AiroPeek Windows user manual, for AiroPeek standard and
Contents
1. EtherPeek real time expert protocol analysis E ire Gy 8 a Jy ae g cass Les J Kn Pa LC K Aji NW o r H dN Pw L e k dd wi SS m i Ti 7 vd P a l al z E mM A K ia i s i ha 179 g r wf ka x s K n i Se Slane BPS OOG a 4 E F I 000 BT TLIO OKT L PU L0TTO01 F j E TIK www wildpackets com 1989 2002 WildPackets Inc All Rights Reserved WildPackets Contents 1 Capture and view packets ss sssssssssssss esse esse essen ennenen enne 2 2 Capture filtering the easy way csss sss esse sss s esse esse sese enen enen 2 3 Advanced filtering ssssssssssssssssssssssssssssssssss esse ennenen ennenen ennenen 5 4 Who are INE Top Talkers scvrssarexcyassstgssaaszrasstesssssiaatayesna yag anea 6 5 What protocols are ON your network esse sees sees sees eee sees ee neee 7 6 Make multiple graphs ccccccseseeesseeeesseeseeenseeesseoesseoeseseeseneasesensens 8 7 Find problem packets through Select Related sccsesse 9 8 Determine Application Response Time sss ssssss sss esec sss ss sese esse s esse 10 9 Visualize your network with expert mapping sssssss esse esse sese sss ess ss 11 10 Find that Slow Web Server fast cccecceeeeeeeeeeeeeeeeeeeeeeeeeeeeesees 12 Copyright 2002 WildPackets Inc All Rights Reserved 6 6 r I E WildPackets oPi g s 1 10 Cool Things You Can Do With Et2. 3 Advanced filtering Page 5 4 Who are the Top Talkers Top Talkers is a common troubleshooting statistic The network is slow for example and you may want to see which stations are using the most bandwidth 1 Click on the Nodes Tab By default the View Type is Hierarchical where logical addresses and symbolic names are nested beneath their physical addresses along with their transmit and receive statistics However you can easily change the default view to one showing the Top Talkers 2 Pull down IP from the View Type then click on a column to sort on Bytes or Packets sent or received Right click on the columns to customize the display 3 To view a subset of the talkers choose a value in the Display Top drop down Capture 4 AEA 92 527 ES 100 eck 9252 Accept all packets op Capture FE Ta a TK 4 VS 2 S lt BS 2 TE mm D u ail Node l z Bytes Sent Top 5 Bytes Received Packets Received Broadcast Packets Multicast Packets mail wildpackets con i 7 199 9 v Top 10 i 7 947 083 10 964 D 0 IP 64 46 110 57 i 6 711 4 Top 20 i 152 446 2 376 i IP 10 4 58 18 6 656 7 Top50 15 572 690 24 035 20 IP 192 168 1 109 i 3 462 4 Top 100 i 138 775 1 757 DEVX 3 045 7 Al i i 219 399 1 695 imap wildpackets con i 2 771 Z rome i 319 230 3 577 IP 64 200 92 135 i 2 300 776 i 175 180 2 728 ebb ops placeware con i 2 006 392 i 220 720 3 316 IP 10 4 58 2 i 1 633
3. Duration 00 04 41 c Right click on one of the columns in the packet list to customize the column display 1 Capture and view packets Page 2 2 Capture filtering the easy way EtherPeek ships with a set of common pre defined filters but its real power is in the ease with which you can create your own filters 1 As packets are coming in choose something you might want to filter on such as a protocol or source IP address Right click on that packet stop the scrolling if necessary by keying Ctrl K Capture 1 EEr otter 683 820 Muna 1005 Pec 663 620 Filter state Accept all packets ox Ex Qa 4 S k Packet Source Destination Size Delta Time Protocol Summary Expert 663752 aiedownload cps GARY PC 1518 000640 TCP i e ee 952552807223 L 1460 Aa 9 663753 GARY PC aiedotmload cps 7 64 000197 i A d 954665635 L 0 4 25 54 IP 10 4 58 18 l 00 000279 TCP A S 954665635 L 0 A 25 aiedownload cps _ 014895 AL 5 2552808683 L 1460 A aiedownload cps Li Save All Packets O00691 A 9 2552808683 L 1460 A aiedowmload cps 011490 i oA 9 2552810143 L 000622 i A 8 2552810143 L aiedownload cps _ GARY PC 000198 A 5 954665635 L 5 Decode Packet Save Selected Packets Select Related Packets 663763 663764 663765 663766 IP 10 4 58 18 663761 663762 www livejournal d www livejou
