resulting in a connection reset __________________________________________________________________ Probable Cause s 1 The server was very busy 2 There may be a problem with the HT...

Страница 237: ... the type of server involved For example SMTP server not responded This analysis applies to text based application protocol servers such as FTP SMTP NNTP and POP3 Diagnostic Details __________________________________________________________________ Problem Description There is no server ready message for the server __________________________________________________________________ Probable Cause s...

Страница 238: ...reshold value for this symptom can be changed The default value is 2000 milliseconds Diagnostic Details __________________________________________________________________ Problem Description An HTTP server response to a GET request has taken longer than the threshold value to reach the sender __________________________________________________________________ Probable Cause s 1 The server was very ...

Страница 239: ... The threshold value for this symptom can be changed The default value is 2000 milliseconds Diagnostic Details __________________________________________________________________ Problem Description An HTTP server response to a POST request has taken longer than the threshold value to reach the sender __________________________________________________________________ Probable Cause s 1 The server w...

Страница 240: ...nd POP3 These servers send a ready message when a client first logs in If the response time is too long exceeds the threshold the symptom is recorded For slow responses other than the ready message see the Slow Server Response symptom Diagnostic Details __________________________________________________________________ Problem Description The first server ready message has taken longer than the th...

Страница 241: ... such as FTP SMTP NNTP and POP3 The symptom is recorded whenever the server response exceeds the threshold for a client request For slow responses to initial log on server ready message see the Slow Connect Response symptom Diagnostic Details __________________________________________________________________ Problem Description A response from the server has taken longer than the threshold value t...

Страница 242: ...ing information Invalid network name in tree connect Diagnostic Details __________________________________________________________________ Problem Description An SMB session could not be established because the requesting station had specified a network resource name that does not exist on the target station __________________________________________________________________ Probable Cause s 1 The ...

Страница 243: ...oms The Symptom Summary field provides the following information Invalid password Diagnostic Details __________________________________________________________________ Problem Description An SMB session could not be established because the password was invalid __________________________________________________________________ Probable Cause s 1 The client software specified an invalid user name or...

Страница 244: ... request not responded within 1000 ms The time out value for this symptom can be changed The default value is 1000 ms Diagnostic Details __________________________________________________________________ Problem Description There is no response from the WINS server __________________________________________________________________ Probable Cause s 1 The UDP packets have been lost 2 The WINS server...

Страница 245: ...ervers only If the response time is too long exceeds the threshold the symptom is recorded For slow responses other than the ready message see the TNS Slow Server Response symptom Diagnostic Details __________________________________________________________________ Problem Description The TNS server has taken longer than the threshold value to accept refuse a connection ___________________________...

Страница 246: ...e symptom is recorded whenever the server response exceeds the threshold for a client request For slow responses to initial log on see the TNS Slow Connect Response symptom Diagnostic Details __________________________________________________________________ Problem Description A response from the TNS server has taken longer than the threshold value to reach the sender ____________________________...

Страница 247: ...r 128 s An idle connection is defined as no packet activity for the connection The threshold for this symptom can be changed The default threshold is an idle connection for 60 seconds Diagnostic Details __________________________________________________________________ Problem Description The connection has been idle for longer than the threshold value _____________________________________________...

Страница 248: ...ot responding The threshold value for the number of retransmissions can be changed The default threshold is 3 successive retransmissions Diagnostic Details __________________________________________________________________ Problem Description The threshold set for consecutive retransmissions has been exceeded This resulted in a Non Responsive Station symptom _______________________________________...

Страница 249: ...228 69 DA 206 250 228 11 Diagnostic Details __________________________________________________________________ Problem Description A TCP IP packet has a checksum value that is in error The packet may be discarded __________________________________________________________________ Probable Cause s 1 The station that sent this packet may have a faulty network stack 2 The router that forwarded this pa...

Страница 250: ...___________________________________ Problem Description A TCP IP packet has been retransmitted There was no ACK form the receiver causing the sender to retransmit the packet And the time from the last transmission is less than the threshold value __________________________________________________________________ Probable Cause s 1 An ACK sent by the receiver was lost 2 The network is overloaded 3 ...

Страница 251: ... over a threshold interval for one connection in one direction If only one packet is detected over the threshold interval it is logged as a TCP frozen window event Events of this type can indicate when a problem with the TCP IP connection or excessive network traffic The threshold for this symptom can be changed The default threshold is a frozen window of 5 seconds Diagnostic Details _____________...

Страница 252: ...s Guide __________________________________________________________________ Recommended Action s 1 Upgrade the receiver s CPU and or Memory 2 Reduce the number of connections to the receiver 3 Increase the network bandwidth ...

Страница 253: ...d for every packet When a value exceeds a threshold value the event is logged as an Expert Symptom The threshold for this symptom can be changed The default threshold is no acknowledgment for 200 milliseconds Diagnostic Details __________________________________________________________________ Problem Description A TCP IP ACK Acknowledgment has taken longer than threshold value to reach the sender...

Страница 254: ...es that the acknowledgement numbers are out of sequence For example Acknowledgement number is less than the one before Diagnostic Details __________________________________________________________________ Problem Description A TCP IP acknowledgement number is less than the one before __________________________________________________________________ Probable Cause s 1 The network is overloaded 2 T...

Страница 255: ...ts WKP involved including the port number and the IP address For example Between 206 250 228 69 TCP IP WKP 1988 and 206 250 228 11 TCP IP WKP 197 Diagnostic Details __________________________________________________________________ Problem Description A TCP IP packet has been retransmitted There was no ACK from the receiver causing the sender to retransmit the packet ______________________________...

Страница 256: ...unter of all TCP RST Packets over a period of time per segment This variable counts the number of RST responses to monitor resets in TCP IP A count of all TCP RST packets displays in the Overview counters of Expert View A threshold for this counter can be set in Expert Alarms ...

Страница 257: ...ond Diagnostic Details __________________________________________________________________ Problem Description The threshold for the number of SYN connections on the segment has been exceeded There may be a SYN attack __________________________________________________________________ Probable Cause s 1 An intruder is trying to break into your network 2 The network is heavily overloaded 3 Your Web s...

Страница 258: ...size on the receiving end For example Data length of 128 bytes exceeds last window size of 0 Diagnostic Details __________________________________________________________________ Problem Description The TCP packet data size exceeds the TCP window of the receiving end __________________________________________________________________ Probable Cause s 1 The network is overloaded so that the new wind...

Страница 259: ...ogged One byte data packets are sent periodically by the sender to see if the receiver s window has reopened to allow the sender to resume transmitting Diagnostic Details __________________________________________________________________ Problem Description A TCP IP packet with one byte of data has been sent to check whether the receiver s window has been reopened _________________________________...

Страница 260: ...on the event is logged Events of this type indicate when a receiver s buffer is full which can indicate problems with the network Expert Diagnosis __________________________________________________________________ Problem Description A TCP IP packet indicates zero window size for longer than the threshold interval The receiver is shutting down communication and will accept no more data from the ot...

Страница 261: ...is 49 50 98 The threshold value for this analysis can be changed The default value is a 20 retransmission ratio Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the ratio of retransmissions over packets sent has been exceeded __________________________________________________________________ Probable Cause s 1 The ne...

Страница 262: ...uplicate IP Address or Duplicate IPX Address expert symptoms The Symptom Summary field provides information about the duplicate IP or IPX address For example Addr 206 250 228 67 Diagnostic Details __________________________________________________________________ Problem Description This network address has multiple MAC station address associations This is a serious problem if the associated MAC s...

Страница 263: ...y field provides the IP address of the router trying to become active For example SA 206 250 226 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description A Router has generated an HSRP Coup message __________________________________________________________________ Probable Cause s 1 A stand by router has assumed the function of ...

Страница 264: ...the HSRP Errors counter which displays in the Overview counters of Expert View Both Coup and Resign packets are counted Coup Resign packets in the HSRP are used to acti vate deactivate routers A threshold can be set in Expert Alarms for HSRP Coup Resign packets which includes both Resign and Coup HSRP messages ...

Страница 265: ...mary field provides the IP address of the router trying to become inactive For example SA 206 250 226 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description A router has generated an HSRP Resign message __________________________________________________________________ Probable Cause s 1 The stand by router is returning routin...

Страница 266: ...ded D F Set Source Route Failed Destination Net work Unknown Destination Host Unknown Destination Network Access Denied Destination Host Access Denied Network Unreachable for TOS Host Unreachable for TOS Destination Unreachable catches all other Destination Unreachable Errors Source Quench Redirect Network Redirect Host Redirect Network Redirect for TOS Host Redirect for TOS ICMP Redirect catches ...

Страница 267: ...1 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Parameter Problem IP header is bad message has been sent __________________________________________________________________ Probable Cause s 1 A host router may send this message if the IP header parameters have problems that prevent it from processing the packet 2 ...

Страница 268: ...not be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Host Administratively Prohibited message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message...

Страница 269: ...50 228 69 cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Host Unknown message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A ro...

Страница 270: ...69 cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Network Administratively Prohibited message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send thi...

