HP Traffix Transcend Traffix Manager manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation HP Traffix Transcend Traffix Manager. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel HP Traffix Transcend Traffix Manager ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation HP Traffix Transcend Traffix Manager décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation HP Traffix Transcend Traffix Manager devrait contenir:
- informations sur les caractéristiques techniques du dispositif HP Traffix Transcend Traffix Manager
- nom du fabricant et année de fabrication HP Traffix Transcend Traffix Manager
- instructions d'utilisation, de réglage et d’entretien de l'équipement HP Traffix Transcend Traffix Manager
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage HP Traffix Transcend Traffix Manager ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles HP Traffix Transcend Traffix Manager et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service HP en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées HP Traffix Transcend Traffix Manager, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif HP Traffix Transcend Traffix Manager, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation HP Traffix Transcend Traffix Manager. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    ® http:/ /www.3com.com/ Tr a n s c e n d ® T raf fix ™ Manager User Guide Software ve rsion 3.0 for Windows NT ® Part No. 09-182 5-000 Publ ished Au gust 1999[...]

  • Page 2

    3Com Corporat ion 5400 Bay front Plaz a Santa Clara , California 9505 2-8145 Copyri ght © 199 9 3C om T echnologies . All ri ghts reserved . No p art of th is doc umentati on ma y be reproduce d in any form or by an y means or used t o make a ny derivative w ork (such as translat ion, tr ansformat ion, or adaptati on) with out wr itten p ermissi o[...]

  • Page 3

    C ONTENTS A BOUT T HIS G UID E How T o Use T h e T raff ix Manager Do cume ntation 11 Convent ions 13 T e rmin ology U sed in this Gui de 1 4 Relat ed Docu mentati on 14 Document s 14 Web Si t e s 1 4 Docume ntati on Com ments 15 Y ear 20 00 Comp lian ce 16 P ART IG ETTING S TARTED WITH T RAFFI X M ANAG ER 1 T RAF FIX M AN AGER O VERVIEW What to Re[...]

  • Page 4

    P ART II H OW T RAF FIX M AN AGER W ORKS 3 C OLLECTING D ATA How T ra ffix Manager Processes C olle cted D ata 35 RMON Overview 37 Remote Moni torin g 37 RMON-2 Sta ndard 37 How T ra ffix Manager Dis covers Ne twork D evices Us ing RMON -2 38 4 G ROU PI N G N ETWORK D EVIC ES IN THE M AP Overview 39 Attrib utes 40 Predef ined Att ribu tes 40 Groupi[...]

  • Page 5

    7 D ISPLAYING N ETWORK T RAFFIC IN THE M AIN W IND OW Loading N etwork T ra ffic Data 57 Working wit h Objects in the Main W indow 58 Displaying Object Information 58 Sear ching fo r Objects 59 Selectin g and D eselecti ng Object s 59 Locating Objects in the Map 59 Disp laying Net wor k T raffi c Dat a 5 9 Displa ying Co nnection s Betw een Obje ct[...]

  • Page 6

    10 V IEWING E VENTS Overview 81 Viewi ng Even ts 82 Filt erin g Even ts 83 Summ arizing E vent s 84 Outp ut of Even ts 84 Viewing a nd Managi ng Select ed Events 85 Del eti ng Ev ent s 85 Ignorin g Devices or Co nnection s 85 Disp laying an Even t in th e Ma p 85 Disp laying an Event in th e Launch Gr aph Di alog Box 85 Forw arding Event s as SNM P[...]

  • Page 7

    12 R EPORT T YPES Report T emp lates 9 9 Activity R eports 99 T op N Repo rts 99 Connect ion Activit y Report 1 00 Device A ctivity Re port 101 Group Activity Re port 102 Segm ent A ctiv ity Rep ort 103 T o p N Connect ions Re port 1 05 T op N D evices Re port 107 T o p N Groups Report 109 T o p N Segme nts Rep ort 11 0 P ART IV A PP ENDICES AN D I[...]

  • Page 8

    C A GGR EGATI NG D EVICES Overview 129 Defaul t Aggr egation 1 29 Specif ying an Aggregation P olicy 13 0 D U SING THE S UBNETS DB F ILE Using the Subnet sDB File 133 How Su bnet Group ing Works 135 E A UTOM AT IC A TTRIBUTE A SSIGNMENT Overview 137 Co ntents of the U ser -de fined A ttri butes Co nfig uratio n File 138 File Format 13 9 Perf orming[...]

  • Page 9

    G C ONFI GURING 3C OM S TAND ALONE RMON- 2 A GENTS Dow nloa din g Fir mwar e to 3C om St anda lon e Age nts 153 Setting the Op eration al Mode on 3Com Sta ndalone RMON-2 Agen ts 154 H DHCP How T r affix Manager Monito rs DHCP D evices 1 57 What E ffect D o DHCP Devi ces Ha ve O n The Ma p? 157 I U SING RMON-1 A GENTS Monitori ng Netwo rk Se gments [...]

  • Page 10

    [...]

  • Page 11

    A BOUT T HIS G UIDE This guid e describes T ranscend ® T raf fix ™ Manager ver sion 3. 0 for Windows NT . This app li cati on gather s, displays an d analyz es enterprise-wi de netwo rk traffic. Pr ocedur al in f ormati on on how to per f orm all t asks using T raff ix Manag er , as well as context-sen siti ve in format ion abo ut each dial og b[...]

  • Page 12

    12 A BOU T T HIS G UIDE An overvi ew of the RMON-1 and RMON-2 standa rds, and an introdu ction to h ow Traffix Manager u ses RMON-2 agents to collect d ata from your ne twork. Chapter 3 Informa tion on groupi ng devi ces to create v iews of your ne twork in the Map. Chapter 4 Proced ures for launching Tra ffix Mana ger after the first time. Chapter[...]

  • Page 13

    Conve ntions 13 Conv entions Ta b l e 2 and Ta b l e 3 l ist conventi ons that are used thr ough out thi s guide. Informa tion abou t what’s ne w in this re lease of Traffix Mana ger. Releas e Not es A list o f known prob lems in this release of Traffix Ma nager . Releas e Not es T able 1 Wher e to find specific information (continued) If you ar [...]

  • Page 14

    14 A BOU T T HIS G UIDE T ermin olog y Use d in thi s G u ide Refer to the G lossary at the end of this Use r Gui de for defini tions of terms. T e rms whi ch are define d in t he Glossar y are italicized a t their first use in t he User Guid e. Relat ed Docum entation T he foll ow ing docum ents and Web si tes c ontain use ful n etw orki ng inform[...]

  • Page 15

    Docu menta tio n Comm ent s 15 RMON-2 Pr otocol Iden tifi ers: http://www.it.kth.se/d ocs/rfc/rfcs/rfc2074.txt Miscel laneous List of th ir d-party agents whi ch are suppor ted by T raff ix Manag er: http://www.3com.com/ne twork_management/probe_interop Link s to ne twork mana g ement inf ormat ion: http://snmp.cs.utwente .nl Internet Eng ineeri ng[...]

  • Page 16

    16 A BOU T T HIS G UIDE Y ear 2000 Compliance For info rmatio n on Y ear 2 000 co mpl iance and 3Com produc ts, vis it the 3Com Y ea r 200 0 Web pag e: http://www.3com.com/pr oducts/yr2000.html[...]

  • Page 17

    I G ETTING S TARTED WITH T RAFFIX M ANAG ER Chapter 1 Traffi x Manager Overvi ew Cha pter 2 Launching T raffix M anager for the First Ti me[...]

  • Page 18

    [...]

  • Page 19

    1 T RA F F IX M AN AGER O VERVIEW This chap ter introduces you to T raffix ™ Manager . It contai ns the following sect ions: ■ What to R ead First ■ Featur es of T raf fix M anager ■ How Does T raffix Manag er Work? ■ Strategy for N ew Users What to Read Firs t Chapters 1 –5 contai n a concep tual over view of t he pr ocesses you need t[...]

  • Page 20

    20 C HAPTER 1: T RAFFIX M ANAGER O VERVI EW The T raf fi x Ma nag er on li ne he lp con t ain s de tail ed pr ocedural inf orma ti on on how to perf orm all tasks, an d in f ormatio n about each appli catio n dia lo g bo x . The T raff ix Ma nager Re lease N otes conta in in stallat ion in format ion, a nd a list of kno wn problems wit h this r ele[...]

  • Page 21

    How Does Traffix Manager W ork? 21 ■ Indu stry sta ndards — T raffix Manag er supp orts the IE TF RMO N-2 stand ard, whi ch enabl es in form atio n ab out netwo rk and applic at ion laye r pr otocol co mmunica tion pat terns to b e collecte d. See “ R MO N Overview” on pag e 37 for more informat ion. ■ Open Database for Storage — T ra f[...]

