Finisar Surveyor manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Finisar Surveyor, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Finisar Surveyor one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Finisar Surveyor. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Finisar Surveyor should contain:
- informations concerning technical data of Finisar Surveyor
- name of the manufacturer and a year of construction of the Finisar Surveyor item
- rules of operation, control and maintenance of the Finisar Surveyor item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Finisar Surveyor alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Finisar Surveyor, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Finisar service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Finisar Surveyor.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Finisar Surveyor item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Surveyor User ’ s Guide[...]

  • Page 2

    Survey or User ’s Guide ii T rademarks and Copyright s Finisar , Surveyor, THGm, THGs , THGsE, THGnote book, TH Gp, Century 1 2-Tap, 12 -Tap, Cen tury Tap, Packet Blas ter plu g-in, Remote plug-in , Expe rt plug- in, Mu lti- QoS plug- in, an d Century Tool Kit a re tra de- marks of Finisar Corporation. W indows NT, Windows XP, Windows 2000, Micro[...]

  • Page 3

    Survey or User ’s Guide iii Restricted Right s Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (c)(l)(lI) of the Rights in Technical Data and Compu ter Software clause at DOD FAR 52.227-7013 Finisa r 1389 M o ffett Pa rk Drive Sunnyv ale CA 94089 Limited Sof tware W arranty A Finisar[...]

  • Page 4

    Survey or User ’s Guide iv About This Gui de This gui de provide s descrip tions of t he software components, f eatures , and capabi lities of the Surv eyor product, Rele ase 5.0. It also cont ains deta iled tut orials and examples that wil l enable y ou to inst all, conf igure, and run th e Surveyor s oftware. On-lin e Help System W e have incl [...]

  • Page 5

    v T able of Contents Chapter Page 1 Introduction .. ....... ......... ......... ....... ........... .......... ....... ......... ......... ... 1-1 Surveyor Functions ....................... .................................... .......................... 1-2 Analyzer Devices .......................... .................................... ...........[...]

  • Page 6

    vi Survey or User ’s Guide Detail View Toolbar ............. .......................... .......................... ........... 3-8 Data View s Toolbar ............. .......................... .......................... ........... 3-10 Filter D esign Toolbar ..... .......................... ......................... .................. 3-13 Filter[...]

  • Page 7

    vii Contents (conti nued) Advanced Configur ation ...... ........................... .................................... ......... 4-20 survey or.ini File................ .......................... ......................... ....... 4-20 Customizing Expert Diagnos tic I nformation .......... .......................... 4-20 Assigning Name s to Proto[...]

  • Page 8

    viii Survey or User ’s Guide Network La y er Matri x View ......................... .......................... ........... 6-30 Application La yer Matrix View ............... ......................... .................. 6-31 VLAN View ..................... .......................... ......................... .................. 6-33 Address Mappin[...]

  • Page 9

    ix Contents (conti nued) Stream Mode s ....... .......................... .......................... .......................... 8-7 Bursts ....... .......................... .......................... .......................... ............. 8-7 Transmiss ion Mode............ .......................... .......................... ............. 8-8 S[...]

  • Page 10

    x Survey or User ’s Guide Expert Diagnost ic Messages ............................. .................. ......................... 10-15 Working with the Exper t System ............. .................................... ................ 10-16 Configuring the Ex pe rt Sys tem ....... .......................... ........................ 10-16 Module S[...]

  • Page 11

    xi Contents (conti nued) TCP Retra nsmissions ..................... .......................... .......................... 10-51 TCP RST Packets.. .......................... .......................... .......................... 10-5 2 TCP SYN Atta ck ................ .......................... .......................... ............. 10-53 TCP Windo[...]

  • Page 12

    xii Survey or User ’s Guide RIP Broadcasts.. ................... .......................... .......................... ........... 10-95 Router Storm ........... .......................... .......................... ........................ 10-96 Same Networ k Addresses .... .......................... .......................... ........... 10-97 [...]

  • Page 13

    xiii Contents (conti nued) Field Descript ions for Call Range Summaries .. ......................... ....... 11-1 5 VQMon Metrics ............................ .................. ........................... .................. 11-16 Utilization Grap h ................. ........................... ............................................. 11-19 Fi[...]

  • Page 14

    xiv Survey or User ’s Guide A Imple mentati on Profil e .. ......... ......... ......... ........ ....... ......... ......... ... A-1 Buffers ................. ........................... ........................... .................................. A-1 How Resources Use Buffers ............................. .................. ..................[...]

  • Page 15

    xv List of Figures Figure Page 5-1. Remote Host Connecti ons ..................... .................................... ...................... 5-3 5-2. Host Proper ties Dialog Box f or Establishing an Alias ................................ .... 5-4 6-1. Histogram Display and Button Contr ols ................. ........................... ...........[...]

  • Page 16

    xvi Survey or User ’s Guide 9-10. Alarm Exampl e, Expert and Applic ation Res ponse ................... .................. ... 9-19 10-1. Expert Overview Ex ample ............. .................. ........................... .................. ... 10-3 10-2. Expert Overvi ew Detail Table Ex ample .......... ........................... ............[...]

  • Page 17

    xvii List of T ables Ta b l e Page 1-1. Surveyor Functions .............. ........................... ........................... ..................... 1-2 1-2. Surveyor Optio nal Software Modu les and Their Func tions ...... .................. ... 1-3 1-3. Finisar Analyzer Devices ..... ........................... .................. ..............[...]

  • Page 18

    xviii Survey or User ’s Guide 6-5. Packet Editor Bu ttons ..................... ........................... ........................... .......... 6-17 6-6. Frame Size Dis tribution V iew , Frame Size St atistics ........................... .......... 6-21 6-7. Protocol Dis tribution V iew , Chart Buttons - P rotocols.............................[...]

  • Page 19

    xix Ta bl e s (continued) 1 1-7. SCCP Call Field Descri ptions ................................. ........................... ............ 11- 21 1 1-8. H.323 Call Field Descr iptions ................................. .................. ..................... 11-22 1 1-9. SIP Call Field Descr iptions ..................................... ............[...]

  • Page 20

    xx Survey or User ’s Guide D-8. Parser Names, IBM Suite.................................. .................. ........................... . D -4 D-9. Parser Names, Internet Suite ........... .................................... ........................... . D -4 D-10. Parser Names, Internet Next Generation Su ite .......... .................. ....[...]

  • Page 21

    1-1 Chapter 1 1 Introduction Finisar is the tec hnology le ader in providing LAN an d SAN analysis tools. Fi nisar' s fully d istribu ted, fu ll-lin e-rate p erformance network analysis products monitor , measure, an alyze, and trouble shoot 10/10 0/1000 Ether net and V oIP . These products deliver unrival ed scalab ility , performance , accur[...]

  • Page 22

    1-2 Survey or User ’s Guide Surveyor 's use r interfac e provides both a comprehensi ve view of t he netw ork as well as the abili ty to eas ily dri ll down to a spe cific ne twork segment. Surveyor 's main window p rovides a single, us er- defined v iew for each of the segmen ts being mon itored. T he user d eterm ines what inform atio[...]

  • Page 23

    1-3 Introducti on Surv eyor Fu nctio ns 1 Log Record cou nter inform ation. Surv eyor enab les you to capture all byte, fra m e , and error coun ter values c ompiled du ring the capt ure or transmi ssion of dat a. Monit or Real-tim e views f or dat a seen o n a ne twork segm ent. Th e data can be viewed in numero us ways a nd from di fferen t persp[...]

  • Page 24

    1-4 Survey or User ’s Guide Analyz er Device s The full power of Sur veyor is realized throu gh optiona l hardware analyzer cards avail able f rom Fini sar. An alyzer cards fr om Finis ar are i nstalle d in a PC , a noteb ook PC, or in a separate analyzer device. The ta ble below provide s a brief summar y of the Fini sar anal yzer devi ces used [...]

  • Page 25

    1-5 Introducti on Protocols Supp orted 1 T able 1-4. Protocols Suppo rted in Surve yor MAC Layer TCP/IP Suite TCP/IP Suite (Cont.) TCP/IP Suite (Cont.) IEEE 802.2 (LL C) ARP Ident RPC IEEE 802.3 ASF-RMCP iFCP RTSP Ethernet II BGP (V ersion 4) IGMP SGCP IEEE 802.5 BOOTP IMAP SLP Loopback CharGen IMSP IP SMTP MAC Control Frame DHCP iSCSI SNMP (v1, v2[...]

  • Page 26

    1-6 Survey or User ’s Guide Oracle Suite IPX/SPX Suite (con t.) LOA Banyan V ines Suite TNS (TCP/IP only) NetBOIS LOA V ARP SQLNET NLSP VICP AppleT alk Phase2 Packet Burst VIP AARP SAP VIPC ADSP Seri alization Syb ase Suite VRPC AEP SPX TDS (TCP/IP o nly) VRTP AFP SPX II VSPP ASP W atchdog Fujit su Suite AT P DECnet Phas e IV FNA AURP CTERM LNDFC[...]

  • Page 27

    1-7 Introducti on Protocols Supp orted 1 T able 1-5. Supported Mult i-Media Protocols IBM ISO Intel MPLS NetBEUI CLNP MTP2 CR-LDP NetBIOS CONP MTP3 RSVP-TE ESIS R TSP ISIS T CAP ISO Multi-Media ITU H.323 IETF Cisco Codec ASN.1 H.248 / Megaco RUDP CellB GK DISC MGCP SCCP G .71 1 H.225.0 R TCP SSP G .721 H.245 R TP G .722 H.323v4 R TSP G .723 H.450.1[...]

  • Page 28

    1-8 Survey or User ’s Guide What's Ne w in Release 5. 0 A synopsis of what's new in Surve yor 5.0 is prov ided below . Capture to Disk and THGsE Analyzer Support Surveyor now supports streamin g lar ge amounts of data t o disk. A new ha rdware analyze r , named THGsE, has bee n developed to make str eaming of c apture data t o disk pos [...]

  • Page 29

    1-9 Introducti on What's New in Rele ase 5.0 1 Expande d Mult i-QoS S upport The Multi-Qo S software has been expand ed to recognize a broader r ange of V oIP calls.Thi s include s call forma ts used by A vaya and Alcatel . Multi- QoS now has the capabi lities to build the call table withou t signali ng information. Such calls are l isted with[...]

  • Page 30

    1-10 Survey or User ’s Guide[...]

  • Page 31

    2-1 Chapter 2 2 Installation System Re quiremen ts The syste m requirements fo r installing a nd running the Surveyo r softwar e are shown in t he table below . *The am ount of memor y and processor speed requir ed depends on the size of a capture file opened fo r viewing/anal ysis. Surv eyor contains a uti lity to break up large c apture files i f[...]

  • Page 32

    2-2 Survey or User ’s Guide See the Re adme file f or the l atest in formation on supported anal yzers and adapters for Surveyor 5.0. Upgr ading S urvey or If you ha ve a previ ous versi on of Survey or, insta ll versi on 5.0 into the same direct ory as th e previou s version. Do not save old er ver sions of th e softwa re on your syste m. The fo[...]

  • Page 33

    2-3 Installation Insta l l ing Survey or 2 Installing Sur veyor Begin by ins tallin g any local hardware a nalyzer c ards and/ or adapte r card s. Hardware ana l y zer cards are packa ged separately from the Sur veyor software. Mul tiple ca rds may b e instal led in a s ingle P C. If you n eed infor mation on PC ca r d install ation, see the f ollo[...]

  • Page 34

    2-4 Survey or User ’s Guide Instal ling Analyzer Hardwar e The sect ions below provi de inst allatio n informat ion for the Fini sar anal yzer cards in dif ferent hardware a nd softwar e environmen ts. Inst alling Analyzer Har dware in a Des ktop PC Finisar off ers an ana lyzer ca rd that can be instal led in a desktop PC. For PCI bus expansi on [...]

  • Page 35

    2-5 Installation Inst alling Analyzer H ardware 2 2. Instal l the THGm card in yo ur syst em. This requires o pening t he c ase of your computer , insertin g the card in an availabl e PCI slo t, and cl osing t he cas e of your comput er . Refe r to the THGm Har dwar e Installat ion Guide and y our computer’ s documentat ion for instruc t i ons. 3[...]

  • Page 36

    2-6 Survey or User ’s Guide • The Ethernet card uses a CardBus i nterface . • Separat e instal lation i nstruct ions are p rovide d for Windows N T. Install ation of the Ethe rnet anal yzer card in a notebook PC runnin g Windows NT requires Card Wizard V5 .00.10. • Installa tion requir es the Sur veyor CDROM and ma y require the Windows CDR[...]

  • Page 37

    2-7 Installation Inst alling Analyzer H ardware 2 8. I nsert the Surveyo r CD in the CDR OM driv e. 9. E nter the path of th e Ethernet Driver di rector y ( <CDROM-d rive-le tter>driv ers ) on the Su rveyor CDROM a nd click OK . 10. The Select OEM Option windo w will appear . Select t he “Fi nis ar 10/ 100 Ethe rnet Car dBus Ad apter Pl ug[...]

  • Page 38

    2-8 Survey or User ’s Guide 5. T o update t he devi ce drive r , click wit h the r ight mouse on My Network Pl aces . Select Prop erties from the men u. 6. D ouble-c lick on Local Area Connecti on . The Ra core dev ice dri ver should appea r in the Connect box. 7. P ress Con figur e and th en select the Device Dr iver tab. 8. P ress Up date Drive[...]

  • Page 39

    2-9 Installation Comp atibility Matri x 2 Compa tibili ty Matrix T able 2-3. Hardware/Sof tware Comp atibility Matrix Finisar THGm Portable Surveyor 10 / 100 Ethernet Analy zer Card Ethernet, NDIS (3rd p arty) Desktop, Win NT Ye s - - - Ye s Desktop, Win 2000 Ye s - - - Ye s Desktop, Win XP Ye s - - - Ye s Notebo ok, Win NT --- Y es Y es Notebo ok,[...]

  • Page 40

    2-10 Survey or User ’s Guide[...]

  • Page 41

    3-1 Chapter 3 3 Getting S tarted The Su rveyor Sys tem A complete Surveyor s ystem consi sts of Survey or software and a t least one Fi nisar distri buted net QoS system, an alyzer ca rd, or NDI S-compati ble Ethern et adapte r . Multip le devi ces can be install ed in the local hos t PC. W ith the Remote p lug-in you have ac cess to ot her PCs con[...]

  • Page 42

    3-2 Survey or User ’s Guide each por t on which yo u have installe d a THGm analyze r card. Do not s e le ct ports for oth er devices. Clic k OK . Use the Local Port s for Switching T aps tab in th e dialog b ox to tell Surveyor which loc al COM port is atta ched to th e tap devi ce. Click t he check bo x opposit e the corr ect port number . Y ou[...]

  • Page 43

    3-3 Getting S tarted Basi c Navi gation Tip s 3 5. THGm anal yzer car ds have two int erfaces , RJ45 for 10/ 100 copper wire and a G-BIC for 100 0 Mbps fiber optic. If you selec ted a THGm, you may need to change the in terface. From the Modul e menu, choose In terface . On Board RJ45 select s the bi direct ional 1 0/100 BASE-T port . The defa ult [...]

  • Page 44

    3-4 Survey or User ’s Guide Y ou can also a ccess Capt ure V iew from Summary V iew to vie w a Capture f ile. From Summary V iew , click t he button i n the Sur veyor to olbar . The conte nts of the C apture f ile are d isplaye d in the C aptur e View window . Y ou’ll noti ce that many of the s ame functi ons can be p erformed from the d iff er[...]

  • Page 45

    3-5 Getting S tarted Basi c Navi gation Tip s 3 • If you have th e Expert pl ug-in, use the button i n Detail View t o bring up the exper t views. • If you have th e Multi-QoS p lug-in, us e the button in Detail View to bri ng up the char ts and ta bles for Voice over IP and Multi media prot ocols. • If you are ru nning Packe t Blaster pl ug-[...]

  • Page 46

    3-6 Survey or User ’s Guide Buttons and T o olbars Surveyor T oolbar Open button Opens a fi le, typi cally a capture file ( .CAP ). A dialog b ox displays showin g all file s with exten sion .CAP in th e curre nt dire ctory . Fr om the Summary V iewer , select ing a capt ure fil e to open will bri ng up Captur e Vi e w. Save butt on Saves the cur[...]

  • Page 47

    3-7 Getting S tarted Buttons a nd T oolbars 3 Capture Mode b utton Places th e currently sel ected re source in capture mod e. This button is gray if the resour ce is currentl y active (star ted). Monitor Mode button Activate s the monit or functi ons for t he current ly se lected r esource. I f the resou rce does no t support monitor ing funct ion[...]

  • Page 48

    3-8 Survey or User ’s Guide Detail View T ool bar Save butt on Saves the curr ent conten ts of the capture b uff er to a file. A di alog box display s, allowin g you to sel ect the f ile name a nd director y . Print bu tton Prints the contents of the cur rent vie w . Start bu tton S tarts a modul e. The module captures or transmi ts packets, d e [...]

  • Page 49

    3-9 Getting S tarted Buttons a nd T oolbars 3 Capture Fi lter but ton Display t he Capt ure Filte r window . The window di splays a p reviously opened fil ter or t he defaul t filt er . Load Filte r button Brings up a dialog box to select a saved c apture fi lter ( .CFD extensio n). If a ca pture fi lter is opened , that fi lter is applied to t he [...]

  • Page 50

    3-10 Survey or User ’s Guide Dat a Views T oolbar (Expert and Mult i-QoS butt ons) Ring S tatistics V iew button (T oken Ring Only ) Brings up table s showing i nformation about the rings and the ri ng stati ons detect ed on the n etwork. This button is avail able for T oken Ring adapt ers only . MAC St atisti cs V iew button Brings up MAC St ati[...]

  • Page 51

    3-1 1 Getting S tarted Buttons a nd T oolbars 3 Host T able V iew button Selects Ho st T able V iew for viewi ng informa tion. Y ou can see M AC station s and th eir asso ciated t raf fic in this vi ew . Network Layer Host T able V iew button Selects Ne twork Layer Host T able V iew for vie wing infor mation. Y ou can see net work ( IP/IPX) stat io[...]

  • Page 52

    3-12 Survey or User ’s Guide Refre sh bu tton Update the info rmatio n in al l open vie w s . Duplicat e Address Bu tton (Expe rt plug-i n only) Brings up a table s howing all duplicate I P and IPX a ddresses . The duplica te network and MAC addresses a ssociat ed each dupl icate ar e display ed. Expert V iew Butt on (Expert plug-in o nly) Brings[...]

  • Page 53

    3-13 Getting S tarted Buttons a nd T oolbars 3 Filter Des ign T oolbar Create Fil ter but ton Creates a new filte r . The defa ult window appea r s for the Filter Desi gn window . Open Filte r button Opens a fil ter . A dia log box dis plays to s elect t he file. Ca pture filt ers are desi gnated wit h an extens ion of .C FD fi les and di splay fi [...]

  • Page 54

    3-14 Survey or User ’s Guide are desi gnated wit h an ex tension of .CFD files an d displa y filter s with an exten sion of .D FD . Save Filter bu tton Saves the curr ent conten ts of the Filt er St ates Design wi ndow to a file . A dialog b ox display s to speci fy th e file name and directo ry . Capture filte rs are sa ved as .C FD file s and d[...]

  • Page 55

    3-15 Getting S tarted Buttons a nd T oolbars 3 Capture V iew T oolbar Open File bu tton Opens a capt ure fil e ( .CAP ). A dialog box wi ll displ ay showing the current director y with all files with extensio n .CAP . Save File b utton Saves the c urrent c ontents of this vi ew to a file. Search Box Use the box t o specif y an ASCII te xt stri ng f[...]

  • Page 56

    3-16 Survey or User ’s Guide Resume Load bu tton Capture f iles are l oaded to Cap t ur e V iew as a backgr ound proces s. Pressin g this but ton re sumes the ba ckground pr ocess. Go T o T rigger but ton Pressin g this bu tton moves you to the line in the capture file that was set as the t rigger p osition. I f no tri gger posi tion is s et, thi[...]

  • Page 57

    3-17 Getting S tarted Buttons a nd T oolbars 3 Host Matr ix V iew butto n Selects Ho st Matr ix V iew for viewi ng capture d informat ion. Y ou can see all c onversat ions betwee n MAC stations in th is view . Network Layer Matrix V iew button Selects Network Layer Matrix V iew for vi ewing capt ured info rmation. Y ou can see all network c onversa[...]

  • Page 58

    3-18 Survey or User ’s Guide File Formats The foll owing file format s are sup ported in Surv eyor: .HST Extens ion – Capture Files File ext ension f or captur e data fi les. The .HST f ile contai ns formatt ing infor mation and a li st of .CAP files t hat conta in the act ual capture data. All new capt ures made by Surveyo r are sav ed as .HST[...]

  • Page 59

    3-19 Getting S tarted Providin g a Name T able to Survey or 3 Prov iding a Name T able t o Surv eyor A default name table file, ho sts.nam , is inclu ded with the soft ware. Sur veyor boots usi ng this de fault na me table. I f you wish to change the star t up defa ult name table, you must edi t the su rveyor .ini f ile by fo llowing these instruc [...]

  • Page 60

    3-20 Survey or User ’s Guide Estab lishi ng Lin ks for THGm The THGm is of ten co nnected t o a device that ca nnot auto negotiate the connectio n, such as whe n monito ring/analyz ing a c onnection through a t ap device . The device will aut omaticall y go through a s equence of at tempts to di sable aut o negoti ation and establ ish a lin k wit[...]