Страница 271: ...50 228 69 cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Network Unknown message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A...

Страница 272: ...Unreachable is also an expert symptom and has its own Diagnostic Details However this expert symptom reflects only those destination unreachable conditions which cannot be assigned to one of the other destination unreachable symptoms defined above ICMP Destination Unreachable events are automatically logged as expert symptoms The Symptom Summary field provides information about the IP addresses in...

Страница 273: ..._______________________________________ Recommended Action s 1 Check the routing tables of the router that this message was generated from 2 Check the netmask configuration of the source 3 Ignore this message if the destination is truly unreachable no action required ...

Страница 274: ...06 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Fragment Reassembly Time Exceeded message has been sent __________________________________________________________________ Probable Cause s 1 A host may send this message if it cannot reassemble the fragments due to missing fragments on time 2 There may be a lot of missin...

Страница 275: ...not be reached by 206 250 228 11 as D F Set SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Fragmentation needed but D F set Unreachable message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem i...

Страница 276: ...206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Host Redirect message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A router may send this message if according to its proper routing tables it finds ...

Страница 277: ...06 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Redirect for TOS and Host message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A router may send this message if according to its pr...

Страница 278: ... cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Host Unreachable message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A host ma...

Страница 279: ...69 unavailable for 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Host is Unreachable for TOS message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A...

Страница 280: ...ically logged as expert symptoms The Symptom Summary field provides information about the IP addresses involved For example Addr 206 250 228 69 Subnet mask 255 255 255 240 Diagnostic Details __________________________________________________________________ Problem Description The subnet mask reply does not match the one used by the two stations ____________________________________________________...

Страница 281: ...28 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Network Redirect message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A router may send this message if according to its proper routing tabl...

Страница 282: ... 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Redirect for TOS and Network message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A router may send this message if according to its p...

Страница 283: ... 250 228 69 cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Network Unreachable message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this messa...

Страница 284: ...r as a Missing IP Option Diagnostic Details __________________________________________________________________ Problem Description An ICMP Parameter Problem message has been sent __________________________________________________________________ Probable Cause s 1 A host router may send this message if the IP header parameters have problems that prevent processing of the packet 2 A host router may...

Страница 285: ... cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Port Unreachable message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this message 2 A host ma...

Страница 286: ...206 250 228 69 cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Protocol Unreachable message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing table problem it may send this m...

Страница 287: ...ary field provides information about the IP addresses involved For example Use Gateway 206 250 54 61 to reach 206 250 228 69 from 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Redirect message has been sent __________________________________________________________________ Probabl...

Страница 288: ...________________________________ Problem Description An ICMP Parameter Problem IP Options required but missing message has been sent __________________________________________________________________ Probable Cause s 1 A host router may send this message if the IP header parameters have problems that prevent processing of the packet 2 A host router may have a bad network stack or a bad interface c...

Страница 289: ...250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Source Quench message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a buffer space problem it may send this message 2 A host may send this message if it can t keep up with processing of p...

Страница 290: ... involved For example 206 250 228 69 cannot be reached by 206 250 228 11 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Destination Unreachable Source Route Failed message has been sent __________________________________________________________________ Probable Cause s 1 If a router has a routing...

Страница 291: ...etails __________________________________________________________________ Problem Description An ICMP Time Exceeded message has been sent __________________________________________________________________ Probable Cause s 1 A router may send this message if it encounters an IP packet with a TTL value of 0 2 The source may have an incorrectly configured subnet mask causing longer hops 3 The routing...

Страница 292: ...n forwarding to Destination 206 250 228 69 SA 206 250 228 11 DA 206 250 228 69 Diagnostic Details __________________________________________________________________ Problem Description An ICMP Time To Live Exceeded message has been sent __________________________________________________________________ Probable Cause s 1 A router may send this message if it encounters an IP packet with a TTL value...

Страница 293: ...ntered For example Addr 255 255 255 255 This symptom can help catch malfunctioning routers or bad addresses generated due to collisions Diagnostic Details __________________________________________________________________ Problem Description A broadcast network address has appeared as a source address This is a problem associated with a bad host ____________________________________________________...

Страница 294: ...DA 206 250 228 11 Diagnostic Details __________________________________________________________________ Problem Description An IP packet has a checksum value that is in error The packet may be discarded __________________________________________________________________ Probable Cause s 1 The station that sent this packet may have a faulty network stack 2 The router that forwarded this packet may h...

Страница 295: ...symptoms The Symptom Summary field provides information about the time to live TTL and the source and destination addresses For example TTL 1 SA 206 250 228 69 and DA 206 250 228 11 Diagnostic Details __________________________________________________________________ Problem Description An IP packet has a time to live value that is going to expire The packet may be discarded ______________________...

Страница 296: ...s Counter ISL BPDU CDP Packets is a counter of all Bridge Protocol Data Unit BPDU or Cisco Discovery Protocol CDP packets in an ISL frame over a period of time per segment A count of BPDU CDP packets displays in the Overview counters of Expert View ...

Страница 297: ...umber of the illegal VLAN ID For example VLAN ID 1036 Diagnostic Details __________________________________________________________________ Problem Description The VLAN ID in the ISL protocol is illegal The allowable range is from 1 to 1024 __________________________________________________________________ Probable Cause s 1 An error made in the VLAN configuration for the Switch may have introduce...

Страница 298: ...roadcasts over a period of time per segment A count of all OSPF broadcasts displays in the Overview counters of Expert View A threshold for this counter can be set in Expert Alarms If OSPF broadcasts fall below a certain threshold this may indicate that a OSPF router is not functioning properly ...

Страница 299: ... RIP broadcasts over a period of time per segment A count of all RIP broadcasts displays in the Overview counters of Expert View A threshold for this counter can be set in Expert Alarms If RIP broadcasts fall below a certain threshold this may indicate that a RIP router is not functioning properly ...

Страница 300: ...asured in packets per second For example Rate of change of Router Broadcasts 5 The threshold value for this symptom can be changed Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the number of router broadcast messages has been exceeded for this router ________________________________________________________________...

Страница 301: ...as expert symptoms The Symptom Summary field provides the network address For example Addr 255 23 252 6 Diagnostic Details __________________________________________________________________ Problem Description A packet with the source and destination network addresses has been received __________________________________________________________________ Probable Cause s 1 A protocol analyzer has bee...

Страница 302: ...roadcasts over a period of time per segment A count of all SAP broadcasts displays in the Overview counters of Expert View A threshold for this counter can be set in Expert Alarms If SAP broadcasts fall below a certain threshold this may indicate that a SAP router is not functioning properly ...

Страница 303: ...ounter of all total router broadcasts over a period of time per segment A threshold for this counter can be set in Expert Alarms for total router broadcasts If total router broadcasts go above a certain threshold this may indicate that a router in the network is generating excessive broadcast messages ...

Страница 304: ...nning Tree MST is unstable Expert Symptom Unstable MST events are automatically logged as expert symptoms The Symptom Summary field provides information about the rate of change for the MST topology For example Rate of change of Topology 10 Diagnostic Details __________________________________________________________________ Problem Description The threshold for the number of IEEE 802 1D packets w...

Страница 305: ... Summary field provides an indication that a zero network address has been discovered For example Addr 0 0 0 0 Diagnostic Details __________________________________________________________________ Problem Description A packet with a zero network address in its destination has been received __________________________________________________________________ Probable Cause s 1 A protocol analyzer has...

Страница 306: ...es counter is a total count of several MAC layer symptoms The bad frames counter includes the following MAC layer events CRC Frames Frames from 64 to 1518 bytes with a CRC error Fragment Frames Frames less than 64 bytes with a CRC error Jabber Frames Frames greater than 1518 bytes with a CRC error Oversize Frames Frames greater than 1518 bytes without a CRC error Runt Frames Frames less than 64 by...

Страница 307: ...ample Rate of change of Bcast Mcast Packets 500 The threshold value for this symptom can be changed The default threshold is a delta of 400 broadcast multicast events per second Diagnostic Details __________________________________________________________________ Problem Description The broadcast storm expert threshold has been exceeded for this segment resulting in a MAC Broadcast Storm symptom _...

Страница 308: ...han 63 bytes Diagnostic Details __________________________________________________________________ Problem Description A packet with more than 63 bytes of data and a CRC error has been received __________________________________________________________________ Probable Cause s 1 The network is overloaded resulting in too many collisions 2 A faulty hub switch router device 3 An end station may have...

Страница 309: ...P requests per second Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for ARP Broadcasts has been exceeded for this segment resulting in an Excessive ARP symptom __________________________________________________________________ Probable Cause s 1 The network is overloaded 2 Variations in application traffic patterns 3 ...

Страница 310: ...ests 25 The threshold value for this symptom can be changed The default threshold is a delta of 10 BOOTP DHCP requests per second Diagnostic Details __________________________________________________________________ Problem Description The expert threshold for the number of BOOTP DHCP requests has been exceeded for this segment __________________________________________________________________ Pro...