  • Page 22

    22 C HAPTER 1: T RAFFIX M ANAGER O VERVI EW Figu re 1 T raf fix Ma nage r Gather s Data fr om the Netw ork The coll ect ed dat a is st ored i n th e da ta base , an d c hec ked ag ain st confi gur ed event rules to see whet her a traf fic event shoul d be gener ate d. S ee Chapte r 9 , “ Usi ng Eve nt Ru les” , for more info rmatio n. The T raf[...]

  • Page 23

    Strategy for New Users 23 Strateg y for Ne w Users If you hav e just begun us ing T raf fix Man ager t o monit o r your network, you shou ld do the fol l owin g: ■ Set up a li mited num ber of agent s from whi ch to coll ect data unt il you become fam ilia r wi th the dat a co llection pr ocess. Then you can config ur e other agents on yo ur netw[...]

  • Page 24

    24 C HAPTER 1: T RAFFIX M ANAGER O VERVI EW[...]

  • Page 25

    2 L AUNCHING T RAFFIX M ANAGER FOR THE F IRST T IME This c hapte r provide s inform atio n on laun ching T raffix ™ Mana ge r for the first tim e. Infor mati on on in stallin g T raffix Manag er is docum ente d in the Rele ase No tes which are shipped wi th this pr oduct. It contai ns the following sect ions: ■ Installin g RM ON Agents on Y our[...]

  • Page 26

    26 C HAPTER 2: L AUNCHING T RAF FIX M ANAGER FOR THE F IR ST T IME Launchi ng the T ra ffix Manag er Server Ther e ar e two steps to launc hing T raf f ix Manag er: you must lau nch the T r affix Mana ger serve r first and then laun ch the T ra ffix Manag er client. T o launch the T raffix Manager server: 1 Sele ct P rograms fr om the Start menu, a[...]

  • Page 27

    Laun ch ing the Tr affi x Mana ger Cl ien t 27 confi gurati on of dat a sour ces, and take you to the po in t where traf fic data i s dis play ed in the mai n win dow . The startup wizard first prompts you for the DNS do mai n(s) of those devices whic h you want to monito r in de t ail. T raf fix M anager con siders this speci fied DNS domai n t o [...]

  • Page 28

    28 C HAPTER 2: L AUNCHING T RAF FIX M ANAGER FOR THE F IR ST T IME Figu re 2 T raf f ix Manager Main W indow Stop ping T raf fix Mana ger T o st op a T raffi x Manager cli ent , cl ick Exit on the Fi le menu in the main window . T o sto p the T raffix Mana ger serve r , click Stop Server in the T r affix Control Pane l. St opp ing the serv er w ill[...]

  • Page 29

    Mai n Wi ndow Ref eren ce 29 ■ Map — Cont ai ns a graphical r epresen tatio n o f the network , showi ng the hierarchy of objects an d th e traffic flowing betwe en the m . ■ Graph Panel — Shows the most signi ficant network acti vit y of the curr ently selected o bjects i n graphi cal form. Se e Chapter 8 , “Displ aying T raf fic in Gr a[...]

  • Page 30

    30 C HAPTER 2: L AUNCHING T RAF FIX M ANAGER FOR THE F IR ST T IME Groupi ngs... Launc hes the Grou pings d ialog box fro m wh ich you can create , modify and d elete gro upings fr om this dialog box. Reload Attri butes Launches the Re load Attrib utes dialog b ox from which you reload attributes for devices in the Map. Display Ad d Conne ction s T[...]

  • Page 31

    Mai n Wi ndow Ref eren ce 31 Zoom... Launches a sub- menu in whic h you select fro m the follo wing: ■ Zoom In — Zooms i nto area conta ining curren tly select ed ob je c ts. If no obj ec ts are sel ect e d, the c urre ntly disp laye d ar ea is ma gni fie d. ■ Zoom T o — Zooms to sele cted objects , magni fying them i n the Map as much as p[...]

  • Page 32

    32 C HAPTER 2: L AUNCHING T RAF FIX M ANAGER FOR THE F IR ST T IME See Ch apter 7 , “Di spl ayin g Ne twor k T raffic in the Mai n W i ndo w” for detail ed infor mati on on wo rking with obje cts in th e ma in wi ndo w . Index Launches o nline help wit h t he Ind ex ta b sele cte d. About Launches the About Tra ffix Man ager scree n, giv ing th[...]

  • Page 33

    II H OW T RAFFIX M ANAGER W ORKS Cha pter 3 Collecting Data Cha pter 4 Grouping Network De vices in the Map[...]

  • Page 34

    [...]

  • Page 35

    3 C OLLECTING D ATA This chap ter descr ibes how T ra ffix ™ Manager coll e ct s data from your netwo rk. It contai ns the following sect ions: ■ How T raffix Manag er Processes Collecte d Data ■ RMON Overview ■ How T raffix Manager Di scovers Network D evices Using RMON-2 How T raffix Mana ger Pr ocesse s Collec ted D ata T ra ff ix Manag [...]

  • Page 36

    36 C HAPTER 3: C OLLECTING D ATA Figu re 3 Collected D ata is added t o a Relat ional Dat abase From the colle cted data , yo u ca n bu ild up a p ictu re of no rmal level s of netwo rk tra ffic an d typi cal n etw ork usag e. Y ou can t hen conf igure ev ent rules whi ch pr ovide you with inf or mation about the traf fic on your networ k and netwo[...]

  • Page 37

    RMON O vervi ew 37 RMON Ov erview T raffix Manager supports all agents th at are compliant with the Inter net Engi nee r ing T ask For c e (I ETF) Remote MONi tori ng Management Inform atio n Ba se V ersio n 1 (R MO N-1 M IB), de fine d in R FC 175 7, and V ersion 2 (RMON- 2 MIB), defi ned in RFCs 202 1 and 2074 . The RMON sta nda rds bring the fol[...]

  • Page 38

    38 C HAPTER 3: C OLLECTING D ATA singl e segment. T raf fix Manager uses R MON-2 func ti onality to buil d up a picture of comm uni cating devic es on the netwo rk an d the traffic flowin g between t hem, i ncl uding network l ayer addr esses and pr otoc ols seen. For furthe r in formati on on RMO N-1 and R MON-2, refer to the 3Com ® RMON-1 an d R[...]

  • Page 39

    4 G RO U P I N G N ETWORK D EVICES IN THE M AP This chap ter co ntai ns the fol lowin g s ect ions: ■ Overview ■ Attrib utes ■ Groupi ngs Overview W ith T raffix ™ Mana ger , you can gr oup devic es in t he Map acco rd ing to your o wn c riter i a. Y ou can view the use of your net work by , for exa mple, cost ce nter , business unit, workg[...]

  • Page 40

    40 C HAPTER 4: G ROUPING N ETWORK D EVICES IN THE M AP Attrib utes T o un ders tan d how T raffix Ma nager g roups de vice s in the Ma p, it he lps to be fami liar with the concepts o f a ttribu tes and groupin gs . An attribute is a label f or a piece of infor mat ion abo ut a device: for exampl e, locat ion or IP address . T raff ix Man ager has [...]

  • Page 41

    Attribu tes 41 MAC Addr Only devices wh ich are in the sam e broadcast d omain as the in te rface on an RMON -2 agent will have the MAC address attrib ute assigned to the m. See “Assigning MAC Addr esses” on page 42 for an examp le of this. Vendor T he Vend or attrib ute is only a ssigned if the followi ng cri teria are met: ■ The MAC Address[...]

  • Page 42

    42 C HAPTER 4: G ROUPING N ETWORK D EVICES IN THE M AP Assignin g MA C Ad dresses When the client is firs t started, it trie s to locate the T raffix Manag er server thr ough t he use of a broad cast message. If the syste m on which the clien t is runni ng is not in the same br oadcast doma in as the server , this broadcas t mess age w ill fa il, a[...]

  • Page 43

    Groupi ngs 43 The Map shows a hie r arch ical vi ew of the devices i n your networ k accor ding to t he selected gr oupin g. By selectin g a Geographical gr oupi ng for exa mple , de vice s wil l be group ed a ccordin g to w hich coun try the y are in. W ithin each coun try , dev ices may be grou ped a cco rding to whic h city they ar e in. The hi [...]

  • Page 44

    44 C HAPTER 4: G ROUPING N ETWORK D EVICES IN THE M AP a Add appr opriate entr ies to th e SubnetsD B con figuration f ile. See Appen dix D , “Usin g the Subne tsDB File” , for details. b Either start a new d ataba se or use Reload Attrib utes... with Subnets checked to update the attri butes o f exist ing devices i n the d atabase . c Create a[...]

  • Page 45

    Groupi ngs 45 Figu re 5 Attributes dialog box The Attrib utes d ialog box d isplays, in rows, a list o f selected devices on your ne twork, a nd in columns, a li st of av ailable a ttribu tes. By d efaul t, devices currently sel ected in the Ma p are listed, w ith valu es for th e attributes that apply to the selected grouping. If no d evices are s[...]