4. 1 2 1 1 1 1 5 asia cnet com Problem Summary Problem Log Node Details Description Count IP Header Checksum Error 1 720 Slow Server Response Time 6 957 IP ICMP Error Reports 15 982 TCP Slow Acknowledgement 9 021 ICMP Port Unreachable 15 889 HTTP Slow Response Time 2 872 TCP Retransmission 342 Packets Nodes J Protocols J Size L Summary History A Loa Exnert Pee Capturing 52 ProblemFinder Settings visible Columns Auto Column Widths Show Grid v Show Ellipsis Expand All Collapse All Packets 51 862 Duration 01 27 19 Scroll down until you find a particular problem you d like to look at Right click and Choose Select Related Packets by Source and Destination or by Conversation Alternatively you can go straight to the Problem Summary Log and select all packets related to a particular problem Note how the conversations having this issue are highlighted when you return to the Packets view Page 9 8 Determine Application Response Time Application Response Time is available via the Expert Tab where detailed round trip analysis of command response packets is available showing you the best worst and average delay In a similar fashion throughput is also analyzed 1 Click on the Expert Tab 2 Click on the Node Details tab f Capture 4 Sele TE 2 829 266 eS Ooa Stop Capture Packets filtered 2 829 266 Filter state Accept all packets Conversations Analyzed 16 000 R 3 e
5. E AET E 100 Packets filtered Accept all packets seats Seca vo amp Bem D Protocol Percentage Bytes Packets meethernet Type 2 j 0 000 0 IP 0 000 0 El TCP AL 469 120 170 987 NetBIOS 32 513 94 216 188 SessMsg 6 180 17 907 956 DU Dgram 0 198 572 506 Query Req 0 132 382 596 Neg Sess Rsp 0 128 371 060 Neg Query Rsp 0 116 337 116 Sess Req 316 994 Pos Sess Rsp 0 107 310 348 Dgram Err 0 106 306 716 Beast Dart an 0 102 294 572 Retarg Sess Rapi 0 102 294 532 DG Dgram 0 099 286 922 Keep Alive _ 0 0845 242 984 Pos Query Rsp 0 083 239 884 FileMaker 3 624 10 502 994 HTTP 7 566 21 926 304 SMTP 3 453 10 006 476 CIFS 1 219 3 592 526 4 Retrospect 1 126 3 263 670 Packets J Nodes Protocols f Size Summary J History J Loa A Expert Peer Map Filters Capturing Packets 36 611 Duration 00 15 39 TA 0 a Ka G Oo ae 2 Double click on a protocol to see the of usage by each host B Detail Statistics Sele Details for NetBIOS Total packets 211 2271 Largest packet 1 591 E 2522714724 ted aal d amp X fe Te 9 L Average packet size H RN k 7 Bytes Packets ln 78 084 42 755 112 232 238 78 084 3 863 886 42 755 2 687 638 38 779 74 022 pIP 192 168 1 3 00 06 5B 8C 47 18 Joos02 3F 76 60 27 LTTE TLS RELT TO 12 1 Protocol F Ethernet Type 2 IP El TCP NetBIOS 81 1485
6. Walk down the tree until you see an interesting analysis in the Delay and Throughput Analysis display in the lower right 8 Determine Application Response Time Page 10 9 Visualize your network with expert mapping The Peer Map is a great way to get a visual perspective of your network Not only can you select related packets from hosts on the map but you can easily create ad hoc filters or look at Top Talkers 1 Click on the Peer Map Tab EtherPeek NX Capture 1 ab File Edit View Capture Send Statistics Tools Window Help x D s H5 4D OO 4 27 260m gt Packets received 620 752 IH TT www specificoffers com pop6 prserv net postoffice pachell net Packets filtered pp Accept only packets matching one fitter 10 4 58 28 Display Options a 205 188 8 95 204 127 202 4 Map Type lip Map v BUILD NAOMIJACOBS rae ARLEENTAYLOR 1 RYANMAC Node Visibility Criteria 204 179 120 684 RONNIE Max Nodes O Absolute Percent Oo JEFFBIRSCHTEIN 192 168 1 80 50 be 192 168 1 151 i 192 168 1 23 Traffic Type All E 192 168 1 242 k JOIA TURNER 192 168 1 153 LO K homepage ntlyvorld com Order Highest v newgoogle yahoo akadns net K 205 188 9 200 istis ssh cloudfactory org ht S i 64 12 174 185 me Total Se K scionnet com ay t SAM Flow Direction Sent v www viberation com ewe 192 168 1 3 N
7. 4 24 Packets A Nodes L Protocols A Size A Summary A History A Log A Expert Peer Map Filters Capturing Packets 20 021 Duration 00 02 12 6 Go back to the packet list in the Packets view You should only be seeing packets that meet your filter criteria Notice the packet counts differ in the upper left corner Packets Received vs Packets Filtered 2 Capture filtering the easy way Page 4 3 Advanced filtering EtherPeek s advanced filtering is easier to use than most analyzers simple filtering Filtering on specific protocol decode fields for example can be accomplished in just a couple of mouse clicks Suppose you wanted to view all packets with a Time To Live TTL of under 128 A packet with a TTL of less than 128 indicates the packet has most likely traversed a router When dealing with network slowdowns it s interesting to understand where the packet came from and where it s going TTL helps us understand the packet s path Here s how to build the filter Click on the Packet List Tab Choose any IP packet and double click to open the decode view Right click on the TTL field under the IP Header section and select k An advanced filter is already made for you Double Click on the Value box O a A U N Change the Operator to lt other LAN analyzers do not have this capability C Fth