Страница 311: ...in the number of broadcast messages over a period of time per segment A delta threshold for this counter can be set in Expert Alarms to establish what is considered excessive broadcasts An alarm event can also be generated based on an absolute number of broadcasts over time The default is 400 broadcast packets per second on a 100MB network ...

Страница 312: ...riod of time per segment A delta threshold for this counter can be set in Expert Alarms to establish what is considered excessive collisions An alarm event can also be generated based on an absolute number of collisions over time The Excessive Collision counter is incremented by counting runt packets and by counting packets with CRC errors The Excessive Collisions counter only applies to Ethernet ...

Страница 313: ...in the number of multicast messages over a period of time per segment A delta threshold for this counter can be set in Expert Alarms to establish what is considered excessive multicasts An alarm event can also be generated based on an absolute number of multicasts over time The default is 400 multicast packets per second on a 100MB network ...

Страница 314: ... information CRC error with less than 64 bytes Diagnostic Details __________________________________________________________________ Problem Description A packet with less than 64 bytes of data and a CRC error has been received __________________________________________________________________ Probable Cause s 1 The network is overloaded resulting in too many collisions 2 A faulty hub switch route...

Страница 315: ...ch malfunctioning NICs or bad addresses generated due to collisions Illegal MAC source addresses may be discovered on Ethernet or Token Ring networks Diagnostic Details __________________________________________________________________ Problem Description A broadcast Ethernet or Token Ring address has appeared as a source address This is a problem associated with a bad adapter card _______________...

Страница 316: ...ation CRC error with more than 1518 bytes Diagnostic Details __________________________________________________________________ Problem Description A packet with more than 1518 bytes of data and a CRC error has been received __________________________________________________________________ Probable Cause s 1 The network is overloaded resulting in too many collisions 2 A faulty hub switch router d...

Страница 317: ...field provides information about the change in utilization For example Utilization 42 Diagnostic Details __________________________________________________________________ Problem Description The expert utilization threshold has been exceeded for this segment resulting in a LAN Overload symptom __________________________________________________________________ Probable Cause s 1 The network is ove...

Страница 318: ...r segment A threshold for this counter can be set in Expert Alarms The threshold for new MAC stations is typically set to 1 as an absolute value The new MAC station counter detects new MAC stations nodes on a LAN segment After a segment is stabilized with a specific number of stations this counter can indicate possible intruder stations ...

Страница 319: ...ptom Summary field contains the following information Oversized frame has more than 1518 bytes Diagnostic Details __________________________________________________________________ Problem Description A packet with more than 1518 bytes of data has been received __________________________________________________________________ Probable Cause s 1 A faulty hub switch router device 2 An end station m...

Страница 320: ... frames over a one second time period A threshold for the number of frames per second can be set in Expert Alarms Overload Frame Rate can help catch network overloads Values for the threshold can range from 1 to 148 800 frames sec for a 100 MB network The default is 37 200 frames sec ...

Страница 321: ...n Percentage counts bits over time and compares this value to the maximum utilization possible bandwidth A threshold for this percentage value can be set in Expert Alarms Overload utilization percentage can help catch network overloads The default for a 100MB network is 25 of maximum utilization ...

Страница 322: ...lue for this symptom can be changed The default threshold is a delta of 400 physical error packets per second Diagnostic Details __________________________________________________________________ Problem Description The error threshold has been exceeded for this segment resulting in a MAC Physical Errors symptom __________________________________________________________________ Probable Cause s 1 ...

Страница 323: ...contains the following information Runt frame has less than 64 bytes Diagnostic Details __________________________________________________________________ Problem Description A packet with less than 64 bytes of data has been received __________________________________________________________________ Probable Cause s 1 A faulty hub switch router device 2 An end station may have a faulty network int...

Страница 324: ... symptoms The Symptom Summary field provides the MAC address For example Addr 00800F 13A65B Diagnostic Details __________________________________________________________________ Problem Description A packet with the source and destination MAC addresses has been received __________________________________________________________________ Probable Cause s 1 A protocol analyzer has been transmitting e...

Страница 325: ...ount of all MAC stations displays in the Overview counters of Expert View A threshold for this counter can be set in Expert Alarms The MAC station counter helps detect excessive MAC stations nodes on a LAN segment This helps indicate possible intruder stations as well as help the network manager limit and control the number of stations allowed on a segment ...

Страница 326: ...m Click hold and drag a column border to remove columns in any Expert View Table Double click on the same column border to bring back the display of a column Duplicate addresses appear both in the Duplicate Network Address Table and as a symptom in Expert View Thresholds can be set for Expert Symptoms Select Expert Settings from the Configuration menu and find the symptom you want to change Some t...

Страница 327: ...t tables Expert Analysis Logged as an Expert Event and appears in the expert tables Counter in Expert View Has an associated counter that displays in the Overview page of Expert View The counter will display in the Symptoms tab if it is a symptom and in the Analyses tab if it is an analysis Expert Alarm Has an alarm you can set in the Expert Alarm editor Application Response Time Alarm Has an alar...

Страница 328: ...t Storm X X X CRC Frames X z X DNS Response Time X Duplicate Network Address also displays as a sepa rate view X X X Excessive ARP X X X X Excessive BOOTP X X X X Excessive Broad casts X Excessive Collisions X Excessive Multicasts X Excessive Mailslot Broadcasts X X X Fragment Frames X z X FTP Login Attempts X X X FTP Response Time X Gopher Response Time X HSRP Coup X z z HSRP Errors X X HSRP Resi...

Страница 329: ...P Destination Host Unknown X z z ICMP Destination Network Access Denied X z z ICMP Destination Network Unknown X z z ICMP Destination Unreachable X X X ICMP Fragment Reassembly Time Exceeded X z z ICMP Fragmenta tion Needed D F set X z z ICMP Host Redirect X z z ICMP Host Redirect for TOS X z z ICMP Host Unreachable X z z ICMP Host Unreachable for TOS X z z ICMP Inconsistent Subnet Mask X z z X pr...

Страница 330: ...X z z ICMP Port Unreach able X z z ICMP Protocol Unreachable X z z ICMP Redirect X X X ICMP Required IP Option Missing X z z ICMP Source Quench X z z ICMP Source Route Failed X z z ICMP Time Exceeded X z z ICMP Time to Live Exceeded X z z Idle Too Long X X X Illegal MAC Source Address Ethernet or Token Ring X X X Illegal Network Source Address X X X IP Checksum Errors X X X present z does not exis...

Страница 331: ...mes X z X Missed Browser Announcement X X X NCP File Retransmission X X NCP Read Write Overlap X X NCP Request Denied X X X NCP Request Loop X X X NCP Server Busy X X X NCP Too Many File Retransmissions X X X NCP Too Many Requests Denied X X X NCP Too Many Request Loops X X X New MAC Stations X Network Overload X X X NFS Response Time X NFS Retransmis sions X X X NNTP Response Time X X present z d...

Страница 332: ...OSPF Broadcasts X X Overload Frame Rate X Overload Utilization Percentage X Oversize Frames X z X Physical Errors X X X POP Response Time X RIP Broadcasts X X Router Storm X X X Runt Frames X z X Same MAC Addresses X X Same Network Addresses X X SAP Broadcasts X X Slow HTTP GET Response X X X Slow HTTP POST Response X X X Slow Server Connect X X X X present z does not exist as a unique counter but...

Страница 333: ...valid Password X X SMTP Response Time X TCP Checksum Errors X X TCP Fast Retrans missions X X X TCP Long Ack X X X TCP Repeat Ack X X TCP Retransmissions X X X TCP RST Packets X X TCP SYN Attack X X X X TCP Frozen Window X X X TCP Window Exceeded X X TCP Window Probe X X TCP Zero Window X X X TELNET Response Time X TNS Slow Server Connect X X X X present z does not exist as a unique counter but is...

Страница 334: ...ication Response Time Alarm Expert Threshold TNS Slow Server Response X X X Too Many Retransmissions X X X Total MAC Stations X X Total Router Broadcasts X Unstable MST X X X X Zero Broadcast Address X X X present z does not exist as a unique counter but is counted in other categories Table 10 2 Summary of Expert Features continued ...

Страница 335: ... between LANs and other networks Given the rapid acceptance of IP as the de facto protocol QoS has become one of the biggest challenges for network administrators especially for voice and video applications that require real time performance Policy based systems gateways switches and routers are often configured with a myriad of vendor and protocol combinations to work in unison to provide priorit...

Страница 336: ...d T 120 SIP IETF The suite of protocols created by IETF including SIP SDP and others SCCP Cisco Skinny Client Control Protocol SCCP SCCP is the proprietary signalling and communications protocol in Cisco s AVVID Architecture for Voice Video and Integrated Data Multi QoS also recognizes and decodes all major Codec protocols used for VoIP Refer to Table 1 5 for a list of all protocols supported Chec...

Страница 337: ...isplays the Jitter tab showing a percentage breakdown of calls based on Call Jitter values that are greater than a threshold value Using the mouse you can find more detailed information about VoIP calls and VoIP call data The figure on the next page shows the flow of the interface from the highest level view to the most detailed view The Multi QoS views can also be accessed by pressing the Multi Q...