  • Page 61

    4-1 Chapter 4 4 Configuring Surveyor Configur ing the Interf ace In Surveyo r, you can contr ol the appea rance of windo ws, the primar y monitor view , the appe arance of tables a nd charts, and the colors of decode di splays. The followi ng sectio ns descri be how to set up the interf ace to bes t meet your needs. Customizing V iews and Windows T[...]

  • Page 62

    4-2 Survey or User ’s Guide complete ly close a d ocking window . If yo u close a doc king window , use th e options from the View menu to get t he window back. Y ou can extract any docking wi ndow from the Summar y V i ew window and make i t a stand-a lone window . If you turn of f docking using the righ t mouse func tions, the window will not d[...]

  • Page 63

    4-3 Configuring Surve yor Config uring the Interfac e 4 Use the middl e port ion of th e dialog b ox to set u p the disp lay of the Summa ry column. The Su mmary col umn will always displa y . Howe ver , this field can just give a ver y limited synopsis o f protoco l activity or provide complete d etails a bout the prot ocols u sed in the packet. C[...]

  • Page 64

    4-4 Survey or User ’s Guide Use the bo ttom porti on of the dialog box t o set th e point from whi ch Surveyor will measure t ime when cal culating and displ aying the e lapsed t ime stamp of each packet. Set “ti me-zer o” for capture in the Elap sed T ime Set Mark Optio n portion of the D isp lay Options di alog box. The default option is Mo[...]

  • Page 65

    4-5 Configuring Surve yor Config uring the Interfac e 4 Setting Hist ogram Zoom Factor Set the Zoo m F actor cha nges the numbe r of data points t hat remain in the upper zoom window wh en pressing t he zoom butt on. The range for the Z oom Factor i s between 80 a nd 99, with a defaul t of 80. I ncreasing the value for the Zo om Factor will narr ow[...]

  • Page 66

    4-6 Survey or User ’s Guide Configuring Chart Views Protocol distr ibution v iew and f rame size distri bution vi ew can be customized using buttons within th e chart. The type o f i nformatio n in some cha rt views c an be customiz ed usin g the proc edures bel ow . Charts gr aph the “t op ten” s tations o r convers ations ba sed on a byt e [...]

  • Page 67

    4-7 Configuring Surve yor Module Settings (Pro perties) 4 Module S etting s (Pro perti es) Module se ttings c onfigure options f or the cap ture, monit or , and transmi t functions of device s. T o configur e modules, s elect Module Set tings... from the Configuratio n menu. T abs appea r that app ly to the currently a ctive dev ice type; a tab wil[...]

  • Page 68

    4-8 Survey or User ’s Guide Module set tings ar e described i n the subs ections b elow . Default v alues for Module Settin gs are shown in T able 4-4: Buffer Size Portabl e Surveyor 10/100 Etherne t Ana lyzer Car d and NDIS car ds require t hat a capture buffe r size be set. The buf fer size is the amount of system memory that will be used t o s[...]

  • Page 69

    4-9 Configuring Surve yor Module Settings (Pro perties) 4 For THGm modules, t he defaul t is no pa cket slici ng (full packet le ngth). For THGm, the slic ing size mus t be 64 byt es or g reater and pa cket sli cing of 12 8 bytes is not sup ported fo r 1Gbps Et hernet. For Portabl e Surveyor 10 /100 Ethernet Analy zer Cards, and NDIS cards , the de[...]

  • Page 70

    4-10 Survey or User ’s Guide will be listed i n the Appli cation T a bl es as in t he follo wing example: UDP no n- WKP:46 20 This fea ture on ly af fects the table s or ch arts tha t displa y TCP/UDP port nu m b ers. The display is affected for mo nitor views only of local modules. If you want to displ ay port n umbers and na me the por ts in th[...]

  • Page 71

    4-1 1 Configuring Surve yor System Sett ings 4 2. A dialog b ox appear s showing t he ports within t he loca l system. Ch eck the b ox of only those por ts you wa nt Su rv eyor to sc an for an anal yzer ca rd. 3. C lick the OK but ton. Configuring Remote Communication s The remote s erver pro tocol (RSP) is used to c ontrol the inte rface fo r conn[...]

  • Page 72

    4-12 Survey or User ’s Guide Protocol Col or Coding Surveyor provid es a real -time protoc ol decode called Packet Summar y V iew and protoco l decodes i n Capture V iew . T o use these dis plays more effectiv ely , you may want to s et the color s used for packet di splay . For example, you might want to di s- play al l transpo rt layer packets [...]

  • Page 73

    4-13 Configuring Surve yor System Sett ings 4 : T able 4-7. Str ip Chart Di splay T imers The values for poll ing timers must be bet ween 1 and 21478364 7 se conds. The values fo r the dis play timer s must be be tween 1 and 21 478364 7 sec onds. The strip ch art disp lay timers must be in mu ltiples of the MAC La yer Counte r timer . The defaul t [...]

  • Page 74

    4-14 Survey or User ’s Guide Disk Options Surveyor supports saving and examinin g very lar ge capture fi les. T wo disk options are avai lable t o support l ar ge capture s, Cache Fi le Locatio n and Disk Ca pture Loca tion . Choose Sy stem S ettin gs… from th e Conf iguratio n menu an d select the Disk Opti ons tab to set ei ther o ption. Cach[...]

  • Page 75

    4-15 Configuring Surve yor Conf iguring Alarms 4 Configuring Counter Logging Counter lo g files c ontain sn apshots of Surveyor c ounter in formation . All MAC layer st atisti cs can be r ecorded in the l og file. T o configure counte r logging , selec t Log Fi le Settin gs… from the Configu ration menu. T o enable count er loggin g, check t he E[...]

  • Page 76

    4-16 Survey or User ’s Guide Using E-mail with Surveyor is turned of f by default. If you want to use this fe ature, you must r eset a par ameter in the Survey or.ini file. Set Enable MAP I=1 to enable t he e-mail alarms feature through M icrosoft M ail Exchan ge. T o configur e alarm acti ons, selec t Alar ms fr om the Co nfigur ation menu and t[...]

  • Page 77

    4-17 Configuring Surve yor Configur ing a M ulti-Port T ap or Switch 4 The Surv eyor soft ware can be used to cont rol wh ich LAN segment is selec ted by the tap or switch. T o set the LAN segment: 1. In th e res ource b rowser , click on the lo cal or remote resour ce c onnecte d to t he switch. The curr ent port bei ng monit ored wil l disp lay u[...]

  • Page 78

    4-18 Survey or User ’s Guide 4. U se the Bypa ss check b oxes to set any net work segme nts that y ou want t o restr ict from b eing use d with t he analy zer . Any segment wi th the Byp ass box checke d cannot be set a s the LAN s egment. 5. C lick the OK bu tton. Informat ion about the exact type of swi tch or t ap is shown at t he bottom of th[...]

  • Page 79

    4-19 Configuring Surve yor Settings for Analyz er Device s 4 2. Click on the ico n for th e remote analyze r devic e in the Re source Br owser . 3. Choose Properti es from t he Host men u. 4. C lick the R eset Host /Ima ge Upg rade button. 5. Check th e Wa r m B o ot radi o button unde r Reset Opt ions . Leave al l other fi elds blank or unmark ed.[...]

  • Page 80

    4-20 Survey or User ’s Guide 8. E nter the IP ad dress o f a se rver th at runs BOOTP and/or TFTP p rotoco ls in the IP Boot Serve r field. 9. If you are upda ting th e image, set t he path name to t he softwa re image file i n the Boot Imag e Filena me field. 10. Check the Wa rm B o o t radio button u nder Reset Opt ions . 1 1 . Cli ck the OK bu[...]

  • Page 81

    4-21 Configuring Surve yor Adva nced Configur ation 4 director y and will use that file fo r its dia gnostic i nformati on. If no EXPERT- MSG.IN I file is fou nd in the di rectory , Surveyor will not provide d iagnosti c infor- mation. Y ou can change t he diagnos tic info rmation if you want. Cha nging the diagnos tic informati on may be a us eful[...]

  • Page 82

    4-22 Survey or User ’s Guide <port nu m> is a two-b yte value that a ppears in a port fields o f a TCP or UPD packet header . It ident ifies the pr otocol, by port numbe r , to be inclu ded as a discr ete protocol in Surveyor ’ s monitor views . <short n ame> is an alpha numeric stri ng that is be between 1 and 12 characte rs This s[...]

  • Page 83

    4-23 Configuring Surve yor Adva nced Configur ation 4 Example 2 Assume th at a company is using a propri etary pr otocol na med “Company X P roto- col” that use s UPD port 921. By default this pro tocol would appe ar with the generic name “UDP WKP 921” in the moni tor tabl es. Making th e following entr y to the MONITOR.INI file UDP secti o[...]

  • Page 84

    4-24 Survey or User ’s Guide How Surveyor Assigns Prot ocol Names Surveyor explicit ly monitors a predef ined set of proto cols/applic ations that use TCP or UDP as t heir transp ort layer . However , some of the TCP or UCP ports mon itored are not given a wel l-known name. Also, some TCP and UDP ports a re not exp licitly monitore d, and i nform[...]

  • Page 85

    4-25 Configuring Surve yor Adva nced Configur ation 4 Monitoring Non W ell-Known Ports Surveyor a lso colle cts info rmation ab out a subse t of port s that fa ll outsi de of the WKP range, po rt numbers greater tha n 1023. These ports ar e called n on-WKP . Some of thes e ports ar e monitore d by Surveyo r s ince appli cations associat ed with the[...]

  • Page 86

    4-26 Survey or User ’s Guide Assigning TCP or UDP Port s to Protocol Parsers Use the ANALY SIS.INI file t o assign a ny built- in Surveyor parser to a TCP or UDP port. Thi s is usef ul when a netw ork is runni ng a protoc ol/appl ication over a TCP or UDP port that is not using t he defaul t port. Th e assignment of a prop er parser allows Sur ve[...]

  • Page 87

    4-27 Configuring Surve yor Adva nced Configur ation 4 thermore s uppose the network admi nistrator only wants t o decode TCP p ort 1 1964 when associ ated with IP address 192.168.1. 98. The entr y in the ANALYSIS.INI file woul d be: [TCP] mappi ng=119 64,192.16 8.1.98,T DS,Sybase T DS Example 3 Assume th at two rea l-time ap plications have been in[...]

  • Page 88

    4-28 Survey or User ’s Guide[...]

  • Page 89

    5-1 Chapter 5 5 Resources and Modes Surveyor can g ather st atisti cal inf ormation and view ne twork dat a from a variety of hardwa re source s. The type s of informatio n you re ceive fr om a resourc e depends o n the ha rdware . Surveyor ’ s auto-d iscovery featu re automat ically s cans the ne twork for avail able resourc es, or you can ente [...]

  • Page 90

    5-2 Survey or User ’s Guide Double-c lick on a resour ce to disp lay a defa ult view of the res ource in Su mmary V iew . If a r emote resourc e is protect ed, you a re asked for a user name and passwo rd. Drag a nd dro p resour ces onto alarms i n the Al arm Browser to act ivate an alarm for a re source . Local r esources a re those within the l[...]

  • Page 91

    5-3 Resources a nd Modes Remote Reso u rces 5 Figure 5-1. Re mote Host Conne ctions Local LA N Segme nt N DIS netw or k a dapte r, C MM o r C MM2 Boa rd Remo te LAN Segme nt Surveyor Software Local Host Storage Dev ice NDIS , C MM or C MM2 Boa rd Remote Ho st Local Monitor/ Tr a nsmit/Capture TC P /IP Conne ction (LAN, modem, etc.) Remote Monitor/ [...]

  • Page 92

    5-4 Survey or User ’s Guide Naming Remote IP Resources (Aliases) The Resour ce Browser i nitial ly displ ays all n odes on a su bnet using the I P Address. Users ca n assign an alias ( user de fined name) to a node f or easy i dentifi cation. Fo r example, yo u can assi gn a name li ke “Chic ago Node One” t o the node. In additi on, you can a[...]

  • Page 93

    5-5 Resources a nd Modes Remote Reso u rces 5 Hovering t he mouse over a top-le vel node whi ch has an al ias disp lays the name with the I P Address i n parenthe sis along with the o ptional c omment. For exa mple, “Chicago Node One (192.1.68. 2). This is Mount Pro spect node”. Resource Protect ion Y ou are in cont rol of l ocal reso urces wit[...]

  • Page 94

    5-6 Survey or User ’s Guide Modes Modes are a pplied t o resource s. Each res ource can be in a dif ferent mode. The modes avai lable wit h Surveyor depend o n the under lying har dware resourc e as shown in T able 5-2 below: Hardware De vices The monitor and captu r e function s look at t he same bit stream be ing recei ved by a device. T he dif[...]

  • Page 95

    5-7 Resources a nd Modes Hardware Devices 5 . T able 5-3. Hardware Device Cap abilities Device Hard ware Dev ice Cap abilities THGm (T en/Hun- dred/Thous and module) THGm i s Finisa r’s premier an alyzer card for 1 0/100/1 000 Ethern et networ ks. THGm s upports all cou nters in Su rveyor an d support s all captu re functio ns at full lin e rate.[...]

  • Page 96

    5-8 Survey or User ’s Guide Synchronized Res ources Synchroni zed resou rces are multiple h ardware de vices (t wo THGm) that hav e been connecte d so th at they us e the same cloc k timer . Synchronized devices displa y in the Resou rce Browser as a uniqu e r esource. Fo r example, i f the two T HGm modules in a ful l-duplex THGs are sync hroniz[...]

  • Page 97

    5-9 Resources a nd Modes Hints and Tips fo r Resource s 5 resource s are rec ognized by t he synchr onized resource icon in th e Resource Browser . Synchroniz ing resources a llows sing le actio ns to start a r esource pa ir . All statisti cs and all da ta abo ut stations and conversatio ns will ap pear as one resource to Surveyor. Thi s enables yo[...]

  • Page 98

    5-10 Survey or User ’s Guide • Use synchr onized THGm modul es for fu ll-duple x capture . • For options to be di splayed under the Host menu, you must se lect t he local host name in t he Resour ce Brows er. Selec ting a r esource within t he loc al host makes the o ptions in the Ho st menu unavailabl e. •U s e t h e Prop erties… opt ion[...]

  • Page 99

    6-1 Chapter 6 6 Vi e w s There ar e numerous way s t o view data from Surveyo r. This sec tion desc ribes th e primary win dows you use to view dat a, and the actua l data views you can see within each window . The primar y windows for viewing i nformatio n are shown i n T able 6-1. The data views t hat can be seen withi n each pri mary window ar e[...]

  • Page 100

    6-2 Survey or User ’s Guide This cha pter contains informat ion on data vie ws with th e exception of Expert V i ews and Mu lti-Qo S V i ews. Refe r to the E xpert c hapter fo r compl ete inform ation on the Multi- QoS V iews . Refer to the Multi- QoS cha pter for comp lete inf ormatio n on the Multi- QoS vi ews. T able 6-2. Dat a Views Prov ided[...]

  • Page 101

    6-3 Vi e ws Summary View 6 Summary V iew Summary V iew is Survey or’ s global monitor ing tool for networ k data. Y ou can view re al-time d ata from any l ocal reso urce or an y resou rce you can connect t o on the networ k. Y ou can filt er the da ta befor e viewing by applying a capture f ilter . Each resour ce is vi ewed through its ow n wind[...]

  • Page 102

    6-4 Survey or User ’s Guide • P rotocol D istribu tion • Host Tabl e • Network Layer H o st Table • Applicat ion Layer Host Tabl e • Ho st Matrix • Network Lay er Matrix • Applicat ion Lay er Matr ix • VLAN •A d d r e s s M a p •P a c k e t S u m m a r y • M AC Stat istics • Ring Stat istics •E x p e r t • Applicat ion[...]

  • Page 103

    6-5 Vi e ws Detail V iew 6 Y ou can have as ma ny windows wit h data vie ws as are a vailable in Detail V iew . The initi al data vie w y ou get of a res ource is t he view set i n the Config uration menu for Summary V iew . Many of the t able or ch art views within Det ail V iew can be customized . Files or buff ers, such a s a captur e file o r c[...]

  • Page 104

    6-6 Survey or User ’s Guide Ap plica tion La yer Hos t T ab le Host Matrix Network Layer Matrix Appli cation Layer Matr ix VLANs Address Map Duplicate Add ress (Expe rt plug- in only) Expert ( Expert pl ug-in only ) Applicat ion Respons e T ime (Expert plu g-in only ) Multi- QoS (Mul ti-QoS only) Using Capture + Monitor Mode in Detail Vi ew In De[...]

  • Page 105

    6-7 Vi e ws Captu re Vi ew 6 that you ha ve of the capture bu ffe r are stil l open windo w s wit hin Detai l V iew . In other word s, the “vie w” and decode of previ ous infor mation is s till av ailable , even though the c apture buf fer itse lf is re filling with new informatio n. If you do not need this pre vious view o f capture d informat[...]

  • Page 106

    6-8 Survey or User ’s Guide • Det ail P ane The Detail Pan e shows the values of the protocol el ements associ ated with each protoco l. For exampl e, for the Data Link Con trol the values fo r the sour ce address , destinat ion addre ss, and packet le ngth are s hown. Single -clicki ng on a value hi ghlights the value in bot h the Detai l Pane[...]

  • Page 107

    6-9 Vi e ws Using the Hist ogram Control 6 Prot ocol Co lor Codi ng tab fr om the System S ettin gs menu opt ion. See “Appe ndix D” for a li st of Sur veyor’ s default pr otocol co lor codes . If you have special decoding or display needs for non- standard protocols, see t he “Advanced Conf igurati on” secti on in Chapt er 4 for i nformat[...]

  • Page 108

    6-10 Survey or User ’s Guide • The Lower Histo gram repre sents the entire capture. Th e gray are a on the hi sto- gram corr esponds to the de tail ar ea. Figure 6-1. Histogram Di splay and Butt on Controls The vert ical axi s represe nts util ization in bytes per second. Data is loaded f or viewing i n 10 MB increme nts. The Upper Histogram an[...]

  • Page 109

    6-1 1 Vi e ws Using the Hist ogram Control 6 For the Uppe r Histogr am, the Selec ted Secti on is chan ged by sli ding a movabl e “window” over a portio n of the da ta. This window is call ed the Capture Sele ction W indo w . F or the Low er His togram, the data to displa y in the U pper Hi stogram is changed by sli ding a movable “window” [...]

  • Page 110

    6-12 Survey or User ’s Guide of the captu re that are not shown in the Upper Histog ram are avai lable f rom the d isk cache. Figure 6-2. Histogram Display Show ing Colors The example below shows a lar ge capture with many sectio ns. In the U p per Histogr am, the first section s hown in magent a is the Current Sec tion. By using the mouse, the s[...]

  • Page 111

    6-13 Vi e ws Using the Hist ogram Control 6 shown in black. The g ray and black col ors indic ate that these sec tions ar e not downloaded. Figure 6-3. His togram Display , Large Captu re Examp le Once you pre ss the downl oad button, t he colors will chang e and the de codes for the Selected Section i n the Upper Histogram a re loade d into the Su[...]

  • Page 112

    6-14 Survey or User ’s Guide Histogram Button Contr ols Histogr am controls allow you t o focus on a smaller area of t he captur e, change th e appeara nce of the graph, and l oad se ctions of th e capture to the decode are a . Th ese contr ols are a lso ava ilable f orm the Hi stogram… menu. Scroll Back, S c ro ll Forward Slow scro ll forwar d[...]

  • Page 113

    6-15 Vi e ws Using the Hist ogram Control 6 Downloads th e data currentl y select ed in the Upper Histog ram to the c apture vi ew deco de. On ly the d ata wit hin the s elect ion area (gray s haded a rea) is d ownload ed. T o decrease o r increa se the si ze of the download, go t o the Sect ions tab i n the Conf igurati on → Capture View Opti on[...]

  • Page 114

    6-16 Survey or User ’s Guide If you at tempt to s elect an area sm aller than 2 0MB , the closest se ctions th at form 20MB of da ta become t he Capture Selectio n W indow . The pict ure below s hows double- arrow mouse i con in the Upper Histogr am. The special mouse icons describ ed above onl y appear whe n the mouse i s over an a rea that wil [...]

  • Page 115

    6-17 Vi e ws Packet Edi tor 6 radio b utton and pr ess the Ra nge... butt on. Click, hol d, and drag wi th the left mous e in the hi stogram to select the range yo u want to save. Resume Analysis Y ou can set Surveyo r t o save the downloads yo u make from th e THGsE or loca l disk when an alyzing a histo gram file. T o retain t he downlo ads of th[...]

  • Page 116

    6-18 Survey or User ’s Guide Use the Un do and Re do functions f rom the Edit menu to remov e or reapp ly the la st pack et edit . Editing i n Decode V iew Editing in decode v iew allows you to edit packet s without remembering off sets. Click on a field. A d ialog box p ops up sh owing the cu rrent va lue for t he field and asks for a new value.[...]

  • Page 117

    6-19 Vi e ws Data Views 6 tables a re updated approximately ev ery 7 se conds. MAC St atistics View (Rx) From Deta il V iew , click on th e button to ope n a window wit h MAC St atistics V iew for c apture. From Summar y V iew , set the view prefere nces to MAC S t atistics (Rx) to see th is view in the firs t tab. MAC St atistic s V iew for captu [...]

  • Page 118

    6-20 Survey or User ’s Guide MAC S t atistics V iew (Tx) From Detail V i ew , c lick on the button t o open a windo w with MAC S tatis tics V iew for transmit . From Summary V iew , set the v iew prefe rences to MAC S t a t istics (Tx) to see thi s view in t he first t ab. MAC S tatistics V iew also shows modul e activi ty durin g transmit . It p[...]