  • Page 46

    46 C HAPTER 4: G ROUPING N ETWORK D EVICES IN THE M AP Figu re 6 Groupings dialog box[...]

  • Page 47

    III R UNNING T RAFFIX M ANAGER Cha pter 5 Launching Traffi x M anager After the Fi rst Time Cha pter 6 Configuri ng Agents for Data Col lection Cha pter 7 Displaying Network Traff ic in the Main Window Cha pter 8 Dis pla ying Traf fic i n Gr ap hs Cha pter 9 Using Event Rules Chapter 1 0 Viewing Ev ents Chapter 1 1 Overview of Rep orting Chapter 1 [...]

  • Page 48

    [...]

  • Page 49

    5 L AUNCHING T RAFFIX M ANAGER A FTER THE F IRST T IME This chapt er pr ovides informat ion on how t o launc h T raffix ™ Ma nager , after th e firs t time. It conta ins the foll owing secti ons: ■ Launching the T raffix Manage r Server ■ Laun ching a T ra ffix Ma nager Clie nt ■ Client Access Levels Launchi ng the T ra ffix Manag er Server[...]

  • Page 50

    50 C HAPTER 5: L AUNCHING T RAF FIX M ANAGER A FTER THE F IRST T IME T o us e a r emote serv er , you must add t he I P ad dre ss of the machi ne runnin g the server to th e shortcu t in the Start m enu. T o do so , fol low thes e s tep s: 1 Sele ct Settin gs from the Start men u, and then Ta s k b a r ... 2 In the T a skba r Prope rties dial og bo[...]

  • Page 51

    6 C ONFIGU RING A GENTS FOR D ATA C OLLECTION This chapt er describe s how to use T raf fix ™ Manage r t o iden ti fy and enab le RMO N ag ents on yo ur ne twork for da ta co llecti on. It contai ns the following sect ions: ■ Supporte d RM ON Agen ts and Interfa ces ■ Finding A gents fo r Da ta Coll ection See “RMON Overvi ew” on page 37 [...]

  • Page 52

    52 C HAPTER 6: C ONF IGUR ING A GENTS FO R D ATA C OLLECTION Finding Agents for Data C ollectio n The age nts used may be devices with R MON-1 o r RMON- 2 e mbedded withi n them, such as swit ch es or hubs, or they ma y be ded icat ed stand- alone RMON pr obes. Y ou can sear ch f or compat ible ag ent s fr om the startup wiza r d an d fr om the Con[...]

  • Page 53

    Finding Age nts for Data C ollecti on 53 T o enable you to manag e larg e numb ers of collec tion a gen ts, agent folde rs can be cr eat ed i n the tree and t he agents dragged and dr opped into th em. Adding a nd Edi ting Ag ents Fr om the Conf igur e Agents dial og box you can use T raf fix Manag er to automati cally find agent s on your network [...]

  • Page 54

    54 C HAPTER 6: C ONF IGUR ING A GENTS FO R D ATA C OLLECTION Viewing Agen t Stati stics Y ou can view the stati s tics of a sel ect ed agen t fr om the Agent St at ist ics dia log box. Th is di alog bo x dis play s va rious stat istics related to SN MP commu nication with the agen t. Refer to the online he lp for mo r e de taile d inform ation abou[...]

  • Page 55

    Finding Age nts for Data C ollecti on 55 T raffix Man a ge r . Se e A ppe ndix G for mo re informat ion abo ut setti ng the mode on 3Co m standa lone RMON-2 agent s.[...]

  • Page 56

    56 C HAPTER 6: C ONF IGUR ING A GENTS FO R D ATA C OLLECTION[...]

  • Page 57

    7 D ISPLAYING N ETWORK T RAF FIC IN THE M AIN W INDOW This chap ter co ntai ns the fol lowin g s ect ions: ■ Loadin g Netwo rk T raffic Data ■ Working w ith Obje cts i n the Ma in W i ndow ■ Displ aying N etw ork T raffic D ata ■ Pr otocols, Appl ications and Fa vor ite s ■ Device Aggr egation Befor e you can d isplay traf fic da ta, you [...]

  • Page 58

    58 C HAPTER 7: D ISPLAYING N ETWORK T RAFFIC IN THE M AIN W INDOW Figu re 7 Load T raf fic dialog box Wo rking wit h Objects in t he Main Wind ow Once you ha ve loaded networ k t raf fic data , you can displ ay informati on about ob jects on your networ k, sear ch for and select obj ects, and locate objec ts in the Map . Dis playin g O bject Inform[...]

  • Page 59

    Displaying Network Traffic Da ta 59 ■ Gr ey — I nac ti ve ■ Gr een — T ransmi tting traffic only ■ Y ellow — Rec eivin g traffic o nly ■ Orange — T ra nsmittin g and receiving traffic A sele cted ob jec t is colored bl ue. The shade of grey used t o co lor the inside of a group is only use d to make it more visi ble in the Map and d[...]

  • Page 60

    60 C HAPTER 7: D ISPLAYING N ETWORK T RAFFIC IN THE M AIN W INDOW Ta b l e 7 desc ribe s the traffic d ispl ay op tion s av ailabl e from the Displ ay menu an d fr om buttons in th e main win dow . Displa ying Conn ec tion s Between Object s With two or mor e objects selected, click Add Conn ectio ns B etween to disp lay tra ffic goi ng b etwe en t[...]

  • Page 61

    Proto cols, Applicati ons and Favori tes 61 Com binin g To a n d From and Be twee n Y ou can use the T o and Fr om and Be tween opti on s in combi nati on to turn of f a subset of th e tra f fic connect ions. Remo ving an d Hiding Tr a f f i c T o remov e all tra ff ic fr om selected obje cts in the Ma p, select Re move All Connect ions from the Di[...]

  • Page 62

    62 C HAPTER 7: D ISPLAYING N ETWORK T RAFFIC IN THE M AIN W INDOW If you wan t to c han ge the pro tocol s in an a ppl icatio n, c rea te a new favorite rather than ed it a pre defin ed appl icatio n grou ping. The c once pt o f ha ving a ppl icat ions and f avo rites (colle ctio ns o f rela ted protoco l s) also appl ies also to graphs, re ports a[...]

  • Page 63

    Proto cols, Applicati ons and Favori tes 63 Y ou might then create a favorite called Server , cont aini ng b oth user -defi ned p rotocols. Y ou co uld di spla y this favo rite in the Ma p as a single col o r , to show the overal l use of both pro tocol s on yo ur networ k. T o set up a user -def ined pr otocol, you n eed: ■ The name o f th e par[...]

  • Page 64

    64 C HAPTER 7: D ISPLAYING N ETWORK T RAFFIC IN THE M AIN W INDOW ■ Y ou can only cr e ate child pr o t ocols if the pr otocol you ar e extending support s the addi tion of child pr otocol s. Many curr ent impleme ntatio ns of RMON-2 agents do not sup port user -define d pr otoc ols. If in doub t, ch eck with y our agent ven dor . Device Aggregat[...]

  • Page 65

    8 D ISPLAYING T RAF FIC IN G RAP HS This chap ter co ntai ns the fol lowin g s ect ions: ■ Overview ■ Using th e Graph Pane l ■ Using t he Launch Grap h Dial og Bo x Overview Y ou can use t he gr aph t ool s in T raf f ix ™ Manage r to anal yze mapped traf fic. The graph panel of the main window shows sum mary infor mation abou t t he most [...]

  • Page 66

    66 C HAPTER 8: D ISPLAYING T RAFFIC IN G RAPHS Using the Graph Panel The Graph Pa nel of the main window shows basi c in for mati on about the networ k activit y of select ed items in the Map as a nu mber of grap hs. Figu re 8 Graph Panel The fo llo wing grap hs of obj ects sele cted in the Map a re displ ayed in th e main window: ■ Summary Ba r [...]

  • Page 67

    Using the Launch G raph Dialog Box 67 Use the Graph Panel Sett ings di al og box to configur e the displ ay of the Graph Pane l. Figu re 9 Graph Panel Settings dialog box The opti ons for di splay ar e: ■ Units — The unit of measur ement used whe n cal culating the ch ar ts: ■ Medi a T ypes — O nly active if bits per se cond or % util iza t[...]

  • Page 68

    68 C HAPTER 8: D ISPLAYING T RAFFIC IN G RAPHS Figur e 10 Launch Graph dialog box The sett ings used to creat e the launched gr aph are those used in the Map at t he ti me you laun ch the dial og b ox. If the data is fi lte red in some way , for exa mpl e by protoco l, that f ilter ing is used when pr oducing t he graphs. Each gra ph will only use [...]

  • Page 69

    Using the Launch G raph Dialog Box 69 ■ T op Objects — Show th e bu sie s t ob je c ts. Wh ich obje ct s are consid ered d epend s on the leve l set in th e Gra ph Setti ngs d ialog box . ■ T op Conn ection s — Shows the b usiest conne ctions. Which conne ctio ns ar e consider ed depends on t he Level and Unit T o tal set in the Grap h Set [...]