Страница 338: ... Call View All Calls RTCP Jitter Dropped Packets RTCP Dropped Buttons to Filter All Calls by Protocol or Call Status Select Range in Graph to View Associated Calls Select Tab to View a Range Breakdown Graph Select Multi QoS from Capture or Monitor View Select Single Call to See Call Details Jitter Set Alarms Monitor Set Refresh Options Set Max Calls Alarm Log Monitor Utilization Configuration Util...

Страница 339: ...l The Channel Table provides detailed chan nel information in tabular format Surveyor and RTCP Jitter Values Multi QoS provides two different measurements views of call jitter and dropped packets one calculated by Surveyor and one extracted from RTCP packets RTCP Real Time Control Protocol is a control protocol for the RTP Real Time Transport Protocol RTP supports the transport of real time data s...

Страница 340: ...mes and organizes call information into easy to read graphs and tables Configuration is not required to use the Multi QoS logic however the displays can be customized to view exactly the call information you want to see Multi QoS is primarily configured from the Configuration tab However there is some configuration for Multi QoS that is done on a per module basis Module configuration sets up the m...

Страница 341: ... Setting this value low reduces the system memory used for call analysis A higher setting allows you to keep more call detail records The minimum number of calls is 2 000 The default value is 2 000 calls Multi QoS Alarms Monitor Only The Multi QoS Alarms alarm button on the Configuration tab applies to real time functions and can only be set in monitor mode The button brings up the Current Module ...

Страница 342: ... specific module Select Configuration Settings and select the Modes tab Call Filtering with Multi QoS Multi QoS has a feature for quickly creating a filter from tables Click the right mouse button on any call in the table to see the filter options supported for this type of call This feature only works in capture mode after the analyzer is stopped For calls in Range Summary tables and the All Call...

Страница 343: ...3 Multi QoS All Calls Table Buttons in the All Calls Table are described below Deselecting any button filters out that type from the table Leave all buttons selected to view all calls H323 Display H 323 calls If this button is selected H 323 calls will display SCCP Display SCCP calls If this button is selected SCCP calls will display SIP Display SIP calls If this button is selected SIP calls will ...

Страница 344: ... expressed as a numeric value between 0 and 94 The value is calculated by Surveyor Surveyor uses a formula that includes packet loss jitter and transmission delay to determine the Network R factor Jitter Maximum jitter measured in milliseconds for all channels within a call The value is calculated by Surveyor Surveyor uses the formula described in RFC 1889 to calculate jitter Dropped Packets Maxim...

Страница 345: ...nges for jitter in the graph A Range Editor dialog box appears which allows you to modify ranges for this chart type Call RTCP Jitter and Call Setup Time displays and configuration are identical to Call Jitter Figure 11 4 Multi QoS Jitter Graph Example The title of the graph indicates the minimum value for the selected metric All calls that meet this minimum value are included in the graphic break...

Страница 346: ...Call Jitter Ranges The default ranges for Call Jitter Call RTCP Jitter and Call Setup Time are shown in the table below Table 11 2 Defaults for Call Jitter and Call Setup Time Ranges in milliseconds Range Call Jitter Call RTCP Jitter Call Setup Time Range 1 500 and up 500 and up 1000 and up Range 2 100 500 100 500 500 1000 Range 3 50 100 50 100 300 500 Range 4 30 50 30 50 200 300 Range 5 10 30 10 ...

Страница 347: ...Dropped Packets displays and configuration are identical to those for Dropped Packets Figure 11 6 Multi QoS Packets Dropped Graph Example The title of the graph indicates the minimum value for the selected metric All calls that meet this minimum value are included in the graphic breakdown Calls that do not meet this minimum are not included In the example on the next page all calls that have one o...

Страница 348: ...ti QoS Configuration Packets Dropped The default ranges for Packets Dropped and RTCP Packets Dropped are shown in the table below Table 11 3 Defaults for Packets Dropped Ranges Range Dropped Packets RTCP Dropped Packets Range 1 500 and up 500 and up Range 2 100 499 100 499 Range 3 10 99 10 99 Range 4 5 9 5 9 Range 5 1 4 1 4 ...

Страница 349: ...ncy to determine the User R factor Network R Factor Voice quality measure expressed as a numeric value between 0 and 94 The value is calculated by Surveyor Surveyor uses a formula that includes packet loss jitter and transmission delay to determine the Network R factor Jitter Maximum jitter measured in milliseconds for all channels within a call The value is calculated by Surveyor Surveyor uses th...

Страница 350: ... found to match well with users purely subjective ratings of voice quality These metrics are calculated by a formula that balances all equipment impairments and perception factors Each metric is reported as a single number on a per call basis typically in the range of 15 to 94 Lower numbers indicate greater equipment impairment or perceived poor voice quality In Multi QoS calls are broken down int...

Страница 351: ...ted metric All calls that meet this minimum value are included in the graphic breakdown Calls that do not meet this minimum are not included In the example on the next page all calls that have an R factor of less than 80 are included Note that this means the total number of calls in a capture will not necessarily match the total number of calls in the graphic breakdown Ranges for the graph can be ...

Страница 352: ...R factor Ranges The default ranges for Network R factor and User R factor are shown in the table below Table 11 6 Ranges for R factors Range Network R factor User R factor Range 5 25 25 Range 4 50 25 50 25 Range 3 70 50 70 50 Range 2 80 70 80 70 Range 1 94 80 94 80 ...

Страница 353: ...raphs provides a view of total bandwidth utilization and Multi QoS bandwidth utilization over time The utilization for VoIP services is compared to total utilization and total bandwidth An example utilization graph is shown below Figure 11 10 Multi QoS Utilization Graph Example The utilization is calculated after Surveyor has decoded packets ...

Страница 354: ...ry table The Call Detail window appears showing all call fields for the selected call An example Call Detail window for an H 323 call is shown below Figure 11 11 Example Call Details Window H 323 Click on View Channel Details to view channels for this call Click on Single Call Display Filter to filter out all packets except the packets of this call ...

Страница 355: ...ng the call Caller Address IP Address of the end point initiating the call Caller Number Phone number of the calling party Start Time Time at which the call was started Stop Time Time at which the call was completed Setup Time ms Time that was taken for the call to be setup the time taken from the start of the call until the phone rings Callee Name Name of the receiver of the call Callee Port TCP ...

Страница 356: ...roduct version being used by the initiator of the call Start Time Time at which the call was started Stop Time Time at which the call was completed Setup Time ms Time that was taken for the call to be setup the time taken from the start of the call until the phone rings Destination Reference Value The Call Reference Value for the conversation used by H 225 0 on the destination side Destination Add...

Страница 357: ...ll was complete Setup Time ms Time that was taken for the call to be setup This is the duration from INVITE to the 180 or 183 ringing response if available or to the 200 response otherwise If none of these responses are received the field value is set to Unknown Call ID Globally unique ID to identify a SIP call Callee SIP URL or other URI of the callee The addr spec in the To parameter Callee Name...

Страница 358: ...ication For example if you select a jitter range and select a call within that range the channel that has the highest jitter value for that call will be highlighted R factors are included for the audio channels of the call Figure 11 12 shows an example channel table for a call Field Name Description FID Frame ID of the first frame from which the conversation was detected The the frame ID of the fi...

Страница 359: ... 25 Multi QoS Channel Table Details 11 Figure 11 12 Channel Table Example Table 11 11 and Table 11 12 describe the columns in the table for each protocol H 323 SIP and UNKNOWN channel tables are the same ...

Страница 360: ...transmission delay to determine the Network R factor Max Network R Factor The highest Network R factor calculated during a sampling interval for a call Estimated MOS A conversion of the combined R factors to a Mean Opinion Score The MOS maps to a purely subjective evaluation of call quality where users rate speech samples on a scale of 1 to 5 Dst Addr The destination IP address Dst Port The destin...

Страница 361: ...h Seq Num High Sequence Number reported by RTCP RTCP Sender Report Count Number of RTCP Sender Reports seen RTCP Receiver Report Count Number of RTCP Receiver Reports seen RTCP Source Descrip tion Count Number of RTCP Source Descriptions seen RTCP Goodbye Count Number of RTCP Goodbyes seen RTCP Application Defined Count Number of RTCP Application Definitions seen RTCP Unknown Report Count Count of...

Страница 362: ...st Network R factor calculated during a sampling interval for a call Estimated MOS A conversion of the combined R factors to a Mean Opinion Score The MOS maps to a purely subjective evaluation of call quality where users rate speech samples on a scale of 1 to 5 Src Addr IP address of the caller Src Port UDP port of the caller Dst Addr IP address of the callee Dst Port UDP port of the callee Sync S...

Страница 363: ...cally played To playback a call from Multi QoS perform these steps 1 Double click on a completed or active phone call which has RTP packets containing PCMU or PCMA data 2 Select View Channel Details from the Call Detail View window 3 The Channel Table appears Right click on an audio channel and select Playback PCMU PCMA Data 4 The Save As window prompts for the name of the file The audio data is s...