  • Page 119

    6-21 Vi e ws Data Views 6 Frame Siz e Distrib ution V iew is avail able as a ch art or a ta ble. For the chart, t he Bar and Pie buttons toggle t he type of graphic d isplay . The Pause/Re sume butt on allows you to paus e or resume real-ti me update of the grap h. For both t he chart a nd the tab le, each r ange of fr ame sizes i s express ed as a[...]

  • Page 120

    6-22 Survey or User ’s Guide :. The NET and ALL bu ttons shows perce ntage brea kdowns for a ll packets. The IP T able 6-7 . Protocol Distributi on View , Chart Buttons - Proto cols Chart Button Descript ion/Action NET Shows percent ages of a ll p acket s by netw ork laye r protocol type, suc h as IP and IPX. IP Shows percent ages of o ther pro t[...]

  • Page 121

    6-23 Vi e ws Data Views 6 and IPX bu ttons show the percent ages of only th ose packets t hat can be ident ified as containi ng IP or IPX i nformati on respectiv ely . T able Protocol Distribut ion V iew as a ta ble shows f rame and byt e counts by protocol. . Util izatio n/Error View Utilizat ion/Err or V iew is a simple strip chart that plot s po[...]

  • Page 122

    6-24 Survey or User ’s Guide Host T able V iew From Deta il V iew , click on the bu tton to open a windo w with Host T able V iew . From Summary V iew , set the view pr eference s to Host T a ble to see th is vie w in the first t ab. Host T able V iew is availa ble as a chart showing the te n MAC station s with the most traf fic or as a tab le sh[...]

  • Page 123

    6-25 Vi e ws Data Views 6 Network Layer Host T able V iew From Deta il V iew , click on th e button to ope n a window wit h Network Laye r Host T able V iew . From Summary V iew , set th e view prefer ences to Network La yer Host T able to see this view in the firs t tab. Network Layer Host T able V iew is ava i l able as a chart showi ng the te n [...]

  • Page 124

    6-26 Survey or User ’s Guide Ta b l e Network Laye r Host T able V iew as a tabl e shows networ k activi ty from the view of network s tations. The table list s statis tics fo r all st ations f ound. The t able can be customiz ed to incl ude other columns of i nformati on. T able colu mns liste d in ital ics are the default Network Layer Host T a[...]

  • Page 125

    6-27 Vi e ws Data Views 6 Application Layer Host T able View From Detail V iew , click on the button t o open a wind ow with Applicatio n Lay er Host T abl e V i ew . F rom Su mmary V iew , s et the vi ew pref erenc es to Appl ication La yer Host T abl e to see th is view in the firs t tab. Applicati on Layer Hos t T able V iew is avail able as a c[...]

  • Page 126

    6-28 Survey or User ’s Guide Host Matrix V iew From Detail V iew , click on the button to open a window with Host Matrix V iew . From Summa ry V iew , set the v iew pr efere nces to Host Mat rix to see th is view in the first t ab. Host Matri x V iew is availabl e as a char t showing t he ten MAC conve rsations with the most tr aff ic or as a tab[...]

  • Page 127

    6-29 Vi e ws Data Views 6 Chart Host Matrix V iew as a chart s hows only t en MAC conver sations. The ten conversat ions d isplayed are th ose trans mitting t he lar gest r elative percen tage of frames. The cha rt can be cust omized to sho w the “top ten” conversati ons based on a dif ferent i nformatio n field. The Bar a nd Pie buttons toggle[...]

  • Page 128

    6-30 Survey or User ’s Guide Network Layer Matrix V iew From Detai l V i e w , cl ick on the button to open a window with Network Layer Matrix V iew . From Summary V iew , set t he view prefer ences to Network La yer Matrix to see this view in th e first ta b. Network Lay er Matrix V iew is ava ilable as a cha rt show ing the te n network convers[...]

  • Page 129

    6-31 Vi e ws Data Views 6 Application Layer Matr ix View From Detail V iew , click on the button to op en a window wit h Applicat ion Layer Matri x V iew . From Summar y V iew , set the v i ew p referenc es to Applica tion Layer Ma trix to s ee this vie w in the fi rst t ab. Applicati on Layer Mat rix V iew is availa ble as a c hart showi ng the to[...]

  • Page 130

    6-32 Survey or User ’s Guide The stat ion add resses a nd names in t he convers ation are provided in the table or chart. Th e name an d address a re the sa me if Survey or does not have a name t able with addres s-to-name cor respondenc es. Chart Applicat ion Layer Mat rix V iew as a chart shows only te n applicat ions over network conversa tion[...]

  • Page 131

    6-33 Vi e ws Data Views 6 VLAN View From Detail V iew , click on th e button t o open a wind ow with VLAN V iew . From Summ ary V i ew , s et the vi ew pref erenc es to VLAN to se e this view in the fir st tab. VLAN V iew is availabl e as a ta ble showing statis tics or a s a chart showing the ten virtual LANs with the most traf fic. Click on t he [...]

  • Page 132

    6-34 Survey or User ’s Guide Ta b l e VLAN V iew as a table sho ws network activi ty from the view of vi rtual LAN tr aff ic. The tabl e lists st atistic s for al l VLANs found. The table ca n be customi zed to include other col umns of inf ormation. Y ou can cl ick on any VLAN ID and se e a Network Lay er Host T able V iew or a Ne twork Conver s[...]

  • Page 133

    6-35 Vi e ws Data Views 6 P acket S ummary V iew Packet Summary V iew shows a real -time prot ocol decod e. Packets received are decoded and the result of t he decode i s disp layed. The packets scroll up the screen as they are decoded . A u nique colo r can be u sed to display p ackets of each di ff erent pro t oc ol lay er . From Summ ary V i ew [...]

  • Page 134

    6-36 Survey or User ’s Guide Expert Vi ew (Expert plug-in only) From Detai l V i e w , click on the button to open a window with Expert V iew . From Summary V iew , set the view pr eference s to Expert V iew to see this view in the fir st tab. Multiple tables ar e availa ble in Expert V iew . Select a layer on the left and ta b on the bottom to c[...]

  • Page 135

    6-37 Vi e ws Hint s and T ips fo r Using View s 6 Multipl e tables ar e available in Multi- QoS V iew . Y ou can view all calls, su bsets of calls fi ltered by protocol or by a QoS metri c, single call det ails, and channel de tails. Refer to t he cha pter on Mu lti-QoS f or complete in format ion on Mul ti-QoS V iews. Hint s and T ips fo r Us ing [...]

  • Page 136

    6-38 Survey or User ’s Guide • Double-cli ck on the MAC Sta tistics Vie w in Detail View to bri ng up Captur e View. • Data in a cha r t will be s orted by t he last s orted col umn in the c orrespondi ng table . • Click the r ight mouse b utton on a t able ent ry in Host Table, Networ k Table, Applicat ion Table, Host Matrix, Netwo r k Mat[...]

  • Page 137

    7-1 Chapter 7 7 Ca pture and Display Filters For most da ta analys is opera tions, you’ ll want t o look at o nly a subse t of all dat a. Filter s allow you to select a nd count dat a in just ab out any way you can i magine. Capture f ilters allow you t o capture a subset of the net work dat a. Display filter s allow you to view a subset of the d[...]

  • Page 138

    7-2 Survey or User ’s Guide 5. Ente r an address in the Add Conv ersatio n to Filter T empla te area an d select t he Apply Con versa tion to T emplate che ck b ox . Ente r addre sses by sele cting their corre sponding names in the name tab le. Suggest ion: T ry sel ecting one MAC stati on from the n a me table. Y ou will now captur e only HTT P [...]

  • Page 139

    7-3 Capture and Dis p lay Filters Creating Filters wit h Filter T emplates 7 Conv ersation to Filter T empla te are a in the di splay pro vides a conven ient means of addi ng addr esses to a custom fi lter te mplate. • Add Port Numbers to Custom Filter Te mplates A port i s a data patt ern spe cific t o the s ource and destination port numbe rs, [...]

  • Page 140

    7-4 Survey or User ’s Guide A sample Fi lter D esign window is shown be low . Figure 7-1. Filter Design Window Filter Design T oolbar Buttons (see Chapte r 3 for complete descriptions ) Creates a new filter (bla nk window ) Loads fil ter to a de vice Open s a previously saved fi lter Disabl es filter Saves a filter to a file Filter windo w toggle[...]

  • Page 141

    7-5 Capture and Dis p lay Filters Creating Filters wit h Filter T emplates 7 Creating and Applying a Conversation The Add Conv ersation to T empl ate area of the Filt er Desi gn window provi des a con - venient wa y to add address by te patte rns to a fil ter . The area consi sts of a p rotocol selecti on, frame t ype select ion, two st ation ad dr[...]

  • Page 142

    7-6 Survey or User ’s Guide There ar e four st ation addr ess type s: • MAC address – 12 hexadeci mal digit s. For exampl e, 34FD34AA0001. • IP dot notat ion addre ss – 4 deci mal number s in the r ange of 0 to 25 5, separated by dots. Fo r example, 1 2.235.96.2. • IPX address – 20 hexadeci mal digit s (without port number ) or 22 he [...]

  • Page 143

    7-7 Capture and Dis p lay Filters Creating Filters wit h Filter T emplates 7 Creating and Applying a Port Number Surveyor pr ovides a c onvenient way to add a port number to a fil ter . Y ou speci fy port number s for the filter by fill ing out th e Add Port to T empl ate area of the Filt er Design wind ow . This area consi sts of a pr otocol s ele[...]

  • Page 144

    7-8 Survey or User ’s Guide Multiple Byte Pa tterns in Filter T emplat es Filter template s can be “s everal t emplates in one .” For exampl e, HTTP , TELNET , and SNMP are pr ovided as single f ilter templat es, but the y consist of both so urce and dest ination p orts. In o ther words , the t emplate itse lf contains an OR c ondition, and w[...]

  • Page 145

    7-9 Capture and Dis p lay Filters Creating Filters wit h Filter T emplates 7 Y ou then save the templa te. When you save a cus tom temp late, Sur veyor asks for a custom templ ate name. Surve yor will a ssign a de fault na me such as Templa te1 if no name is pr ovided. Once you cre ate a filt er templat e, its na me will appe ar in the Custom _Temp[...]

  • Page 146

    7-10 Survey or User ’s Guide Entering V alues that Cross Byte Boundaries Port valu es are gener ally under stood as dec imal numbers. For exa mple, an NFS por t is known a s decimal 20 49. Filter patterns a r e expressed as bytes a nd begin on byte boundari es. It takes t wo bytes t o expre ss a port number . Therefore , for p ort numbers you mus[...]

  • Page 147

    7-1 1 Capture and Dis p lay Filters Creating Filters wit h Filter T emplates 7 Bit- Level Filte ring Surveyo r can f ilter at the bit lev el. T o set a bi t patte rn, plac e the curs or withi n a byte field i n the Ed it/Crea te Custom Filter T emplate area. Press the Set Bit Pa ttern but- ton.The Bit- Level Pattern dialog box displ ays. The dia lo[...]

  • Page 148

    7-12 Survey or User ’s Guide Filter Crea tion The FIL TER CREA TION p ortion (l eft side) o f the Filter D esign window is the area tha t actu ally speci fies what conditions are tested and what ac tions are taken fo r this fil ter stateme nt. See Figur e 7-1 for an example o f the FIL TER CREA TION area. • Create Temp late Com bination s A tem[...]

  • Page 149

    7-13 Capture and Dis p lay Filters Fil ter Crea tion 7 a test ag ainst in coming frames. If the op eration you tr y makes no se nse in the conte xt of cr eating a template combi- nation, t he operati on is not allowed. For example, an OR opera tor makes no sense after an AND operator . As anoth er example, inserti ng a filt er templa te immediat el[...]

  • Page 150

    7-14 Survey or User ’s Guide Actions for Capture Fi lters T able 7-4 s hows actio ns avai lable fo r capture filter s: An example Filter Act ions dialog box for cap ture filt ers is sh own below: Figure 7-3. Ex ample Filter Ac tions Dialog Box The stat e number and the li ne number of the stat ement withi n the sta t e are given in the ti tle bar[...]

  • Page 151

    7-15 Capture and Dis p lay Filters Fil ter Crea tion 7 Actions f or Dis play Fil ters T able 7-5 sho ws acti ons avail able for display f ilters: See M ulti-State and Mult i-Statemen t Filter s for more inform ation on actions in multi- state f ilters . Counter Conditi ons for Fi lters Press the Add Coun ter Co ndition … button to bring up a dial[...]

  • Page 152

    7-16 Survey or User ’s Guide Global V alues that Af fect Capture Fil ter Acti ons T able 7-6 d escribes the opti ons and set tings ava ilable that have a gl obal sett ing. If you set t he value i n one s tatement, t he value will apply to all ot her s tatements. The post t rigger b uffer posi tion set in the After trig ger , conti nue to capt ure[...]

  • Page 153

    7-17 Capture and Dis p lay Filters Multi-S tate and Multi -S tatem ent Fi lters 7 Frame ty pes are sh own in T able 7-7: Multi-S tate and Multi-S tatement Filters T o create more complex f ilters, use Surveyor’ s graphica l scripti ng language . Y ou’ll find it intuiti ve and easy to use if you have exp erience d oing si mple progr amming or ex[...]

  • Page 154

    7-18 Survey or User ’s Guide Click on t he St ate butt on in the Fil ter Design wi ndow to view the Filter States Design windo w for the f ilter . An example is shown below . Figure 7 -4. Example Filter S tat es Design Windo w From the Filter St ates Des ign window you vie w the entire st ructure of th e filter . The window sho ws all the fi lter[...]

  • Page 155

    7-19 Capture and Dis p lay Filters Multi-S tate and Multi -S tatem ent Fi lters 7 Filter S tructure The captur e or displ ay filt er consis ts of st ates, eac h with a uni que label so it can be referen ced. Each state co ntains an IF state ment, an ELS E statement , and optio nal ELSE IF stat ements. Each IF or ELSE IF s tatement is c omprised of [...]

  • Page 156

    7-20 Survey or User ’s Guide Filter S t ates S tates a re used to group a set of stat ements. Sinc e statement c ontain conditi ons and actions , states are a way t o create a set of conditi ons and act ions. Y ou can speci fy up to 4 states with THGm. Y ou always start a nd stay i n Sta te0 until an acti on takes yo u to a dif ferent stat e. The[...]

  • Page 157

    7-21 Capture and Dis p lay Filters Multi-S tate and Multi -S tatem ent Fi lters 7 Filter S tatement s T o create stat ements , press the butto n from the Filter States Desig n win dow . Use the window t hat appear s to crea te a condition and t o specif y actio ns to be tak en if the cond itio n is satis fied. Once a c ondition i s true, th e next [...]

  • Page 158

    7-22 Survey or User ’s Guide Captur e and Displa y Filter Di f f erences Display a nd captur e filters are acti vated in d iffer ent ways. Als o, some op tions for capture filter s are not used in di splay fi lters. So me options a vailable in cap ture fil - ters make no sense f or displ ay and are t herefor e not suppo rted: • Display fi lters[...]

  • Page 159

    7-23 Capture and Dis p lay Filters Filter Ex amples 7 Filt er Examples Filter e xamples are su pplied with Surve yor. T o see examp les, open a capture fil ter file ( .CFD extension ) or a displa y filter fil e ( .DFD ex tension) from th e Filter win- dow . From the Mod ule menu, s elect Fi lter D escript ion to acc ess a descr iption of any filter[...]

  • Page 160

    7-24 Survey or User ’s Guide The steps used to cr eate the filter template and load i t to a re source ar e shown belo w: 1. P ress t he Clear T emplate butt on. 2. P ress t he Name button for St ation A ddress 1 . Select the addr ess from th e name table and click OK . 3. P ress t he Name button for St ation A ddress 2 . Select the addr ess from[...]

  • Page 161

    7-25 Capture and Dis p lay Filters Filter Ex amples 7 Filter Exa mple, T emplate Combin ation The Filter D esign window in F igure 7-6 shows th e capture filter with a log ical com- bination built i n the T emplate Com binatio n box. This filter collects all traf fic to and from a sing le stat ion that ma ke use of the HTTP or FTP protocols. The tw[...]

  • Page 162

    7-26 Survey or User ’s Guide The fo llowing st eps descr ibe how to c reate two filt er tem plates, logical ly combi ne them using an OR ope rator , and load the r esultin g T em plate Co mbinatio n to a resou rce: 1. S elect the HTTP pre-d efined fi lter templa te from th e A vai lable Fi lter T emp lates box. 2. P ress t he Name butt on for St [...]

  • Page 163

    7-27 Capture and Dis p lay Filters Filter Ex amples 7 Filter Example, Capt ure TCP Port T raffic The Filter D esign window in Figur e 7-7 shows the captur e filt er for a spec ific TCP Port. This filter collects a ll TCP/IP traf fic that us es the Boot PS port number . Figure 7-7. Filter Desig n Window , Capture TCP P ort Example[...]

  • Page 164

    7-28 Survey or User ’s Guide The fol lowing st eps descr ibe how t o create the Boot PS filte r temp late and load in to a resour ce. 1. P ress t he Clear T emplate butt on. 2. In the Apply P o rt to T emplate area, ente r the Proto col and Fram e T ype . For the Boot PS port, use the IP /TCP pr otocol. In the exa mple, th e frame t ype is se t t[...]

  • Page 165

    7-29 Capture and Dis p lay Filters Filter Ex amples 7 Filter Example, Advanced Fi lter The Filter States Desig n window be low shows the captu re filt er Exam ple.CFD. The Filter States Desig n window s hows the structure o f t he filt er . In the example, the fil ter has mul tiple stat es and st atements. Fr om the Fil ter S ta tes D esign wi ndow[...]

  • Page 166

    7-30 Survey or User ’s Guide Rules of the Captur e or Display Fi lter • There must be at least one IF and one EL SE stat ement per s tate. EL SE IF stateme nts are op tional. • The Post Trig ger Buffer Position must be great er than ze ro and les s than 100. • There is al ways one and only one RO OT stat ement; you c an’t del ete the ROOT[...]

  • Page 167

    7-31 Capture and Dis p lay Filters Hint s and T ips for Using Fi lters 7 Hint s and T ips fo r Us ing Fil ters • Remember to lo ad the Capt ure filt er on the module befo re you sta rt captur e. • If you want to look at ca ptured dat a in many di fferent ways, use di splay fi lters rather t han captur e filt ers. Captur e large b locks of un fi[...]

  • Page 168

    7-32 Survey or User ’s Guide • From the Detai l View pane of t he Capture View window, you ca n copy the con - tents of any fi eld to cr eate a C apture or Disp lay filte r. Sele ct the fie ld with the left mouse and then click the right mouse button. Selec tions for co py to capture or displ ay filter a ppear. Sele ct the option , and the Filt[...]

  • Page 169

    8-1 Chapter 8 8 T ransmit Specification Packet Bl aster plug- in allows you to gener ate packets and send t hem onto a net - work. This can be used to force the network to resp ond to known or suspec ted prob - lem condi tions or l oads. T ransmitt ed data can answer “What If?” ques tions abo ut the net work or p articul ar network resource s. [...]

  • Page 170

    8-2 Survey or User ’s Guide T ransmit S pecification Dial og Box T ransmit Specif icatio ns are def ined in a d ialog box. The T rans mit Sp ecificat ion dialog b ox contain s: •A Define d Strea ms lis t box (top ) for vie wing defin ed strea ms. • Radio but tons and fi elds for definin g a strea m (middle ) • Buttons for adding , modifying[...]

  • Page 171

    8-3 Tr ansmit Specif ication T ransmit Speci fication s 8 options a vaila ble from t he dialog box and click on the Add bu tton. Y ou can a lso add a capture file as a defined stream using the Add Fi le… button. The adde d stream appears i n the Defi ned St reams l ist box. S treams are transmitt ed by the mod ule in the order in which t hey are [...]

  • Page 172

    8-4 Survey or User ’s Guide the str eam. The Auto CRC check b ox specif ies if a valid CRC will be automat ically generat ed for th e stre am. S tream Buttons The Add , Ad d File.. . , Modify , Dele te , and Edit D at a.. . but tons perf orm functi ons for a sin gle str eam. Transmission Mode and S tat us Controls The T ransmis sion Mode r adio b[...]

  • Page 173

    8-5 Tr ansmit Specif ication T ransmit Speci fication s 8 T ransmit Specifi cation c ontrol bu ttons are describ ed in T able 8- 2: Repeating Frames There are three ways to repeat frames when transmitting: T able 8-2. T ransmit S pecifica tion Control Buttons Control Button T ransmit Specificatio n Function Load Module Loads the cu rrent res ource [...]

  • Page 174

    8-6 Survey or User ’s Guide Caution Repeating frames using the tr ansmission mode feature is a function imple mented in sof tware; there is a time gap of about 50ms between each transmission of the entire specificat ion. Use Repeat Fr ames ‘n’ T imes or Bursts where timing issues are critical when sending frames for these devices. W ays of r [...]

  • Page 175

    8-7 Tr ansmit Specif ication T ransmit Speci fication s 8 Stream Modes An interpa c ke t gap for a frame can be set in three dif ferent way s; Packet Gap, Frame Rate and T raff ic Rate. The stre am mode defi nes the rate at which packets a re transmit ted from a mod ule. The mo des are as shown in T able 8- 4 below: Burst s Bursts ca use a stre am [...]

  • Page 176

    8-8 Survey or User ’s Guide T ransmission Mode Y ou can eith er transmit the specifi cation co ntinuousl y or trans mit it n times. Select T ransmi t Contin uously to tr ansmit activat ed strea ms in a lo op unti l the module is stopped. Select T ransmi t Spec (N frames ) to transmit activ ated streams a specific number of times. The number of st[...]