8. Any address Both direct H Protocol filter World Wide Web HTTP Pratocel Port filter Fort 1 Type TCP UDP w Both directions i Fort 2 ole U Any port 3 Name the filter and make modifications You may wish to restrict the data to only one attribute for example source IP address or protocol 4 Click OK to save the filter 2 Capture filtering the easy way Page 3 5 Click on the Filters tab and find your new filter in the list Check the box next to the filter You will now be capturing only packets that meet the criteria of that filter Alternatively you can reject only those packets matching the filter criteria by clicking on the Reject Matching button Capture 1 SEE Pc 20021 ed ae accept oniy L SP Cate eel 1 8 tm x G Comment F Accept Matching Reject Matching AppleTalk AppleTalk packets AppleTalk Broadcast Packets to the AppleTalk broadcast address Broadcast Physical layer broadcasts DECnet DECnet packets DHCP DHCP packets DNS DNS packets Error Error packets FTP FTP data or control packets HTTP HTTP packets web ICMP ICMP packets IP IP ARP or RARP packets C Multicast Physical layer multicast packets my web server NBP AppleTalk NBP packets NetBlOS NetBIOS packets Netare Net are packets Os OSI packets POP POP packets email SMB SMB packets SMTP SMTP packets email TCP TCP packets ved Led ee 8 afe Lm
9. Maximum Conversations Reached at Using MyExpertProtile exp First Packet Time 09 18 2002 at 13 27 27 09 18 2002 at 13 27 27 Last Packet Time 09 18 2002 at 13 23 28 09 18 2002 at 13 29 28 y Problems Detected Packet 2 067 404 09 18 2002 at 14 00 26 Het Node 1 Client Het Hode 2 Problems Packets Bytes Duration Avg Delay TCP Status Q HTTP Slow Response Time 1 E TCP Port 61576 lt http 2 189 172 213 00 02 00 057 90 843 ms Closed TCP Slow Acknowledgement 1 Q HTTP Slow Response Time 1 TCP Port 61577 lt http 1 120 98 767 00 02 00 206 83 321 ms Closed TCP Slow Acknowledgement 1 v Problem Summary Problem Log Node Details Naming and Statistics Delay and Throughput Analysis Het Hode 1 Het Node 2 A 7 Delay Hode 1 gt 2 Throughput Hode 1 lt 2 Throughput Name 10 4 58 18 waww pemods com Best 64 935 ms 54 256 bps 220 728 bps dA Network Address 10 4 58 18 216 234 235 187 Worst 114 375 ms 64 bps 1 944 bps Packets Sent 53 67 Average 83 321 ms 921 bps 5 656 bps Bytes Sent 13 833 84 934 Samples 16 packet pair 53 packets 67 packets Average Size Bytes 261 1 268 Physical Name 00 50 56 40 41 37 00 50 8B 91 29 7B Physical Address 00 50 56 40 41 37 00 50 88 91 29 7D lt gt Packets L Nodes Protocols J Size Summary L History Log l Expert L Peer Map L Filters Capturing Packets 73 774 Duration 01 35 30 3 Right click on the first host in the conversation tree and choose Expand All 4
10. and course design centers around practical applications of protocol analysis techniques for Ethernet and 802 11 wireless LANs In addition to classroom taught Network Analysis Courses WildPackets Academy also offers e Web Delivered Training e On site and Custom Courseware Delivery s The Technology Engineering and Networking Video Workshop Series e On site and Remote Consulting Services e Instruction and testing for the Network Analysis Expert NAX Certification For more information about consulting and educational services including complete course catalog pricing and scheduling please visit www wildpackets com academy NAX examination and certification details are available at www nax2000 com Live Online Quick Start Program WildPackets now offers one hour online Quick Start Programs on using EtherPeek NX EtherPeek and AiroPeek NX AiroPeek led by a WildPackets Academy Instructor Please visit www wildpackets com for complete details and scheduling information About WildPackets Inc WildPackets a privately held corporation was founded in 1990 with a mission to create software based tools to simplify the complex tasks associated with maintaining troubleshooting and optimizing evolving computer networks WildPackets patented core Peek technology is the development base for EtherPeek TokenPeek AiroPeek and the N X TM family of expert packet analyzers All are recognized as the analysis tools of choice for sma