Страница 364: ...contains all possible display fields with a check box Exclude fields from the table display by removing the check from the check box next to the field The default is to display all fields Customizing All Calls or Range Summary Tables Select Multi QoS Views for the Monitor Views or Capture Views menu With either the All Calls table or one of the Range Summary Tables displayed select View Options fr...

Страница 365: ...gle call and from the Call Detail window select View Channel Details to bring up the Channel table Select View Options from the View menu Check the boxes for all fields you want to include in the table display The table modifications remain until the window is closed When the window is closed and reopened the default fields in the table are restored An example dialog box for configuring SCCP chann...

Страница 366: ...e steps to export all Multi QoS table data 1 Make sure that one of the Multi QoS views is open and is the currently selected view 2 Choose Export Multi QoS Data from the File menu 3 Enter the file name in the Save As dialog box All call data will automatically be saved in CSV format and the file is given an extension of csv 4 Click the Save button The Multi QoS export information is arranged by pr...

Страница 367: ...ew fields for a single call the channel table for a selected call or the all calls table 2 Choose Export from the File menu 3 Enter the file name in the Save As dialog box The data will automatically be saved in CSV format The file is given an extension of csv 4 Click the Save button Only the Multi QoS information displayed in the current table is exported For example when exporting the All Calls ...

Страница 368: ...11 34 Surveyor User s Guide ...

Страница 369: ...so provides counters of H 323 with the Multi QoS plug in Log files contain snapshots of Surveyor counter information All byte frame and error counter values are recorded in the log file Refer to the section on Logging for more information Packet Counters Packet counters count the number of packets bytes received or transmitted Packet counters are viewed from the MAC Statistics window Table 12 1 MA...

Страница 370: ...Statistics view how many frames of a certain type have been captured Error Counters During receive error events are counted as they occur The MAC statistics view and the table associated with the Utilization Errors chart displays the receive error counters Table 12 2 contains an alphabetical list with descriptions of Surveyor s Ethernet error counters Table 12 2 Alphabetical List and Descriptions ...

Страница 371: ...mpt The number of transmission attempts that have failed Tx Defer The number of times the transmitter had transmit data available and was ready to transmit but had to defer transmission due to sensing other traffic Tx Excessive Collision The number of times packets collided 16 times without successful transmission Tx Excessive Defer The number of times the transmitter had to defer for greater than...

Страница 372: ...re the reporting Ring Station encounters signal transition or signal error on the Token Ring physical medium Frame Copy Records when a reporting Ring Station copies a frame containing the Ring Station s own duplicate address Frequency Records events where the reporting Ring Station attempts to receive a frame containing an improper ring clock frequency Internal Error Records events where the repor...

Страница 373: ...ss The number of duplicate network addresses over a period of time per segment Excessive ARP The number of Excessive ARP events The event occurs when a change in the number of ARP requests per second exceeds a threshold Excessive BOOTP The number of Excessive BOOTP events The event occurs when a change in the number of BOOTP DHCP requests per second exceeds a threshold over a period of time per se...

Страница 374: ...r a period of time per segment IP Time to Live Expiring The number of expiring connections over a period of time per seg ment ISL BPDU CDP Packets The number of Bridge Protocol Data Unit BPDU or Cisco Discov ery Protocol CDP packets over a period of time per segment ISL Illegal VLAN ID The number of ISL illegal VLAN IDs over a period of time per seg ment NCP Server Busy The number of NCP Server Bu...

Страница 375: ... addresses over a period of time per segment SAP Broadcasts The number of SAP broadcasts over a period of time per segment Slow HTTP GET Response The number of slow HTTP GET responses over a period of time per segment Slow HTTP POST Response The number of slow HTTP POST responses over a period of time per segment Slow Server Connect The number of slow server responses over a period of time per seg...

Страница 376: ...sts per second exceeds a threshold TCP IP Window Probe The number of TCP IP Window Probe events over a period of time per segment TCP IP Zero Window The number of TCP IP Zero Window events over a period of time per segment Total MAC Stations The number of the new MAC stations over a period of time per seg ment Total Router Broadcasts The number of total router broadcasts over a period of time per ...

Страница 377: ...rectory structure starts from the installation directory for Surveyor For Surveyor in NDIS mode log files are maintained by the Ethernet adapter NDIS running the Surveyor software The directory for the NDIS log is named log local NDIS_n and the NDIS log file is named NDIS_n csv where n is the number of the adapter the NDIS driver detected The log files are text files in CSV format a format easily ...

Страница 378: ...hmm ss second history file for module 2 mmddhhmm ss third history file for module 2 root log local module_n directory for module n module_n csv log file for module n history history directory for module n mmddhhmm ss first history file for module n mmddhhmm ss second history file for module n mmddhhmm ss third history file for module n root log local NDIS_1 directory for Ethernet Adaptor 1 NDIS_1 ...

Страница 379: ...anslator Enables Surveyor and Internet Advisor systems to exchange captured data Get Version Information Provides information about analyzer devices or adapters installed in your PC Identify a Module Verifies that the correct module is connected to the correct network or network segment Merge Histogram Files Merge two historgram files into one file Convert Capture Files to Histogram Files Converts...

Страница 380: ...ins the numeric address Names can be associated with MAC IP IPX or SNA addresses in a name table Name table data is presented as a table which can be sorted by clicking the column headers Click and drag on column dividers to size columns The Name Table dialog box initially displays the default name table You can manually add modify or delete name table entries You can also change the active name t...

Страница 381: ...eated in the name column for that entry in the name table To learn only addresses that have corresponding symbolic names make sure the Learn Names check box is selected and the Learn Address check box is NOT selected in the Name Table Settings dialog box Surveyor will only add an item to the name table when it discovers a character string associated with an address from a DNS SAP or NetBIOS packet...

Страница 382: ...the name table you want is the currently active name table loaded into memory This ensures that the proper symbolic names are available To use the same name table information for all systems running Surveyor you can set up a common default name table All Surveyor users can configure the path and name of the default name table which can be the same file stored on a server See Providing a Name Table...

Страница 383: ...y to produce the new name table for use with Surveyor To execute the command on the UNIX system type NIS2NAM output name table output name table is the name you select for the new Surveyor name table The UNIX system is searched for the NIS name table If no NIS name table exists the utility returns an error message Once the new name table is created copy it as a text file to the directory where Sur...

Страница 384: ...itional information fields not found in RFC 1761 Start a translator by selecting one of the following from the Tools menu Get Version Information Utility From Summary View click on the Description tab for a resource The following information displays Base address for the module Revision level Module type Serial number for the module board Table 13 2 Sniffer Translator Utility Tool Menu Options Too...

Страница 385: ...ew histogram file Note that the hst file does not contain the actual data of the capture The capture data is within the cap files that reside in the new subdirectory created for the histo gram file The hst file is a list of all the cap files for this histogram file Removing renaming or deleting the subdirectory its contents or the hst file using the Win dows interface may make the histogram inacce...

Страница 386: ...rveyor creates log files of counter expert and alarm information Log file size log file name and disabling or enabling log files can be configured in Surveyor To configure log files see the Configuring Surveyor chapter To access counter log files see the section called Counter Log File Overview in the Counters chapter For information on exporting counter log file information to an Excel spreadshee...

Страница 387: ... Bitmap You can export tables to CSV format Excel or charts to BMP format bit mapped graphic When saving a chart to a bitmap it is recommended that the display settings for your monitor be greater than 256 colors to create an image with accurate colors 1 Select the view you want to export Press one of view buttons on the Data Views or the Capture View toolbar If you already have the desired view w...

Страница 388: ...e Save button Surveyor logs both a start and stop time to the csv file The start time is the time the table chart window is first opened and the stop time is the last time the file is exported or saved to disk Exporting Counter Log Files to Excel Use these steps to view the counter data in the log files as Excel 5 0 graphics The Excel template charts xlt is located in the examples directory 1 Star...

Страница 389: ...spreadsheet showing computed data are available Select a graph by clicking on one of the tabs at the bottom of the spreadsheet The rows of counter data displayed in a graph are the most current rows For example when displaying 500 rows of counter information only the 500 most recently captured sets of counter information are used in the graph Three types of graphs are available each with four diff...

Страница 390: ...13 12 Surveyor User s Guide ...

Страница 391: ...ters produces real time LAN analysis and monitoring informa tion Data captured from the network is copied to this area after filter ing The data is immediately available for evaluation and for streaming copy to disk after which it is discarded from the buffer Capture Buffer A capture buffer provides a durable data store of LAN traffic filtered and captured in real time which is kept for later anal...

Страница 392: ...es To the extent that a system can keep up with traffic captured by an NDIS card all LAN traffic will be copied to Surveyor and filtered sliced if necessary then routed to the capture buffer real time buffer or both if desired System resource demands increase with the complexity of analysis and monitoring tasks and very much with the number of interfaces Surveyor is controlling All Surveyor real t...