  • Page 177

    8-9 Tr ansmit Specif ication Specify ing T ransmit Da ta 8 T able 8-5 sho ws the bu ttons th at are availabl e from wit hin the packet ed itor: : Editing in Decode V iew Editing i n decode vi ew allows yo u to edit packets wit hout remembe ring of fsets. Click on a field and a di alog box pops up which sho ws the current value f or the f ield and a[...]

  • Page 178

    8-10 Survey or User ’s Guide DA and SA Fields The DA and SA fiel ds define the MAC layer destinat ion addre ss and MAC layer source a ddress fo r the stream. Note that the MAC addr ess value s appear i n the stream s ynopsis in the Defined S treams l ist box. Use an X i n any of fset of t he DA or SA fields t o indicat e “wild card” addresses[...]

  • Page 179

    8-1 1 Tr ansmit Specif ication Specify ing T ransmit Da ta 8 packets c an be gener ated usin g Finisar analyzer cards. NDIS modu les ca nnot generate bad CRC pack ets. Using T emplates If you are inser ting a ne w stream, you can use a template as the starting p oint for pack et data . T o se lect a te mplate, click on th e Te m p l a t e … butto[...]

  • Page 180

    8-12 Survey or User ’s Guide Transmitting C apture Files Y ou can tran smit the contents of a ca pture fi le as on e of the s treams in the T ransmit Specifi cation. Pl ace a capture f ile as a stream i nto th e Define d Str eams lis t box usin g the Ad d File… b utton. The e ntire c ontents of the ca pture f ile is tra nsmit ted wit h timesta [...]

  • Page 181

    8-13 Tr ansmit Specif ication T ransmit Specifi cation Ex amples 8 T ransmit Spe cification E xample, Packet Gap s A T r a nsmit Speci ficati on example in i ts dialo g box is sho wn in Fig ure 8-2. The dialog box only shows t he values for the c urrentl y highligh ted stre am. The curre nt stream app ears highl ighted wi thin the Defined S treams [...]

  • Page 182

    8-14 Survey or User ’s Guide T ransmit S pecification Exa mple, Burst s A T ran smit Specif ication dialog box is shown in Fi gure 8-3. The dialog bo x only shows val ues for one stream, t he stream t hat conta ins a burs t. Multipl e streams ar e defined in the spe cification. Since a burs t of 100 i s specifi ed, 101 fr ames will be transmi tte[...]

  • Page 183

    8-15 Tr ansmit Specif ication Hint s and Ti ps fo r a T ransmit Specific ation 8 Hint s and T ips for a Tran smit Spe cific ation • Take care with what you tr ansmit. Sur veyor can t ransmit pa ckets at more than 100% of networ k bandwid th. It is poss ible to f lood the ne twork an d cripple p er- formanc e. • Make sure to activat e s treams b[...]

  • Page 184

    8-16 Survey or User ’s Guide[...]

  • Page 185

    9-1 Chapter 9 9 Alarms Surveyor ’ s alarms facilit y enables you to cre ate alar ms to automat ically monitor network r esources . Access to Surveyor ’ s alar ms facili ty is thr ough t he Reso urce Browser d ocking windo w located in Su rveyor’ s main window . The Reso urce Browser windo w features a h i er archica l director y comprisin g a[...]

  • Page 186

    9-2 Survey or User ’s Guide Curre nt Mo dule A larms When you ri ght-click on an analyzer device in the Resource Browser , a menu appe ars. Se lect Alarms.. . and the Curre nt Modul e Alarms dia log box appears with a list o f alarms s et up for the resour ce. If you have no ala rms set f or the res ource, no alarms wi ll displ ay . Alarms apply [...]

  • Page 187

    9-3 Alarms Current Mo dule Alarms 9 Press New Alarm to enable new alarms for a resource. The Ala rm Editor dialo g box appears. Mul tiple al arms of any type may be a dded. See th e followi ng sectio n for more infor mation o n the Alarm Ed itor . Figure 9-2. Alarm Editor Highlight one or mo re alarms in the Curr ent Module Alar m window . Press Mo[...]

  • Page 188

    9-4 Survey or User ’s Guide Alarm Editor There ar e six alarm gr oups that appear on t he tabs i n the Alar m Editor . The Expert tab and App licati on Response t ab are onl y availa ble if you have the Exp ert plug-in . The Multi- QoS tab only appears i f you have the Multi-QoS so ftware pl ug-in. T able 9-1 lis ts the al arm groups in the Ala r[...]

  • Page 189

    9-5 Alarms Alarm Edi tor 9 Multi- QoS Alarms For Multi- QoS alarms , alarms ca n be creat ed from th e Multi- QoS V iews interf ace as well as by double-click ing on the host. The Codec s fi eld withi n the alar m editor a llows you s elect a s pecific codec or t o ignore th e type of c odec used. For exampl e, to trigge r the alarm only wh en a G [...]

  • Page 190

    9-6 Survey or User ’s Guide Expert Alarms During tr ansmit or receive, expert symptoms are logge d as they oc cur . Y ou can test for cer tain thr esholds f or these condit ions by set ting al arms using t he Expert tab of the Alar m Editor . See the chapt er on the Expert sys tem for more informati on about the expe rt alar ms listed b elow . Ex[...]

  • Page 191

    9-7 Alarms Alarm Edi tor 9 Using Alarms with Diff erent Devices Alarms can b e used with the foll owing hardwar e analyze r devices or adapters . For analyzer cards or adapt ers, the hardwar e device must reside in a ho st that is r unning a version of Surveyor 4.1 or greater . The softwar e image for THGs analyzers must be at version 4.1 or great [...]

  • Page 192

    9-8 Survey or User ’s Guide Thresh olds and A larms Alarm thr eshold s are set by s pecifying the v alues in t he Sample T ype , Risi ng V alue , Fall ing V alu e , a nd Inte rval field s for ea ch alar m row in the ala rm table. The numbers or percen tages se t for risi ng and fallin g values are re ferred to as thresh olds. The key to crea ting[...]

  • Page 193

    9-9 Alarms Alarm Action s 9 Alar m Acti ons Each line in an alar m table has a unique set of actions a ssociated with i t that wi ll occur if the alarm is triggere d. By default , two actio ns always occur when a n alarm is trigger ed – an audib le alarm and a messag e in the Mess age window . Y ou can set one addition al actio n to occur when yo[...]

  • Page 194

    9-10 Survey or User ’s Guide Y ou can selec t but not configure the E-mail, Log File, Page r , or SNMP T rap action on a remot e host r unning Sur veyor . If the s ettings that sup port these act ions have not been conf igured co rrectly at the remote hos t, the ala rm action does not oc cur when the al arm is tr iggere d. Settin g an abso lute v[...]

  • Page 195

    9-1 1 Alarms Alarm Action s 9 E-mail set tings fo r Surveyor hosts and THGs hosts ar e slight ly dif ferent . For analyzer devices i n Surveyor hosts, you set th e list e -mail recipi ents for alarms from the Host → Al arm Settin g → E-mail Se ttings.. . menu. Al l other e-mail co nfiguration is perfo rmed fr om the lo cal e-mai l utili ty . Fo[...]

  • Page 196

    9-12 Survey or User ’s Guide Tr ap Settings for T HGs The stat ions to r eceive tr aps for a remote THGs can be es tablishe d from the l ocal host run ning Surveyor. T o set up tra p destina tions for a remote THGs devi ce, selec t the THGs devi ce in the Resource Browser and f rom the menu bar selec t Host → Al arms Se ttings → SNMP T rap se[...]

  • Page 197

    9-13 Alarms Alarm Action s 9 Multipl e IP addre sses may be set for e ach trap. A maximum of 15 trap dest ination s can be ass igned to ea ch community . All al arms will b e sent to a ll speci fied tr ap destinat ions. The traps and MIB var iables defined for THGs ar e defined i n SNMPv2. Re fer to the THGs User ’ s Guide fo r more in formatio n[...]

  • Page 198

    9-14 Survey or User ’s Guide V iewi ng the Alarm Li st and the Alar m Log There ar e several ways to acc ess the lis t of alarms o r a log of alarm event s. From Detail V iew , click on the button to open a window f rom which you can see t he Alarms L ist and Alarm Log tab. F rom Summary V iew , click on the Alar ms or Alarm Log tab for the resou[...]

  • Page 199

    9-15 Alarms Alarm Exam ples 9 Alar m Exampl es The follo wing are si x examples f or alar ms and alarm g roupings. Ea ch provide s a picture of the Curr ent Modu le Alarms dialog box and a de scripti on of what wi ll occur when f or the al arms ar e triggered . Alarm Example, Utiliz ation Figure 9-6. A larm Ex ample, Utilization This simpl e exampl[...]

  • Page 200

    9-16 Survey or User ’s Guide Alarm Example, MAC Errors Figure 9-7. Alarm Example, M AC Errors This exampl e shows an a larm group consisti ng of five MAC La yer alar ms: Errors (two ala rms), Oversize Frames, CRC/Ali gnment, and Fr agments. Each of th ese alarm cou nters ar e check ed at five-s econd int ervals. W hen an ala rm threshol d for any[...]

  • Page 201

    9-17 Alarms Alarm Exam ples 9 Alarm Example, Fr ame Size ” Figure 9-8 . Alarm Ex ample, Frame Size This example shows an al arm group co nsisting of four MAC Laye r alarms: Oversize F rames, 256-5 1 1 Byte Frames, 512-1 028 Byte Fra mes, and 1024- 1518 Byte Frames . Each of thes e alarms samples networ k traf fic at fiv e-second interval s. When [...]

  • Page 202

    9-18 Survey or User ’s Guide Alarm Example, V oIP Calls ” Fig ure 9- 9. Alarm Exampl e, Call Jitte r and Cal l Setu p Time This exampl e shows an ala rm group consi sting of four a larms: Call Setup T ime, Call Jitte r , severe Call Ji tter , and User R-factor . When an alar m threshol d for any o f these four al arms is exce eded, Surveyo r is[...]

  • Page 203

    9-19 Alarms Alarm Exam ples 9 Alarm Example, Expert and Applicat ion Response Figure 9-10. Alarm Exampl e, Expert and App lication Response This example shows alar ms consist ing of th ree Applic ation Resp onse and one Expert al arm. All of t hese ala rm counters are chec ked at five- second int ervals. When an al arm thres hold for a ny of these [...]

  • Page 204

    9-20 Survey or User ’s Guide[...]

  • Page 205

    10-1 Chapter 10 10 Expert Features Automatic diagnosti c analys is, expert data vie ws, applica tion respons e times, and expert alarms are referr ed to coll ectivel y as Survey or Expert Feature s. The Exper t Feature s are avai lable onl y from Surv eyor menus and toolb a r s if you ha ve the Expert plug- in. Surveyor obs erves the traf fic on ne[...]

  • Page 206

    10-2 Survey or User ’s Guide Expert System V ie ws The exper t views pr esent expe rt infor mation on capture files, a capture b uff er , or in monitori ng mode. The fo llowing Expe rt views a re avail able from the Dat a Views or Capture V iew tool bar: Expert V iew Expert vi ews are av ailable fr om the Data Vi ews or Captu re View tool bars, i[...]

  • Page 207

    10-3 Expert F eatures Getting S tarted with Ex pert Vi ew 10 Figure 10-1. Expert Overvie w Example[...]

  • Page 208

    10-4 Survey or User ’s Guide Expert Overview Det ails Click on a ny counter in th e display to view a t able lis ting only the event s for the select ed symptom. The display ha s a summary ar ea showing a ll symptoms and a detail area for the cu rrent se lecte d symptom. The summar y area co ntains a tabl e showing f rame ID (Capt ure V iew only)[...]

  • Page 209

    10-5 Expert F eatures Getting S tarted with Ex pert Vi ew 10 Figure 10-2 . Expert Over view Det a il T able Exam ple[...]

  • Page 210

    10-6 Survey or User ’s Guide Expert Layers Surveyor cat egorizes network pr oblems acco rding to t he netw ork “layer ” at which they occ ur . Duri ng capture or monitor , Surveyor decodes f rames. The de code informat ion embe dded in eac h frame is used to ca tegorize the pr oblem. Layers a re select ed from th e panel on t he left of the E[...]

  • Page 211

    10-7 Expert F eatures Expert La yers 10 Figure 10-3. Expert Applica tion Layer Exa mple[...]

  • Page 212

    10-8 Survey or User ’s Guide The inte rface pr ovides a mat rix of ex pert inf ormation vi ews. For each layer , the symptoms , analyses, and objects can be displa yed by selecting a ta b at the bott om of the windo w . Click on a col umn header to sort the sympt oms in the summary area by th e values in the col umn. Clicking a column hea der a s[...]

  • Page 213

    10-9 Expert F eatures Expert La yers 10 T able 10-1. Expert S ymptoms and Analyses by Layer Layer Expert Sym ptoms Expert Analyses Applicatio n Exce ssive ARP Excessive BOOTP Excessive M ailslot Broadcasts FTP Login Attemp ts Missed B rowse r Announ cement NCP File Retransmissio n NCP Read/Write Over lap NCP Request Denied NCP Requ est Loop NCP Ser[...]

  • Page 214

    10-1 0 Survey or User ’s Guide Exper t Sympto ms, Analy ses, and Ne twork Enti ties When you captur e or monitor packets on a net work segment, Sur veyor immedia tely begins c onstruct ing a data base of net work enti ties fr om the traf fic it s ees. Survey or uses pro tocol dec oding to l earn all about the connectio ns, network stati ons, rout[...]

  • Page 215

    10-1 1 Expert F eatures Expert Sym ptoms, A nalyses , and Netw ork Entitie s 10 Analyses High rates of recur rence of s pecific symptoms o r single instance s of part icular network events ca use the so ftware to assert that t he network h as a real problem. The se are l ogged as analy ses. An alyses s hould b e inves tigat ed imme diatel y . Count[...]

  • Page 216

    10-1 2 Survey or User ’s Guide Press t he Entiti es tab on the Expe rt V iew window to view n etwork obje cts discov- ered fr om the curr ent packet analysi s.The example below shows t he entit ies disc ov- ered for the T ransport Layer . The detail area shows deta ils fo r both the conve rsation and the i ndividual statio ns in the conversat ion[...]

  • Page 217

    10-13 Expert F eatures Expert Sym ptoms, A nalyses , and Netw ork Entitie s 10 Applicati on/Session List s for Entities The list displays the number of packets and byte s of appl ication d ata that ar e sent and recei ved by the s erver . The times when t he first and last packets s een by thi s server a re noted, a nd the dura tion is the dif fere[...]

  • Page 218

    10-1 4 Survey or User ’s Guide Data Lin k List s for Entities The firs t list di splays the network tra ffi c of the physi cal statio n. It shows how many packets and bytes o f data ar e sent and received by the station. It shows t he network address es associ ated to t he stati on. The second list di splays th e protocol s this s tation us ed, t[...]

  • Page 219

    10-15 Expert F eatures Expert D iagnosti c Message s 10 Expert Diagn ostic Me ssages From any s ummary table you can doubl e-clic k on any sympt om or analys is to display a n Expert Dia gnostic Mes sage. Conte nts of the Exp ert Diag nosis window includ e: • A summary of the s ymptom or anal yses, incl uding addr esses and frame IDs • A descri[...]

  • Page 220

    10-1 6 Survey or User ’s Guide W orkin g with the Ex pert System Configuring t he Expert System Use the Exper t Configura tions dial og box to change expert set tings. W ith the Exper t V iew visible, selec t Expert Sett ings from th e Confi guratio n menu to view configu ration opt ions. An exa mple Expert Configura tions dia log box is shown be[...]

  • Page 221

    10-17 Expert F eatures Working wit h the Expert System 10 The tree c an be expand ed or coll apsed by cl icking on the plus o r minus icon, double-cl icking on the item, o r using di rection keys. The che ckbox can be checked or unchecked by cli cking on the ch eckbox or by selectin g the symptom and pre ssing the Space bar . The edit con t r ol is[...]

  • Page 222

    10-1 8 Survey or User ’s Guide The ExpertMs g.INI file conta ins Survey or’ s diagnostic i nformation . This fil e can be c hanged usi ng a text editor , thu s giving you a way to add inf ormation. Rules for addi ng informa tion to ExpertMs g.INI are include d at the b eginning of the file. Eit her possib le causes or recommende d actions can b[...]

  • Page 223

    10-19 Expert F eatures Applicat ion Res ponse T ime 10 Working w it h Analyzer Devi ces For THGm or NDIS re sources, e xpert vie ws present expert i nformatio n on captur e files, c apture buf fers, or in real- time monito r mode. An analy zer card wi th a hard ware cap ture buf fer is typ ically us ed for exp ert analysis . Use of an NDI S or Port[...]

  • Page 224

    10-2 0 Survey or User ’s Guide Appli catio n Laye r Excessive Mailslo t Broadcast s Counter Excessi ve Mailslot Broadcast s is a cou nter of Mai lslot Br oadcasts packets pe r second t hat e xceed a t hreshold . A coun t of al l Exces sive Mail slot Bro a dc asts eve nts displ ays in th e Ove rview counter s of Expert V iew . Expert Anal ysis Exc[...]

  • Page 225

    10-21 Expert F eatures Applicati on Layer 10 FTP Login Att empt s Counter FTP Login Atte mpts is a c ounter of FTP login at tempts th at exceed a threshol d. A count o f all FTP Log in Attempt events displays in the Overview counters of Expert Vi e w. Expert Symptom FTP Login Atte mpt events are automat ically logged as expert symptoms. The Sympto [...]

  • Page 226

    10-2 2 Survey or User ’s Guide Missed Browser Announcement Counter Missed Br owser Announc ement is a coun ter of events wher e the t ime elaps ed since the las t browser announcement exceeds a threshold. A count of all Mis sed Browser Announcement events di splays in t he Over view c ounters of Expert V iew . Expert Sympt om Missed Brows er Anno[...]

  • Page 227

    10-23 Expert F eatures Applicati on Layer 10 NCP File Retransmission Counter NCP File Retr ansmissio n is a count er of al l times wher e a portion of a file is retrans mitted . A count of a l l NCP File Retr ansmis sion ev ents disp lays in t he Overvi ew counte rs of Exper t V iew . Expert Symptom NCP File Ret ransmissi on event s are au tomatica[...]

  • Page 228

    10-2 4 Survey or User ’s Guide NCP Read/W rite Over lap Counter NCP Read/W rite Ove rlap is a counte r of all times wher e a port ion of a file ove rlaps the tr ansmission of other p arts of t he file . A count of a ll NCP Read/W rite Overla p even ts displ ays in th e Ov ervi ew coun ters of Exper t V iew . Expert Sympt om NCP Read/W rite Overla[...]

  • Page 229

    10-25 Expert F eatures Applicati on Layer 10 NCP Request Denied Counter NCP Request Deni ed is a co unter of a l l times wher e the number of reques t denied replies exceed a t hreshold wi thin an i nterval . A count o f all NCP Request Denied events displays in the Overvi ew count ers of Expe rt V iew . Expert Symptom NCP Request Deni ed events ar[...]

  • Page 230

    10-2 6 Survey or User ’s Guide NCP Request Loop Counter NCP Request Lo op is a counter of all time s where the same request occurs wi thin an interv al. A count of all NCP Request Loop event s displ ays in t he Overview counters of Expert V iew . Expert Sympt om NCP Request Lo op events are automatical ly logged as ex pert symptoms. The Sympto m [...]

  • Page 231

    10-27 Expert F eatures Applicati on Layer 10 NCP Server Busy Counter NCP Server Busy is a count er of all NCP Se rver Busy responses t hat excee d a threshol d for a si ngle stati on. A count of all NCP Serv er Busy dis plays in t he Overvi ew counte rs of Exper t V iew . Expert Symptom NCP Server Busy events ar e automa ticall y logged as expert s[...]

  • Page 232

    10-2 8 Survey or User ’s Guide NCP T oo Many File Retransmissions Counter NCP T oo Many Fi le Retran smissi ons is a c ounter of even ts where t he ratio of file retran smissions to file requests exc eeds a thr eshold val ue for a s i n gle stat ion. A count of all NCP T oo Many File R etr ansmiss ion event s display s in the Over view counter s [...]

  • Page 233

    10-29 Expert F eatures Applicati on Layer 10 NCP T oo Many Request s Denied Counter NCP T oo Many Requests Denied is a counter of events where the r atio of fil e requests denied to file requests exceeds a threshol d value for a si ngle stat ion. A count of a ll NCP T oo Many Reques ts Denied events di splays in the Overview counters of Expert V ie[...]

  • Page 234

    10-3 0 Survey or User ’s Guide NCP T oo Many R e quest Loop s Counter NCP T oo Many Request Loops is a counter o f events wh ere the r atio of fil e request loops to file re quests exceeds a thres hold value for a si ngle stat ion. A count of all NCP T oo Many Request Loops event s displa ys in the Ov ervi ew counter s of Exper t Vi e w. Expert A[...]

  • Page 235

    10-31 Expert F eatures Applicati on Layer 10 NFS Retransmissions Counter NFS Retransmi ssions is a counter of all NFS Retran smissions over a per iod of ti me per segmen t. A count of all NFS Retra nsmissions display s in th e Ove rview counte rs of Expert V iew . A threshol d for thi s counter ca n be set i n Expert Ala rms. Expert Symptom NFS Ret[...]