11. you will need to add a new filter Open a browser and go to your web server You should see your web server in the packet list display Create a filter by right clicking on that packet and choosing Make Filter 5 Go to the Filters Tab and enable the filter you just created T Capture octet 166 185 JE OIT 35 S H 26 655 eK mem xX Sia I ee Accept only packets matching one of 2 filters Sele Stop Capture Filter Comment CS E a a a a a a a a a a e OOO AppleTalk Broadcast Broadcast DECnet DHCP DNS Error FTP HTTP ICMP IP Multicast my web server NBP NetBlos Nettare OS POP SMB SMTP TCP Telnet L e D Web Server Packets to the AppleTalk broadcast address Physical layer broadcasts DECnet packets DHCP packets DNS packets Error packets FTP data or control packets HTTP packets web ICMP packets IP ARP or RARP packets Physical layer multicast packets AppleTalk NBP packets NetBIOS packets NetWare packets OSI packets i POP packets email SMB packets SMTP packets email TCP packets Telnet packets UDP packets Packets L Nodes L Protocols L Size L Summary L History L Log L Expert L Peer Map Fiters Capturing 10 Find that slow web server fast Packets 26 655 Duration 00 02 49 Page 12 6 Now go to the Expert Tab Click the Problem Summary pane and check for TCP Resets or HTTP Slow Res
12. 168 1 104 64 12 184 25 l 10459 TCPPort 3859 lt http 09 7 2002 at 16 57 TCP Fast Retransmission 10 4 58 18 64 12 184 25 10454 TCPPort 64435 lt gt http 09M 7 2002 at 16 57 TCP Zero Window 10 4 58 18 64 12 184 25 10465 TCP Port 64435 lt gt http 09 7 2002 at 16 57 TCP Zero Window 192 168 1 104 64 12 184 25 10460 TCP Port 3859 lt http O94 7 2002 at 16 57 Slow Server Response Time 165 ms from Packet 10 192 168 1 53 66 133 152 191 10544 TCP Port 2821 lt gt netview aix 6 Packets J Nodes Protocols Size Summary History J Loa Expert Peer Map A Fiters Capturing Packets 82 247 Duration 00 03 46 E los je Ap a AT 100K Date Time Message Hoo qi 0972002 16 59 34 http 84 12 174 153 content BO H7pTL2Lut0_kw3xmijavvl snsBa9RRNkeB_S x 0947 2002 16 59 39 http 1207 188 7 201 bbsNowPlayingJS ts 1 0323071 50 amp sI QX2 7H xg amp 10323 09712002 16 59 39 http 1207 155 7 201 bbsNowPlayingJS ts 1 0323071 50 amp sl QX2 7H xg 210323 0947 2002 16 59 59 http dalia my vip scS yahoo com feed pg4 s quotes from JULIEKIM 0947 2002 16 59 59 http datal my vip scS yahoo com feedipg4 s quotes from 10 4 58 18 v For Help press F1 99 3Com 3C920 Integrated Fast Ethernet Controller 3C905C Tx Compatible Main window of EtherPeek NX showing the Expert view Page 1 1 Capture and view packets Though you can see global network statistics without capturing pack
13. 168 1 204 IP 10 4 58 18 Delta Time 001379 008035 000271 002967 000031 000230 003567 Protocol Summary Ret Ret Ret Ret Ret Ret HTTP 634777821 Packet v Source 634777621 1855732681 Source Logical 634779281 Source Physical 3 634780741 Source Port 3 1855732828 v Destination 8 1710136119 Dest Logical Dest Physical Dest Port Flags v Size Show Packet List p IP 192 168 1 204 DEVX IP 192 168 1 204 IP 192 168 1 204 DEVX 401 mail yahoo com Show Decode View Show Hex View S F Packet Info Flags Status Packet Length Timestamp lt TT Ethernet Header Gp Destination Gp Source 8 Protocol Type lt T IP Header Internet 0000 0016 0032 0048 0064 0080 0096 00 50 56 40 41 37 00 OS DC EE 70 40 00 40 3A 12 13 8B Fl FF FF 08 oo DZ 80 13 01 57 ol 57 Ch 62 l2 0l co cs 0x00 0x00 1518 11 25 12 263986 097 1872002 00 50 56 40 41 37 00 03 93 94 1A BC 0x0800 IP Protocol Datagram 03 06 52 57 62 ed 94 LA BC SP OA 04 71l 8E 62 6F 74 OF 69 65 61 72 os 00 34 02 67 71 6E 69 6E 02 6C 64 64 65 45 00 OA 04 50 10 74 61 80 2B oz 80 0l 57 WixZboston Wi broomfield WAEbrossarde w S IP Length IP ID Date Absolute Time v Delta Time Relative Time Cumulative Bytes v Protocol Filter v Summary Analysis Module Name v Expert Packet List Options Capturing Packets 44 070
14. 188 436 504 Sesslsg 468 21 984 984 SMB s K 0 Read amp X 5 244 12 178 066 x nanm smm 3 Return to the Protocols Tab right click on a protocol and Select Related Packets This is a two click method of choosing all the packets in the packet list that are talking this protocol Select Related is available throughout the program the nodes stats expert problems Peer Map etc 5 What protocols are on your network Page 7 6 Make multiple graphs EtherPeek s extensive graphing ability enables you to correlate useful statistics For example are broadcast packets a significant portion of your utilization 1 Click on the Summary Tab 2 Right click on Total Broadcast and choose Graph Name the graph in the Graph Data Options dialog and click OK Capture 4 Bf seit e EE H o oo Mice 649 362 Accept all packets oh ae Packets yn eo He Statistic Current General Start Date 09 16 2002 Start Time 12 57 05 Duration 00 22 13 Total Bytes gt Total Packets i 643 aap Total Broadcast Save Summary Statistics Total Multicast i Average Utilization khits s 2 253 249 Copy S Statisti Errors Copy Summary Statistics Total CRC Frame Alignment Runt Expand All Oversize Counts Physical Addresses Seen Tag h AppleTalk Addresses Seen 9 a IP Addresses Seen 399 Make Alarm DECnet Addresses Seen 0 Protocols Seen 165 Size Distribution Packets J Nodes J Protocols J