  • Page 70

    70 C HAPTER 8: D ISPLAYING T RAFFIC IN G RAPHS[...]

  • Page 71

    9 U SING E VENT R ULES This chapt er describe s how to use event ru les t o analy ze th e dat a collecte d by T raffix ™ Mana ger and to info rm you of tra ffic changes on your net w or k. This chap ter co ntai ns the fol lowin g s ect ions: ■ Overview ■ Pr edef ined Eve nt Rules ■ Examples of Event Rul es ■ Conf iguri ng Ev ent Rules ■[...]

  • Page 72

    72 C HAPTER 9: U SING E VENT R ULES The ev ent rul es in T ra f fix Manage r fall in to two b road catego ries: ■ Security — An event i s gene rated when so me asp ect of n etwork securit y may have been com pr o mised. ■ Tr a f f i c — An ev ent is ge nerate d when a sign ificant change in tra f fic patter n s is dete cte d. The vari ous t[...]

  • Page 73

    Exam ples o f Event Ru le s 73 Examples o f Even t Rule s Ther e ar e a total of eight ty pes of even t rule, t he po ssible uses of which are disc uss ed below . Securi t y Event Ru les These types of ev ent rul e help you to pr otect your net work fr om unaut ho riz e d acce s s or im p roper use . Detect Unau thorized Machine Access Y ou use thi[...]

  • Page 74

    74 C HAPTER 9: U SING E VENT R ULES T raffic Even t R ules These types of event r ule hel p you to detect sign ificant chang es in t he behav io r of a machin e or connect ion. Such changes are of ten caus es or indicat o rs of pr obl ems on the ne twor k. They ma y al so in dicat e tha t some part of th e netw ork is o verl oaded , a nd co uld giv[...]

  • Page 75

    Config uring E vent Rul es 75 By appl ying t he pr otocol fi lter t o an even t rule of thi s type , you can use i t to monit or the usa g e of spec if ic ne tw or k s er vi c es on the de vi c es. For exam ple, yo u can us e this event ru le t o: ■ Monitor the a ctivity o f your e -mail servers. ■ Monitor the a ctivity o f your router . Monito[...]

  • Page 76

    76 C HAPTER 9: U SING E VENT R ULES Figur e 11 Event Rules dial og box T raffi x Manager pr ovides wizar ds to help you add and ed it event rules. Refi ning Event Ru les When you add or edi t an event r ule, you can modi fy it to monit or the traffic on y our ne twork and y our n etwork secur ity , acc ording to yo ur ow n r equir ements. Spe cifyi[...]

  • Page 77

    Using E ven t Rules 77 Spe cifyi ng the Tim e Filt er W ith certa in types of event ru le, you can sp ecify the times at wh ich rul es apply . For exam ple, you coul d choose to restrict u nauth orized tra ffic at all times , or on ly du rin g certa in perio ds . Speci fying Sen sitivity For most ev ent rule ty pes, you can specify how sensi tive y[...]

  • Page 78

    78 C HAPTER 9: U SING E VENT R ULES Maintaining Network Security Y ou can conf igure Detect N etwork Sweep Attack a nd Detect New Devices ev ent rules to gene rate securi ty events. There are event rules of both ty pes al ready pr econfigur ed. However , your firewall may be a more appr opriate sour ce of informati o n about at tack s fr om outside[...]

  • Page 79

    Using E ven t Rules 79 The Map can pr ovide you wit h immedi at e infor mation ab out whi c h devic e s ha v e bee n us i n g pa rti cu lar s er ver s. Detecting Unauthori zed Servers Y ou can use the Detect Networ k Sweep At tack rule t o spot u sers cr eat ing unauth or ized ser v er s on the net work. For exampl e, you can det ect unaut hor ized[...]

  • Page 80

    80 C HAPTER 9: U SING E VENT R ULES Imple menting Business Poli ci es Some orga nizations and netw or k admin ist r ators ha ve specific polici es abou t ho w the networ k can be used , in general or at dif feren t times of day . Detect Network Misuse and Detect Unauth or ize d Mach in e Access event r ules ar e powerful tools for dete cting behavi[...]

  • Page 81

    10 V IEWING E VENTS This chapt er desc ri bes use of the Event List . It cont ains the f ollow in g sect io ns: ■ Overview ■ Viewi ng Eve nts ■ Viewi ng an d Managing Selec t ed Even ts ■ Forwar ding Events as SNMP T raps Overview T raffix ™ Mana ger e nables yo u to create even t rules about th e traffic on your netwo rk and n etwork sec[...]

  • Page 82

    82 C HAPTER 10: V IEWING E VENTS View ing Eve nts Y ou use the Event List to displa y info rmati o n abo ut eve nts. Figur e 12 Event L ist The Event List pr ovid es the fol lowing inf ormat ion abo ut each event : ■ Acknow led ged — whether the e vent has been acknowledged . By defaul t only una cknowledged events ar e displayed. ■ Severity [...]

  • Page 83

    Viewi ng Ev ents 83 ■ The severi ty of th e even t . ■ The rule t hat gene rated the event. ■ A detai le d explan at ion of t he re ason for the event. ■ The acti vity of t he devic e befor e and after the chang e that cau sed the ev e n t. Y ou can sort, filt er , and summariz e th e displa y of events . Thes e last two operati ons are des[...]

  • Page 84

    84 C HAPTER 10: V IEWING E VENTS ■ By event rule. ■ By devi ce / grou p — Y ou can select a gr ouping and a gr oup or device. When lau nched for a p articula r gr oup or devi ce fr om the M ap, the Ev en t List show s al l ev ents in th e ev ent lo g w hich relate to the selecte d device or gr oup. Only even t s genera ted by event rule s can[...]

  • Page 85

    Viewi ng an d Manag ing Sele cted Ev ent s 85 View ing and Mana ging Select ed Events By select ing an e vent in the E vent Li st, you can carry o ut the followi ng actions. These action s do not ap ply to e vents ge nerate d by th e Colle ctor or th e Re por ter . ■ Show deta iled i nformati o n about the event. ■ Acknowle dge the even t. ■ [...]

  • Page 86

    86 C HAPTER 10: V IEWING E VENTS Forwarding Events as SNMP T ra ps By s ele ctin g an eve nt in the Even t Ge nerat io n di alog bo x, yo u ca n ch oos e to forwa r d the event a s an S NMP tra p to yo ur ow n O pen Ma nageme nt Platf orm (f or examp le, HP OpenView or SunNet Man ager ). The Event Generati on dial og bo x allows you to confi gur e [...]

  • Page 87

    Forwar ding Even ts as SN MP T raps 87 2 The MIB fi les that def ine eve nts ar e supplied by a number of enterp r ises. Sele ct 3Co m in the Ent erprise s field of the Event Con figur ation di alog box. The syst em ob ject ID corr espond s to the valu e suppli ed wi t h the SNMP T rap. 3 The list in the bot t om half of the Event Con figur ation d[...]

  • Page 88

    88 C HAPTER 10: V IEWING E VENTS[...]

  • Page 89

    11 O VERVIEW OF R EPORTING This chap ter co ntai ns the fol lowin g s ect ions: ■ Overview ■ Mana ging Repo rts ■ Strategy for Re porting ■ Ef fects of Gr oupi ng on Repo rts Overview Y ou use the repo rting to ols in T raffix ™ Manager t o pr oduce prof essiona l, multi -pag e r ep orts fr om collected dat a about the tr a f fic in yo ur[...]

  • Page 90

    90 C HAPTER 11: O VERVI EW OF R EPORTING ■ Use top N reports to det ermine an d report on the most a ctive o bjects on your net work . Her e, N i s a number betwee n 1 and 50 th at you can choose for e ach report. The dif fer ent types of r eport ar e detai led in Chapter 12 . Report Instances Y ou can set up r eport s for your sp ecific needs. T[...]

  • Page 91

    Over view 91 We ekly Rep orts These r epor t s use all da ta collected on the day specifi ed and the follow ing 6 d ays. The repo rt is gene rated in th e e arly h ours of th e da y after the last da y covered by the report. For exam ple, i f you select from Fri day t hrough to th e follo wing T hursda y ( Figur e 15 ), data c overing the 7 da ys f[...]

  • Page 92

    92 C HAPTER 11: O VERVI EW OF R EPORTING Managin g Re ports Y ou use th e Rep ort M anager to add, sche dule, edi t an d del ete r eports. Figur e 17 Report Manager The Repor t Manager has thr ee main ar eas: ■ Reports — Di splays a tree of report types, in stances, r aw data, and output. Y ou can add, edit an d delete items i n the tree . Y ou[...]