  • Page 236

    10-3 2 Survey or User ’s Guide No HTTP POST Response Counter No HTTP P OST Response is a counter of all POST reques ts to a n HTTP se rver th at never re ceive a r esponse or exceed a t ime out val ue. A count of all No HTTP POST Responses displays in the Overview counters of Expert V iew . Expert Anal ysis No HTTP POST Respons e events a re auto[...]

  • Page 237

    10-33 Expert F eatures Applicati on Layer 10 No Server Response Counter No Server Res ponse is a counter o f r esponses t o server reques ts that n ever happe n or exceed a time out v alue. A count of all No Server Resp onses disp lays in t he Overvi ew counte rs of Exper t V iew . Expert Analysi s No Server Res ponse event s are automat ically log[...]

  • Page 238

    10-3 4 Survey or User ’s Guide Slow HTTP GET Response Counter Slow HTTP GET Respo nse is a co unter of a ll Slow HTTP GET Respon ses that exceed a threshol d. A count of all Slow HTTP GET Re sponses di splays in the Over view counter s of Expert V iew . A thresh old for t his counte r can be s et in Exper t Alarms. Expert Sympt om Slow HTTP GET R[...]

  • Page 239

    10-35 Expert F eatures Applicati on Layer 10 Slow HTTP POST Respo nse Counter Slow HTTP POST Res ponse is a cou nter of all HTTP POST resp onses that exceed a thresho ld. A count o f al l Slow HTTP POST Res ponses displays in the Overview counters of Exper t V i e w . A threshold f or this c ounter ca n be set in Expe rt Alarms. Expert Symptom Slow[...]

  • Page 240

    10-3 6 Survey or User ’s Guide Slow Server Connect Counter Slow Serve r Connect i s a counte r of all server co nnect res ponses tha t exceed a thresho l d. A count of all Slow Serv er Connec ts displa ys in the Ov erview co unters of Expert V iew . Expert Sympt om Slow Server Connect events are auto matica lly log ged as exp ert sym ptoms. The S[...]

  • Page 241

    10-37 Expert F eatures Applicati on Layer 10 Slow Server Response Counter Slow Server Response is a count er of serve r r esponses t hat excee d a thres hold. A coun t of al l Slow Se rver Re sponse s displ ays in th e Ov ervi ew coun ters of Exper t Vi e w. Expert Symptom Slow Serv er Response events are a utomatically l ogged as exp ert sympto ms[...]

  • Page 242

    10-3 8 Survey or User ’s Guide SMB Invalid Network Name Counter SMB Invalid Network Name is a counter of SMB sessi ons that c ould not be establ ished bec ause o f invali d network names. A count of all SMB In valid Net work Name displ ays in the Over view counte rs of Exper t V iew . Expert Anal ysis SMB Invalid Network Name eve nts are a utomat[...]

  • Page 243

    10-39 Expert F eatures Applicati on Layer 10 SMB Invalid Password Counter SMB Invalid Pa ssword is a counter o f SMB se ssions t hat could n ot be esta blished beca use o f an inva lid pa sswor d. A coun t of al l SMB In valid Passwor d disp lays in the Overview counters of Expert V iew . Expert Analysi s SMB Invalid Pa ssword even ts are aut omati[...]

  • Page 244

    10-4 0 Survey or User ’s Guide Sessio n Layer No WINS Response Counter No WINS Response is a counter of re sponses to WINS serve r requests t hat never happen or exceed a t ime out val ue. A coun t of all No WINS Respons es displa ys in the O ver view c ounters of Ex pert V iew . Expert Anal ysis No WINS Resp onse events are auto maticall y logge[...]

  • Page 245

    10-41 Expert F eatures Sess ion Laye r 10 TNS Slow Server Connect Counter TNS Slow Server Connect is a counter of all TNS ser ver connec t respons es that exceed a t hreshold. A count of all TNS Slo w Server Conne cts disp lays in t he Overvi ew counte rs of Exper t V iew . Expert Symptom TNS Slow Server Connect eve nts are a utomatica lly logge d [...]

  • Page 246

    10-4 2 Survey or User ’s Guide TNS Slow Server Response Counter TNS Slow Serve r Response is a count er of T NS server r esponses that exceed a thresho ld. A count o f all TNS Sl ow Server Respons es displa ys in the Overview counter s of Expert V iew . Expert Sympt om TNS Slow Serve r Response events ar e automati cally lo gged as expert sympt o[...]

  • Page 247

    10-43 Expert F eatures T ransport Lay er 10 T rans port La yer Idle T oo Long Counter The Idle T oo Long counter increments when a conne ction is idle for greater than a threshol d value, mea sured in second s. A count of all I dle T oo Long events di splays in the Overview cou nters of Exper t V iew . Expert Symptom Idle T oo Long e vents are aut [...]

  • Page 248

    10-4 4 Survey or User ’s Guide Non Responsive St ation Counter Non Resp onsive S tatio n is a count er of al l non-res ponsive statio ns over a pe riod of time per segment. A non- respo nsive sta tion is def ined as suc cessive TCP/IP retran smissions over the s ame connect ion that a re greater than a thr eshold val ue. A count of all non-r espo[...]

  • Page 249

    10-45 Expert F eatures T ransport Lay er 10 TCP Checksum Error s Counter TCP Checksum Errors is a counter o f all incorrect TCP checksums over a per iod of time per s egment. A count of all TCP Checksum Error s events displays in t he Overview cou nters of Expert V iew . Expert Symptom TCP Checksum E rrors eve nts are a utomatica lly logge d as exp[...]

  • Page 250

    10-4 6 Survey or User ’s Guide TCP Fast Retransmission Counter TCP Fast Retrans mission is a counter of all TCP retrans missions tha t are less tha n a thresho ld value. A c ount of all TCP Fast Retransmission s display s in the Ov ervi ew counter s of Expert V iew . A thresh old for t his counte r can be se t in Exper t Alarms. Expert Sympt om T[...]

  • Page 251

    10-47 Expert F eatures T ransport Lay er 10 TCP Frozen Wi ndow Counter The TCP Froz en W indow counter i ncrements when the TCP window i s frozen for greater than a thr eshold value , measured i n seconds. A c ount of all TCP W indow Frozen even ts displays in the Overview counters of Expe rt V iew . A threshold for this coun ter can be set in Exp [...]

  • Page 252

    10-4 8 Survey or User ’s Guide _________ __________ ____________ _____________ _____________ _________ Recomm ended Ac tion(s) : 1. Upgrade the rec eiver ’ s CPU and/or Memory . 2. Reduce the number o f c onnections to the r eceiver . 3. Increase the network band width.[...]

  • Page 253

    10-49 Expert F eatures T ransport Lay er 10 TCP Long Ack Counter The TCP Long Ac k counter increments when th e TCP acknowled gment for a connecti on is not see n for greate r than a thre shold value, measur ed in millis econds. A count of a ll TCP Long Ack e vents dis plays in t he Overview counte rs of E xpert V iew . A thresho ld for th is count[...]

  • Page 254

    10-5 0 Survey or User ’s Guide TCP Repeat Ack Counter The TCP Repea t Ack count er incre ments when t he TCP acknowl edgment number is less t han the immediat ely prece ding acknowl edgement. A c ount of al l TCP Repeat Ack events displays in the Overview counters of Expert V iew . Expert Sympt om TCP Repeat Ac ks are aut omatically l ogged as ex[...]

  • Page 255

    10-51 Expert F eatures T ransport Lay er 10 TCP Retransmissions Counter TCP Retransmi ssions is a counter of all TCP Retransmis sions over a per iod of ti me per segment . This vari able coun ts the number of r etransmit ted packet s to measur e excessiv e retrans m iss i on in TCP/IP . A count of all TCP Retr ansmission s displays in the Overview [...]

  • Page 256

    10-5 2 Survey or User ’s Guide TCP RST Packets Counter TCP RST Packet s is a coun ter of al l TCP RST Pac kets over a period o f time per segment. Th is variable cou nts the nu m b er of RST res ponses to monitor resets in TCP/IP . A count of all TCP RST p ackets displays in the Overview co unters of Expert V iew . A threshol d for thi s counter [...]

  • Page 257

    10-53 Expert F eatures T ransport Lay er 10 TCP SYN Att ack Counter The TCP SYN Att ack counte r incremen ts when a cha nge in the number of SYN requests per secon d exceeds a threshol d. A count of all TCP SYN Atta ck events displays in the Overview counters of Expert V iew . A threshold f or this counter ca n be set in Expert Alar ms. Expert Symp[...]

  • Page 258

    10-5 4 Survey or User ’s Guide TCP Window Exceeded Count TCP W indow Exceede d is a coun ter of al l events where the d ata lengt h of a TCP packet e xceeds the current wind ow size. A count of a ll TCP W indow Exceeded even ts displ ays in th e Ov ervi ew coun ters of Exper t V iew . Expert Sympt om TCP W indow Exceeded ev ents are automaticall [...]

  • Page 259

    10-55 Expert F eatures T ransport Lay er 10 TCP Window Probe Counter TCP W indow Probe is a c ounter of all TCP W indow Probe e vents over a period of time per s egment. A count of all TCP W indow Probe events displays in the Overvi ew counter s of Expert V iew . A threshold for this count er can be set in Ex pert Alarms. Expert Symptom TCP W indow[...]

  • Page 260

    10-5 6 Survey or User ’s Guide TCP Zero Window Counter TCP Zero W indow is a counter of all TCP Zer o W indow events over a period of time per seg ment. A count of all TCP Zero W indow events display s in the Ov erview counter s of Expert V iew . A thresh old for t his counte r can be se t in Exper t Alarms. Expert Sympt om TCP Zero W indow event[...]

  • Page 261

    10-57 Expert F eatures T ransport Lay er 10 T oo Many Retransmissi ons Counter T oo Man y Retra nsmissi ons is a counte r of events where the ratio of retra nsmissi ons to packet s sent exc eeds a threshol d value for a single station . A count of all T oo Many Retr ansmission s events di splays i n the Ove rview counter s of Expert V iew . Expert [...]

  • Page 262

    10-5 8 Survey or User ’s Guide Network Layer Duplicate Network Addre ss A separat e table showing dupl icate net work addre sses is a vailable . Press the button o n the Dat a V iew or Capture V iew tool bar to see this ta ble. Counter Duplicat e Network Addr ess is a counter of all dupl icate ne twork addre sses over a period o f time per segmen[...]

  • Page 263

    10-59 Expert F eatures Net work Laye r 10 HSRP Coup Counter HSRP Coup events are count ed in the HSRP Errors cou nter , which dis plays in t he Overview cou nters of Expert V iew . A Coup message indicates that the rout er wishes to b ecome ac tive. A thresh old can be set in Expert Ala rms for HSRP Coup/ Resign pack ets, which i ncludes b oth Resi[...]

  • Page 264

    10-6 0 Survey or User ’s Guide HSRP Errors Counter Some Hot Stand by Routing Prot ocol (HSRP ) packets ar e counted i n the HSRP Errors counte r , which displ ays in the Overvi ew counter s of Expe rt V iew . Both Coup and Resig n packets a re counte d. Coup/Resig n packets in the HSRP ar e used to a cti- vate/de activat e router s. A thresho ld [...]

  • Page 265

    10-61 Expert F eatures Net work Laye r 10 HSRP Resign Counter HSRP Resign e vents ar e counted in the HSRP Errors counte r , which displ ays in the Overview cou nters of Expert V iew . A Resign mess age indic ates that the rout er is requesti ng to become inactive. A t hreshold c an be set i n Expert Alar ms for HSRP Coup/Resign packets, which incl[...]

  • Page 266

    10-6 2 Survey or User ’s Guide ICM P All E rrors Counter ICMP All Errors is a counter of all ICMP symptoms. A count of all IC MP sympto ms displ ays in the Overview co unters of Expert V iew . This counter ca n also be set in Expert Alarm s to set a th reshol d for all I CMP error s. The foll owing types of ICMP errors are counte d: • Destin at[...]

  • Page 267

    10-63 Expert F eatures Net work Laye r 10 ICMP Bad IP Header Counter ICMP Bad IP Header events ar e counted in the ICMP All Errors co unter . A count of all ICMP er rors displ ays in th e Over view counter s of Expert V iew . A threshold can be se t in Exp ert Alarm s for all ICMP er rors. Expert Symptom ICMP Bad IP Header events a re automat icall[...]

  • Page 268

    10-6 4 Survey or User ’s Guide ICMP Destination Host Access Deni ed Counter ICMP Dest ination Ho st Access De nied event s are coun ted in the ICMP All Erro rs and the I CMP Destin ation Unreachabl e counters . A count of all de stination unreacha ble ICMP sympto ms and a c ount of al l ICMP error s display s in the Over view counter s of Expert [...]

  • Page 269

    10-65 Expert F eatures Net work Laye r 10 ICMP Destinati on Host Unknown Counter ICMP Destinat ion Host Unkn own events a re counte d in the ICMP Al l Errors and the ICMP Destin ation Unreach able counter s. A count of all desti nation unrea chable ICMP symptoms and a count of all ICMP err ors displ ays in th e Overvi ew count ers of Expert V iew .[...]

  • Page 270

    10-6 6 Survey or User ’s Guide ICMP Destination Networ k Access Denied Counter ICMP Destina tion Networ k Access Deni ed events are counted i n the ICMP All Errors and the ICMP Des t i nation Unre achable c ounters. A c ount of al l destin ation unreacha ble ICMP sympto ms and a c ount of al l ICMP error s display s in the Over view counter s of [...]

  • Page 271

    10-67 Expert F eatures Net work Laye r 10 ICMP Destinati on Network Unknown Counter ICMP Destinat ion Network Unknown events are count ed in the ICMP All Errors and the ICMP Des tinatio n Unreachab le coun ters. A coun t of all destinat ion unreachab le ICMP symptoms a nd a count o f all ICMP er rors dis plays in the Overvi ew counte rs of Exper t [...]

  • Page 272

    10-6 8 Survey or User ’s Guide ICMP Destination Unreac hable ICMP Dest ination Un reachable is a count er of al l ICMP des tinatio n unreachab le errors over a per iod of ti me per segmen t. A count of all dest ination unreachabl e ICMP symptom s disp lays in the Ov ervi ew count ers of Exp ert V iew . A thresh old for this co unter can be set in[...]

  • Page 273

    10-69 Expert F eatures Net work Laye r 10 _________ __________ ____________ _____________ ____________ __________ Recom mended A ction(s ): 1. Check the routing tables of the rout er that this messa ge was gener ated fro m. 2. Check the netmask co nfiguration of the so urce. 3. Ignore this message if the de stination i s truly u nreach able (no a c[...]

  • Page 274

    10-7 0 Survey or User ’s Guide ICMP Fragment Reassembly Ti me Exceeded Counter ICMP Frag ment Reassembl y T ime Exceeded even ts are co unted in t he All ICM P Errors counter . A count of all ICMP errors disp lays in the Over view c ounters of Expert V iew . A threshol d can be set in Expert Alarms for al l ICMP er rors. Expert Sympt om ICMP Frag[...]

  • Page 275

    10-71 Expert F eatures Net work Laye r 10 ICMP Fragment ation Needed [D/F set] Counter ICMP Fragment ation Nee ded [D/F set ] events are count ed in the I CMP All Err ors and the ICMP Des tinatio n Unreachab le coun ters. A coun t of all destinat ion unreachab le ICMP symptoms a nd a count o f all ICMP er rors dis plays in the Overvi ew counte rs o[...]

  • Page 276

    10-7 2 Survey or User ’s Guide ICMP Host Redirect Counter ICMP Host Red irect eve nts are cou nted in the ICMP Redirec t Errors c ounter and t he ICM P All Erro rs coun ter . A co unt of IC MP red irect err ors and a count of all IC MP errors displays in the Overview counters of Expert V iew . A threshold c an be set in Expert Al arms for a ll IC[...]

  • Page 277

    10-73 Expert F eatures Net work Laye r 10 ICMP Host Red irect for TO S Counter ICMP Host Red irect for T OS events are counted i n the ICMP Re direct Erro rs counter a nd the ICMP All Err ors count er . A count of ICMP red irect er rors and a count o f all ICMP er rors dis plays in the Ov erview counters of Expert V iew . A threshol d can be set in[...]

  • Page 278

    10-7 4 Survey or User ’s Guide ICM P Host Unreac habl e Counter ICMP Host Unreachabl e events a re counte d in th e ICMP All Erro rs and the ICMP Destina tion Unreac hable coun ters. A coun t of all destinat ion unrea chable ICMP symptoms and a count of all I CMP errors di splays i n the Ov ervi ew counter s of Expert V iew . A threshol d can be [...]

  • Page 279

    10-75 Expert F eatures Net work Laye r 10 ICMP Host Unreachabl e for T OS Counter ICMP Host Unreac hable for T OS events are counted in th e ICMP All Errors and the ICMP Destinat ion Unreac hable count ers. A count of all d estination unreachable ICMP symptoms and a count of all ICMP err ors displ ays in th e Overvi ew count ers of Expert V iew . A[...]

  • Page 280

    10-7 6 Survey or User ’s Guide ICMP Inc onsistent Subnet Mask Counter ICMP Inc onsisten t Subnet Mas k events a re counte d in the I CMP All Err ors count er . A count of all dest ination unreachabl e ICMP sympt oms and a coun t of all ICMP errors displays in the Overview counters of Expert V iew . A threshold c an be set in Expert Al arms for a [...]

  • Page 281

    10-77 Expert F eatures Net work Laye r 10 ICMP Network Redir ect Counter ICMP Network Redirect events ar e counted i n the ICM P Redirect Errors co unter and the ICMP All Errors c ounter . A count of ICMP redi rect er rors an d a count of all ICMP errors dis plays in the Overview counte rs of Expert V iew . A threshold c an be set in Expe rt Alarms[...]

  • Page 282

    10-7 8 Survey or User ’s Guide ICMP Networ k Redirect for T OS Counter ICMP Networ k Redirect f or T OS events a re counte d in the I CMP Redirect Er rors counter and the ICMP Al l Errors counter . A count of ICMP r edirect errors an d a count of all ICMP errors disp lays in the Over view counters of Expert V iew . A thres hold ca n be set i n Ex[...]

  • Page 283

    10-79 Expert F eatures Net work Laye r 10 ICMP Network Unreacha ble Counter ICMP Network Unreachabl e events a re counte d in the ICMP All Er rors and the ICMP Destinat ion Unreac hable count ers. A count of all d estination unreachable ICMP symptoms and a count of all ICMP err ors displ ays in th e Overvi ew count ers of Expert V iew . A threshol [...]

  • Page 284

    10-8 0 Survey or User ’s Guide ICMP Parameter Probl em Counter ICMP Para meter Probl em events a re counte d in the I CMP All Err ors counte r . A count of all ICMP errors disp lays in the Over view counters of Expert V iew . A thres hold ca n be set i n Expert Alarms for all IC MP error s. Expert Sympt om ICM P Parame ter Pro blem ev ents ar e a[...]

  • Page 285

    10-81 Expert F eatures Net work Laye r 10 ICMP Port Unreach able Counter ICMP Port Unrea chable ev ents are count ed in the ICMP All Errors and the ICMP Destinat ion Unreach able counters. A c ount of al l destin ation unre achable I CMP symptoms and a count of a ll ICMP erro rs displ ays in the Overvi ew counte rs of Expert V iew . A threshold c a[...]

  • Page 286

    10-8 2 Survey or User ’s Guide ICMP Protocol Unreachable Counter ICMP Prot ocol Unreacha ble events are count ed in the ICMP All Error s and the ICMP Dest ination Un reachable counters . A count of a l l destina tion unre achable ICMP sympt oms and a count of all ICMP er rors dis plays in t he Over view coun ters of Exper t V iew . A threshold ca[...]

  • Page 287

    10-83 Expert F eatures Net work Laye r 10 ICMP Redirec t Counter ICMP Redirect is a count er of al l ICMP red irect erro rs over a period of time per segm ent. A c ount of all redi rect ICM P symp toms d isplays in the Overv iew c ounters of Expert V iew . A threshol d for thi s counter ca n be set i n Expert Ala rms. The follo wing types o f ICMP [...]

  • Page 288

    10-8 4 Survey or User ’s Guide ICMP Required IP Option Missing Counter ICMP Requi red IP Opti on Missing e vents are counted i n the ICMP All Errors counter . A count of a ll ICMP err ors displays in the Overview counters of Expert V iew . A thres hold can be set in Expe rt Alarms for all ICMP errors. Expert Sympt om ICMP Requi red IP Opti on Mis[...]

  • Page 289

    10-85 Expert F eatures Net work Laye r 10 ICMP Source Quench Counter ICMP Source Quen ch events a re counte d in the I CMP All Errors counter . A count of all I CMP errors displays in the Overview counters of Expe rt V iew . A thresho ld can b e set in E xpert Al arms fo r all ICM P errors. Expert Symptom ICMP Source Quen ch events are automat ical[...]

  • Page 290

    10-8 6 Survey or User ’s Guide ICMP Source Route Failed Counter ICMP Source Route Failed event s are counted in the ICMP All Errors and th e ICM P Destina tion Unreac hable coun ters. A coun t of all destinat ion unrea chable ICMP symptoms and a count of all I CMP errors di splays i n the Ov ervi ew counter s of Expert V iew . A threshol d can be[...]

  • Page 291

    10-87 Expert F eatures Net work Laye r 10 ICMP Ti me Exceeded Counter ICMP T ime Exceeded event s are cou nted in th e ICMP All Err ors counte r . A count of all I CMP errors displays in the Overview counters of Expe rt V iew . A thresho ld can b e set in E xpert Al arms fo r all ICM P errors. Expert Symptom ICM P T im e Excee ded eve nts are a uto[...]