15. 665 i 282 156 3 698 wu speedstacks com i 1 531 892 c 539 596 1 956 Oo Le Le lL Lel L LL lL G 169 IG 169 16 16 16 16 9 L Packets A Nodes L Protocols L Size 1 Summary A History A Log A Exper A Peer Map Les Capturing Packets 58 756 Duration 00 06 43 4 Note that you can see the top 5 or 10 or 100 etc Double click on a host to view its protocols in Detail Statistics Detail Statistics TSR Details for IP 10 4 58 18 CEE 40 024 a en Total bytes Load Bytes Packets SALLE ESO 4 087 164 544 2 571 4 340 654 17 862 20 203 261 22 162 3 198 290 35222 3 208 910 2 444 retetetye 3 091 480 2 172 Bytes Packets 0 0 Oo 0 115 066 10 335 3 14 066 657 19611 3 492 195 4 279 942 193 2 172 FileMaker nana Make a filter build an alarm or construct a graph for any of these hosts with just a click of the mouse EtherPeek provides you with an amazing amount of flexibility Other analyzers decide for you what statistics will be displayed 4 Who are the Top Talkers Page 6 5 What protocols are on your network Perhaps instead of wanting to know what users are using the most bandwidth you want to know what applications are using up bandwidth Are any protocol ratios too high Are there any protocols that shouldn t be on the wire 1 To see which applications are on your network click on the Protocols Tab Capture 4 MB Packets received
16. 72 000333 000138 000150 001597 000384 016185 000004 060789 000243 005633 000269 000087 000236 000221 000024 000026 000729 000035 000124 R PORT 64574 HTML Data R PORT 1727 HTML Data i A 921852257691 L A F 9 1852257691 L A 9 1852257691 L A F 5 1852257691 L i eeeede 9 1852367083 L 3 921852367083 L A 9 1170525123 L A 9 11705251235 L ALS S LA S 32 47489667 L 47489667 L i A 521852367084 L AL 1852367084 L C PORT 1728 HTML Data PORT 1728 HTML Data PORT 1728 HTML Data PORT 64575 HTML Data PORT 64575 HTML Data PORT 64575 HTML Data law8 oe hotmail lawS oe hotmail com ee a Ja daa m 079434 000556 MANCAT com IP 10 4 58 18 DESIGN_P4 ifn 1 _A_ ren aAn Packets Nodes Protocols L Size A Summary A History A Log A Expert L Peer Map A Fitters Capturing Packets 32 423 SEE Seer in nanm rarnr remer 47469668 L 47489668 L Kean Ja Duration 00 04 43 EtherPeek NX ships with many standard filters including HTTP Click on the Filters Tab and check the HTTP filter to immediately activate it Go back to the Packets view Enable Scrolling Ctrl K so you can see incoming packets Verify that they are HTTP packets 4 You may see HTTP access from web traffic not associated with your web server so
17. E2 DOUG PC winbcast kqed speede 27 111 53 494 Fm 14587 13 1 APTOP 2 176 Problem Summary Problem Log Node Details Date Time Description Het Hode 1 Het Hode 2 Packet Protocol App 0948 2002 at 15 45 TCP Reset Inactive Connection RELT DELL866 2 dev wildpackets com 44299 TCP Port 1042 lt http 0978 2002 at 15 45 HTTP Slow Response Time 152 ms from Packet 443 zg MaU http 0918 2002 at 15 45 HTTP Slow Response Time 151 ms from Packet 443 09 18 2002 at 15 45 Low Server to Client Throughput 2 914 bps 09 6 2002 at 15 45 Low Server to Client Throughput 2 914 bps 0918 2002 at 15 45 TCP Slow Acknowledgement 509 980 secs from Pa 0918 2002 at 15 45 TCP Slow Acknowledgement 509 979 secs from Pa 09 18 2002 at 15 45 TCP Too Many Retransmissions 29 995 secs from P 0948 2002 at 15 45 TCP Too Many Retransmissions 29 997 secs from P 09 18 2002 at 15 45 Low Server to Client Throughput 1 173 bps 09 18 2002 at 15 45 Low Server to Client Throughput 1 173 bps 09 8 2002 at 15 45 TCP Reset Inactive Connection 09 18 2002 at 15 45 TCP Slow Acknowledgement 306 210 secs from Pa I lt Packets L Nodes L Protocols Size 1 Summary L History L Log Expert L Peer Man L Fiters Capturing Packets 52 885 Duration 00 18 47 Select Related Packets By Source and Destination By Conversation Selected Entries Selected Entries See Packet Save Pro