  • Page 93

    Managi ng Re ports 93 The repo rting fea tures avai labl e depend on the clien t access le vel. A read-o nly user ca n brow se e xisti ng re por ts, vi ew report deta ils, a nd view reports in the outpu t queu e. An ad ministrato r can a lso add, edit a nd dele te rep orts, chan ge report sched uling and outp ut opt ions, an d run ad hoc reports. S[...]

  • Page 94

    94 C HAPTER 11: O VERVI EW OF R EPORTING Y ou can ch oose to de lete raw dat a to re claim di sk space if requi red. See “Sett ing Glob al Report Opti ons” on pag e 96 fo r more i nforma tion a bout deletin g raw repo rt da ta . ■ Report o utput — I f yo u hav e sc hedul ed the o utpu t of a report instan ce as HTML, the gene rat ed HTML ou[...]

  • Page 95

    Managi ng Re ports 95 ■ Perio d — The time range covered by the se lected raw data or output . ■ Keep Re port — T he dat e the report is to be de leted, or K eep Forever , if the report is t o be kept ind efinite ly . ■ Stat us — Whe ther raw data or outpu t was gene rated successfull y . T o disp lay th e ge nerat io n his tory for rep[...]

  • Page 96

    96 C HAPTER 11: O VERVI EW OF R EPORTING Monitorin g Repo rt Generation and Output Use the Output Queue to view output requests tha t are due to be ru n, that a r e compl ete, or have fa iled. (R eport output could fa il if, f or exampl e, a file cannot be writt en to, or a prin ter is of f line. Se e “T roubl eshoot i ng Reports” on p age 11 6[...]

  • Page 97

    Strategy for Rep orting 97 Strateg y for Repo rting This section contains a st rat egy t o help n ew users begi n r eporting wi th T raffix Man a ge r. Getting Started One of the most b eneficial fea tur es of t he R eport Ma nager is that you can u se i t to o btain a pi cture o f yo ur netw ork ’ s usua l beh avior . The qu ickest report to run[...]

  • Page 98

    98 C HAPTER 11: O VERVI EW OF R EPORTING groups, ra ther than f or your e ntire networ k. S ee “Creat ing and Assigning Attrib utes” on pag e 44 f or more in format ion. Generate a top N Summ ary Report to Determine Objects fo r an Activity Report Y ou can run top N r eports in t wo modes: ■ Summary mod e ju st ident if i es the top N obj ect[...]

  • Page 99

    12 R EPORT T YPES This chap ter descr ibes in d etail each type of report in T raffix ™ Mana ge r . Repo rt T em plates For each kind of ob je ct — connect i ons, devices, gr oups of devices, and segment — th ere are two types o f report tem plate , activi ty and top N. Activity Reports Each activity r eport co nsists of t wo sectio ns: ■ T[...]

  • Page 100

    100 C HAPTER 12 : R EPORT T YPES ■ The la st se ctio n con tain s info rmat ion ab out th e report it self su ch as its tit le, whet her i t wa s schedu led or ru n ad ho c , and when it was cr eated. The dif feren t types o f r eport ar e describ ed in turn in the r emai nder of this chapter . Connec tion Ac tivity Repo rt This report co ntai ns[...]

  • Page 101

    Device Activity Report 101 Device Activity Repo rt This report co ntai ns de tail ed inf orma tion on each spec ifie d d evice . 2 Repor t Informati on Informatio n about the repo rt itself. T able 8 Connection Activity Report Charts (continued) Report Section Cha rt Title Des cr ipt io n T able 9 Device Activity Repor t Charts Report Section Cha r[...]

  • Page 102

    102 C HAPTER 12 : R EPORT T YPES Gr oup Activity Repo rt This r epor t con t ains det aile d informatio n on each spe cified gr oup. Ther e ar e three ways you can re port on gr oups: ■ Exte r nal — T ra f f ic fl owing i nto or out of the gr oup only ■ Inter na l — T ra ffic flow ing w ithin th e g r oup only ■ Overal l — Both e xter n[...]

  • Page 103

    Segment Activity Report 103 Segment A ctivity Repo rt This report co ntai ns de tail ed inf orma tion on each spec ifie d se gmen t. Fo r the purpo ses of r eporting, it is assumed that each separat e segment of your net w or k is moni tor ed by an agent i nt erface. Many sit es (particular ly in a switch ed envir onment) have large numbe rs of seg[...]

  • Page 104

    104 C HAPTER 12 : R EPORT T YPES Error History With Bas eli ne A baseline cha rt showing the actual total number o f error packe ts over the report period a s a line . This is ove rla id o n ban ds re pre sen t ing nor mal, bor d erl ine and unusu al er ror total s . Th ese basel ines are c alc ulate d usi ng a st at is tica l a naly sis of dat a f[...]

  • Page 105

    Top N Connecti ons Rep ort 105 T op N Conn ec tio ns Repo rt This report calcu lates the top N co nnectio ns by total oc tets sent and r eceived over the report perio d. A conn ecti on can be one o f th e following: ■ A single conversati on be twee n two device s ■ The total of multi ple conv ersatio ns bet ween a devi ce and a gr oup ■ The t[...]

  • Page 106

    106 C HAPTER 12 : R EPORT T YPES ■ “From US at Coun try level to UK at City level” tells yo u which cities in the U.K. communi cated most with the U.S. ■ “From US at Device leve l t o UK at Device level ” tells you the busie st conne ct ions betw ee n individual devi ces in th e U. S. and U.K., suc h as server1 to pc-42 or pc 48 to ukSe[...]

  • Page 107

    Top N Devices Report 107 T o p N Devices Repo rt This report calcu lates the top N d evices by total o ctets sent and received, and by the number of “hits” over th e re p ort period. Y ou can limi t the report to co nsi der only d ev ices wit hin a spe cif ied group. For e xample: ■ Sele ct th e Traffix r oot group and the report te lls you t[...]

  • Page 108

    108 C HAPTER 12 : R EPORT T YPES 1.2 Top Devices By Hits A stacked bar chart containing the top N de vices as measur ed by total hits , brok en do wn by pr otocol. A hit is a co nversa tion o f a par ticular protoc ol be tween th e device and a nothe r devic e. Protoc ol Distributi on Of Top Device s A pie cha rt showin g the top 10 p roto cols see[...]

  • Page 109

    Top N Gro ups Rep ort 109 T o p N Groups Repo rt This repo rt calc ulate s the top N g roups by tot al oct ets se nt an d receive d over t he r eport peri od. Y ou can l imit th e r eport to co nsider only g ro ups at a spe cifi ed l evel in th e gro uping scheme within a p arent group. Some exa mples of gr oup r eport s ar e: ■ Geograp hic a l g[...]

  • Page 110

    110 C HAPTER 12 : R EPORT T YPES T o p N Segmen ts Repo rt This r epor t calcul ates the t op N segments by ut ili z at ion, and by percenta ge of er rors. For most networks it is su f ficient to allo w T raffix Manag er to sele ct automati cally the top N segmen ts by se lecting A ll Seg men ts for th e top N segments r eport. Sinc e it is possibl[...]

  • Page 111

    Top N Se gments Report 111 Utilization History A multi ple line char t showing the h i story of the utilization for e ach of the N segments over the re port period. Utilization Health Chart An alternat ive way of view ing the ut ilization history. Utilizatio n values a re show n as c ells w ith the cell color indicati ng the band of utili zatio n. [...]

  • Page 112

    112 C HAPTER 12 : R EPORT T YPES Utilization History With Basel ine A baseline chart s howing th e actual util izati on over th e repo rt pe ri od as a l ine . Thi s i s over la id o n ban ds represe ntin g normal, b orde rli ne a nd unusual util iz ati on. These basel ine s are cal cula ted usin g a st atist ical an alysi s of data from prev ious [...]

  • Page 113

    IV A PPENDICES AND I NDEX Appe ndix A Tr oublesh ooting Traf fix Mana ger App end ix B Database Manageme nt Using Traffix Control Pan el App end ix C Aggregating Devi ces Appe ndix D Us ing the SubnetsDB File Appe ndix E Aut omatic At tribute Assignment Appendix F Supported RMON-2 Devi ces Appe ndix G Conf iguri ng 3Com Standalon e RMON -2 Agents A[...]

  • Page 114

    [...]

  • Page 115

    A T R OUBLESHOOTING T RAF FIX M ANAG ER This appen d ix is di vided in to two sect io ns: ■ T r oublesho ot ing T raf fix Man ager ■ T r oublesho ot ing Rep orts For in formati on on rep ortin g pro blems to 3Co m, se e A ppe ndix K , “T echnical Suppo rt” . T roubl eshooti ng T ra ffix Manager Ta b l e 1 6 cont ains des cripti ons o f prob[...]