  • Page 292

    10-8 8 Survey or User ’s Guide ICMP T ime to Live Exceeded Counter ICMP T ime to Live Exceed ed events ar e counted in th e ICMP All Errors counter . A count of all ICMP errors disp lays in the Over view counter s of Expert V iew . A thres hold ca n be set i n Expert Alarms for all IC MP error s. Expert Sympt om ICMP T ime to Live Exceede d event[...]

  • Page 293

    10-89 Expert F eatures Net work Laye r 10 Illegal Network Sour ce Address Counter Illegal Network Source Addr ess is a count er of all illeg al network sou rce address es over a per iod of ti me per segment . A count of all illega l MAC sourc e addresses displays in the Overview counters of Expert V iew . A threshold f or this counter ca n be set i[...]

  • Page 294

    10-9 0 Survey or User ’s Guide IP Checksum Errors Counter IP Checksu m Errors i s a counter of all incor rect IP c hecksums over a period of time per segmen t. A count of all IP Che cksum Error s events disp lays in t he Overvie w counter s of Expert V iew . Expert Sympt om IP Checksu m Errors events ar e automati cally l ogged as exp e rt sympto[...]

  • Page 295

    10-91 Expert F eatures Net work Laye r 10 IP Ti me to Live Expiring Counter IP T ime to Live Expi ring is a cou nter of all exp iring connect ions o ver a period o f time per s egment. A count of all IP T ime to Li ve Expiring ev ents displays in t he Overview co unters of Exper t V iew . A threshold for this c ounter ca n be set in Expert Alarms t[...]

  • Page 296

    10-9 2 Survey or User ’s Guide ISL BPDU/CDP Packet s Counter ISL BPDU/CDP Packe ts is a c ounter of al l Bridge Pr otocol Data Uni t (BPDU) or Cisco Dis covery Prot ocol (CDP) p ackets in an ISL f rame over a period of time per segment. A c ount of BPDU/CDP pa ckets displ ays in the Over view counter s of Expert V iew .[...]

  • Page 297

    10-93 Expert F eatures Net work Laye r 10 ISL Illegal VLAN ID Counter ISL Illegal VLAN ID is a counter of all ISL i llegal VLAN IDs over a peri od of time per segment . A coun t of all I SL Illega l VLAN ID disp lays in t he Overview counters of Expert V iew . A threshol d for thi s counter ca n be set i n Expert Ala rms. Expert Symptom ISL Illega [...]

  • Page 298

    10-9 4 Survey or User ’s Guide OSPF Broadcast s Counter OSPF Broadcas ts is a c ounter of all OSPF bro adcasts ov er a peri od of time p er segment. A c ount of al l OSPF broadc asts disp lays in the Ov erview count ers o f Expert V iew . A threshol d for thi s counter can be set in Expert Alar ms. If OSPF bro adcasts f all below a c ertain t hre[...]

  • Page 299

    10-95 Expert F eatures Net work Laye r 10 RIP Broadcast s Counter RIP Broadcast s is a counte r of all RIP br oadcasts ov er a period of time per segmen t. A co unt of al l RIP br oadcas ts disp lays in th e Ov ervi ew counter s of Expert V iew . A threshol d for thi s counter can be set in Expert Alarms. If RIP broa dcasts f all below a certai n t[...]

  • Page 300

    10-9 6 Survey or User ’s Guide Router St orm Counter Router S torm is a coun ter of all e vents where the rout er broadc asts exce ed a thresho ld for a s ingle rou ter . A count of all Ro uter S torm event s displa ys in the Over view counter s of Expert V iew . Expert Sympt om Router S torm events are automatica lly logged as expert s ymptoms. [...]

  • Page 301

    10-97 Expert F eatures Net work Laye r 10 Same Network Addresses Counter Same Network Addr esses i s a counter of all e vents wher e the same s ource and destinat ion networ k addresse s are see n in the s ame packet. A c ount of al l Same Network Addre ss even ts displ ays in the Overvi ew counte rs of Exper t V iew . Expert Symptom Same Network A[...]

  • Page 302

    10-9 8 Survey or User ’s Guide SAP Broadcast s Counter SAP Broadcas ts is a c ounter of all SAP broa dcasts ove r a period of time per segmen t. A count of all SAP broadcas ts displays in the Overview c ounters of Expe rt V iew . A thres hold for t his count er can be s et in Exper t Alarms. If SAP broad casts fal l below a ce rtain threshol d, t[...]

  • Page 303

    10-99 Expert F eatures Net work Laye r 10 T ot al Router Broadcast s Counter T otal Router Bro a dca sts is a counter of all tot al route r broadca sts over a period of time per s egment. A threshol d for thi s counter ca n be set in Exper t Alarms f or total router br oadcasts . If tota l ro uter bro adcasts go above a cert ain thr eshold, this ma[...]

  • Page 304

    10-1 00 Survey or User ’s Guide Unst able MST Counter The Unstab le MST count er increment s when a cha nge in the number of MST topology changes per second ex ceeds a thr eshold . The defau lt thres hold is a del ta of 5 topolog y changes per second ; however , this value ca n be chang ed from the Ex pert Threshol ds tab in the Config uration ?[...]

  • Page 305

    10-1 01 Expert F eatures Net work Laye r 10 Zero Broadcast Address Counter Zero Broadc ast Addres s is a coun ter of all even ts where t he destin ation network addresses is all zeros. A count of al l Zero Bro adcast Addr ess event s display s in the Overvi ew counte rs of Exper t V iew . Expert Symptom Zero Broadc ast Addres s events a re automat [...]

  • Page 306

    10-1 02 Survey or User ’s Guide MAC Layer Bad Frames Counter Bad Fram es is a cou nter of a ll bad frames over a period of time per s egment. A count of all bad f rames disp lays in t he Over view c ounters of Expert V iew . The Bad Fra mes count er is a tota l coun t of sever al MAC layer s ymptoms. The ba d frames c ounter in cludes the foll ow[...]

  • Page 307

    10-1 03 Expert F eatures MAC L ayer 10 Broadcast/Multi cast S torms Counter The Broadcas t/Mult icast S torms counter in crements whe n a change i n the n umber of total Broadcast /Multicas t packet s per seco nd exceeds a thre shold. Broadcast/ Multic ast S torms can be used to moni tor extr eme peaks i n the nu mber of broa dcast and/or mult icas[...]

  • Page 308

    10-1 04 Survey or User ’s Guide CRC Frame counter Counter The CRC Fram e counter increments when a fra me has a CRC err or and is g reater than 63 by tes in le ngth. A count of all CRC Fr ames is in cluded in the Bad Frames counter . The CRC Frame cou nter is used for Expert Ala rms. Expert Sympt om CRC Frame event s are automat ically logg ed as[...]

  • Page 309

    10-1 05 Expert F eatures MAC L ayer 10 Excessive ARP Counter The Excessi ve ARP counter increments whe n a change i n the number of ARP requests per secon d exceeds a threshold. A count of all Exc essive ARP e vents displays in the Overview counters of Expert V iew . A threshold f or this counter ca n be set in Expert Alar ms. Expert Symptom Excess[...]

  • Page 310

    10-1 06 Survey or User ’s Guide Excessive BOOTP Counter The Excess ive BOOTP counte r increments when a change in the numbe r of BOOTP/DHCP reques ts per se cond exceed s a threshold. A co unt of all Exc essive BOOT P even ts displ ays in the Ov ervi ew coun ters of Ex pert V iew . A thres hold for this count er can be set in Expert Alarms. Exper[...]

  • Page 311

    10-1 07 Expert F eatures MAC L ayer 10 Excessive Broadcast s Counter Excessive Broadcast s is a coun ter that can be use d to monitor fluctua tions in the number of b roadcast messages o ver a period of time per segment. A de lta thr eshold for this counte r can be s et in Ex pert Alar ms to estab l i sh what is consid ered excessiv e broad casts. [...]

  • Page 312

    10-1 08 Survey or User ’s Guide Excessive Colli sions Counter Excessi ve Collisions is a counter th at can be u sed to mo nitor fl uctuations i n the number of collisi ons or the absolute number of col lisions over a per iod of time pe r segmen t. A delta t hresh old for t his coun ter can b e set in Ex pert Alar ms to es tablish what is consider[...]

  • Page 313

    10-1 09 Expert F eatures MAC L ayer 10 Excessive Multicast s Counter Excessive Multic asts is a counter t hat can be used to moni tor fluc tuations in the number of mul ticast me ssages ov er a peri od of time per segment. A d elta thr eshold for this counte r can be s et in Ex pert Alar ms to estab l i sh what is consid ered excessiv e multicas ts[...]

  • Page 314

    10-1 1 0 Survey or User ’s Guide Fragment Frame Counter The Fragment Frame count er incre ments when a f rame has a CRC error and is less than 64 by tes in le ngth. The Fr agment Frame c ounter is used for Expert Alarms. A count of all Fr agment Fra mes is included in the Bad Frame s counte r that displays in the Overv iew counter s of Exper t V [...]

  • Page 315

    10-1 1 1 Expert F eatures MAC L ayer 10 Illegal MAC Source Addres s Counter Illegal MAC Source Add ress is a cou nter of all il legal MAC st ation sour ce addresses over a per iod of ti me per segmen t. A count of all il legal MAC s ource addresses displays in the Overview counters of Expert V iew . A threshold for this coun ter ca n be set in Expe[...]

  • Page 316

    10-1 1 2 Survey or User ’s Guide Jabber Frame Counter The Jabber Frame count er incre ments when a f rame ha s a CRC error and is gre ater than 1518 bytes in l ength. A cou n t o f all Ja bber Frames is includ ed in the Bad Frames cou nter that display s in the Ove rview counter s of Expert V iew . The Jabbe r counter is used f or Expert Alar ms.[...]

  • Page 317

    10-1 13 Expert F eatures MAC L ayer 10 Network Overload Counter Network Overl oad is a counter of insta nces where a thresho ld for th e percent age chan ge in ne twork utilizat ion is ex ceede d. Networ k utili zation is compa red to th e utiliza tion for the previ ous time s egment. The de fault th reshold i s a 40% change in network utilizati on[...]

  • Page 318

    10-1 1 4 Survey or User ’s Guide New MAC St ations Counter New MAC Sta tions is a counter of all the new MAC stations over a perio d of time per segment . A threshold for this counte r can be set i n Expert Alar ms. The thre shold for ne w MAC stati ons is ty pically s et to 1 as an absol ute value . The new MAC st ation co unter det ects new MAC[...]

  • Page 319

    10-1 15 Expert F eatures MAC L ayer 10 Oversized Frame Counter The Oversiz e Frame count er incr ements when a frame has a CRC error and is greater than 151 8 bytes in lengt h. A co unt of all Oversiz e Frames is included in the Bad Frames cou nter tha t display s in the Ove rview counter s of Exper t V iew . The Oversize F rame counte r is used f [...]

  • Page 320

    10-1 1 6 Survey or User ’s Guide Overload Frame Rate Counter Overload Frame Rate counts frames over a one-se cond time peri od. A threshold for the number of frames per second can be set in Expert Alarms. Overload Frame Rate ca n help cat ch network overloads. V alues f or the th reshold c an range fr om 1 to 148,80 0 frames/s ec for a 10 0 MB ne[...]

  • Page 321

    10-1 17 Expert F eatures MAC L ayer 10 Overload Util ization Per cent age Counter Overload Ut ilizati on Percent age count s bits ove r time and compares th is value t o the maxi mum util ization p ossible ( bandwidth) . A thre shold for this per centage value can be set in E xpert Alarms. Overload ut ilizat ion perce ntage can help catc h networ k[...]

  • Page 322

    10-1 1 8 Survey or User ’s Guide Physical Er rors Counter The Physic al Errors counte r increment s when a chang e in the number of total MAC physica l errors per second exceeds a threshol d. Physical er rors inc lude CRC/ alignment errors , dropped eve nts, coll isions, j abbers, ov ersize pa ckets, und ersize packets , and fr agments. A cou nt [...]

  • Page 323

    10-1 19 Expert F eatures MAC L ayer 10 Runt Frame Counter The Runt F rame counte r incremen ts when a fr ame is les s than 64 by tes in l ength. The Runt F rame counter i s used for Expert Ala rms. A count of all Runt Frames is included in the Bad Fr ames counte r that di splays i n the Overview c ounters of Expert V iew . Expert Symptom Runt Frame[...]

  • Page 324

    10-1 20 Survey or User ’s Guide Same MAC Addresses Counter Same MAC Addre sses is a counter o f all eve nts where t he same sour ce and destina tion net work addres ses are s een in the same packet . A count of a ll Same MAC Ad dress e vents dis plays in t he Overview c ounters of Expe rt V iew . Expert Sympt om Same MAC Addre ss events are autom[...]

  • Page 325

    10-1 21 Expert F eatures MAC L ayer 10 T ot al MAC St ations Counter T otal MAC St ations is a counter of all the MAC stations over a per iod of ti me per segm ent. A c ount of all MA C statio ns disp lays in th e Overview counters of Expert V iew . A thresho ld for th is counter can be se t in Expert Alarms. The MAC statio n counter h elps detect [...]

  • Page 326

    10-1 22 Survey or User ’s Guide Hints and Tips fo r Expert Feat ures • Double-c lick any sympto m in a table to view Dia gnostic i nformation. • When lookin g at Expert View in Monitor onl y mode, Fram e IDs are disp layed for inf ormation o nly and you c annot ex amine a frame r elated t o a symptom. I f you need t o look at s pecific frames[...]

  • Page 327

    10-1 23 Expert F eatures Summary of Expert C ounters and Sympt oms 10 Summary of Expert Counters and Symptoms T able T able 10-2 on the following pag e provides a summary of expert feature s by symptom/count er/appl ication name. The meanin gs of the column headi ngs are listed b elow . Expert Sympto m Logge d as an Exper t Event an d appears in th[...]

  • Page 328

    10-1 24 Survey or User ’s Guide T able 10-2. Summary of Expert F eatures Counter , Symptom, or Ap plicatio n Expert Sympt om Expert Analyses Counte r in Expert View Expert Alarm Applica tion Response Tim e A lar m Exper t Thres hold Applica tion Response Time X (by ap pli catio n) Bad F rames X Broadcas t/Multicas t St o r m XX X CRC Frames X z X[...]

  • Page 329

    10-1 25 Expert F eatures Summary of Expert C ounters and Sympt oms 10 Counter , Symptom, or Applic ation Expert Symptom Exper t Analyses Counter in Expert Vie w Expert Alarm Appl icatio n Response Time Alarm Expert Thresho ld HTTP Resp onse Ti me X ICMP All Errors X X ICMP Bad IP Header Xz z ICMP Dest ination Host Acc ess Denied Xz z ICMP Dest inat[...]

  • Page 330

    10-1 26 Survey or User ’s Guide Counter , Symptom, or Ap plicatio n Expert Sympt om Expert Analysis Counte r in Expert View Expert Alarm Applica tion Response Tim e A lar m Exper t Thres hold ICMP Network Redirect Xz z ICMP Ne twork Redi - rect for TOS Xz z ICMP Network Unreacha ble for TOS Xz z ICMP Parameter Problem Xz z ICMP Port Unre ach- abl[...]

  • Page 331

    10-1 27 Expert F eatures Summary of Expert C ounters and Sympt oms 10 Counter , Symptom, Analyses, or Applica tion Expert Symptom Exper t Analysis Counter in Expert Vie w Expert Alarm Appl icatio n Response Time Alarm Expert Thresho ld IP T ime to Live Expi ring XX X ISL BP DU/ CDP Packet s XX ISL Illegal VLAN ID X X X Jab ber Fram es X z X Missed [...]

  • Page 332

    10-1 28 Survey or User ’s Guide Counter , Symptom, or Ap plicatio n Expert Sympt om Expert Analysis Counte r in Expert View Expert Alarm Applica tion Response Tim e A lar m Exper t Thres hold No HTTP POST Response XX No Server Response XX No WINS Response X X X Non Respons ive St a t i o n s XX X OSPF Broadca sts X X Overlo ad Frame Rate X Overlo[...]

  • Page 333

    10-1 29 Expert F eatures Summary of Expert C ounters and Sympt oms 10 Counter , Symptom, or Applic ation Expert Symptom Exper t Analysis Counter in Expert Vie w Expert Alarm Appl icatio n Response Time Alarm Expert Thresho ld Slow Server Respon se XX X SMB Invalid Network Name XX SMB Invalid Password XX SMTP Res ponse Ti me X TCP C hecksum Errors X[...]

  • Page 334

    10-1 30 Survey or User ’s Guide Counter , Symptom, or Ap plicatio n Expert Sympt om Expert Analysis Counte r in Expert View Expert Alarm Applica tion Response Tim e A lar m Exper t Thres hold TNS Slow Server Response XX X T oo Many Retrans missions XX X To t a l M A C S t a t i o n s X X T otal Router Broadcas ts X Unstable MST X X X X Zero Br oa[...]

  • Page 335

    11 - 1 Chapter 1 1 11 Multi-QoS Multi-QoS is a so ftware pl ug-in to Su rveyor th at analyz es multimedi a traf fic over Ethernet -based net works. Multi-QoS validates Qual ity of Service (QoS) parameters present ed by PSTN/IP Gate w ays, IP switches, and I PBXs. Multi-QoS prov ides a rich se t of repor ted and ca lculate d data to validate IP netw[...]

  • Page 336

    11 - 2 Survey or User ’s Guide Full deco de of multimedia pr otocols by Multi-QoS pro vides users with th e ability to look at any captur ed packet a nd underst and its c ontents. Mul ti-QoS validate s that the net work is performing as it has been confi gured and helps y ou trouble shoot problems. Multi-QoS pr ovides gra phic summa ries of Call [...]

  • Page 337

    11 - 3 Multi-QoS Multi-QoS U ser Inte rface Overvi ew 11 Multi-Qo S User Interf ace Overvie w The Surv eyor Multi-QoS i nterfac e can be use d with capt ure fil es, a capt ure buf fer , or in r eal-ti me monitori ng mode. T o view Multi-Qo S grap hs and t ables, click on the Multi- QoS button on the Detail V iew toolba r or sele ct Multi-QoS V iew [...]

  • Page 338

    11 - 4 Survey or User ’s Guide Figure 1 1-1. Multi-QoS Interf ace Overvie w Capture View Multi-QoS Mon it or V iew Multi-Q oS All C alls Call Detail View Channel Details Call Fi elds.... Call F ields.... Call Fi elds.... Call F ields.... Call Fi elds.... Call F ields.... Call Summary Range Table Channel View Table A ll Calls Table Single R ow Sum[...]

  • Page 339

    11 - 5 Multi-QoS Multi-QoS U ser Inte rface Overvi ew 11 • Summa ry Range Graphs The Summary Range graphs provide a percentag e br eakdown of c alls by ke y QoS metrics. Breakdowns ar e provide d for Call Ji tter, RTCP J itter, Droppe d Packets, RTCP Dropped Pac kets, Call Setup Ti me, Network R- factor, a nd User R-factor . Up to five ranges ar [...]

  • Page 340

    11 - 6 Survey or User ’s Guide Also, the jitter calcula tion for Surv eyor only mea sures net work jit ter . The applica tion it self may impl ement a ji tter buf fer , which could make for fu rther dif ference s between t he rep orted R TCP jitter a nd the ji tter me asured by S urveyor. The dif ference betw een the R TCP jitt er and Surveyor -c[...]

  • Page 341

    11 - 7 Multi-QoS Configu ring Mult i-QoS 11 The config uration pe rformed f rom the Confi guratio n tab i s describ ed below: • Refresh Options (MQ oS Windo w Managem ent) By default , Multi-QoS t ables ar e refres hed when you r e-open any window con- taining a table. Howe ver, there may be instances where you want to compare data in the sa me t[...]

  • Page 342

    11 - 8 Survey or User ’s Guide Settin g this value to a high number may help i n identi fying a wid er range o f calls, but may also decrease performanc e. The defa ult sett ings is r ecommended unless y ou are trying to identify non-s tandard or partia l calls a s poss ible. Multi-QoS Performa nce Optimization Real-ti me monitori ng of call s is[...]

  • Page 343

    11 - 9 Multi-QoS All Call s T able 11 All Cal ls T able The All Calls table pr ovides a summar y table of all calls discovered . An example of the All Cal ls tabl e is shown be low . The buttons to th e left of the tabl e allow you to filt er the ca ll data. Y ou can display only the c alls tha t use a speci fic prot ocol or those that use an unkno[...]

  • Page 344

    11 - 1 0 Survey or User ’s Guide Field Desc riptions f or All Cal ls T able The foll owing t able provides brief descri ptions of all fie lds in th e All Cal ls table . T able 1 1-1. All Cal ls T able Field Desc riptions T able Column D escription Protocol H.323, SCCP , SIP , or UNKNOWN. A protocol type of UNKNOWN means that Survey or reco gnizes[...]

  • Page 345

    11 - 11 Multi-QoS Call Ra nge Graphs and Summarie s 11 Call Ra nge Gra phs and Su mmari es Each tab i n the i nterfac e except t he utili zation an d configur ation ta bs brings up a range bre akdown of cal ls using the selected met ric. Call Jitter , Call RTCP Jitter , Call Setup Time Figure 1 1-4 shows an exa mple of the Call Jitter tab i n the M[...]

  • Page 346

    11 - 1 2 Survey or User ’s Guide Ranges fo r the graph can be changed. An example co nfigurat ion scree n for set ting Call J itter ran ges is s hown b elow . All values are in mill isecon ds. Figure 1 1-5. Mul ti-QoS Configurati on, Call Jitter Ranges The defau lt ranges for Call Jitter , Call R TCP Ji tter , and Call Set up T ime are shown in t[...]