18. Size Summary History L Log L Expert L Peer Map L Fiters Capturing Packets 46 764 Duration 00 22 14 Collapse All 3 Right click on Average Utilization and choose Graph Name the graph in the Graph Data Options dialog and click OK 4 Minimize the capture window and then choose Window Tile Horizontally EtherPeek is one of the few analyzers that complies with MS Windows conventions which is certainly helpful here O EtherPeek NX File Edit view Capture Send Statistics Tools Window Help Cy cee amp 4 5 4 e d sy Zma gt Total Broadcast x 10 01 2002 15 59 18 7 0 00 00 02 10 7 42 57 ma b BT m 1 second 1 2 99 i 40 00 F 0 00 104 2002 4 00 00 PM 104 2002 4 00 20 PM 104 2002 4 00 40 PM 104 2002 4 01 01 PM 104 2002 4 01 21 PM Ave Utilization Sr EEE 1070172002 15 59 10 e 7 052 61 natn RET 00 0218 nn Se zeal M b GS MR O a 1 secona eres 7290 38 100 2002 3 59 10 PM 10 4 2002 3 59 30 PM 104 2002 3 59 50 PM 104 2002 4 00 11 PM 104 2002 4 00 31 PM 6 Make multiple graphs Page 8 7 Find problem packets through Select Related 1 2 7 Find problem packets through Select Related EtherPeek NX s Expert Tab is by far the easiest to use and most up to date on the market Problems are arranged by conversation rather then by OSI model level ProblemFinder tests and settings are just one right click away as are problem descriptions a
19. blem Log Save Selected Copy Problem Log Copy Selected Clear Log 44583 TCPiPort 2499 gt http 44582 TCPiPort 2499 lt gt http 44581 TCPiPort 62386 lt gt http ProblemFinder Settings 44589 TCPiPort 50466 lt http Auto Column Widths 44588 TCP Port 64949 gt http v Show gie l 44585 TCPPort 64967 http v Show Elipsis 44605 TCP Port 64777 gt http mbl AL eS A 9 Go to the Packets view and your problem packet is highlighted 10 From there try and figure out what sort of packet it is Does it say Data in the Summary Column What is this packet in response to Click through the packets that preceded the bad packet Unlike other analyzers EtherPeek s NX expert system ignores the ACKs when determining the HTTP Slow Response diagnosis Look to see if the ACK was received right away If so and it was the data packet that triggered the diagnosis you know it was the web server that was slow and not the network 10 Find that slow web server fast Page 13 WildPackets Professional Services WildPackets offers a full spectrum of unique professional support services available on site online or through remote dial in service WildPackets Academy WildPackets Academy provides the most effective and comprehensive network and protocol analysis training available meeting the professional development and training requirements of corporate educational government and private network managers Our instructional methodology
20. erPeek NX Capture 1 Packet 7037875 D W8 aAA HOH ST Zm gt TE Edit Filter Filter Untitled Flags 0x00 z 9 s Comment S Status 0x00 m Packet Length 86 S Timestamp 11 20 56 794826 09 16 2002 S y Ethernet Header GP Destination 00 50 56 40 41 37 GH Source 00 50 8B 91 29 7D Protocol Type oxosoo IP TE IP Header Internet Protocol Datagram 7 Ca n nn C Signed 8 Version 4 Header Length 5 20 bytes C Network byte order lt T Type of Service 400000000 Operator BS 2B szy 1 Deley haem aaa Value 50 0 Normal Through 0 Normal Reliabi s0 ECT bit tran N Length a v And gt Or gt Not Show node details S Identifier 13531 ZZ 7 i Fragmentation Flags 000 0 Reserved 9 0 May Fragment 9 0 Last Fragment Q Fragment Offset 0 0 bytes Time To Live 50 Q Protocol 6 TCP Transmission Control Protocol Header Checksum OxDFOS M Source IP Address 64 85 240 104 Bl Dest IP Address 10 4 58 18 No IP Options lt TCP Transport Control Protocol Q Source Port S631 peanywheredata v 7 Name the filter and click OK 8 Go to the Filters Tab and click on the filter you just created Packets will then be filtered on the fly 9 The same filter can be used for post capture analysis too EtherPeek doesn t force you to define filters in multiple places