  • Page 116

    116 A PPENDIX A: T ROUBLESHOOTING T RAFFI X M ANAGER T roubl eshooti ng Repo rts See Chapter 1 1 , “Overv iew of Reporti ng” for informat ion on the reportin g fe atu res of T raffix Ma n a ge r. Diag nos i ng Reporti ng Pr oblems Ta b l e 1 7 co ntai ns de scri ption s of p roblem s yo u mig ht e ncoun ter w hen using the reporting too ls in T[...]

  • Page 117

    Troubl eshooti ng Rep orts 117 T able 17 Diagnosing Reporting Proble ms Problem Cau se Solution Raw report fails whe n running ad hoc or schedul ed reports. Database directory is full (raw re po rt d ata i s stored in th e database ). ■ Incre ase the d isk space availabl e to t he d a tabase. ■ Delete unused ra w report data to reduce the datab[...]

  • Page 118

    118 A PPENDIX A: T ROUBLESHOOTING T RAFFI X M ANAGER Reports take very long time to run. Reports using large amounts of da ta can take some time to complete. ■ Spee d up ad hoc report generation b y generating repo rts for fewer nu mbers o f devices, grou ps, protoc ols or segme nts. ■ Schedule reports to run overnig ht rather th an runn ing ad[...]

  • Page 119

    Troubl eshooti ng Rep orts 119 “ERROR could not open output file: <filename>” in ev ent viewer . The reporter was unabl e to c reat e an output f ile. This i s mos t often c aused by i nsuffici ent pe rmis sions — y ou do not have permissio n to create outp ut files where requested . T able 17 Diagnosing Reporting Proble ms (continued) [...]

  • Page 120

    120 A PPENDIX A: T ROUBLESHOOTING T RAFFI X M ANAGER[...]

  • Page 121

    B D ATABASE M ANAGEMENT U SING T RA F F IX C ONTROL P ANEL This appen d ix cont ai ns: ■ Overview of T raf fix Contr ol Panel ■ Overview of Da tabase Applicati ons ■ Upgr adin g T ra f fix Mana ger 2.0 Overview of T raffix Control Panel Fr om the T raf f ix Contr ol Panel, you ca n manage the operati on of the T raffix ™ Serve r , and the s[...]

  • Page 122

    122 A PPENDIX B: D ATABASE M ANAGEMENT U SING T R AFFIX C O NTROL P ANEL Figur e 18 T raffix Contr ol Panel These appl ications help you t o man age and organize a num ber of databases, for ex ample, if you wan t to keep e xtra da tabases fo r backu p purpo s es or to provid e sna p sh ots of your ne two rk or port io ns of you r networ k over ti m[...]

  • Page 123

    Overvi ew of Databas e Applic ations 123 ■ The amount of fr ee disk space r ema ining on your PC for data collectio n to th e data base. ■ The loca tion o f HTML reports. From this dial og b ox, y ou can l aunc h the fol lowin g op era tions: ■ Create a new da tabase to write d ata from the n etwork to. Unless yo u want to ge t rid o f the co[...]

  • Page 124

    124 A PPENDIX B: D ATABASE M ANAGEMENT U SING T R AFFIX C O NTROL P ANEL ■ The amount of hour ly and daily data whic h has al ready been colle cted. In thi s dial og b ox, yo u ca n spec ify the maxim um amou nt of data t hat you wa nt th e T raffix Manager da tabases to hold alto gether . Y ou can carry o ut the fo llowing operation s from the D[...]

  • Page 125

    Overvi ew of Databas e Applic ations 125 3Com r ecommends that you ba ck up your database r egularly , the fr eque ncy depen ding on how importan t your tr end data i s to the way you monito r your net w o r k. If you want to view a nd r eport on your weekly data, you should back up your data base once a week. If viewi ng and stori ng your tr end d[...]

  • Page 126

    126 A PPENDIX B: D ATABASE M ANAGEMENT U SING T R AFFIX C O NTROL P ANEL This dial og box also all ows you to select whether T raffix Man ager star ts automati cally every time yo u log on t o you r machine. Default DNS Domain Allows yo u to set a d efault DNS dom ain, if you wish to change the pr eviou sly co nf igur ed defaul t. Y ou can specify [...]

  • Page 127

    Upgrading Traffix Manager 2 .0 127 Deinstalli ng T r affix Mana ger 2.0 T o d einstall T raffix Ma nager 2.0 for NT : 1 Close T raff ix Mana ger and all rel ated proce sses. T o check which pr ocesses are running, ri ght-cl ick th e Windows NT T askbar and select T as k Man ager . Th e Appl icat ions a nd Processes ta bs contai n a list o f any a c[...]

  • Page 128

    128 A PPENDIX B: D ATABASE M ANAGEMENT U SING T R AFFIX C O NTROL P ANEL 1 T o displ ay a pr ogram gr oup, right -cli ck Start a nd sel ect Open All Users . Double -click a pr ogram entry to di splay the pr ogra m gro up. 2 Right-cl ick the control button in the top left cor ner of th e T raf fix Manag er pr ogram gr oup ti tle bar . 3 Fr om the dr[...]

  • Page 129

    C A GGR EGATING D EVICES This appe ndix des cribe s: ■ Overview ■ Defaul t Agg regation Overview Aggreg ation re duces th e amount of memory an d disk resour ces r equir ed by T raffix ™ Manage r by colla ting th e data coll ected fo r many device s into a single de vice. For example, in sites wher e there i s a lot of In ternet traf fic, som[...]

  • Page 130

    130 A PPENDIX C: A GGREGATING D EVICES Specif yin g an Aggregatio n Po lic y T o agg rega te de v ic e s on a par t icu la r ne twor k, it is nec e ss ary for the aggrega tor to be co n f ig u red for tha t net w ork . Th i s is don e by spe c ifyi ng an a ggr egation polic y . Once an agg r egation po licy has be en config ur e d, it onl y af f ec[...]

  • Page 131

    Default Aggregatio n 131 Select ing t he Defau lt Agg regation A ction The defau l t aggr egation act ion is the met ho d of aggreg atio n appli e d t o netwo rk d evi ces w hich hav e a DN S n ame, but w hich are no t cont ai ned withi n one of t he local DN S domai ns. Ther e ar e three de fault ag gr egation action s, f r o m which you can selec[...]

  • Page 132

    132 A PPENDIX C: A GGREGATING D EVICES If l ayer 2 above the n ame is select ed, t he d evice offi ce .acm e.co m is aggr egated i nto the device r epresent ing .com . If a netwo rk d evic e do es n ot h ave th e se lecte d la yer a bove the name, t hen the devi ce is aggr ega ted int o a device rep rese nting t he highest DNS layer possibl e. offi[...]

  • Page 133

    D U SING THE S UB NETS DB F ILE Using the Subnets DB File This faci lity al lows you to gro up the devi ces on your net work by subnet. Click Subnets Ed ito r in the T raffix ™ Contr ol Pan el to ed it the sub net defini tion file , whic h co ntai ns inform atio n ab out s ubnet groupin gs. T his file ca n be edit ed and re applied at any ti me. [...]

  • Page 134

    134 A PPENDIX D: U SING TH E S UBNETS DB F ILE Subnet masks must c omply wi th t he p rimary in ternet netwo rk cl ass typ es by coveri ng at a mi ni mum the part of the addr ess that r epr esents the network b its. In Ta b l e 1 8 , * is any numb er between 0 and 255. T able 18 Subnet Masks If a subne t mask spans mor e than one cl ass A/ B/C subn[...]

  • Page 135

    Using the S ubnetsD B File 135 4 If you al rea dy have devices showin g in the Map, r el oad the subn ets attribu tes us ing the Relo ad Attri butes d ialog box, wh ich you acces s from the Ed it menu in the mai n wind ow . 5 Cr e ate a subnets gr oupi ng. See “Pr edefined Gr oupings” on pag e 43 fo r inform atio n on how to c reate a site- spe[...]

  • Page 136

    136 A PPENDIX D: U SING TH E S UBNETS DB F ILE For exampl e, if t he Subn etsD B file w as to c ontai n the fol lowin g entries wi th the same subnet add r ess: Any device matchi ng both of th ese subnets woul d be placed in Gr oup 2, as this has 16 set bits in its subnet ma sk, wher eas Group 1 ha s only 8 set bits. ■ If a devi ce matche s two s[...]

  • Page 137

    E A UTOMAT IC A TTRIBUTE A SSIGNMENT This appe ndix des cribe s: ■ Overview ■ Cont ents of the U ser -def ined A ttribu tes Co nfig uratio n File ■ Perform ing A ttribut e Assign ment ■ Using th e file attrs Program ■ Using th e dbloo kup P rogram ■ Writin g you r o wn pro gram Overview Auto matic a ttribute a ssignmen t within T raffix[...]

  • Page 138

    138 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT By editi ng the u ser -defi ned attrib ute s configu ration file, you select wh ich programs are used to dete rmine attribu tes for o bjects. Y ou ca n use the standar d progr ams sup p lied, or you can cr eate your own cust om pr ograms. Ther e ar e two standard pro grams and one example pr ogram [...]