Страница 393: ...rate Packet Decode Summary Yes Yes Yes Alarm Thresholds All except errors not passed by NDIS All All Sync View Full Duplex No Yes No Packet Slicing Yes Yes Yes Monitor Filter Yes Yes Yes Table A 4 Hardware Transmit Functions Transmit Functions NDIS THGm Portable Surveyor 10 100 Ethernet Analyzer Card Transmit Buffer 64K 16M 128MB 64K 16M Intelligent Frame Edit Yes Yes Yes Transmit Frame Size 64 15...

Страница 394: ...Capture No Yes Yes Post Capture Views Yes Yes Yes Frame Error Counter depends on adapter Yes Yes Packet Slicing Yes Yes Yes Limited by available PC system memory Smaller when running Windows NT Table A 6 Hardware Connectivity Connectivity NDIS Card THGm Portable Surveyor 10 100 Ethernet Analyzer Card Media 10 100 Ethernet 4 16 TR 10 100 Ethernet RJ45 for Copper or Gigabit Ethernet for Fiber Swappa...

Страница 395: ...hernet adapter as well as frames transmitted by the Ethernet adapter Capture Rate Transmit Speed Capture transmit rates depend on the network adapter and the CPU Typically the rate will fall below the full line rate of the network Counters The error counters supported through the NDIS interface are those counters sup ported by the network adapter Some vendors do not support any error counters Only...

Страница 396: ...dule is an NDIS module Set Capture Buffer and Packet Slicing Size The capture buffer memory size can be set in increments that double from 64K to 16MB To set the buffer size select the Buffer Size tab from the Configuration Module Settings menu and click the radio button corresponding to the buffer size Since the buffer uses virtual memory the system is not required to have more physical memory th...

Страница 397: ...e frame to be captured displayed HEX indicates hexadecimal format and DEC indicates decimal format in the Value column Filter values are interpreted on byte boundaries Therefore port numbers expressed in decimal are shown in the table in dot notation For example port 1719 H 323_GD is shown as 6 183 in decimal the 6 displays in offset 34 and 183 displays in offset 35 For more information on convert...

Страница 398: ...dress Fil ters for addresses at the MAC level 0 Brings up a dialog box for entering the 12 char acter address 1 MAC_DA_BROADCAST Collect all broadcast frames 0 HEX FFFFFFFFFFF 1 MAC_DA_MULTICAST Collect all multicast frames 0 HEX 01005E 1 MAC_Source_Address Template for setting a source address 6 Brings up a dialog box for entering the 12 char acter address 1 Packet_Type Template for setting the p...

Страница 399: ... Version II frames 12 HEX 0800 1 IP_Destination_Address Template for setting the IP destination address when IP is embedded in Ethernet Version II frames 12 30 Brings up a dialog box for entering the IP address 1 IP_Source_Address Template for setting the IP source address when IP is embedded in Ethernet Version II frames 12 26 Brings up a dialog box for entering the IP address 1 IPX Collect all I...

Страница 400: ...Ethernet II frames 12 30 OR 42 HEX 8137 HEX 0453 HEX 0453 2 RSVP Collect all frames where RSVP is embedded in Ethernet II frames 12 23 HEX 0800 DEC 46 1 SAP IPX Collect all frames with a SAP port in IPX packet types embedded in Ethernet II frames 12 30 OR 42 HEX 8137 HEX 0452 HEX 0452 2 Table B 2 Surveyor Filter Templates IP and IPX over Ethernet EV2 continued ...

Страница 401: ...when TCP is embedded in an Ethernet II frame 12 23 34 OR 36 HEX 0800 HEX 06 DEC 0 143 DEC 0 143 2 LDAP Collect all frames with an LDAP port when TCP is embedded in Ethernet II frames 12 23 34 OR 36 HEX 0800 HEX 06 DEC 1 133 389 DEC 1 133 389 2 MGCP TCP Collect all frames with a MGCP port when TCP is embedded in Ethernet II frames 12 23 34 OR 36 HEX 0800 HEX 06 DEC 9 123 2427 DEC 9 123 2427 2 NB SE...

Страница 402: ...frame 12 23 34 OR 36 HEX 0800 HEX 06 DEC 0 25 DEC 0 25 2 T 120 Collect all frames with a T 120 port when TCP is embedded in Ethernet II frames 12 23 34 OR 36 HEX 0800 HEX 06 DEC 5 223 1503 DEC 5 223 1503 2 TCP Collect all frames where TCP is embedded in Ethernet II frames 12 23 HEX 0800 HEX 06 1 TELNET Collect all frames with a TELNET port when TCP is embedded in Ethernet II frames 12 23 34 OR 36 ...

Страница 403: ...es with an H 323_RAS port when UDP is embedded in Ethernet II frames 12 23 34 OR 36 HEX 0800 HEX 11 DEC 6 183 1719 DEC 6 183 1719 2 HSRP Collect all frames with an HSRP port when UDP is embedded in Ethernet II frames 12 23 34 HEX 0800 HEX 11 HEX 07C107C1 2 MGCP UDP Collect all frames with a MGCP port when UDP is embedded in Ethernet II frames 12 23 34 OR 36 HEX 0800 HEX 11 DEC 9 123 2427 DEC 9 123...

Страница 404: ...n RTCP port when UDP is embedded in Ethernet II frames 12 23 43 HEX 0800 HEX 11 DEC 200 OR DEC 201 OR DEC 202 OR DEC 203 OR DEC 204 OR DEC 205 2 SIP Collect all frames with an SNMP port when UDP is embedded in an Ethernet II frame 12 23 34 OR 36 HEX 0800 HEX 11 HEX 13C4 HEX 13C4 2 SNMP Collect all frames with an SNMP port when UDP is embedded in an Ethernet II frame 12 23 34 OR 36 HEX 0800 HEX 11 ...

Страница 405: ... 14 HEX 4242 2 NetBEUI Template for collect ing NetBEUI packets 14 HEX F0F0 2 Novell Collect Novell frames 14 HEX E0E0 1 NMPI Collect packets with NMPI ports embed ded in Novell frames 14 33 OR 45 HEX E0E0 HEX 0553 HEX 0553 2 RIP LLC Collect packets with RIP ports embedded in Novell frames 14 33 OR 45 HEX E0E0 HEX 0453 HEX 0453 2 SAP LLC Collect packets with SAP ports embedded in Novell frames 14 ...

Страница 406: ...g CDP packet types embedded in Ethernet SNAP frames 14 20 HEX AAAA03 HEX 2000 1 SNAP_IP Filter template for col lecting IP packet types embedded in Ethernet SNAP frames 14 20 HEX AAAA03 HEX 0800 1 SNAP_IP_Destination _Address Template for setting the IP destination address when IP is embedded in an Ethernet SNAP frame 14 38 Brings up a dialog box for entering the IP address 1 SNAP_IP_Source _Addre...

Страница 407: ...8 49 HEX 0800 DEC 88 1 ISL_FTP Collect all frames with FTP ports when TCP is embedded in ISL frames 38 49 60 OR 62 HEX 0800 DEC 06 DEC 0 21 DEC 0 21 2 ISL_HTTP Collect all frames with HTTP ports when TCP is embedded in ISL frames 38 49 60 OR 62 HEX 0800 DEC 06 DEC 0 80 DEC 0 80 2 ISL_ICMP Collect all frames where ICMP is embedded in ISL frames 38 49 HEX 0800 DEC 01 1 ISL_IGMP Collect all frames wh...

Страница 408: ...ect all frames with NB SESSION ports when TCP is embed ded in ISL frames 38 49 60 OR 62 HEX 0800 DEC 06 DEC 0 139 DEC 0 139 2 ISL_NNTP Collect all frames with NNTP ports when TCP is embedded in ISL frames 38 49 60 OR 62 HEX 0800 DEC 06 DEC 0 119 DEC 0 119 2 ISL_OSPF Collect all frames where OSPF is embedded in ISL frames 38 49 HEX 0800 DEC 89 1 ISL_POP Collect all frames with POP ports when TCP is...

Страница 409: ...7 208 2000 2 ISL_T 120 Collect all frames with DNS ports when TCP is embedded in ISL frames 38 49 60 OR 62 HEX 0800 DEC 06 DEC 5 223 1503 DEC 5 223 1503 2 ISL_TCP Collect all where TCP is embedded in ISL frames 38 49 HEX 0800 DEC 06 1 ISL_TELNET Collect all frames with TELNET ports when TCP is embedded in ISL frames 38 49 60 OR 62 HEX 0800 DEC 06 DEC 0 23 DEC 0 23 2 ISL_XWIN Collect all frames wit...

Страница 410: ...en Token Ring MAC frames 1 17 HEX 03 HEX 03 1 MAC_Duplicate_Address Collect all Duplicate Address Token Ring MAC frames 17 HEX 07 1 MAC_Initialize_Ring_Station Collect all Initialize Ring Station Token Ring MAC frames 17 HEX 0D 1 MAC_Lobe_Test Collect all Lobe Test Token Ring MAC frames 17 HEX 08 1 MAC_Poll_Error Collect all Poll Error Token Ring MAC frames 17 HEX 27 1 MAC_Remove_Ring_Station Coll...