  • Page 347

    11 - 1 3 Multi-QoS Call Ra nge Graphs and Summarie s 11 Dropped Packet s, RTCP Dropped Packet s Figure 1 1-6 shows an example of the Drop ped Pack ets ta b in the M ulti-Q oS Properti es window . Click on a secti on of the bar or pie graph to s ee a tabl e of call s for the s elected dropped packets r ange. Click on the “pen cil” but ton to cha[...]

  • Page 348

    11 - 1 4 Survey or User ’s Guide An example c onfigura tion scre en for se tting Drop ped Packe t ranges is shown belo w . Figure 1 1-7. Multi-QoS Configur ation, Packet s Dropped The defau lt ranges for Packe ts Dropped, and R TCP Packets Dropp ed are shown in the ta ble belo w . T able 1 1-3. Default s for Pack ets Dropped Ranges Range Dropped [...]

  • Page 349

    11 - 1 5 Multi-QoS Call Ra nge Graphs and Summarie s 11 Field Descripti ons for Call Range Summaries The follo wing tab les provide b r i ef descri ptions o f all ta ble columns for call range sum maries. Only the metric o f intere st will be display ed in th e table. F or examp le, if you ar e looking a t calls in a speci fic rang e for Call Jitte[...]

  • Page 350

    11 - 1 6 Survey or User ’s Guide VQMon Metr ics There are a var iety of obje ctive fact ors that cont ribute to call qualit y . Some of these factor s, such as p acket loss or pa cket dela y variat ion (jit ter), ar e report ed in othe r Multi-QoS graph summaries. However , these individua l measurement s do not tell a complete stor y and do not [...]

  • Page 351

    11 - 1 7 Multi-QoS VQMon Met rics 11 If you woul d like mo re detailed infor mation abou t how R-fact ors are c alculat ed, please ca ll Finis ar custome r support. The R-fact ors used i n Multi-QoS exte nd the ITU standar d E Model for estimati ng transmi ssion qual ity . A sample dis play of call breakdown by Network R-fa ctor is shown below . Us[...]

  • Page 352

    11 - 1 8 Survey or User ’s Guide Figure 1 1-9. Multi-QoS Configurati on, R-factor Range s The defau lt ranges for Networ k R-factor and User R- factor a re shown in the table belo w . T able 1 1-6. Ranges for R-facto rs Range Network R-factor User R-factor Range 5 <25 <25 Range 4 <50 -25 <50 -25 Range 3 <70 - 50 <70 - 50 Range 2[...]

  • Page 353

    11 - 1 9 Multi-QoS Utiliza tion Gr aph 11 Utili zation Graph When select ed in Monito r mode, Multi -QoS displa ys the Utiliza tion tab. The utiliza tion gra phs provide s a view of tot al bandwid th utili zation and Mul ti-QoS bandwidth ut ilizat ion over t ime. The utilizati on for V oIP ser vices is compared to total ut ilizat ion and tot al ban[...]

  • Page 354

    11 - 2 0 Survey or User ’s Guide Field De script ions for Call De tails T o view all details for any call , double-c lick on an y call summar y (row) in a call summ ary t able. The Call De t ail window appears s howing all call fields f or the select ed call. An exa mple Call Detail window fo r an H.323 cal l is shown below: Figure 1 1-1 1. Examp[...]

  • Page 355

    11 - 2 1 Multi-QoS Field D escriptions for Call D etail s 11 The follo wing table s provide b rief des criptio ns of all fields in t he Call Detail win- dow for SCCP , H.323, or SIP cal ls. T able 1 1-7. SCCP Call Field Descrip tions T able Column Description FID Fram e ID of the first frame from whi ch the conv ersation was dete cted. This fiel d [...]

  • Page 356

    11 - 2 2 Survey or User ’s Guide T able 1 1-8. H.323 Call Field Descripti ons Field Name Description Frame ID Frame ID of the first frame from wh ich the conv ersation wa s detected. This fie ld is us eful whe n doing p ost capture an alysis . If there is a need for in-dep th ana lysis of a s pecific call, the first fr ame assoc iated with call c[...]

  • Page 357

    11 - 2 3 Multi-QoS Field D escriptions for Call D etail s 11 T able 1 1-9. SIP Call Field De scriptions Field Name Description FID Frame ID of the first frame from whic h the convers ation was det ected. The the frame ID of th e first IN VITE mess age. Caller SIP URL or oth e r UR I of the c aller . The addr-spec i n the “From” param eter . Cal[...]

  • Page 358

    11 - 2 4 Survey or User ’s Guide T able 1 1-10. UNKNOWN Call Field Descriptions Channel T able Details Y ou can look a t c hannel informati on for any call. Sing le-cli ck on th e Vie w Chan nel Det ails link in the Single Call Detail Vie w box to disp lay channe l informat ion. A tabl e appears showing all channe ls withi n the call . If you hav[...]

  • Page 359

    11 - 2 5 Multi-QoS Channe l T able D etail s 11 Figure 1 1-12. Channel T able Example T able 1 1-1 1 and T able 1 1-12 descr ibe the c olumns i n the tabl e for eac h protocol . H.323, SIP , and U NKNOWN channel tables are the sa me.[...]

  • Page 360

    11 - 2 6 Survey or User ’s Guide T able 1 1-1 1. H.323, SIP , or UNKNOWN Chan nel T able Colum n Descriptions T able Column Description Chann el Channe l type, Aud io, Vid eo, or Da ta. Min Us er R Fact or The low est User R-fact or calcu lated d uring a sa mpling i nterva l for a call. User R F actor V oice qualit y measu re expres sed as a nume[...]

  • Page 361

    11 - 2 7 Multi-QoS Channe l T able D etail s 11 Max Jit ter (ms) Maxim um Jitter in milliseconds . The val ue is calcula ted by Surv eyor. Surveyo r uses the formula d escribed in RFC 1889 to calcu late jitter . Low Seq Nu m L owest Seque nce Number . Lowest R TP sequenc e number seen. High Seq Num Highest Sequence N umber . Highest R TP se quence [...]

  • Page 362

    11 - 2 8 Survey or User ’s Guide T able 1 1-12. SCCP Channel T able Column Descrip tions T able Column Description Chann el Channel t ype, Audio , Vide o, or Dat a. Min User R Fa ctor The lowest U ser R-facto r calculated duri n g a sampli ng interva l for a cal l. User R F actor V oice qual ity meas ure expres sed as a numeric value be tween 0 a[...]

  • Page 363

    11 - 2 9 Multi-QoS Channe l T able D etail s 11 Filtering on Single Channels Y o u can fi lter on c hannels w ithin a single c all. For t he Chann el V iew ta ble, the filter menu avail able with th e right-mous e click depends o n the chann el you select . For Audio or V ideo chan nels, the menu has thr ee filt er option s, Quic k RTCP and RTP Cha[...]

  • Page 364

    11 - 3 0 Survey or User ’s Guide Customizing Multi-QoS T able Displays Y ou can custo mize the display of table informati on for Multi- QoS to include o r exclude Mult i-QoS fi elds fr om the All Calls , Summary Range, o r Cha nnel table display s. T o change th e view opti ons, the t able type you want to c hange must be in the foregr ound. For [...]

  • Page 365

    11 - 3 1 Multi-QoS Customiz ing Mult i-QoS T abl e Display s 11 Customizing Channel T ables The channel table is dif ferent for each c all type, H.323, SIP , or SCCP . The channel table fi elds for each call type can be customized. Select Mult i-QoS Views for the Monitor Views or Capture V i e ws menu. Select a single c all, and f rom the Cal l Det[...]

  • Page 366

    11 - 3 2 Survey or User ’s Guide Exporting Multi-QoS Data Y ou can export Multi-QoS tables to CSV form at. Multi- QoS data in .c sv form at can be impo rted to many spread sheet and database ap plicati ons like Micro soft Excel or to you r own applic ation, allo wing you to di splay or report data. CSV is a comma - delimit ed text f ormat used by[...]

  • Page 367

    11 - 3 3 Multi-QoS Exporting Multi-QoS Da ta 11 Exporting a Single Multi-QoS T able to CSV Format Perform th ese steps to export the cu rrent Mult i-QoS table t o CSV format. 1. Select t he view yo u want to ex port. If you al ready hav e the desi red vie w open, click t he window to make i t the cu rrentl y selec ted view .The t able can be a rang[...]

  • Page 368

    11 - 3 4 Survey or User ’s Guide[...]

  • Page 369

    12-1 Chapter 12 12 Counters Surveyor provid es sophist icated c ounters t o enable y ou to prec isely monit or network a ctivit y . Surveyor feat ures thr ee typ es of coun ters at the MAC laye r: Packet Counters , Custom Counte rs, and Error Count ers. When the MAC Statistics wi ndow is in Capt ure mode, you can us e all three types of coun ters. [...]

  • Page 370

    12-2 Survey or User ’s Guide The foll owing pa cket count ers are s upported: • Total Frames • Broadcast Fr ames • Multicas t Frames • U nicast F rames • Error Frames • Total Bytes Received • A breakdown of the total number of e rror fra mes is prov ided by the error counter s. Custom Counters Custom c ounters are user -defined coun[...]

  • Page 371

    12-3 Counters Error Counters 12 Fragment s The tot al number of p acket s receiv ed that were less tha n 64 octe ts and had either an FCS/CRC e rror or an Alignment Erro r . Jabbers The tot al number of p acket s that were received that were lo nger than 1518 octets and had either an FCS/CRC error or an Alignmen t Error . Ove rsize Th e total nu mb[...]

  • Page 372

    12-4 Survey or User ’s Guide T able 12-3 contains an alphabet ical list , with desc ription s, of Survey or’ s T oken Ring err or counter s. T able 12-3 . Alphabetica l List and Des criptions of T oken Ring Error Coun ters T oken Ring Counter Description Abort De limiter Records even ts wh ere a report ing Rin g S tation encounte rs recove r- a[...]

  • Page 373

    12-5 Counters Expert Cou nters 12 Expert Co unters Expert coun ters c ount the numbe r of Export events di scover ed by Surveyor ’ s expert logic. Some c ounters a re used in the Expert Alarm e ditor and some displa y in the Overview T able of Expert V iew . See the Exper t Systems ch apter f or more informati on on exper t counter s. The follo w[...]

  • Page 374

    12-6 Survey or User ’s Guide Coun ter T y pe Desc ripti on ICMP Desti nation Unreac hable The numbe r of ICM P destinati on unreac hable erro rs over a p eriod of time per s egment. Un reachable errors in clude N etwork Unre ach- able, Ho st Unreach able, Protoc ol Unre achable, Port Unreacha ble, Fragment ation Needed [D/F Set], Sou rce Route Fa[...]

  • Page 375

    12-7 Counters Expert Cou nters 12 Counter T ype Description Overloa d Utiliz ation Perc ent- age Count s bit s over ti me and c ompa res this val ue to the maximum uti- lizatio n possib le (bandwi dth) . No HTT P POST Response The number of n o H TTP POST re sponses ov er a perio d of time per segmen t. No Serve r Response The num ber of no s erver[...]

  • Page 376

    12-8 Survey or User ’s Guide Coun ter T y pe Desc ripti on TCP/IP Rep eat Ack The numbe r of TCP/IP Repeat A ck events o ver a peri od of time per segment. TCP/IP Retr ansmiss ions The numbe r of TCP/IP Retran smissions o ver a perio d of time per segment. TCP/IP RST Pa ckets The number of TCP/IP R ST Packet s over a pe riod of time per seg- ment[...]

  • Page 377

    12-9 Counters Multi -QoS Co unter s 12 Multi-QoS Counter s Multi- QoS counters count the number of pa cket event s discove red by Su rveyor’ s Multi- QoS plug-in. The follo wing table contains an alphabe tical l ist, with des cription s, of the c ounters used in th e Multi-QoS p lug-in. . Counte r Log File Overv iew Counter lo g files c ontain sn[...]

  • Page 378

    12-1 0 Survey or User ’s Guide Log Directory S tructure The foll owing i s the dir ectory stru cture for log f iles. The r oot dire ctory is the instal- lation directory f or Surveyo r. (root) loglocal module_1 (dire ctory for modul e 1) module_ 1.csv (log file fo r module 1) histor y (history direc tory for module 1) mmddhhm m.ss (first hist[...]

  • Page 379

    13-1 Chapter 13 13 Utilities Surveyor inclu des the fo llowing ut ilitie s to enhan ce your ability to manage your Ethernet , T oken Ring, or F a st Ethernet network. The utiliti es are b riefly des cribed i n the ta ble belo w: T able 13-1 . Ethernet and Fast Ethernet Netw ork Manag ement Utilities Utility Descripti on Name T able P rovides associ[...]

  • Page 380

    13-2 Survey or User ’s Guide Name T able Ut ility A name tabl e provides associa tions betw een easy-t o-remember symbolic na mes ( Mick ey ) and h ard-to-r emember net work addres ses ( 0x78 AB00004 235 ). Surveyor and Finisa r analyzer devi ces lear n names auto m a tically by viewing the network p ortion of DNS, SAP , and NetBIOS packets. A de[...]

  • Page 381

    13-3 Utilities Name T able Utilit y 13 Figure 13-1. Examp le Name T able D ialog Box There are several o ptions you can set for the display a nd recordi ng of name t able entries . Options are se t by pressing the Setti ngs… butt on to bring up the Name T ab le Setting s dialog box T o le arn al l add resses , sele ct the Lear n A ddres ses che c[...]

  • Page 382

    13-4 Survey or User ’s Guide Name ta bles are limited t o 5,000 entrie s. The M aximu m Number of Entri es fiel d in the N a m e T able Settin gs dial og box must be at least 10 0 and no more than 5,00 0. For re mote re source s, Surve yor use s name s learne d from remote as well as lo cal resourc es when dis playin g capture or monitor views. A[...]

  • Page 383

    13-5 Utilities NIS-to-Name T able Conv ersion Uti lity 13 NIS- to-Name T able C onver sion U tility The NIS2NAM .SH utilit y convert s an NIS name t able on a UNI X system to t he name table format use d by Surveyor. It pr ovides a me thod of cr eating a S urveyor name table with addre sses a nd associa ted symboli c names with out having to re- en[...]

  • Page 384

    13-6 Survey or User ’s Guide Snif fer™ T ranslator Util ity T ranslators convert ca ptured da ta back and fort h between Sur veyor c apture f ile for- mat (.cap files) and Snif fer uncompr essed trace format (.enc or .t rc file s). Captur e files are stored i n ‘Snoop’ f ormat, compl iant with RFC 1761. Captur e files inc lude extensi ons t[...]

  • Page 385

    13-7 Utilities Convert Capture Files to Hi stogram Fi les 13 • Capture memory si ze • Error coun ters supp orted • MAC address • Module type • B uffer siz e • Vendor name • Error coun ters supp orted Conver t Capture Files t o Histogram Files The convert captu re files ut ility a llows you t o convert captur e files to histo gram file[...]

  • Page 386

    13-8 Survey or User ’s Guide Extrac t Frames Fr om a File Usi ng a Filte r This ut ility allow s you to extract frames fr om exis ting cap ture fil es, using a filter to select the frame s you want. T o extract frames fr om capture files, d o the foll owing: 1. After capture is c omplete and th e captu re buf fer is s aved to a file, sele ct E xt[...]

  • Page 387

    13-9 Utilities Expo rt Uti lities 13 T o export pac ket decode information, do the following: 1. Set the Summary Pane of the Capture V iew windo w to disp lay the pr otocol decode i nform ation y ou want t o ex port. For exam ple, pac kets nu m b ered -0 004 thro ugh 0013. 2. Select a packet within the window . 3. Press t he butto n. A window displ[...]

  • Page 388

    13-1 0 Survey or User ’s Guide networks . Surveyor exports dat a into a special .cs v file for mat that can be easil y read by the Opt imal Perfo rmance prod uct. Perform t he follo wing steps to export data to Opt imal Performan ce format: 1. S elect Ap plicatio n Layer Matr ix from th e Monito r V iew or Captur e V iew menus. 2. S elect the T a[...]

  • Page 389

    13-1 1 Utilities Expo rt Uti lities 13 5. S witch to the previo usly ope ned Chart s wi ndow . T o change wind ows, pull down the W indows menu an d click on Chart s . 6. C lick cell A1 of Data S heet in the Chart s window , the cell i n the t op-lef t corner of the wo rkshe et. 7. Use Past e from the Edit menu o r Ctrl + V to paste the data into t[...]

  • Page 390

    13-1 2 Survey or User ’s Guide[...]

  • Page 391

    A-1 Append ix A A Implement ation Profile Buf fers Three type s of buf fers are essent ial to t he exe cution of Surveyor’ s featur es: How Reso urces Use Buffers Surveyor s upports THGm, Porta ble Surveyo r 10/100 Et hernet Analyz er Card, and NDIS (10/100 Ethernet) LAN interf aces. Buf fering is imple mented with t hese interfa ces as des cribe[...]

  • Page 392

    A-2 Survey or User ’s Guide T able A-2. Resou rce Use of Buffers Resource Buffer Us age THGm (T en/Hundred / Gigabit mo dule) THGm is a high sp eed netw ork analy zer card wi th a single on-b oard buf fer . THGm su pports full line-speed capture o r for RJ45 10/10 0 Mbps Ethernet or G igabit Eth ernet. Filt ering and all other Su rveyor fea tures[...]

  • Page 393

    Implementation Profile Hardware Dep endencies A A-3 Hardware De pendencies The table s that foll ow in this sec tion list functions supported by Surveyor tha t have hardwa re depende ncies. T able A-3. Hardware Rea l-Time Functions Real -Ti me Moni toring Functions NDIS T HGm Portable Survey or 10/100 Etherne t Analyzer Ca rd Buff er S ize 64KB 128[...]

  • Page 394

    A-4 Survey or User ’s Guide T able A-5. Hardware Capture Functions Capture Functions NDIS Card THGm Portable Surv eyor 10/10 0 Ether net Analyzer Card Captu re B uffer Size 64KB-16MB * 128MB 64K B-16MB* Perfor mance 10 Mbps: 5-10Mbps 100Mbps: 5-15Mbps Full Line Rate, 10/100/1 000 Mbps 10Mbps: 5-10Mbps 10 0Mbps: 5-20Mbps 7-Layer Decode Y es Y es Y[...]

  • Page 395

    Implementation Profile About NDIS Mode A A-5 About NDIS Mod e Surveyor in NDIS mode uses an NDIS driver an d interfaces to a variet y of network adapter s. All basic c apture, t ransmit, and moni tor func tions are t he same in NDIS mode. However , it is not re commended that an NDIS module be used to tra nsmit pack ets; the tra nsmit ra te is like[...]

  • Page 396

    A-6 Survey or User ’s Guide NDIS Configur ation Options Setting the Inter face The Inter face and In terface Mode options are g rayed o n the Modul e menu whe n an NDIS module is the curr ently sel ected modul e. The Ide ntify optio n on the Modul e menu is gra yed and does not funct ion when the current mo dule is an NDIS module. Set Capture Buf[...]

  • Page 397

    B-1 Append ix B B Pre-Defined Filter T e mplates Filter T emplates All filt er templa tes suppl ied with Surveyor are descr ibed belo w . T emplates are defined by an of fset(s ) and a value(s) . These templ ates can be used in a capture or display f ilter to c apture or di splay common pr otocol packe ts. An OR in the Of fset c olumn indi cates th[...]

  • Page 398

    B-2 Survey or User ’s Guide T able B-1. Surveyor Filter T emplates, Ethernet EV2 Filter T emplate Descriptio n Offset V alue No. of Filters Used AppleT alk Collect all Ap pleT alk packe t types emb ed- ded in Eth ernet V ersion II frames . 12 HEX 809B 1 ARP Collect a ll ARP pac ket types em bedded i n Ethernet V ersion II frames. 12 HEX 0806 1 DE[...]

  • Page 399

    Pre-Defined Filter Templates Filter T emplate s B B-3 T able B -2. Surveyor Filter T emplates, I P and IPX over Eth ernet EV2 Filter T emplate Description Offset V alue No. of Fil ters Use d EIGRP Coll ect all frames where EIGRP i s embed ded in Ethe rnet II frames . 12 23 HEX 0800 DEC 88 1 ICMP Filter te mplate for collectin g all PING activi ty .[...]

  • Page 400

    B-4 Survey or User ’s Guide Filter T emplate Descriptio n Offset V alue No. of Filters Used RIP (IPX) Collect all fram es with a RIP port in IPX packet types em bedded i n Ethernet II f rames. 12 30 OR 42 HEX 8137 HEX 0453 HEX 0453 2 RSVP Collect all frames where RSVP is embedd ed in Ethernet II f rames. 12 23 HEX 0800 DEC 46 1 SAP (IPX) Collect [...]

  • Page 401

    Pre-Defined Filter Templates Filter T emplate s B B-5 T able B-3. Surveyor Filter T emplates , TCP/IP over Etherne t EV2 Filter T emplate Description Offset V alue No. of Fil ters Use d DNS (TCP) Co llect all fram es with a DNS port when TCP is embedd ed in an Ether- net II frame. 12 23 34 OR 3 6 HEX 0800 HEX 06 DEC 0.53 DEC 0.53 2 FTP Coll ect all[...]

  • Page 402

    B-6 Survey or User ’s Guide Filter T emplate Descriptio n Offset V alue No. of Filters Used Q.931 Collec t all frames w ith a Q.931 p ort when TC P is embedde d in Ethernet II frames. 12 23 34 OR 36 HEX 0800 HEX 06 DEC 6.184 (1720) DEC 6.184 (1720) 2 SCCP Collect all frames with an SCCP port when TCP is emb edded in an Ethernet II f rame. 12 23 3[...]