  • Page 139

    Contents of the User-defi ned Attribute s Config uratio n File 139 File F ormat Lines begi nning wi th # ar e comments and ar e ignor ed. All oth er li nes take the fo rm: <Name> <label> <filena me> <arguments> <flag> ■ <lab el> is u sed in the collecto r event logs to refer your attribu te look up pr ogram. Ot[...]

  • Page 140

    140 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT Perform ing Attrib ute Assign ment Attribute assign ment is ca rried ou t on any n ewly discove red devices. In addit ion, you can for ce a r ef r esh at any time by using the Reload Attrib utes di alog box. Refer to th e onli ne he lp f or the R elo ad Attri butes dialog box fo r more inform ation[...]

  • Page 141

    Using the fi leattrs Program 141 Confi guratio n Fi le Exa mpl e 2 T o as sig n us e r an d ope ra tin g sys te m info rm at io n to de vic e s ba s e d up on their ad dress: *KEY:2 *ATT:NL Type, NL Addre ss, User, O/S IP, 104.240.20.10, Joe Bloggs, Solaris 2.5 IP, 104.240.20.8, Joe Bloggs, Windows 95 IP, 104.240.20.13, Joh n Smith, Solaris 2.5 IP,[...]

  • Page 142

    142 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT The KEY attribute( s) for that device can b e any of th e attributes wh ich are assigned au t omati c al ly by T raf fix Manag er , for example, NL Addr ess and NL T yp e. Se e “Predefin e d Attr ibute s ” on pag e 40 for a list of attribute s which ar e automati cally assi gned by T raf fix Ma[...]

  • Page 143

    Using th e dblo okup Program 143 netwo rk-ty pe look up tabl es : for examp le, a data base cont aini ng only IP_1 and othe r_2 lookup-t ables i s vali d. For speci fic inf ormati on about A ccess or Excel lo okup-tables, see bel ow . Default V alues Device s may b e assign ed de fault values. If no full m atch was found for the current device, dbl[...]

  • Page 144

    144 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT Excel W o rksheet The lookup-tabl es are stor ed in Excel named-r anges. Loo kup named-ra nges can be stor ed on separate worksheet s or in the same worksheet . T o cre ate a named-rang e, simply sele ct the cel ls contain ing your data, select Insert/ Name/Def ine fr om the menu, supply a na me fo[...]

  • Page 145

    Writi ng your ow n pro gram 145 Then, when a device is di scover ed, dblo okup d oes t he fo llo wing: 1 dblo okup builds a SQL string wit h the devi ce’s key a ttribute s values and runs a query agai nst the da ta base to find a match . 2 If no m atc h is foun d, it waits for the next d evic e. 3 Otherwis e it takes the best match, that is to sa[...]

  • Page 146

    146 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT (ther e is one versio n in Visual Basic and one in C) : Figur e 19 Simple attribute lookup pr ocess in C while ( GetNextLookup( ) ) { if ( strcmp( GetAt tribute( "NL Type" ), "IP" ) == 0 ) SetAttribute( "New Device", "TRUE" ); } Figur e 20 Simple attribute lo[...]

  • Page 147

    Writi ng your ow n pro gram 147 an attri bute New Devi ce t o the value TR UE. NL T ype is a bu ilt-in attribute which is always set to the network type of a device. T his means that e very IP device is assi gned the a ttribute New Device with a value of TRUE. ■ Becaus e of the whil e lo op in the pr og r am, the prog ram keeps assigning a ttribu[...]

  • Page 148

    148 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT The C exa mpl es are locat ed in C:T ra nsc en d Tr affi x Mana gerTr affi xSer ver exam ples c and the Visual Basic examples ar e in C:Tra nsce nd T raff ix Mana gerTr affi xSer ver exam ples vb . Y ou should cop y one of these sampl es to your own dir ectory be for e modi fyin g it . Attr[...]

  • Page 149

    Writi ng your ow n pro gram 149 Other points t o no te abo ut user -def ined attr ibut e l ookup pr ograms: ■ If your pr ogram exit s pre maturel y , for exa mple, it crashes, then the T ra ff ix S ervic e stops . Ther efor e you must en sure th at y our pr ogram i s r eliable. ■ Y our prog ram must sta rtup wit hi n 30 secon ds. This mea ns t [...]

  • Page 150

    150 A PPENDIX E: A UTOMATIC A TTRIBUTE A SSIGNMENT attribu te loo kup programs which d epen d on t he N ame, NL T ype, NL Address, Ne twork or DNS a ttribute s. Run the pr ogra m AttrLooktest.exe in <ins talldi r>Tr affi xSer ver (thi s is not o n the Windows Start Menu). The pr ogram displa ys a dialog box whi ch allows y ou t o run an attri[...]

  • Page 151

    F S UPPORT ED RMON-2 D EVICES 3Com Age nts The curr ent list of 3 Com a gents i s a vailab le fr om the 3Com web sit e: http://www.3com.com/ne twork_management/probe_interop Using Fir mware versi on 4.17 , the agen ts support a ll RM ON-1 and RMON -2 gr oup s. V ersi on 4.1 0 o r later is ne ede d on th e si ngle p ort an d dual por t agen t s for [...]

  • Page 152

    152 A PPENDIX F: S UPPORTED RMON-2 D EVICES[...]

  • Page 153

    G C ONFIGU RING 3C OM S TAND ALONE RMON -2 A GENTS This appen d ix cont ai ns the following sect ions: ■ Downloa ding Firm ware to 3Com S t andalo ne Agen ts ■ Setti ng th e Op erati onal Mod e on 3Com Standa lone RMON - 2 Agent s Downloading Firmwar e to 3Com Standalo ne Ag ents Y ou should always run t he latest versio n of manageme nt soft w[...]

  • Page 154

    154 A PPENDIX G: C ON FI GURING 3C OM S TANDALONE RMON-2 A GENTS CAUTIO N: Down loadin g firmwa re to an agent ca uses the agent to col d restart. R efer to th e Fir mware U pgrad e docume ntatio n or your ag ent docu men tatio n for a de scrip tion of th e da ta l ost w hen an a gen t is col d restarted. The la test versio n of the Firmwa re Upgra[...]

  • Page 155

    Setting the Ope ration al Mo de on 3Com Stan dalone RMON-2 Agents 155 ■ T raffix Mode Sets appropriate table size s on the device fo r use wi th T raffix Man age r. ■ Of f Disables RMON- 2. With RMON-2 disabled you can downl oad Smart Agent ® software to the device. If you di sable RMON- 2 on an agen t which suppo r ts both RMON standar ds, RM[...]

  • Page 156

    156 A PPENDIX G: C ON FI GURING 3C OM S TANDALONE RMON-2 A GENTS[...]

  • Page 157

    H DHCP This appen d ix contains t he follo wing secti ons: ■ How T raf fix Manager Monitors DHC P Devices ■ What Effect Do DH CP D evices Have O n The Map? How T raffix Manage r Mo ni to rs DHCP Devices T raffix ™ Manag er norma lly uses th e Network Layer Add r ess (for e xample, IP addr ess, IPX addr ess) as the uniqu e way to identi fy obj[...]

  • Page 158

    158 C HAPTER H: DHCP (with the old MAC a ddress ) will also remai n on the M ap. There w ill ther efore be two devices on the M ap wit h t he same IP add re ss, althoug h with different MAC addresses. Any conver sation data retrieve d for this IP addr ess is subse quent ly assigned t o t he new devi ce. This continue s until the next ti me T raffix[...]

  • Page 159

    I U SING RMON-1 A GENTS Monito ring Network Segm ents Using RMON-1 Agents Many sit es (particular ly in a switch ed envir onment) have large numbers of networ k segme nts, and it may be to o exp ensive to monitor al l segments with RMON- 2 agents . Y ou can use any ex isting embedded RM ON-1 only devices (h ubs, switches, r outers etc.) instead , t[...]

  • Page 160

    160 A PPENDIX I: U SING RMON-1 A GENTS[...]

  • Page 161

    J RMON AND SNMP T ABLES R ETRIEVAL This ap pen dix lists the SN MP tab les r etrieved by T raf fix ™ Mana ger . Refer to the f ollow ing UR Ls for de scription s of R MON tab les: ■ RMON-1 Requ est for Co mment : http://www.it.kth.se/d ocs/rfc/rfcs/rfc1757.txt ■ RMON-2 Requ est for Co mment : http://www.it.kth.se/d ocs/rfc/rfcs/rfc2021.txt ?[...]

  • Page 162

    162 A PPENDIX J: RMON AND SNM P T ABLES R ETRIEVAL RMON-2 prot oDis t no For protocol di stribution (repo rts only) RMON-2 addre ssMap no Network Layer to MAC address mappi ng RMON-2 alMatrixTopN / alMatrix / nlMatrixTop N / nlMa trix At least on e must be suppor ted for RMON-2 data RMON-2 conversation traffic T able 24 SNMP T ables Used By T raf f[...]