21. ets for most analysis sessions you ll want to capture packets One of EtherPeek s many strengths is in its flexibility This is immediately apparent in the packet list display where you can easily customize the display Click on the New Capture button on the Start Page or pull down File New from the R menu bar Click OK in the Capture Options Dialog then click the Start Capture button Capture title Continuous capture Buffer options Discard all packets when wrapping Discard oldest packets first use ring buffer Save to disk EtherPeek provides several ways to Ses mpi customize your view of traffic with a single click C Documents and Settings woia T umer M u a The auto scroll option Ctrl K allows you to see packets as they come in which is useful if you re looking for particular information in the Summary or Expert columns b The Show Packet List Show Decode View and Show Hex View buttons allow you to pick the content you want to see in real time Most other analyzers show all three and not usually in real time and do not allow you to toggle between the different views Buffer size 24000 kilobytes Show this dialog when creating a new capture window EtherPeek NX Capture 1 ab File Edit View Capture Send Statistics Tools Window Help 5 x d 7 A 37372604 i 100 e Accept all packets Destination DEVX DEVX IP 192 168 1 204 DEVX DEVX IP 192
22. herPeek NX EtherPeek NX is the first protocol analyzer to offer both expert diagnostics and frame decoding in real time during capture WildPackets EtherPeek NX has been carefully designed to help IT Professionals analyze and diagnose increasingly diverse volumes of network data providing precise contemporary analysis of the problems facing today s networks Here are ten cool things you can do today with EtherPeek NX EtherPeek NX Capture 1 ab File Edit View Capture Send Statistics Tools Window Help W2 JAS hh 72724 gt Te 82271 Accept al packets Ae Using MyExpertProfile exp Het Node 1 Client Het Hode 2 Problems Packets Bytes Duration Aug Delay TCP Status jt UDP Port 2482 lt snmp 8338 1 415 302 00 03 33 805 GARY PC 63 214 137 36 107 1 551 695 509 S TCP Port 2348 lt rtsp 107 1 551 695 509 00 03 45 722 192 800 ms TCP Slow Acknowledgement 80 Low Server to Client Through 22 TCP Retransmission 1 Slow Server Response Time 4 10 4 58 18 63 214 137 36 695 509 TCP Port 62698 lt rtsp 695 509 00 03 45 721 191 675 ms TCP Slow Acknowledgement oe Low Server to Client Through TCP Retransmission Q Slow Server Response Time 10 4 58 18 65 113 29 68 664 571 TCP Port 61 750 lt ms streaming 664 571 00 03 44 967 315 737 ms Problem Summary Problem Log Node Details Date Time Description Het Hode 1 Het Hode 2 Packet Protocol App 091 7 2002 at 16 57 TCP Fast Retransmission 192
23. ll medium and large enterprise customers allowing IT Professionals to easily maximize network productivity Information on WildPackets WildPackets Academy Professional Services products and partners is available at www wildpackets com WildPackets Inc 925 937 7900 www wildpackets com 1 6 5 F soaot00s WildPackets of uF git 1 Page 14
24. nd possible remedies Other analyzers force you to hunt and peck for the information you need EtherPeek NX delivers this information to you automatically It pinpoints the packets related to a network communications issue tells you why it s probably happening and suggests ways to fix the problem Click on the Expert Tab Right click on the first host and choose Expand All CAR Stop Capture f Capture 4 Becca 2 638 249 I _ Packets filtered 2 638 249 ii ate d 16 000 Bs 2 89 647 Net Node 2 www pomods com Accept all packets Maximum Conversations Reached at Packet 2 067 404 0918 2002 at 14 00 26 Packets Bytes 651 560 526 154 127 351 00 02 00 159 Using MyExpertProfile exp Net Node 1 Client Problems Duration Aug Delay TCP Status a 1045818 lt lt o i _ TcPPort 61578 lt shttp TCP Slow Acknowledgement TCP Port 61579 lt http Q TCP Slow Acknowledgement Q HTTP Slow Response Time S TcPPort 61576 lt http TCP Slow Acknowledgement Q HTTP Slow Response Time S TCP Port 61577 lt shttp TCP Slow Acknowledgement 10 4 5818 76 493 ms Closed N peel pace Packets By Source and Destination Save Conversation Statistics By OHE Save Selected Statistics Closed Copy Conversation Statistics Copy Selected Statistics Closed v Show Names v show Colors Show Routed IP Insert Net Node Into Name Table 3 Insert Net Node 2 Into Name Table 9 Make Filter 6 1 1 2 1
25. ne host such as a mail server or a web server Top Talkers that is skewing the results you are looking for you can drag that node into the Hidden Node field 9 Visualize your network with expert mapping Page 11 10 Find that slow web server fast With EtherPeeks Expert System you can easily spot slow servers Here s an example of how to troubleshoot a slow web server 1 Start a new capture t Capture 7 Packete recewed Memory utsge 13 32 423 4 2 L S pp Accept only packets matching at least one of 2 filters ees Packet Source 3 21166 21167 21166 21169 21170 21171 DESIGN P4 IP 10 4 58 18 law6 oe hotmail lav o0e hotmail law8 oe hotmail law6 oe hotmail DESIGN PA IP 10 4 58 18 DESIGN_P4 DESIGN P4 DESIGN P4 IP 10 4 58 18 IP 10 4 58 18 IP 10 4 58 18 Destination DESIGN_P4 DESIGN _P4 IP 10 4 58 18 IP 10 4 58 18 law8 oe hotmail com law8 oe hotmail con law law law law laws law8 law8 laws law law law8 laws laws law oe oe oe 0 0 oe oe oe oe oe oe oe oe oe IP 10 4 58 18 DESIGN pA hotmail hotmail hotmail hotmail hotmail 7 hotmail IP 10 4 58 18 DESIGN_P4 IP 10 4 58 18 DESIGN_P4 hotmail hotmail hotmail hotmail hotmail hotmail hotmail hotmail Detta Time Protocol Summary 0666