  • Page 403

    Pre-Defined Filter Templates Filter T emplate s B B-7 T able B-4. Surv eyor Filter T emplates, UDP/IP over Ethernet EV2 Filter T emplate Description Offset V alue No. of Fil ters Use d DHCP Collect all frames w i th a DHCP port when UDP is embedd ed in an Ether- net II frame. 12 23 34 OR 3 4 HEX 0800 HEX 1 1 HEX0044 0043 HEX0043 0044 2 DNS (UDP) Co[...]

  • Page 404

    B-8 Survey or User ’s Guide Filter T emplate Descriptio n Offset V alue No. of Filters Used NTP Collec t all fram es with an NTP port when UDP is embed ded in Ether net II frames . 12 23 34 HEX 0800 HEX 1 1 HEX 007B00 7B 2 RIP (UDP) Collect all fr ames with a RIP port when UDP is embedde d in Ethernet II frames. 12 23 34 OR 36 HEX 0800 HEX 1 1 DE[...]

  • Page 405

    Pre-Defined Filter Templates Filter T emplate s B B-9 T able B-5. Surveyo r Filter T emplates, Ethernet LLC/Novell Filter T emplate Descripti on Offset V alue No. of Filters Used DSAP T emplate for setting the LLC destinat ion address point. 14 HEX XX 1 IEEE_80 2.1D T emplate for coll ect- ing IEEE-802 .1D packets. 14 HEX 4242 2 NetBEUI T emplate f[...]

  • Page 406

    B-10 Survey or User ’s Guide T able B- 6. Surveyor Filter T emplates, Et hernet SNAP Filter T emplate Description Offset V alue No. of Filters Used SNAP Collect SNAP frames . 14 HEX AAAA03 1 SNAP_AppleT alk Filter template for col- lec ting Appl eT a lk packet types e mbedded in Ethernet SNAP f rames. 14 20 HEX AAAA03 HEX 809B 1 SNAP_ARP Filter t[...]

  • Page 407

    Pre-Defined Filter Templates Filter T emplate s B B-1 1 T able B-7. Survey or Filter T emplates, Ethernet ISL Filter T emplate Description Offset V alue No. of Fil ters Used ISL_ARP Filter tem plate for col- lec ting ARP pac ket types e mbedded in ISL f rames. 38 HEX 0806 1 ISL_DNS (TCP) Collect all fram es with DNS ports when TCP is emb edded in I[...]

  • Page 408

    B-12 Survey or User ’s Guide Filter T emplate Description Offset V alue No. of Filters Used ISL_LDAP Collect all fram es with LDAP ports when TCP is embe dded in ISL frames . 38 49 60 OR 62 HEX 08 00 DEC 06 DEC 1 .133 (389 ) DEC 1 .133 (389 ) 2 ISL_MAC_ DA_Broadc ast Collect al l broad cast frames i n ISL p acket s. 26 HEX FFFFF FFFFFFF 1 ISL_MAC[...]

  • Page 409

    Pre-Defined Filter Templates Filter T emplate s B B-13 Filter T emplate Des cription Offset V alue No. of Fil ters Used ISL_SMTP Collect al l frames with SMTP ports when TCP is embed ded in ISL f rames. 38 49 60 OR 62 HEX 0800 DEC 06 DEC 0.25 DEC 0.25 2 ISL_SSP Col lect all fram es with SSP ports whe n TCP is emb edded in I SL fram es. 38 49 60 OR [...]

  • Page 410

    B-14 Survey or User ’s Guide T able B-8. S tandard Fi lter T emplates, T oken Ring Filter T emplate Description Offset V alue No. of Filters Used MAC_Acti ve_Moni tor_Present C ollect al l Active Mon i- tor T oken Ring MAC frames. 1 17 HEX 05 HEX 05 1 MAC_Beac on Collect all Be acon T oke n Ring MAC frames. 1 17 HEX 02 HEX 02 1 MAC_Chan ge_Parame[...]

  • Page 411

    Pre-Defined Filter Templates Filter T emplate s B B-15 Filter T emplate Descripti on Offset V alue No. of Filters Used MAC_Report_NAUM_Change Collect all Report NAUM Change T oken Ring MAC frames . 17 HEX 26 1 MAC_Rep ort_New_Ac tive_Mo nitor Collect all Report New Active Mon itor T oken Ring MAC fram es. 17 HEX 25 1 MAC_ Report _Ring_Station_A ddr[...]

  • Page 412

    B-16 Survey or User ’s Guide Filter T emplate Description Offset V alue No. of Filters Used MAC_Ring _Purge Collect al l Ring Purge T oke n Ring MAC frames. 1 17 HEX 04 HEX 04 1 MAC_S tand by_Moni tor_Pres ent Collect all S tandby M on- itor Present T oken Ring MAC fram es. 1 17 HEX 06 HEX 06 1 MAC_T ransmit_Forw ard Collect all T ransmit For- wa[...]

  • Page 413

    C-1 Append ix C C Keyboard Shortcut s Funct ion Keys Function ke ys perfor m dif ferent op erations depending on the windo w from which they are u sed. A tabl e of the f unction ke yboard shor tcuts i s provided below: T able C-1. Shortcut Keys from S ummary and De tail View Key Summary View Det ail View F1 Help Help F2 System Setti ngs Capture Vie[...]

  • Page 414

    C-2 Survey or User ’s Guide St and ard and Navi gational Ke ys Function ke ys perfor m dif ferent op erations depending on the windo w from which they are u sed. T ables o f standar d and na vigationa l keyboar d shortcut s are pro vided below: T able C-2. Shortcut Keys from All Window s Key(s) Action Alt + F4 Clos e Wind ow Ctrl + O Open Ctrl + [...]

  • Page 415

    Keyboard S hortcuts S tandard and Navigationa l Keys C C-3 T able C-6. Shortcut Keys from the Capture Filter Window Key(s) Act ion Ct rl + N Brin g up new de fault captur e filte r Ctrl + P Print capture filter Home Selec t the first st atement End Select the l ast st atement Page up Scroll up one p age Page down Scroll dow n one p age Up ar row Se[...]

  • Page 416

    C-4 Survey or User ’s Guide[...]

  • Page 417

    D-1 Append ix D D Parser Names Rec ognized Par ser Names The Parser Names recogn ized by Surveyor ar e or ganized by protoc ol suite in the following tables. Pa rser Names must be s pelled ex actly as shown when u sed in the ANALYSIS.INI file. See “Advanced Conf igurati on” in the “Customizi ng Sur- veyo r” chap ter for i nforma tion on usi[...]

  • Page 418

    D-2 Survey or User ’s Guide T able D -3. Parser Names, App le T alk Suite Parser Name Protocol Name AARP AppleT alk Addre ss Resoluti on Protocol ADSP AppleT alk Data S tream Protocol AEP AppleT alk Echo Protocol AFP Appl eT alk F iling Protoc ol ASP AppleT alk Session Protocol A TP AppleT alk T ransactio n Protocol AURP AppleT alk Update-b ased [...]

  • Page 419

    Parser Na mes Recogni zed Parse r Name s D D-3 T able D-5. Parser Names, Cisco Suite Parser Name Protocol Name CDP Cisco Discovery Protocol DISL Dynamic Inter-Swi tch Protocol EIGRP Enhance d Interior G ateway Rout ing Prot ocol (see Inte rnet Protoc ol suite) HSRP Hot S tand by Router Pro tocol IGRP Interior Gateway Routing Prot ocol (see Internet[...]

  • Page 420

    D-4 Survey or User ’s Guide T abl e D-8. Pa rser N ames, I BM Suite Parser Name Protocol Name 3270 3270 T erminal NETBEUI NetBIOS Ext ended User Interface SNA Server Networ k Archit ecture XID XID T able D-9. Parser Na mes, Internet Suite Parser Name Protocol Name ARP Address Reso lution Protoco l ASF-RMCP Alert S tandard Form at Protocol DVM RP [...]

  • Page 421

    Parser Na mes Recogni zed Parse r Name s D D-5 BOOTP Bootstra p Protocol DHCP Dy namic Host Configuration Protocol DNS Domain Name Server FTP File T ransf er Protocol GOPHER Gopher HTTP Hyper T ext T ransfer Prot ocol HTTPS Secure Hype r T ext T ransfe r Protocol IMAP Internet Mess age Acce ss Protoco l LDAP Ligh tweight Direct ory Acce ss Proto co[...]

  • Page 422

    D-6 Survey or User ’s Guide SGCP Simp l e Gateway Control Prot o col SMTP Simple Mail T ransfer Pro tocol SNMP Simple N etwork M anagemen t Protocol ( versions 1, 2, and 3) SNMP TRAP Simple Network Managemen t Protocol T rap SUNRPC Sun’s Remote Procedure Call TELNET Remote T erminal Pro tocol TFTP Tri vial File Tran sfer Protoc ol TPKT ISO T ra[...]

  • Page 423

    Parser Na mes Recogni zed Parse r Name s D D-7 NBCAST Netw are Broadca st Mess age Protoco l NCP Netware Core Pro tocol NDS Netware Di rectory Ser vices NLSP Netware L ink S tate Pro tocol NMPI Name Manag ement Protocol SAP Service Advertising Protocol SERIAL Serialization Pr otocol SPX Sequenced Pa cket Excha nged SPX2 Sequenced Pa c k et Exchange[...]

  • Page 424

    D-8 Survey or User ’s Guide T able D-14. Pars er Names, H.323 Sui te Parser Name Protocol Name ASN.1 Abstract Syntax Notatio n 1 H323GD H.3 23 - Gatek eeper Discovery H.225.0 H.225.0 - Call Si gnaling Protocols H245 H.245 - C ontrol Pr otocol Fo r Multime dia Commu nication H4501 H.450.1 - Supplem entary Services for Multim edia Q921 Q.921 - Call[...]

  • Page 425

    Parser Na mes Recogni zed Parse r Name s D D-9 T able D-16. Parser Names , Cisco IP T elephony Suite Parser Name Protocol Name SSP Skinny S tation Proto col SCCP Skinny Client Control Proto c ol RUDP Re liable UDP T able D-17. Parser Name s, Other Mu ltimedia Parser Name Protocol Name MGCP Multimedia Gatewa y Control Pro tocol (over TCP) RT CP R ea[...]

  • Page 426

    D-10 Survey or User ’s Guide[...]

  • Page 427

    Glossary-1 Glossary .CAP extension File exte nsion for all capt ure fil es. .CFD extension File exte nsion for all capt ure fil ters. .DFD extension File exte nsion for all v iew fi lters. .NAM extension File exte nsion for all name t ables. .TSP extension File exte nsion for all t ransmi t specif ication s. Abor t Delimit er A counter that r ecord[...]

  • Page 428

    Glossary-2 Survey or User ’s Guide Alarm Browser A window used to l ist, select , and set a larms. Alarm Falling Threshold Falling t hreshold value to b e compare d to count er data. I f the coun ter value or its delt a value o ver time falls be low the th reshol d, an alar m even t is trigg ered. Alarm Generati on T ype Is this a rising, falling[...]

  • Page 429

    Glossar y (contin ued) Glossary -3 Application Res ponse Time The time r equired t o establ ish a sess ion with a n applica tion protocol , measured in millis econds. Surv eyor tracks average time, the shorte st time, a nd the long est time requir ed for conn ections t o a protoc ol over t he monitore d network se gment. A VVID Archite cture for V [...]

  • Page 430

    Glossary-4 Survey or User ’s Guide Capture Mode The mode in whi ch Surveyor receives network da ta and sto res it in t he Capture Buff er . Capture V iew A window for vi ewing and de coding net work pac kets save d to a file o r in the c ap- ture bu ff er . Captured Frames Frames stor ed within Surveyor’ s capture buff er . Century 12-T ap A fa[...]

  • Page 431

    Glossar y (contin ued) Glossary -5 Detail V ie w The primar y monitori ng view for a single net work re source. Mult iple views of each resourc e can disp lay in the Detai l V iew . Device A single hardware de vice that pr ovides dat a to Surve yor. Display Fil ter Window A window for defining dis play filters . DRAM Direct Random Access Memor y . [...]

  • Page 432

    Glossary-6 Survey or User ’s Guide Expert V iew Surveyor dat a view showing e xpert sympto m s and exp ert counters for a time period. Fragments A counter showing the tot al number of packe t s receive d that we re less than 64 octets and h ad eith er an FC S/CRC error or an Alignm ent Er ror . Fast Ethernet EEE 802.3 comp liant MII (Media Indepe[...]

  • Page 433

    Glossar y (contin ued) Glossary -7 Host A computer upon whic h a parti cular pro gram or res ource is l ocated. I n the cont ext of Survey or, the host is the computer upo n which the S urveyor pr ogram is ru nning. IF S tatement First s tateme nt for a l evel in a filt er . Specifies cond itions and ac tions. Use the IF stateme nt dialog box to cr[...]

  • Page 434

    Glossary-8 Survey or User ’s Guide Mode of Ope ration Defines t he current relati onship bet ween Survey or and a re source. Sur veyor c an transmit data fro m a resou rce (tra nsmit), r eceive dat a from a re source (c apture) , view a r esource (mon itor), or view and re ceive data from a reso urce simultaneous ly (monitor + captu re) Module A [...]

  • Page 435

    Glossar y (contin ued) Glossary -9 NIS Nam e Inform ation Se rvice . Oversize A counter showing the total number of packets receive d that were longer than the 1518 octe ts and were otherw ise well for med (good FCS). Overview T able T able in Sur veyor’ s Expert sys tem that l ists all c ounters f or expert events di scov- ered ove r time. Packe[...]

  • Page 436

    Glossary-1 0 Survey or User ’s Guide Packet T ype The type of packet se nt in transmi ssion mo de. Packet type s are IP , IPX, ARP , and AARP , or any oth e r type speci fied by t he user . It can also be the packet length f ield for 802.2 a nd SNAP frames. Pause Stop the continuous up date of th e data when viewing any resour ce. Portable Survey[...]

  • Page 437

    Glossar y (contin ued) Glossary -1 1 Root S tatement The fir st state ment in all capt ure filt ers. Sp ecifies gl obal va riables and global val- ues. SA Source address MAC level station address o f where a frame is coming f rom. SCCP Skinny Cli ent Contr ol Protoco l. The Skinny Client messagi ng system p rovides a means of e stablis hing, contr [...]

  • Page 438

    Glossary-1 2 Survey or User ’s Guide THGm (T en/H undred /Gigab it modu le) A hardware de vice avai lable fr om Finisar that al lows the ca pture/tran smit of net - work data a t full l ine rate and suppor ts real- time monito ring func tions for 10/100/ 1000 Ethern ets. The THGm car d is for use with 100 0BASE-SX, 1000BASE-LX, and potent ially o[...]

  • Page 439

    Glossar y (contin ued) Glossar y-13 T raf fic Rate When tr ansmitting f rom Surveyor , a percent age of th e maximum capaci ty of the network t o carry pa ckets. Tr ansmit Mode One of the modes for u s in g Surveyor. In transmit mode, data streams l oaded are trans mitted on the n etwork w hen the re source is starte d. Tr ansmit Specificat ion A d[...]

  • Page 440

    Glossary-1 4 Survey or User ’s Guide V oice over IP (V oIP) Industry term for the car rying of voice traf fic over the Int ernet Pro tocol. Thi s term is someti mes used mor e broadly to ind icate V oIP/Mult i-Medi a communic ations vi a the H.323 or SCCP protocol s. WKP Abbreviat ion for well k nown port, a known port address on the net work. Ze[...]

  • Page 441

    Index-1 Index Symbol s .CAP File Extension 3-18 .CFD File Extension 3-18 .DFD File Extension 3-18 .HST File Extension 3-18 .NAM File Extension 3-18 .TSP File Extension 3-18 Numerics 12-T ap setting the CO M port 4-18 –A– Abort De limiter Counter 12-4 Absolute Time 4-2 AC Error Cou nter 12-4 Access privileges 3-2 super -user 3-2 Accessing remote[...]

  • Page 442

    Index-2 Survey or User ’s Guide –B– Bad Frames 12-5 bitmaps, expor ting 13-9 Bridge Protocol Data Unit (BP DU) 10 -92 Broadcast/ Mu lticast Storms 10-103 , 12-5 Buffer size 4-8 Buffe r Usa ge A-2 Buffe rs A-2 Burst Error Counter 12-4 Burst timing 8-7 Bursts 8-7 bursts example 8-7 example 8-7 byte boundar ies 7-10 Byte Count, Multi-QoS 12 -9 ?[...]

  • Page 443

    Index-3 Index (contin ued) Token Ri ng, list of 12-4 Excessive BOOTP 10-106 Excessive Broadcasts 10 -107 Excessive Collision s 10-10 8 Excessive Mailslot Broadcasts 10-20 , 10- 21 Excessive Multicasts 10-109 expert counters, list of 12- 5 export Coun ter log file to Excel 13 -10 Fragme nt 10- 1 10 history fi les 12-9 HSRP Errors 10-59 , 10-60 ICMP [...]

  • Page 444

    Index-4 Survey or User ’s Guide ICMP Fragmentation Needed 10 -71 DA and SA fields 8-10 DA field 8-3 Data field 8-3 Data views 6-1 , 6-18 Address Map V iew 6-34 Application Layer Host T able V i ew 6- 27 Application Layer Matr ix V iew 6-31 Applicati on Response T ime V iew 6-36 Duplicate Address V iew 6- 35 Expert V iew 6-36 Frame Size Distributi[...]

  • Page 445

    Index-5 Index (contin ued) CRC Fra me 10- 104 Duplicate Net work Addr ess 10-58 Excessive ARP 10-105 Excessive BOOTP 10-106 Excessive Mailslot Broadcasts 10-20 Frag ment Fr ame 10-1 10 FTP L ogin Att empt 10 -21 HSRP C oup 10-59 HSRP R esign 10-6 1 ICMP Bad IP Header 10-63 ICMP Destination Host Access Denied 10- 64 ICMP Destination Host Unknown 10-[...]

  • Page 446

    Index-6 Survey or User ’s Guide –F– Filter Actions 7-13 Capt ure 7-1 4 Counter 7-1 4 displa y 7-15 Filter Example, Advanced Filter 7-29 Filter Example, Capture Conversation 7-2 3 Filter Example, Capture TCP Port T r af fic 7-27 Filter Example, Logical Combination 7-2 5 Filter templates 7-2 , 7-7 , 7-12 Filter , extracting fram es from a captu[...]

  • Page 447

    Index-7 Index (contin ued) –K– Keyboard s hortcuts C-2 –L– Launching 3-1 layers, expert system 10-6 learn addresses 13 -3 learn names 13- 2 remote resources 13-4 Line Error Cou nter 12-4 Link 3-3 Local resources 5-2 Log file 4-16 directory s tructure 12-10 Log File Settings, alarms 9-10 Log files in alarms 9-9 Logging U tility 13-8 logical [...]

  • Page 448

    Index-8 Survey or User ’s Guide NCP Server Bu sy 12 -6 NCP T oo Many File Retransm issions 10-28 NCP T oo Many Requ est Loop s 10-30 NCP T oo Many Request s Denied 10 -29 NDIS 5-8 , A-2 NDIS, conf igurin g 4-7 Network adapters 2-2 Network L ayer Host T able V iew 6-25 station address 6-25 Network Layer Mat rix V iew 6-30 Network Overload 12-6 Net[...]

  • Page 449

    Index-9 Index (contin ued) Set Default button 4-12 protocols in conversati ons 7-5 , 7-7 protocols supp orted 1-4 –Q– Quality of Service 11 - 1 –R– RAM 2-1 Range Editor , Dropped Packets 11- 14 Real-T ime Buffer A-1 Refresh Options, Multi-QoS 11 -7 Remote communications configur ing 4-11 Remote resour ces auto-discovery 4-11 , 5-2 Remote Se[...]

  • Page 450

    Index-10 Survey or User ’s Guide Delete 8-4 Edit Data 8-4 Modify 8-4 Stream co ntents 8-3 Stream m odes 8-7 Frame Rate 8-7 Packet Gap 8-7 T raffic R ate 8-7 Stream s ize 8-3 Streams modes 8-7 modi fyin g data 8-8 stream mode 8-3 Summary V iew 6-3 Alarm Log tab 6-3 Alarms tab 6-3 changing views 6-3 data views supported 6-2 Description tab 6-3 gett[...]

  • Page 451

    Index-1 1 Index (contin ued) Capt ure V ie w tool bar 3-15 Address Map Vi ew b utton 3-17 Application Layer Host Table Vi ew butto n 3-16 Application Layer Matrix View button 3- 17 Copy butt on 3-15 Frame Size Distribution View button 3- 16 Go To Trigger button 3-16 Host Matrix View button 3-17 Host Table View button 3-16 navi gation buttons 3-16 N[...]

  • Page 452

    Index-12 Survey or User ’s Guide T o tal MAC stations 10-12 1 T otal R outer Broadcasts 12-8 T o tal Tx Collis ion Counter 12-3 T raffic dir ection indicator 7-5 , 7-7 Tr an s m is s i on status 8-4 , 8-8 transmitting capture files 8-1 2 T ransmission mo de status controls 8-4 T ransmission mo des 8-4 , 8-8 T ransmit C o ntinuou sly 8-8 T ransmit[...]

  • Page 453

    Inde x-13 Index (contin ued) resi zing doc king win dows 4-1 –X– X offs ets (wildcard) 8-1 0 –Z– Zero Broadcast Address 10-101[...]

  • Page 454

    Index-14 Survey or User ’s Guide[...]