  • Page 163

    K T ECHNICAL S UPPORT 3Com ® provides easy access to technical support in fo rm atio n through a vari et y of servi ces. Thi s appendi x describes these ser vices. Informati on cont ained in t his append ix is cor rect at time of publica tion. For the mos t r ecent information , 3Co m r ecommends that you access the 3Com Corpora tion W orld Wide W[...]

  • Page 164

    164 A PPENDIX K: T ECHNICAL S UPPORT 3Com F TP Site Downlo ad drive rs, pat ches, so ftware, and M IBs across the Int er net from the 3Com pu blic F TP site. T his servic e is ava ilable 2 4 hours a day , 7 days a week. T o conn ect to the 3C om F TP sit e, ente r the fol low in g info rm at io n in to your F TP client: ■ Hostname: ftp.3com .com [...]

  • Page 165

    Support from Your Netw ork Supp lie r 165 Acce ss by Digi tal Mode m ISDN use rs can dia l in to the 3Com BB S usin g a di gital modem f or fa st access up to 64 Kbps. T o access the 3Com BBS usin g ISDN, cal l the follow ing numb er: 1 847 26 2 600 0 3Com F acts Automated Fax Service The 3Com Facts automa ted fax servi ce pr ovides technica l arti[...]

  • Page 166

    166 A PPENDIX K: T ECHNICAL S UPPORT When you contact 3Com for assista nce, have the fol lowing i nformatio n r eady: ■ Pr oduct model na me, part number , and seria l number ■ A list of system hard ware an d software , including r evi sion levels ■ Diagnostic err o r messages ■ Detai ls ab out r ecent config uratio n change s, if applicabl[...]

  • Page 167

    Returning Products fo r Repair 167 Retur n in g Produc ts for Rep air B e f or e you send a pr oduct di re ctly to 3Com for r epair , you must fir st obtai n an authoriz at ion nu mber . Pro ducts sen t to 3Com wi thout author izat ion nu mbers will be r eturned to the sender unopene d, at the send e r’ s ex p e nse . T o obtai n an au thori zati[...]

  • Page 168

    [...]

  • Page 169

    G LOSSARY agen t A standal o ne or embed ded so ur ce of RMON-1 or RM ON-2 da ta. aggrega tion The pro cess of add ing the data f ro m multipl e devices in the same domain, and r epresenti ng those devi ces as a simple “aggr egated” device. Used to limit database growth. applic ation As use d in T raffix ™ Ma nag er , this is a group ing o f [...]

  • Page 170

    170 G L OSSARY bit Either of t he digit s 0 or 1 when used i n the binar y numerat ion system. Eight bits e qua ls a sing le byte. broadca st All g ood frame s destined fo r the broadcast a ddress, in other w ords sent out to all sta tion s on the netwo rk. Som e broadcasts are limi ted to the local network, an d some br oadcasts may c r oss on to [...]

  • Page 171

    G LOSSARY 171 of the destinat ion IP addr ess, the station sends the message to the destin ation st ation. Due to th e stati c natu re of DNS, it c an only be used when networ k stati ons have sta tic IP addr esses obtained thr ough manu al co nfig urati on, BO OTP or DHC P in stat ic mo de. doma in Part o f the nami ng hie rar chy used on t he Int[...]

  • Page 172

    172 G L OSSARY IP (n etwork) address In ter net Protocol a ddress. A unique i dentifie r for a devi ce attach ed to a network using TCP/I P . The address is written as fo ur octets separa ted with fu ll- stops ( periods) , and is mad e up of a netw ork pa rt, id entif ying which network the dev i ce r esides on, and a host pa rt, ident ifyin g indi[...]

  • Page 173

    G LOSSARY 173 OSI Open Systems Inter connection, a body of standard s set by the Inter natio nal S tanda r ds Orga nizatio n to d efine the ac tivities that m ust occur when computer s communica te. The OSI Ref er ence Model is a 7-laye r framewor k within whi ch communications pr otocols an d standar ds have been define d. pac ket A unit of inform[...]

  • Page 174

    174 G L OSSARY separate d by period s. Devices and routers use the mask to id entify the subnet on which a device r esides. switc h A device which fil ters, for war ds and flood s packets based on the packet’ s destinat ion addr ess. The swi tch lea rns the addr esses associated with eac h switch p ort and b uilds table s based on this in formati[...]

  • Page 175

    I NDEX Numbers 3Com Bull eti n Bo ard Se rv ice ( 3Com BB S) 16 4 3Com K now ledg eba se Web Serv ices 163 3Com URL 163 3ComF acts 1 65 A Access tabl es dblo okup pr ogram 143 ackn owledg ing even ts 85 activity r eports 89, 99 ad hoc re ports 90, 94 Add Agents dialog box 53 adding agent s 53 connec tio ns be twee n obje cts 60 connections to and f[...]

  • Page 176

    176 I NDEX B Bulletin Board Se rvice 164 C client acces s leve ls 50 admi nist rat or acc ess 50 descripti on 37 launching a fter the first ti me 49 launching for the first time 26 re ad- only user 50 runn ing mul tiple clie nts agai ns t a si ngl e server 50 cold restart losing data 154 colle cti ng da ta addi ng agents 53 disabl ing ag ents 52 ed[...]

  • Page 177

    I NDEX 177 network sweep attacks 73 new devi ces on your n etw ork 73 unauthori zed machine access 73 devi ce a cti vit y r epor t contents 101 devi ce a ggr egation default a ggregati on ac tion 131 local do main speci fication 130 local do mains 130 overvi ew 23, 64 setting m aximu m dev ice lim it 132 speci fying a ggrega tion policy 130 devi ce[...]

  • Page 178

    178 I NDEX exce pting de vices o r conne ction s fr om rul es 85 filt er ing 8 3 forwardi ng as SNMP tr aps 86 generati ng 20, 36 ignori ng devi ces or c onnec tions 85 modifyi ng 85 monitorin g critical conne ctions 75 monito ring crit ical devices 74 monitorin g long term tre nds 77 monitorin g network r esour ce usage 74 monitorin g network tr e[...]

  • Page 179

    I NDEX 179 HTML can’ t find HTML fil es? 117 inde x fi le 94, 9 5 lifetime of files 96 re port dir ectory , moving an d linkin g to 94, 95 serving di re ctory to W eb server 94, 95 tro ublesho oting 117 viewin g report ou tput 95 I interface types supporte d 51, 151 invalid IP addre sses 53 IP addresses default gateway device 170 DNS doma ins 13 [...]

  • Page 180

    180 I NDEX detect ing u nautho rized mac hine a cce ss 73 general rules 78 network supplie r support 165 network traf fic typical 36 network traf fic rules conf igur ing e ve nts 71 monitorin g critical conne ctions 75 monito ring crit ical devices 74 monitorin g long term tre nds 77 monitorin g network r esour ce usage 74 monitorin g network tr en[...]

  • Page 181

    I NDEX 181 report d i r ectory linking to HTML reports 94, 95 report f o rmats 9 6 report i nstances overv iew 9 3 Rep ort Mana ge r 92 displa ying i nforma tion ab out output stat us 92 displa ying i nforma tion ab out raw data 92 displaying information abo ut r eport instances 92 interpr e ting raw data and HTML output 94 interpr e ting su mmary [...]

  • Page 182

    182 I NDEX RMON-2 S tandar d mode descripti on 154 setting 54 RMON-2 T raf fix m ode descripti on 154 setting 54 rules. See events runn ing mul tiple clie nts agai ns t a si ngl e se rver 50 S scenari os re porting 97 schedul i ng r eports 90, 92, 94 sear chi ng for ob jects i n the main wi ndow 59 security conf igur ing e ve nts 71 detecti ng netw[...]

  • Page 183

    I NDEX 183 T r affix Mana ger assigning attrib u tes automatica lly 137 databas e ma nagem ent 121 to 126 featur es 20 getting started 19, 23 how it works 21 how to us e the docu ment atio n 11 launching after the first tim e 49 launching for the first ti me 25 launchi ng with no data collected 52 main windo w 27, 28 menu opti ons 29 monitoring DHC[...]

  • Page 184

    184 I NDEX[...]

  • Page 185

    3Com Corporation L IMIT ED W ARRANTY T ranscend ® Tr a f f i x ™ Manage r 3.0 for Windows NT ® S OFTWA RE 3Com warrants that each softwar e program licensed from it will perform in substantial con formance to its program speci fications , for a period o f ninet y (90) day s from the da te of purc hase from 3C om or its auth ori zed rese ller. 3[...]

  • Page 186

    THE ALLEGED DEFECT OR MALFUNCTION IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO OPEN, R EPAIR OR MODIFY THE PRODUCT , OR ANY OTHER CAUSE BEY OND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OTHER HAZARDS, OR ACTS OF G[...]