26. ode Counts Summary GRANTNAKATAN aie 192 168 1168 Showing 50 of total IP nodes with the 666 133 152 191 205 188 58 29 highest total packets sent 192 168 1 114 CINDY CHAN Visible 30 ryan dev wildpackets com i DU MSBROVYSE_ 0 User Hidden 0 DOUG PC b i F 207 202 214 131 invisible 80 64 200 92 135 wmbcast kged speedera net Total 160 imap wildpackets com DESIGN_P4 mail wildpackets com 1045818 Protocols a law8 oe hotmail com 192 168 1 76 F yol Me Allon LH AL on Invert All ww wildpackets com fie dev wildpackets com IP AN BA BILLCOLLINS ICMP 2 Into AC hmc edu TCP Sa KEVINMCCARTHY wildpackets 1 imtvweal de1 genuity net ee eee ts HD 192 168 1 77 aii 192 168 1179 R S M l RELT DELLS66 2 Invisible Hodes 80 za 192 168 1 122 J 64 12 184 89 10 4 58 29 Al 192 168 1 167 E QN lav oe hotmail com 10 4 58 61 J C Uh 192 168 1243 dina ena 152 163 208 185 squall sunnytrips com 7 ads veb aol Com 216 239 53 102 data msg yahoo akadns net pal ads vip sc5 yahoo com zedo IInvwed net i Packets 20 269 Duration 00 18 28 Capturing For Help press F1 99 3Com 3C920 Integrated Fast Ethernet Controller 3C905C T Compatible 2 Choose P Map from the Map Type pull down in the upper right hand corner 3 Inthe Node Visibility Criteria area just below you can choose Top Talkers via absolute number or say top 10 The amount of traffic through a node is represented by the size of a dot And if there is o
27. ponse time diagnoses Capture 7 SEE Packets received Memory usage 100 INEM Packets filtered Pier erae Ae Accep b Conversations Analyzed 2 546 B Xe l Problems Detected 2 367 Using MyExpertProfile exp Het Hode 1 Client Met Hode 2 Problems Packe TCP Port 61 261 lt gt http 2 E TCP Part B 2AA lt ehttn 4 wi gt Problem Summary Problem Log Node Details Total Description IP Header Checksum Error 12 Busy Network or Server 3 HTTP Slow Response Time 320 TCP Fast Retransmission 24 Low Client to Server Throughput 2 Low Server to Client Throughput 18 TCP Retransmission 11 TCP Reset Inactive Connection TCP Slow First Retransmission 12 IP Local Routing 12 TCP Too Many Retransmissions 94 TCP Invalid Checksum 11 TCP Low Window 26 TCP Zero Window 30 i Packets A Nodes A Protocols A Size A Summary A History A Log A Expert A Peer Map A Fitters Capturing Packets 49 904 Duration 00 20 20 7 The Problem Log pane provides more detail including actual time delay between specific packets e g 6 472 seconds from Packet 4 8 Right click and select related packets by See Packet Capture 7 DE 100 O OO O O Cant ee Accept only packets matching at least one of 2 fitters rasan ce monan B SF S spa MyExpertProtie exp Het Hode 1 Client Het Node 2 Problems Packets Bytes Duration TCP Status Y SB TCP Port 63778 lt gt ms streaming 27 111 53 494 00 00 17 571 Open
28. rnal d IP 192 166 1 104 IP 10 4 56 16 aiedowmload cps aiedownload cps Ctrl 4 Ctrl D Select All Select None Invert Selection Set Send Packet Send Selected Packets A 000280 wA 9 954665635 L i A 006837 000227 000152 000301 007768 000619 A F 5 1660402334 L A F 5 1660402334 L i A 9 2837742204 L i A 952037742204 L i A 9 2552811603 L i wh 922552811603 L _ AL 9 2552813063 L i oA 922552613063 L i oA 085 954665635 L i oA 85 954665635 L AL 9 4190782958 L AL 5 4190782958 L RP PRA Aran oF 023197 000712 000220 000283 006964 000294 asr eran 663767 663768 663769 663770 663771 663772 aiedomload cps aiedownload cps ers Make Filter GARY PC E Insert Into Name Table IP 10 4 58 18 IP 205 168 10 115 IP 205 166 10 112 SS Resolve Names Ctrl R Apply Analysis Module Make Threads Protocol Info Set Relative Packet IRR ERO OOO PE RE RB bom mom oO Packets Nodes Protocols A Size Capturing Packets 35 327 Duration 00 26 57 Packet List Options 2 Click on Make Filter notice that the information on the packet you chose is already set up in the Edit Filter dialog for you Edit Filter Filter A New Filter Color B Tupe Address filter Address 2 Address 1 Type IP w 1045816 Zo l 6 feta sweden gt hd
Download Pdf Manuals
Related Search