Страница 411: ...ng_Station_State Collect all Report Ring Station State Token Ring MAC frames 17 HEX 23 1 MAC_Report_Transmit_Forward Collect all Report Trans mit Forward Token Ring MAC frames 17 HEX 2A 1 MAC_Request_Initialization Collect all Request Ini tialization Token Ring MAC frames 17 HEX 20 1 MAC_Request_Ring_Station_Addr ess Collect all Request Ring Station Address Token Ring MAC frames 17 HEX 0E 1 MAC_Re...

Страница 412: ...MAC frames 1 17 HEX 04 HEX 04 1 MAC_Standby_Monitor_Present Collect all Standby Mon itor Present Token Ring MAC frames 1 17 HEX 06 HEX 06 1 MAC_Transmit_Forward Collect all Transmit For ward Token Ring MAC frames 17 HEX 09 1 NON_MAC Collect all non MAC Token Ring frames 1 HEX 40 1 Table B 8 Standard Filter Templates Token Ring continued ...

Страница 413: ... from Summary and Detail View Key Summary View Detail View F1 Help Help F2 System Settings Capture View Display Options F3 Module Settings Module Settings F4 Module Monitor View Preferences Create Display Filter F5 Connect to Remote Create Capture Filter F6 Load Capture Filter Load Capture Filter F7 Open Capture File Expert Summary View F8 Save Capture Save Capture F9 Go to Detail View Capture Vie...

Страница 414: ...trl T Start Module Ctrl P Stop Module Ctrl R Go to Detail View Table C 4 Shortcut Keys from Detail View Key s Action Ctrl T Start Module Ctrl P Stop Module Table C 5 Shortcut Keys from the Capture View Window Key s Action F11 Toggle display show hide current packet details Home Select the first line End Select the last line Page up Scroll up one page Page down Scroll down one page Up arrow Select ...

Страница 415: ...c pad only Ctrl Asterisk Expand all branches Numeric pad only Space Bring up dialog box to edit statement Double click Bring up dialog box to edit statement Right mouse List possible actions Insert Add a statement or add a state If a ROOT or ELSE statement is selected add a state If an IF statement is selected add an ELSE IF statement before the ELSE statement If an ELSE IF selected add an ELSE IF...

Страница 416: ...C 4 Surveyor User s Guide ...

Страница 417: ...uite Parser Name Protocol ETHERNETV2 Ethernet Version 2 IEEE8023 IEEE 802 3 RAW IEEE8022 IEEE 802 2 LLC Logical Link Control IEEESNAP IEEE Sub Network Access Protocol IEEE8025 IEEE 802 5 Token Ring LOOPBACK IEEE 802 1d IEEE8021P IEEE 802 1p Generic Attribute Registration Protocol GARP IEEE8021Q IEEE 802 1q Virtual Bridged Local Area Networks Protocol Table D 2 Parser Names Applications and Others ...

Страница 418: ...DDP Datagram Delivery Protocol LAP Link Access Protocol NBP Name Binding Protocol PAP Printer Access Protocol RTMP Routing Table Maintenance Protocol ZIP Zone Information Protocol Table D 4 Parser Names Banyan Suite Parser Name Protocol Name VARP Vines Address Resolution Protocol VFRP Vines Fragmentation Protocol VICP Vines Internet Control Protocol VIP Vines Internet Protocol VIPC Vines Interproc...

Страница 419: ...uter System Interface ISL Inter Switch Link Protocol VTPADVT VLan Trunk Protocol Advertisement VTPSTAT VLan Trunk Protocol Status Table D 6 Parser Names DECnet Suite Parser Name Protocol Name CTERM Network Command Terminal DAP Data Access Protocol DRP DECnet Routing Protocol FOUND Foundation Services LAT Local Area Transport MOP Maintenance Operation Protocol NICE Network Information and Command E...

Страница 420: ...y Routing Protocol GGP Gateway to Gateway Protocol ICMP Internet Control Message Protocol iFCP Internet Fibre Channel Storage Networking Protocol IGMP Internet Group Management Protocol IGRP Interior Gateway Routing Protocol IP Internet Protocol MOSPF Enhanced Interior Gateway Routing Protocol OSPF Open Shortest Path First PIM Protocol Independent Multicast RARP Reverse Address Resolution Protocol...

Страница 421: ...IP Protocol MOUNT NFS Mount NBNAME NetBIOS Name Service over IP NBDATAGRAM NetBIOS Datagram Service over IP NBSESSION NetBIOS Session Service over IP NETCP NetScout Control Protocol NFS Network File Server NIS Network Information Services NNTP Network News Transfer Protocol NTP Network Time Protocol POP Post Office Protocol PORTMAP Port Mapper RADIUS Remote Authentication Dial In User Service REXE...

Страница 422: ...Name DNCPNG Dynamic Host Configuration Protocol over IPng ICMPNG Internet Control Message Protocol over IPng IDRPNG Interdomain Routing Protocol over IPng IPNG Internet Protocol Version 6 Next Generation OSPFNG Open Shortest Path First over IPng RIPNG Routing Information Protocol over IPng RSVPNG Resource Reservation Protocol over IPng Table D 11 Parser Names Netware Suite Parser Name Protocol Nam...

Страница 423: ...tocol Table D 12 Parser Names PPP Suite Parser Name Protocol Name PPPCHAP Challenge Handshake Authentication Protocol PPPIPCP IP Control Protocol PPPIPXCP IPX Control Protocol PPPLCP Link Control Protocol PPPNBFCP NetBIOS Control Protocol PPPoE PPP over Ethernet Table D 13 Parser Names XNS Suite Parser Name Protocol Name IDP Internetwork Datagram Protocol PEP Packet Exchange Protocol SSP Sequence ...

Страница 424: ...s for Multimedia Conferencing T 38 T 120 Fax over IP Table D 15 Parser Names ITU Codecs Parser Name Protocol Name CELLB Sun s CellB video coding G711 G 711 Audio Codec G721 G 721 Audio Codec G722 G 722 Audio Codec G723 G 723 Speech Decoders 5 3 6 3 kbs G728 G 728 Coding for Speech at 16kbs using Low Delay Code Excited Linear Prediction G729 G 729 Coding of Speech at 8kbs using Conjugate Structure ...

Страница 425: ...ion initiation Protocol Table D 18 Parser Names Intel Suite Parser Name Protocol Name H 248 Megaco H 248 Megaco Protocol MGCP Multimedia Gateway Control Protocol over TCP MTP2 Multicasting Transport Protocol 2 MTP3 Multicasting Transport Protocol 3 RTSP Real Time Stream Control Protocol SCCP Skinny Client Control Protocol SIP Session Initiation Protocol TCAP Transaction Capabilities Procedures Tab...

Страница 426: ...D 10 Surveyor User s Guide ...

Страница 427: ...ds events where the reporting Ring Station s nearest active upstream neighbor could not set the address recognized bits or frame copied bits in the newly transmitted frame after copying the bits on the last frame received Actions Events that occur as the result of testing conditions within statements in a filter Activated Stream A defined packet or set of packets that is included in a transmit spe...

Страница 428: ...a to Surveyor Alarm Rising Threshold Rising threshold value to be compared to counter data If the counter value or its delta value over time raises above the threshold an alarm event is triggered Alarm Sample Type The type of the alarm Delta or Absolute Delta alarm types measure increases or decreases over time absolute alarm types measure only the absolute value of a counter Alarm Setting A set o...

Страница 429: ... a set of packets sent at the maxi mum network speed and another set of packets sent at the maximum network speed Capture The processing of receiving frames from the network and storing them in the Sur veyor capture buffer Capture Buffer The DRAM memory in analyzer cards or system memory on an NDIS host that stores packets captured from the network Capture File File used to store frames captured f...

Страница 430: ...packets arriving at exactly the same time on this Ethernet segment Transmit collisions are not counted CRC Align Error A counter that shows the total number of packets received that had a length between 64 and 1518 octets inclusive but had either a bad FCS with an integral number of octets FCS CRC Error or a bad FCS with a non integral number of octets Align ment Error CRC Errors Cyclical Redundan...

Страница 431: ...tement The last statement for a level in a capture filter If no combination of conditions in other statements for this level are met the actions in the ELSE statement are taken ELSE IF statement Statement in a capture or display filter Always comes between an IF statement and an ELSE statement Provides for the specification of additional conditions and actions for a state Expert Alarms Messages po...

Страница 432: ... own duplicate address Frame Rate The speed at which frames are received transmitted on the network Frequency A counter that records events where the reporting Ring Station attempts to receive a frame containing an improper ring clock frequency Frozen Window Condition where the TCP IP window size remains the same for all packets over a time period Good Frames Frames that pass all alignment and CRC...

Страница 433: ... Line Error A counter that records events where the reporting Ring Station s checksum process detects an error in a received data frame or token that the Ring Station transmitted Link Speed The maximum rate at which a device can transmit receive data on the network typ ically described in bits second Local Host A networked computer that is running the program or resource being described In the con...

Страница 434: ...odule Status Indicates whether or not the module is actively capturing transmitting frames Arm indicates that the module is capturing transmitting Monitor View activity on the network in real time Monitor and Capture Mode Allows Surveyor to view and receive data from a resource simultaneously Monitor Mode Allows Surveyor to view in real time the data coming to a resource Multi QoS Plug in module a...

Страница 435: ...t displays the detailed breakdown of a packet that is stored in a capture file or capture buffer Packets are broken down by protocol and field value within the protocol Packet Drop A counter that shows the number of dropped packets when running in NDIS mode This counter is always zero when using a THGs and capturing packets at line rate Packet Editor A dialog box available from Capture View for ch...

Страница 436: ...ed from the network This circular buffer is continuously updated and overwritten as information is received The Real Time buffer supports monitoring functions Remote Host A remote networked computer that is running the particular program or resource Surveyor can serve as a Remote Host but cannot access Remote Hosts unless you have the Remote plug in Remote Server Protocol RSP Remote Server Protoco...

Страница 437: ...sequence starts The number can be used at the receiving end to note the start of a sequence State A symbolic label used as an address for a set of statements in a filter Stop Sequence Number A number assigned in the transmit specification that indicates where the transmis sion sequence stops The number can be used at the receiving end to note the end of a sequence Stream A continuous sequence of d...

Страница 438: ...ber optic network THGp is often used in environments where a robust portable analyzer is needed THGp Ten Hundred Gigabit portable A Dolch PC based portable network analyzing troubleshooting and monitoring system available from Finisar THGm devices in a THGp can by accessed locally or remotely by Surveyor software which provides the tools to diagnose troubleshoot and monitor any full or half duplex...

Страница 439: ...c Tx Excessive Collision Counter A counter that shows the number of times packets collided 16 times without suc cessful transmission Tx Excessive Defer Counter A counter that shows the number of times the transmitter had to defer for greater than 3 036 byte times Tx Late Collision Counter A counter that shows the number of collisions that occur greater than 512 bit times after a transmission has s...

Страница 440: ...he Internet Protocol This term is sometimes used more broadly to indicate VoIP Multi Media communications via the H 323 or SCCP protocols WKP Abbreviation for well known port a known port address on the network Zero Window Condition where the TCP IP window size remains zero for all packets over a time period ...

Страница 441: ...16 alarm actions overview 9 9 alarm editor 9 4 alarm thresholds 9 8 Delta Sample Type 9 8 examples 9 15 Frame Size 9 17 MAC Errors 9 16 Utilization 9 15 Falling Value field 9 8 hints and tips 9 14 Interval field 9 8 log file settings 4 16 overview 9 1 Packet Size example 9 15 pager settings 4 16 Rising Value field 9 8 Sample Type field 9 8 Alignment CRC Counter 12 2 All Calls table 11 9 Analyses 1...

Страница 442: ... 6 7 data views supported 6 2 detail pane 6 8 hex pane 6 8 options 6 8 protocol decode color coding 4 12 summary pane 6 7 toolbar 6 7 Capture View toolbar 3 15 Capture View window 6 7 Capture Transmit Buffer A 1 Change Filter Operation 7 14 Channel Details 11 24 Channel Display Filter 11 29 Chart views 4 6 configuring 4 6 creating a Bottom Ten chart 4 6 creating a Top Ten chart 4 6 Cisco Discovery...

Страница 443: ...Responsive Stations 10 44 10 46 OSPF Broadcasts 10 94 Overload Frame Rate 10 116 Overload Utilization Percentage 10 117 Oversize 10 115 Physical Errors 10 118 RIP Broadcasts 10 95 Router Storm 10 96 Runt 10 119 Same Network Addresses 10 97 SAP Broadcasts 10 98 Slow HTTP GET Response 10 34 Slow HTTP POST Response 10 35 Slow Server Connect 10 36 Slow Server Response 10 37 SMB Invalid Network Name 10...

Страница 444: ...g 10 17 Diagnostic Messages 10 15 Direction Indicator 7 5 7 7 Disk Capture Location 4 14 Disk Options 4 14 Disk space 2 1 display filter 7 1 display filter activating 7 22 Display timers allowable values 4 13 Monitoring View local 4 13 Display timers Monitoring View remote 4 13 display vendor names 13 3 Distributed plug in 3 1 downloads saving 6 17 Dropped Packets 11 13 Duplicate Address View 6 35...

Страница 445: ...12 Missed Broadcast Announcement 10 22 NCP File Retransmission 10 23 NCP Read Write Overlap 10 24 NCP Request Denied 10 25 NCP Server Busy 10 27 NCP Too Many File Retransmissions 10 28 NCP Too Many Request Loops 10 30 NCP Too Many Requests Denied 10 29 Network Overload 10 113 No HTTP POST Response 10 32 No Server Response 10 33 No WINS Response 10 40 Non Responsive Station 10 44 10 46 Oversized Fr...

Страница 446: ...d Frames in filters 7 17 Goodbye Count 11 27 H H 323 11 1 Hardware Dependencies A 3 hardware devices 5 6 Help System on line iv Hints and Tips 10 122 Hints and Tips filters 7 31 History files 4 15 Host Information from Expert View 10 6 Host Matrix View 6 27 6 28 Host Table View 6 24 HSRP Coup 10 59 HSRP Errors 12 5 HSRP Resign 10 61 I ICMP All Errors 12 5 ICMP Destination Unreachable 12 6 ICMP Red...

Страница 447: ...ify Alarms 9 3 Module buffer size 4 8 Detail View 6 4 forcing link 3 3 NDIS 5 8 default mode 5 8 numbering 5 1 supported counters 5 8 NDIS module numbering 5 8 setting the monitoring view 4 5 settings 4 7 set up 2 3 Module menu 3 3 Module number 3 1 Module settings 4 7 Module toolbar Summary View 3 6 Monitor Capture mode 6 6 Monitor mode 5 6 Monitor views see data views 6 18 monitoring performance...

Страница 448: ...17 editing in Decode view 6 18 editing in Hex View 6 18 Set Size 6 17 Undo 6 17 Packet editor 8 8 Compute CRC button 8 9 Decode button 8 9 editing in Decode view 8 9 editing in Hex view 8 9 Undo button 8 9 Packet Size field 8 3 8 10 Packet slicing 4 8 Packet Summary View 6 34 6 35 6 36 color coding 4 12 Packet Type 8 10 Packet Type field 8 3 8 11 Packets editing 6 17 Packets Dropped counter 12 3 P...

Страница 449: ...ime Out value 4 11 RST Responses 10 52 RTCP 11 27 RTCP Dropped Packets 11 13 RTCP Jitter 11 11 Runt 10 119 Runt Frame 10 119 S SA field 8 3 Same MAC Addresses 12 7 Same Network Address 10 97 Same Network Addresses 12 7 SAP Broadcasts 10 98 12 7 Scanning Ports tab 4 10 SCCP 11 2 select a filter template 7 7 Sequence Number 11 27 11 29 Sequence numbers 8 3 Sequence Numbers field 8 10 setting Buffer ...

Страница 450: ...1 T Table views 4 6 TCP Checksum Errors 10 45 12 7 TCP Long Ack 10 49 TCP Repeat Ack 10 50 TCP Retransmissions 10 51 TCP SYN Attack 10 53 TCP Window Exceeded 10 54 TCP Window Frozen 10 47 TCP Window Probe 10 55 TCP Zero Window 10 56 TCP IP Frozen Window 12 7 TCP IP Long Acks 12 7 TCP IP Retransmissions 12 8 TCP IP RST Packets 12 8 TCP IP SYN Packets 12 8 TCP IP Window Probe 12 8 TCP IP Zero Window...

Страница 451: ... Network Layer Matrix View button 3 11 Protocol Distribution View button 3 10 Refresh button 3 12 Utilization Error View button Rx 3 10 Utilization Error View button Tx 3 10 VLAN View button 3 11 Data Views toolbar 3 10 described 3 6 Detail toolbar Save button 3 8 Detail View toolbar 3 8 Alarm List and Log button 3 9 Capture Filter button 3 9 Capture Mode button 3 8 Capture View button 3 8 Display...

Страница 452: ...ze 8 10 Packet Type 8 10 Sequence Numbers 8 10 specifying transmit data 8 8 transmission status 8 8 Transmitting capture files 8 12 trap destinations 9 12 Trap Settings for Surveyor Hosts 9 13 Trap Settings for THGs 9 12 Trigger action 7 14 Tx 6 3 Tx Attempt Counter 12 3 Tx Defer Counter 12 3 Tx Excessive Collision Counter 12 3 Tx Excessive Defer Counter 12 3 Tx Late Collision Counter 12 3 U Under...

Страница 453: ...Index 13 Index continued resizing docking windows 4 1 X X offsets wildcard 8 10 Z Zero Broadcast Address 10 101 ...

Страница 454: ...Index 14 Surveyor User s Guide ...

Отзывы: