Finisar Surveyor Manuel d'utilisateur

Naviguer en ligne ou télécharger Manuel d'utilisateur pour Logiciel Finisar Surveyor. Finisar Surveyor User's Manual Manuel d'utilisatio

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 454
  • Table des matières
  • MARQUE LIVRES
  • Noté. / 5. Basé sur avis des utilisateurs

Résumé du contenu

Page 1 - Surveyor

SurveyorUser’s Guide

Page 2 - Restrictions

xSurveyor User’s GuideExpert Diagnostic Messages... 10-15Working with the Expert

Page 3 - Surveyor User’s Guide

6-2Surveyor User’s GuideThis chapter contains information on data views with the exception of Expert Views and Multi-QoS Views. Refer to the Expert ch

Page 4 - Contacting Customer Support

6-3ViewsSummary View6Summary ViewSummary View is Surveyor’s global monitoring tool for network data. You can view real-time data from any local resour

Page 5 - Table of Contents

6-4Surveyor User’s Guide• Protocol Distribution • Host Table • Network Layer Host Table • Application Layer Host Table • Host Matrix • Network Layer

Page 6

6-5ViewsDetail View6You can have as many windows with data views as are available in Detail View. The initial data view you get of a resource is the v

Page 7

6-6Surveyor User’s Guide Application Layer Host Table Host Matrix Network Layer Matrix Application Layer Matrix VLANs Address Map Duplicate

Page 8

6-7ViewsCapture View6that you have of the capture buffer are still open windows within Detail View. In other words, the “view” and decode of previous

Page 9

6-8Surveyor User’s Guide• Detail PaneThe Detail Pane shows the values of the protocol elements associated with each protocol. For example, for the Dat

Page 10

6-9ViewsUsing the Histogram Control6Protocol Color Coding tab from the System Settings menu option. See “Appendix D” for a list of Surveyor’s default

Page 11 - (continued)

6-10Surveyor User’s Guide• The Lower Histogram represents the entire capture. The gray area on the histo-gram corresponds to the detail area.Figure 6-

Page 12

6-11ViewsUsing the Histogram Control6For the Upper Histogram, the Selected Section is changed by sliding a movable “window” over a portion of the data

Page 13

xiContents (continued)TCP Retransmissions ... 10-51TCP RST Packets...

Page 14 - Glossary

6-12Surveyor User’s Guideof the capture that are not shown in the Upper Histogram are available from the disk cache.Figure 6-2. Histogram Display Sho

Page 15 - List of Figures

6-13ViewsUsing the Histogram Control6shown in black. The gray and black colors indicate that these sections are not downloaded.Figure 6-3. Histogram

Page 16

6-14Surveyor User’s GuideHistogram Button ControlsHistogram controls allow you to focus on a smaller area of the capture, change the appearance of the

Page 17 - List of Tables

6-15ViewsUsing the Histogram Control6Downloads the data currently selected in the Upper Histogram to the capture view decode. Only the data within the

Page 18

6-16Surveyor User’s GuideIf you attempt to select an area smaller than 20MB, the closest sections that form 20MB of data become the Capture Selection

Page 19 - Tables (continued)

6-17ViewsPacket Editor6radio button and press the Range... button. Click, hold, and drag with the left mouse in the histogram to select the range you

Page 20

6-18Surveyor User’s GuideUse the Undo and Redo functions from the Edit menu to remove or reapply the last packet edit.Editing in Decode ViewEditing in

Page 21 - Introduction

6-19ViewsData Views6tables are updated approximately every 7 seconds.MAC Statistics View (Rx)From Detail View, click on the button to open a window w

Page 22 - Surveyor Functions

6-20Surveyor User’s GuideMAC Statistics View (Tx)From Detail View, click on the button to open a window with MAC Statistics View for transmit. From S

Page 23

6-21ViewsData Views6Frame Size Distribution View is available as a chart or a table. For the chart, the Bar and Pie buttons toggle the type of graphic

Page 24 - Protocols Supported

xiiSurveyor User’s GuideRIP Broadcasts... 10-95Router Storm...

Page 25 - (lpr, rcp, rexec, login, rsh)

6-22Surveyor User’s Guide:.The NET and ALL buttons shows percentage breakdowns for all packets. The IP Table 6-7. Protocol Distribution View, Chart Bu

Page 26

6-23ViewsData Views6and IPX buttons show the percentages of only those packets that can be identified as containing IP or IPX information respectively

Page 27

6-24Surveyor User’s GuideHost Table ViewFrom Detail View, click on the button to open a window with Host Table View. From Summary View, set the view

Page 28

6-25ViewsData Views6Network Layer Host Table ViewFrom Detail View, click on the button to open a window with Network Layer Host Table View. From Summ

Page 29

6-26Surveyor User’s GuideTab l eNetwork Layer Host Table View as a table shows network activity from the view of network stations. The table lists sta

Page 30

6-27ViewsData Views6Application Layer Host Table ViewFrom Detail View, click on the button to open a window with Application Layer Host Table View.

Page 31 - Installation

6-28Surveyor User’s GuideHost Matrix ViewFrom Detail View, click on the button to open a window with Host Matrix View. From Summary View, set the vi

Page 32 - Upgrading Surveyor

6-29ViewsData Views6ChartHost Matrix View as a chart shows only ten MAC conversations. The ten conversations displayed are those transmitting the larg

Page 33 - Installing Surveyor

6-30Surveyor User’s GuideNetwork Layer Matrix ViewFrom Detail View, click on the button to open a window with Network Layer Matrix View. From Summar

Page 34 - Installing Analyzer Hardware

6-31ViewsData Views6Application Layer Matrix ViewFrom Detail View, click on the button to open a window with Application Layer Matrix View. From Sum

Page 35 - Finisar Technical Support

xiiiContents (continued)Field Descriptions for Call Range Summaries... 11-15VQMon Metrics...

Page 36

6-32Surveyor User’s GuideThe station addresses and names in the conversation are provided in the table or chart. The name and address are the same if

Page 37

6-33ViewsData Views6VLAN ViewFrom Detail View, click on the button to open a window with VLAN View. From Summary View, set the view preferences to V

Page 38

6-34Surveyor User’s GuideTab l eVLAN View as a table shows network activity from the view of virtual LAN traffic. The table lists statistics for all V

Page 39 - Compatibility Matrix

6-35ViewsData Views6Packet Summary ViewPacket Summary View shows a real-time protocol decode. Packets received are decoded and the result of the decod

Page 40

6-36Surveyor User’s GuideExpert View (Expert plug-in only)From Detail View, click on the button to open a window with Expert View. From Summary View

Page 41 - Getting Started

6-37ViewsHints and Tips for Using Views6Multiple tables are available in Multi-QoS View. You can view all calls, subsets of calls filtered by protocol

Page 42

6-38Surveyor User’s Guide• Double-click on the MAC Statistics View in Detail View to bring up Capture View.• Data in a chart will be sorted by the las

Page 43 - Basic Navigation Tips

7-1Chapter 77 Capture and Display FiltersFor most data analysis operations, you’ll want to look at only a subset of all data. Filters allow you to sel

Page 44

7-2Surveyor User’s Guide5. Enter an address in the Add Conversation to Filter Template area and select the Apply Conversation to Template check box. E

Page 45

7-3Capture and Display FiltersCreating Filters with Filter Templates7Conversation to Filter Template area in the display provides a convenient means o

Page 46 - Buttons and Toolbars

xivSurveyor User’s GuideA Implementation Profile ... A-1Buffers ...

Page 47

7-4Surveyor User’s GuideA sample Filter Design window is shown below.Figure 7-1. Filter Design WindowFilter Design Toolbar Buttons (see Chapter 3 for

Page 48

7-5Capture and Display FiltersCreating Filters with Filter Templates7Creating and Applying a ConversationThe Add Conversation to Template area of the

Page 49

7-6Surveyor User’s GuideThere are four station address types:• MAC address – 12 hexadecimal digits.For example, 34FD34AA0001.• IP dot notation address

Page 50

7-7Capture and Display FiltersCreating Filters with Filter Templates7Creating and Applying a Port NumberSurveyor provides a convenient way to add a po

Page 51

7-8Surveyor User’s GuideMultiple Byte Patterns in Filter TemplatesFilter templates can be “several templates in one.” For example, HTTP, TELNET, and S

Page 52

7-9Capture and Display FiltersCreating Filters with Filter Templates7You then save the template. When you save a custom template, Surveyor asks for a

Page 53

7-10Surveyor User’s Guide Entering Values that Cross Byte BoundariesPort values are generally understood as decimal numbers. For example, an NFS port

Page 54

7-11Capture and Display FiltersCreating Filters with Filter Templates7Bit-Level FilteringSurveyor can filter at the bit level. To set a bit pattern, p

Page 55 - Summary pane

7-12Surveyor User’s GuideFilter Creation The FILTER CREATION portion (left side) of the Filter Design window is the area that actually specifies what

Page 56

7-13Capture and Display FiltersFilter Creation7a test against incoming frames. If the operation you try makes no sense in the context of creating a te

Page 57

xvList of FiguresFigure Page5-1. Remote Host Connections ... 5-35-2. Host

Page 58 - File Formats

7-14Surveyor User’s GuideActions for Capture FiltersTable 7-4 shows actions available for capture filters:An example Filter Actions dialog box for cap

Page 59

7-15Capture and Display FiltersFilter Creation7Actions for Display FiltersTable 7-5 shows actions available for display filters:See Multi-State and Mu

Page 60 - Establishing Links for THGm

7-16Surveyor User’s GuideGlobal Values that Affect Capture Filter ActionsTable 7-6 describes the options and settings available that have a global set

Page 61 - Configuring Surveyor

7-17Capture and Display FiltersMulti-State and Multi-Statement Filters7Frame types are shown in Table 7-7:Multi-State and Multi-Statement FiltersTo cr

Page 62

7-18Surveyor User’s GuideClick on the State button in the Filter Design window to view the Filter States Design window for the filter. An example is

Page 63

7-19Capture and Display FiltersMulti-State and Multi-Statement Filters7Filter StructureThe capture or display filter consists of states, each with a u

Page 64

7-20Surveyor User’s GuideFilter StatesStates are used to group a set of statements. Since statement contain conditions and actions, states are a way t

Page 65

7-21Capture and Display FiltersMulti-State and Multi-Statement Filters7Filter StatementsTo create statements, press the button from the Filter State

Page 66

7-22Surveyor User’s GuideCapture and Display Filter DifferencesDisplay and capture filters are activated in different ways. Also, some options for cap

Page 67 - Module Settings (Properties)

7-23Capture and Display FiltersFilter Examples7Filter ExamplesFilter examples are supplied with Surveyor. To see examples, open a capture filter file

Page 68

xviSurveyorUser’s Guide9-10. Alarm Example, Expert and Application Response ... 9-1910-1. Expert Overview Exampl

Page 69

7-24Surveyor User’s GuideThe steps used to create the filter template and load it to a resource are shown below:1. Press the Clear Template button.2.

Page 70 - System Settings

7-25Capture and Display FiltersFilter Examples7Filter Example, Template CombinationThe Filter Design window in Figure 7-6 shows the capture filter wit

Page 71

7-26Surveyor User’s GuideThe following steps describe how to create two filter templates, logically combine them using an OR operator, and load the re

Page 72

7-27Capture and Display FiltersFilter Examples7Filter Example, Capture TCP Port TrafficThe Filter Design window in Figure 7-7 shows the capture filter

Page 73

7-28Surveyor User’s GuideThe following steps describe how to create the BootPS filter template and load in to a resource.1. Press the Clear Template b

Page 74

7-29Capture and Display FiltersFilter Examples7Filter Example, Advanced FilterThe Filter States Design window below shows the capture filter Example.C

Page 75 - Configuring Alarms

7-30Surveyor User’s GuideRules of the Capture or Display Filter• There must be at least one IF and one ELSE statement per state. ELSE IF statements ar

Page 76

7-31Capture and Display FiltersHints and Tips for Using Filters7Hints and Tips for Using Filters• Remember to load the Capture filter on the module be

Page 77

7-32Surveyor User’s Guide• From the Detail View pane of the Capture View window, you can copy the con-tents of any field to create a Capture or Displa

Page 78 - Settings for Analyzer Devices

8-1Chapter 88 Transmit SpecificationPacket Blaster plug-in allows you to generate packets and send them onto a net-work. This can be used to force the

Page 79

xviiList of TablesTable Page1-1. Surveyor Functions ... 1-21-2.

Page 80 - Advanced Configuration

8-2Surveyor User’s GuideTransmit Specification Dialog BoxTransmit Specifications are defined in a dialog box. The Transmit Specification dialog box co

Page 81

8-3Transmit SpecificationTransmit Specifications8options available from the dialog box and click on the Add button. You can also add a capture file as

Page 82

8-4Surveyor User’s Guidethe stream. The Auto CRC check box specifies if a valid CRC will be automatically generated for the stream.Stream ButtonsThe A

Page 83

8-5Transmit SpecificationTransmit Specifications8Transmit Specification control buttons are described in Table 8-2:Repeating FramesThere are three way

Page 84

8-6Surveyor User’s Guide CautionRepeating frames using the transmission mode feature is a function implemented in software; there is a time gap of abo

Page 85

8-7Transmit SpecificationTransmit Specifications8Stream ModesAn interpacket gap for a frame can be set in three different ways; Packet Gap, Frame Rate

Page 86

8-8Surveyor User’s GuideTransmission Mode You can either transmit the specification continuously or transmit it n times. Select Transmit Continuously

Page 87

8-9Transmit SpecificationSpecifying Transmit Data8Table 8-5 shows the buttons that are available from within the packet editor::Editing in Decode View

Page 88

8-10Surveyor User’s GuideDA and SA FieldsThe DA and SA fields define the MAC layer destination address and MAC layer source address for the stream. No

Page 89 - Resources and Modes

8-11Transmit SpecificationSpecifying Transmit Data8packets can be generated using Finisar analyzer cards. NDIS modules cannot generate bad CRC packets

Page 90 - Remote Resources

xviiiSurveyorUser’s Guide6-5. Packet Editor Buttons ... 6-176-6. Fra

Page 91 - Remote Host

8-12Surveyor User’s GuideTransmitting Capture FilesYou can transmit the contents of a capture file as one of the streams in the Transmit Specification

Page 92

8-13Transmit SpecificationTransmit Specification Examples8Transmit Specification Example, Packet GapsA Transmit Specification example in its dialog bo

Page 93

8-14Surveyor User’s GuideTransmit Specification Example, BurstsA Transmit Specification dialog box is shown in Figure 8-3. The dialog box only shows v

Page 94 - Hardware Devices

8-15Transmit SpecificationHints and Tips for a Transmit Specification8Hints and Tips for a Transmit Specification• Take care with what you transmit. S

Page 95

8-16Surveyor User’s Guide

Page 96

9-1Chapter 99 AlarmsSurveyor’s alarms facility enables you to create alarms to automatically monitor network resources. Access to Surveyor’s alarms fa

Page 97 - Hints and Tips for Resources

9-2Surveyor User’s GuideCurrent Module AlarmsWhen you right-click on an analyzer device in the Resource Browser, a menu appears. Select Alarms... and

Page 98

9-3AlarmsCurrent Module Alarms9Press New Alarm to enable new alarms for a resource. The Alarm Editor dialog box appears. Multiple alarms of any type m

Page 99 - Chapter 6

9-4Surveyor User’s GuideAlarm EditorThere are six alarm groups that appear on the tabs in the Alarm Editor. The Expert tab and Application Response ta

Page 100 - Multi-QoS views

9-5AlarmsAlarm Editor9Multi-QoS AlarmsFor Multi-QoS alarms, alarms can be created from the Multi-QoS Views interface as well as by double-clicking on

Page 101 - Summary View

xixTables (continued)11-7. SCCP Call Field Descriptions ... 11-2111-8. H.323 Call

Page 102 - Detail View

9-6Surveyor User’s GuideExpert AlarmsDuring transmit or receive, expert symptoms are logged as they occur. You can test for certain thresholds for the

Page 103

9-7AlarmsAlarm Editor9Using Alarms with Different DevicesAlarms can be used with the following hardware analyzer devices or adapters. For analyzer car

Page 104

9-8Surveyor User’s GuideThresholds and AlarmsAlarm thresholds are set by specifying the values in the Sample Type, Rising Value, Falling Value, and In

Page 105 - Capture View

9-9AlarmsAlarm Actions9Alarm ActionsEach line in an alarm table has a unique set of actions associated with it that will occur if the alarm is trigger

Page 106

9-10Surveyor User’s GuideYou can select but not configure the E-mail, Log File, Pager, or SNMP Trap action on a remote host running Surveyor. If the s

Page 107 - Using the Histogram Control

9-11AlarmsAlarm Actions9E-mail settings for Surveyor hosts and THGs hosts are slightly different. For analyzer devices in Surveyor hosts, you set the

Page 108 - User’s Guide

9-12Surveyor User’s GuideTrap Settings for THGsThe stations to receive traps for a remote THGs can be established from the local host running Surveyor

Page 109

9-13AlarmsAlarm Actions9Multiple IP addresses may be set for each trap. A maximum of 15 trap destinations can be assigned to each community. All alarm

Page 110

9-14Surveyor User’s GuideViewing the Alarm List and the Alarm LogThere are several ways to access the list of alarms or a log of alarm events. From De

Page 111

9-15AlarmsAlarm Examples9Alarm ExamplesThe following are six examples for alarms and alarm groupings. Each provides a picture of the Current Module Al

Page 112

Surveyor User’s GuideiiTrademarks and CopyrightsFinisar, Surveyor, THGm, THGs, THGsE, THGnotebook, THGp, Century 12-Tap, 12-Tap, Century Tap, Packet B

Page 113

xxSurveyorUser’s GuideD-8. Parser Names, IBM Suite... D-4D-9. Parser Name

Page 114

9-16Surveyor User’s GuideAlarm Example, MAC Errors Figure 9-7. Alarm Example, MAC ErrorsThis example shows an alarm group consisting of five MAC Laye

Page 115 - Packet Editor

9-17AlarmsAlarm Examples9Alarm Example, Frame Size” Figure 9-8. Alarm Example, Frame SizeThis example shows an alarm group consisting of four MAC Lay

Page 116 - Data Views

9-18Surveyor User’s GuideAlarm Example, VoIP Calls” Figure 9-9. Alarm Example, Call Jitter and Call Setup TimeThis example shows an alarm group consi

Page 117

9-19AlarmsAlarm Examples9Alarm Example, Expert and Application ResponseFigure 9-10. Alarm Example, Expert and Application ResponseThis example shows

Page 118

9-20Surveyor User’s Guide

Page 119

10-1Chapter 1010 Expert FeaturesAutomatic diagnostic analysis, expert data views, application response times, and expert alarms are referred to collec

Page 120

10-2Surveyor User’s GuideExpert System ViewsThe expert views present expert information on capture files, a capture buffer, or in monitoring mode. The

Page 121

10-3Expert FeaturesGetting Started with Expert View10Figure 10-1. Expert Overview Example

Page 122

10-4Surveyor User’s GuideExpert Overview DetailsClick on any counter in the display to view a table listing only the events for the selected symptom.

Page 123

10-5Expert FeaturesGetting Started with Expert View10Figure 10-2. Expert Overview Detail Table Example

Page 124

1-1Chapter 11 IntroductionFinisar is the technology leader in providing LAN and SAN analysis tools. Finisar's fully distributed, full-line-rate p

Page 125

10-6Surveyor User’s GuideExpert LayersSurveyor categorizes network problems according to the network “layer” at which they occur. During capture or mo

Page 126

10-7Expert FeaturesExpert Layers10Figure 10-3. Expert Application Layer Example

Page 127

10-8Surveyor User’s GuideThe interface provides a matrix of expert information views. For each layer, the symptoms, analyses, and objects can be displ

Page 128

10-9Expert FeaturesExpert Layers10Table 10-1. Expert Symptoms and Analyses by LayerLayer Expert Symptoms Expert AnalysesApplication Excessive ARPExces

Page 129

10-10Surveyor User’s GuideExpert Symptoms, Analyses, and Network EntitiesWhen you capture or monitor packets on a network segment, Surveyor immediatel

Page 130

10-11Expert FeaturesExpert Symptoms, Analyses, and Network Entities10AnalysesHigh rates of recurrence of specific symptoms or single instances of part

Page 131

10-12Surveyor User’s GuidePress the Entities tab on the Expert View window to view network objects discov-ered from the current packet analysis.The ex

Page 132

10-13Expert FeaturesExpert Symptoms, Analyses, and Network Entities10Application/Session Lists for EntitiesThe list displays the number of packets and

Page 133

10-14Surveyor User’s GuideData Link Lists for EntitiesThe first list displays the network traffic of the physical station. It shows how many packets a

Page 134

10-15Expert FeaturesExpert Diagnostic Messages10Expert Diagnostic MessagesFrom any summary table you can double-click on any symptom or analysis to di

Page 135 - ™ spread

1-2Surveyor User’s GuideSurveyor's user interface provides both a comprehensive view of the network as well as the ability to easily drill down t

Page 136

10-16Surveyor User’s GuideWorking with the Expert SystemConfiguring the Expert SystemUse the Expert Configurations dialog box to change expert setting

Page 137 - Capture and Display Filters

10-17Expert FeaturesWorking with the Expert System10The tree can be expanded or collapsed by clicking on the plus or minus icon, double-clicking on th

Page 138

10-18Surveyor User’s GuideThe ExpertMsg.INI file contains Surveyor’s diagnostic information. This file can be changed using a text editor, thus giving

Page 139

10-19Expert FeaturesApplication Response Time10Working with Analyzer DevicesFor THGm or NDIS resources, expert views present expert information on cap

Page 140

10-20Surveyor User’s GuideApplication LayerExcessive Mailslot BroadcastsCounterExcessive Mailslot Broadcasts is a counter of Mailslot Broadcasts packe

Page 141

10-21Expert FeaturesApplication Layer10FTP Login AttemptsCounterFTP Login Attempts is a counter of FTP login attempts that exceed a threshold. A count

Page 142

10-22Surveyor User’s GuideMissed Browser AnnouncementCounterMissed Browser Announcement is a counter of events where the time elapsed since the last b

Page 143

10-23Expert FeaturesApplication Layer10NCP File RetransmissionCounterNCP File Retransmission is a counter of all times where a portion of a file is re

Page 144

10-24Surveyor User’s GuideNCP Read/Write OverlapCounterNCP Read/Write Overlap is a counter of all times where a portion of a file overlaps the transmi

Page 145 - patterns, and logical

10-25Expert FeaturesApplication Layer10NCP Request DeniedCounterNCP Request Denied is a counter of all times where the number of request denied replie

Page 146

1-3IntroductionSurveyor Functions1Log Record counter information. Surveyor enables you to capture all byte, frame, and error counter values compiled d

Page 147

10-26Surveyor User’s GuideNCP Request LoopCounterNCP Request Loop is a counter of all times where the same request occurs within an interval. A count

Page 148 - Filter Creation

10-27Expert FeaturesApplication Layer10NCP Server BusyCounterNCP Server Busy is a counter of all NCP Server Busy responses that exceed a threshold for

Page 149

10-28Surveyor User’s GuideNCP Too Many File RetransmissionsCounterNCP Too Many File Retransmissions is a counter of events where the ratio of file ret

Page 150

10-29Expert FeaturesApplication Layer10NCP Too Many Requests DeniedCounterNCP Too Many Requests Denied is a counter of events where the ratio of file

Page 151

10-30Surveyor User’s GuideNCP Too Many Request LoopsCounterNCP Too Many Request Loops is a counter of events where the ratio of file request loops to

Page 152

10-31Expert FeaturesApplication Layer10NFS RetransmissionsCounterNFS Retransmissions is a counter of all NFS Retransmissions over a period of time per

Page 153

10-32Surveyor User’s GuideNo HTTP POST ResponseCounterNo HTTP POST Response is a counter of all POST requests to an HTTP server that never receive a r

Page 154

10-33Expert FeaturesApplication Layer10No Server ResponseCounterNo Server Response is a counter of responses to server requests that never happen or e

Page 155

10-34Surveyor User’s GuideSlow HTTP GET ResponseCounterSlow HTTP GET Response is a counter of all Slow HTTP GET Responses that exceed a threshold. A c

Page 156

10-35Expert FeaturesApplication Layer10Slow HTTP POST ResponseCounterSlow HTTP POST Response is a counter of all HTTP POST responses that exceed a thr

Page 157

1-4Surveyor User’s GuideAnalyzer DevicesThe full power of Surveyor is realized through optional hardware analyzer cards available from Finisar. Analyz

Page 158

10-36Surveyor User’s GuideSlow Server ConnectCounterSlow Server Connect is a counter of all server connect responses that exceed a threshold. A count

Page 159 - Filter Examples

10-37Expert FeaturesApplication Layer10Slow Server ResponseCounterSlow Server Response is a counter of server responses that exceed a threshold. A cou

Page 160

10-38Surveyor User’s GuideSMB Invalid Network NameCounterSMB Invalid Network Name is a counter of SMB sessions that could not be established because o

Page 161

10-39Expert FeaturesApplication Layer10SMB Invalid PasswordCounterSMB Invalid Password is a counter of SMB sessions that could not be established beca

Page 162

10-40Surveyor User’s GuideSession LayerNo WINS ResponseCounterNo WINS Response is a counter of responses to WINS server requests that never happen or

Page 163

10-41Expert FeaturesSession Layer10TNS Slow Server ConnectCounterTNS Slow Server Connect is a counter of all TNS server connect responses that exceed

Page 164

10-42Surveyor User’s GuideTNS Slow Server ResponseCounterTNS Slow Server Response is a counter of TNS server responses that exceed a threshold. A coun

Page 165

10-43Expert FeaturesTransport Layer10Transport Layer Idle Too LongCounterThe Idle Too Long counter increments when a connection is idle for greater th

Page 166

10-44Surveyor User’s GuideNon Responsive StationCounterNon Responsive Station is a counter of all non-responsive stations over a period of time per se

Page 167

10-45Expert FeaturesTransport Layer10TCP Checksum ErrorsCounterTCP Checksum Errors is a counter of all incorrect TCP checksums over a period of time p

Page 168

1-5IntroductionProtocols Supported1Table 1-4. Protocols Supported in SurveyorMAC Layer TCP/IP Suite TCP/IP Suite (Cont.) TCP/IP Suite (Cont.)IEEE 802.

Page 169 - Transmit Specification

10-46Surveyor User’s GuideTCP Fast RetransmissionCounterTCP Fast Retransmission is a counter of all TCP retransmissions that are less than a threshold

Page 170

10-47Expert FeaturesTransport Layer10TCP Frozen WindowCounterThe TCP Frozen Window counter increments when the TCP window is frozen for greater than a

Page 171

10-48Surveyor User’s Guide__________________________________________________________________Recommended Action(s):1. Upgrade the receiver’s CPU and/or

Page 172

10-49Expert FeaturesTransport Layer10TCP Long AckCounterThe TCP Long Ack counter increments when the TCP acknowledgment for a connection is not seen f

Page 173 - Repeating Frames

10-50Surveyor User’s GuideTCP Repeat AckCounterThe TCP Repeat Ack counter increments when the TCP acknowledgment number is less than the immediately p

Page 174

10-51Expert FeaturesTransport Layer10TCP RetransmissionsCounterTCP Retransmissions is a counter of all TCP Retransmissions over a period of time per s

Page 175

10-52Surveyor User’s GuideTCP RST PacketsCounterTCP RST Packets is a counter of all TCP RST Packets over a period of time per segment. This variable c

Page 176 - Specifying Transmit Data

10-53Expert FeaturesTransport Layer10TCP SYN AttackCounterThe TCP SYN Attack counter increments when a change in the number of SYN requests per second

Page 177

10-54Surveyor User’s GuideTCP Window ExceededCountTCP Window Exceeded is a counter of all events where the data length of a TCP packet exceeds the cur

Page 178

10-55Expert FeaturesTransport Layer10TCP Window ProbeCounterTCP Window Probe is a counter of all TCP Window Probe events over a period of time per seg

Page 179 - ™ using the Template... menu

1-6Surveyor User’s GuideOracle Suite IPX/SPX Suite (cont.) LOA Banyan Vines SuiteTNS (TCP/IP only) NetBOIS LOA VARPSQLNET NLSP VICPAppleTalk Phase2 Pa

Page 180 - Transmitting Capture Files

10-56Surveyor User’s GuideTCP Zero WindowCounterTCP Zero Window is a counter of all TCP Zero Window events over a period of time per segment. A count

Page 181

10-57Expert FeaturesTransport Layer10Too Many RetransmissionsCounterToo Many Retransmissions is a counter of events where the ratio of retransmissions

Page 182

10-58Surveyor User’s GuideNetwork Layer Duplicate Network AddressA separate table showing duplicate network addresses is available. Press the button

Page 183

10-59Expert FeaturesNetwork Layer10HSRP CoupCounterHSRP Coup events are counted in the HSRP Errors counter, which displays in the Overview counters of

Page 184

10-60Surveyor User’s GuideHSRP ErrorsCounterSome Hot Standby Routing Protocol (HSRP) packets are counted in the HSRP Errors counter, which displays in

Page 185 - Chapter 9

10-61Expert FeaturesNetwork Layer10HSRP ResignCounterHSRP Resign events are counted in the HSRP Errors counter, which displays in the Overview counter

Page 186 - Current Module Alarms

10-62Surveyor User’s GuideICMP All ErrorsCounterICMP All Errors is a counter of all ICMP symptoms. A count of all ICMP symptoms displays in the Overvi

Page 187

10-63Expert FeaturesNetwork Layer10ICMP Bad IP HeaderCounterICMP Bad IP Header events are counted in the ICMP All Errors counter. A count of all ICMP

Page 188 - Alarm Editor

10-64Surveyor User’s GuideICMP Destination Host Access DeniedCounterICMP Destination Host Access Denied events are counted in the ICMP All Errors and

Page 189

10-65Expert FeaturesNetwork Layer10ICMP Destination Host UnknownCounterICMP Destination Host Unknown events are counted in the ICMP All Errors and the

Page 190

1-7IntroductionProtocols Supported1Table 1-5. Supported Multi-Media ProtocolsIBM ISO Intel MPLSNetBEUI CLNP MTP2 CR-LDPNetBIOS CONP MTP3 RSVP-TEESIS R

Page 191

10-66Surveyor User’s GuideICMP Destination Network Access DeniedCounterICMP Destination Network Access Denied events are counted in the ICMP All Error

Page 192 - Thresholds and Alarms

10-67Expert FeaturesNetwork Layer10ICMP Destination Network UnknownCounterICMP Destination Network Unknown events are counted in the ICMP All Errors a

Page 193 - Alarm Actions

10-68Surveyor User’s GuideICMP Destination UnreachableICMP Destination Unreachable is a counter of all ICMP destination unreachable errors over a peri

Page 194 - → Alarm

10-69Expert FeaturesNetwork Layer10 __________________________________________________________________Recommended Action(s):1. Check the routing table

Page 195

10-70Surveyor User’s GuideICMP Fragment Reassembly Time ExceededCounterICMP Fragment Reassembly Time Exceeded events are counted in the All ICMP Error

Page 196 - → Alarms Settings → SNMP

10-71Expert FeaturesNetwork Layer10ICMP Fragmentation Needed [D/F set]CounterICMP Fragmentation Needed [D/F set] events are counted in the ICMP All Er

Page 197

10-72Surveyor User’s GuideICMP Host RedirectCounterICMP Host Redirect events are counted in the ICMP Redirect Errors counter and the ICMP All Errors c

Page 198 - Hints and Tips for Alarms

10-73Expert FeaturesNetwork Layer10ICMP Host Redirect for TOSCounterICMP Host Redirect for TOS events are counted in the ICMP Redirect Errors counter

Page 199 - Alarm Examples

10-74Surveyor User’s GuideICMP Host UnreachableCounterICMP Host Unreachable events are counted in the ICMP All Errors and the ICMP Destination Unreach

Page 200

10-75Expert FeaturesNetwork Layer10ICMP Host Unreachable for TOSCounterICMP Host Unreachable for TOS events are counted in the ICMP All Errors and the

Page 201 - Message window. In

1-8Surveyor User’s GuideWhat's New in Release 5.0A synopsis of what's new in Surveyor 5.0 is provided below.Capture to Disk and THGsE Analyz

Page 202

10-76Surveyor User’s GuideICMP Inconsistent Subnet MaskCounterICMP Inconsistent Subnet Mask events are counted in the ICMP All Errors counter. A count

Page 203

10-77Expert FeaturesNetwork Layer10ICMP Network RedirectCounterICMP Network Redirect events are counted in the ICMP Redirect Errors counter and the IC

Page 204

10-78Surveyor User’s GuideICMP Network Redirect for TOSCounterICMP Network Redirect for TOS events are counted in the ICMP Redirect Errors counter and

Page 205 - Expert Features

10-79Expert FeaturesNetwork Layer10ICMP Network UnreachableCounterICMP Network Unreachable events are counted in the ICMP All Errors and the ICMP Dest

Page 206 - Expert System Views

10-80Surveyor User’s GuideICMP Parameter ProblemCounterICMP Parameter Problem events are counted in the ICMP All Errors counter. A count of all ICMP e

Page 207

10-81Expert FeaturesNetwork Layer10ICMP Port UnreachableCounterICMP Port Unreachable events are counted in the ICMP All Errors and the ICMP Destinatio

Page 208

10-82Surveyor User’s GuideICMP Protocol UnreachableCounterICMP Protocol Unreachable events are counted in the ICMP All Errors and the ICMP Destination

Page 209

10-83Expert FeaturesNetwork Layer10ICMP RedirectCounterICMP Redirect is a counter of all ICMP redirect errors over a period of time per segment. A cou

Page 210 - Expert Layers

10-84Surveyor User’s GuideICMP Required IP Option MissingCounterICMP Required IP Option Missing events are counted in the ICMP All Errors counter. A c

Page 211

10-85Expert FeaturesNetwork Layer10ICMP Source QuenchCounterICMP Source Quench events are counted in the ICMP All Errors counter. A count of all ICMP

Page 212

1-9IntroductionWhat's New in Release 5.01Expanded Multi-QoS SupportThe Multi-QoS software has been expanded to recognize a broader range of VoIP

Page 213

10-86Surveyor User’s GuideICMP Source Route FailedCounterICMP Source Route Failed events are counted in the ICMP All Errors and the ICMP Destination U

Page 214

10-87Expert FeaturesNetwork Layer10ICMP Time ExceededCounterICMP Time Exceeded events are counted in the ICMP All Errors counter. A count of all ICMP

Page 215

10-88Surveyor User’s GuideICMP Time to Live ExceededCounterICMP Time to Live Exceeded events are counted in the ICMP All Errors counter. A count of al

Page 216

10-89Expert FeaturesNetwork Layer10Illegal Network Source AddressCounterIllegal Network Source Address is a counter of all illegal network source addr

Page 217

10-90Surveyor User’s GuideIP Checksum ErrorsCounterIP Checksum Errors is a counter of all incorrect IP checksums over a period of time per segment. A

Page 218

10-91Expert FeaturesNetwork Layer10IP Time to Live ExpiringCounterIP Time to Live Expiring is a counter of all expiring connections over a period of t

Page 219 - Expert Diagnostic Messages

10-92Surveyor User’s GuideISL BPDU/CDP PacketsCounterISL BPDU/CDP Packets is a counter of all Bridge Protocol Data Unit (BPDU) or Cisco Discovery Prot

Page 220

10-93Expert FeaturesNetwork Layer10ISL Illegal VLAN IDCounterISL Illegal VLAN ID is a counter of all ISL illegal VLAN IDs over a period of time per se

Page 221

10-94Surveyor User’s GuideOSPF BroadcastsCounterOSPF Broadcasts is a counter of all OSPF broadcasts over a period of time per segment. A count of all

Page 222

10-95Expert FeaturesNetwork Layer10RIP BroadcastsCounterRIP Broadcasts is a counter of all RIP broadcasts over a period of time per segment. A count o

Page 223 - Application Response Time

Surveyor User’s Guide iiiRestricted Rights LegendUse, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivis

Page 224 - Application Layer

1-10Surveyor User’s Guide

Page 225

10-96Surveyor User’s GuideRouter StormCounterRouter Storm is a counter of all events where the router broadcasts exceed a threshold for a single route

Page 226

10-97Expert FeaturesNetwork Layer10Same Network AddressesCounterSame Network Addresses is a counter of all events where the same source and destinatio

Page 227

10-98Surveyor User’s GuideSAP BroadcastsCounterSAP Broadcasts is a counter of all SAP broadcasts over a period of time per segment. A count of all SAP

Page 228

10-99Expert FeaturesNetwork Layer10Total Router BroadcastsCounterTotal Router Broadcasts is a counter of all total router broadcasts over a period of

Page 229

10-100Surveyor User’s GuideUnstable MSTCounterThe Unstable MST counter increments when a change in the number of MST topology changes per second excee

Page 230

10-101Expert FeaturesNetwork Layer10Zero Broadcast AddressCounterZero Broadcast Address is a counter of all events where the destination network addre

Page 231

10-102Surveyor User’s GuideMAC Layer Bad FramesCounterBad Frames is a counter of all bad frames over a period of time per segment. A count of all bad

Page 232

10-103Expert FeaturesMAC Layer10Broadcast/Multicast StormsCounterThe Broadcast/Multicast Storms counter increments when a change in the number of tota

Page 233

10-104Surveyor User’s GuideCRC Frame counterCounterThe CRC Frame counter increments when a frame has a CRC error and is greater than 63 bytes in lengt

Page 234

10-105Expert FeaturesMAC Layer10Excessive ARPCounterThe Excessive ARP counter increments when a change in the number of ARP requests per second exceed

Page 235

2-1Chapter 22 InstallationSystem RequirementsThe system requirements for installing and running the Surveyor software are shown in the table below.*Th

Page 236

10-106Surveyor User’s GuideExcessive BOOTPCounterThe Excessive BOOTP counter increments when a change in the number of BOOTP/DHCP requests per second

Page 237

10-107Expert FeaturesMAC Layer10Excessive BroadcastsCounterExcessive Broadcasts is a counter that can be used to monitor fluctuations in the number of

Page 238

10-108Surveyor User’s GuideExcessive CollisionsCounterExcessive Collisions is a counter that can be used to monitor fluctuations in the number of coll

Page 239

10-109Expert FeaturesMAC Layer10Excessive MulticastsCounterExcessive Multicasts is a counter that can be used to monitor fluctuations in the number of

Page 240

10-110Surveyor User’s GuideFragment FrameCounterThe Fragment Frame counter increments when a frame has a CRC error and is less than 64 bytes in length

Page 241

10-111Expert FeaturesMAC Layer10Illegal MAC Source AddressCounterIllegal MAC Source Address is a counter of all illegal MAC station source addresses o

Page 242

10-112Surveyor User’s GuideJabber FrameCounterThe Jabber Frame counter increments when a frame has a CRC error and is greater than 1518 bytes in lengt

Page 243

10-113Expert FeaturesMAC Layer10Network OverloadCounterNetwork Overload is a counter of instances where a threshold for the percentage change in netwo

Page 244 - Session Layer

10-114Surveyor User’s GuideNew MAC StationsCounterNew MAC Stations is a counter of all the new MAC stations over a period of time per segment. A thres

Page 245

10-115Expert FeaturesMAC Layer10Oversized FrameCounterThe Oversize Frame counter increments when a frame has a CRC error and is greater than 1518 byte

Page 246

2-2Surveyor User’s GuideSee the Readme file for the latest information on supported analyzers and adapters for Surveyor 5.0.Upgrading SurveyorIf you h

Page 247 - Transport Layer

10-116Surveyor User’s GuideOverload Frame RateCounterOverload Frame Rate counts frames over a one-second time period. A threshold for the number of fr

Page 248

10-117Expert FeaturesMAC Layer10Overload Utilization PercentageCounterOverload Utilization Percentage counts bits over time and compares this value to

Page 249

10-118Surveyor User’s GuidePhysical ErrorsCounterThe Physical Errors counter increments when a change in the number of total MAC physical errors per s

Page 250

10-119Expert FeaturesMAC Layer10Runt FrameCounterThe Runt Frame counter increments when a frame is less than 64 bytes in length. The Runt Frame counte

Page 251

10-120Surveyor User’s GuideSame MAC AddressesCounterSame MAC Addresses is a counter of all events where the same source and destination network addres

Page 252

10-121Expert FeaturesMAC Layer10Total MAC StationsCounterTotal MAC Stations is a counter of all the MAC stations over a period of time per segment. A

Page 253

10-122Surveyor User’s GuideHints and Tips for Expert Features• Double-click any symptom in a table to view Diagnostic information.• When looking at Ex

Page 254

10-123Expert FeaturesSummary of Expert Counters and Symptoms10Summary of Expert Counters and SymptomsTable Table 10-2 on the following page provides a

Page 255

10-124Surveyor User’s GuideTable 10-2. Summary of Expert FeaturesCounter, Symptom, or ApplicationExpert SymptomExpertAnalysesCounter in Expert ViewExp

Page 256

10-125Expert FeaturesSummary of Expert Counters and Symptoms10Counter, Symptom, or ApplicationExpert SymptomExpertAnalysesCounter in Expert ViewExpert

Page 257

2-3InstallationInstalling Surveyor2Installing SurveyorBegin by installing any local hardware analyzer cards and/or adapter cards. Hardware analyzer ca

Page 258

10-126Surveyor User’s GuideCounter, Symptom, or ApplicationExpert SymptomExpert AnalysisCounter in Expert ViewExpert AlarmApplication Response Time Al

Page 259

10-127Expert FeaturesSummary of Expert Counters and Symptoms10Counter, Symptom, Analyses, or ApplicationExpert SymptomExpert AnalysisCounter in Expert

Page 260

10-128Surveyor User’s GuideCounter, Symptom, or ApplicationExpert SymptomExpert AnalysisCounter in Expert ViewExpert AlarmApplication Response Time Al

Page 261

10-129Expert FeaturesSummary of Expert Counters and Symptoms10Counter, Symptom, or ApplicationExpert SymptomExpert AnalysisCounter in Expert ViewExper

Page 262 - Network Layer

10-130Surveyor User’s GuideCounter, Symptom, or ApplicationExpert SymptomExpert AnalysisCounter in Expert ViewExpert AlarmApplication Response Time Al

Page 263

11-1Chapter 1111 Multi-QoSMulti-QoS is a software plug-in to Surveyor that analyzes multimedia traffic over Ethernet-based networks. Multi-QoS validat

Page 264

11-2Surveyor User’s GuideFull decode of multimedia protocols by Multi-QoS provides users with the ability to look at any captured packet and understan

Page 265

11-3Multi-QoSMulti-QoS User Interface Overview11Multi-QoS User Interface OverviewThe Surveyor Multi-QoS interface can be used with capture files, a ca

Page 266

11-4Surveyor User’s GuideFigure 11-1. Multi-QoS Interface OverviewCapture ViewMulti-QoSMonitor ViewMulti-QoSAll CallsCall DetailView Channel DetailsC

Page 267

11-5Multi-QoSMulti-QoS User Interface Overview11• Summary Range GraphsThe Summary Range graphs provide a percentage breakdown of calls by key QoS metr

Page 268

2-4Surveyor User’s GuideInstalling Analyzer Hardware The sections below provide installation information for the Finisar analyzer cards in different h

Page 269

11-6Surveyor User’s GuideAlso, the jitter calculation for Surveyor only measures network jitter. The application itself may implement a jitter buffer,

Page 270

11-7Multi-QoSConfiguring Multi-QoS11The configuration performed from the Configuration tab is described below:•Refresh Options (MQoS Window Management

Page 271

11-8Surveyor User’s GuideSetting this value to a high number may help in identifying a wider range of calls, but may also decrease performance. The de

Page 272

11-9Multi-QoSAll Calls Table11All Calls TableThe All Calls table provides a summary table of all calls discovered. An example of the All Calls table i

Page 273 - Recommended Action(s):

11-10Surveyor User’s GuideField Descriptions for All Calls TableThe following table provides brief descriptions of all fields in the All Calls table.T

Page 274

11-11Multi-QoSCall Range Graphs and Summaries11Call Range Graphs and SummariesEach tab in the interface except the utilization and configuration tabs

Page 275

11-12Surveyor User’s GuideRanges for the graph can be changed. An example configuration screen for setting Call Jitter ranges is shown below. All valu

Page 276

11-13Multi-QoSCall Range Graphs and Summaries11Dropped Packets, RTCP Dropped PacketsFigure 11-6 shows an example of the Dropped Packets tab in the Mul

Page 277

11-14Surveyor User’s GuideAn example configuration screen for setting Dropped Packet ranges is shown below. Figure 11-7. Multi-QoS Configuration, Pac

Page 278

11-15Multi-QoSCall Range Graphs and Summaries11Field Descriptions for Call Range SummariesThe following tables provide brief descriptions of all table

Page 279

2-5InstallationInstalling Analyzer Hardware22. Install the THGm card in your system. This requires opening the case of your computer, inserting the ca

Page 280

11-16Surveyor User’s GuideVQMon MetricsThere are a variety of objective factors that contribute to call quality. Some of these factors, such as packet

Page 281

11-17Multi-QoSVQMon Metrics11If you would like more detailed information about how R-factors are calculated, please call Finisar customer support. The

Page 282

11-18Surveyor User’s Guide Figure 11-9. Multi-QoS Configuration, R-factor RangesThe default ranges for Network R-factor and User R-factor are shown i

Page 283

11-19Multi-QoSUtilization Graph11Utilization GraphWhen selected in Monitor mode, Multi-QoS displays the Utilization tab. The utilization graphs provid

Page 284

11-20Surveyor User’s GuideField Descriptions for Call DetailsTo view all details for any call, double-click on any call summary (row) in a call summar

Page 285

11-21Multi-QoSField Descriptions for Call Details11The following tables provide brief descriptions of all fields in the Call Detail win-dow for SCCP,

Page 286

11-22Surveyor User’s GuideTable 11-8. H.323 Call Field DescriptionsField Name DescriptionFrame ID Frame ID of the first frame from which the conversat

Page 287

11-23Multi-QoSField Descriptions for Call Details11Table 11-9. SIP Call Field DescriptionsField Name DescriptionFID Frame ID of the first frame from w

Page 288

11-24Surveyor User’s GuideTable 11-10. UNKNOWN Call Field DescriptionsChannel Table DetailsYou can look at channel information for any call. Single-cl

Page 289

11-25Multi-QoSChannel Table Details11Figure 11-12. Channel Table ExampleTable 11-11 and Table 11-12 describe the columns in the table for each protoc

Page 290

2-6Surveyor User’s Guide• The Ethernet card uses a CardBus interface. • Separate installation instructions are provided for Windows NT. Installation o

Page 291

11-26Surveyor User’s GuideTable 11-11. H.323, SIP, or UNKNOWN Channel Table Column DescriptionsTable Column DescriptionChannel Channel type, Audio, Vi

Page 292

11-27Multi-QoSChannel Table Details11Max Jitter (ms) Maximum Jitter in milliseconds. The value is calculated by Surveyor. Surveyor uses the formula de

Page 293

11-28Surveyor User’s GuideTable 11-12. SCCP Channel Table Column DescriptionsTable Column DescriptionChannel Channel type, Audio, Video, or Data.Min U

Page 294

11-29Multi-QoSChannel Table Details11Filtering on Single ChannelsYou can filter on channels within a single call. For the Channel View table, the filt

Page 295

11-30Surveyor User’s GuideCustomizing Multi-QoS Table Displays You can customize the display of table information for Multi-QoS to include or exclude

Page 296

11-31Multi-QoSCustomizing Multi-QoS Table Displays11Customizing Channel TablesThe channel table is different for each call type, H.323, SIP, or SCCP.

Page 297

11-32Surveyor User’s GuideExporting Multi-QoS DataYou can export Multi-QoS tables to CSV format. Multi-QoS data in .csv format can be imported to many

Page 298

11-33Multi-QoSExporting Multi-QoS Data11Exporting a Single Multi-QoS Table to CSV Format Perform these steps to export the current Multi-QoS table to

Page 299

11-34Surveyor User’s Guide

Page 300

12-1Chapter 1212 CountersSurveyor provides sophisticated counters to enable you to precisely monitor network activity. Surveyor features three types o

Page 301

2-7InstallationInstalling Analyzer Hardware28. Insert the Surveyor CD in the CDROM drive.9. Enter the path of the Ethernet Driver directory (<CDROM

Page 302

12-2Surveyor User’s GuideThe following packet counters are supported:• Total Frames• Broadcast Frames• Multicast Frames• Unicast Frames• Error Frames•

Page 303

12-3CountersError Counters12Fragments The total number of packets received that were less than 64 octets and had either an FCS/CRC error or an Alignme

Page 304

12-4Surveyor User’s GuideTable 12-3 contains an alphabetical list, with descriptions, of Surveyor’s Token Ring error counters.Table 12-3. Alphabetical

Page 305

12-5CountersExpert Counters12Expert CountersExpert counters count the number of Export events discovered by Surveyor’s expert logic. Some counters are

Page 306 - MAC Layer

12-6Surveyor User’s GuideCounter Type DescriptionICMP Destination Unreachable The number of ICMP destination unreachable errors over a period of time

Page 307

12-7CountersExpert Counters12Counter Type DescriptionOverload Utilization Percent-ageCounts bits over time and compares this value to the maximum uti-

Page 308

12-8Surveyor User’s GuideCounter Type DescriptionTCP/IP Repeat Ack The number of TCP/IP Repeat Ack events over a period of time per segment.TCP/IP Re

Page 309

12-9CountersMulti-QoS Counters12Multi-QoS CountersMulti-QoS counters count the number of packet events discovered by Surveyor’s Multi-QoS plug-in. The

Page 310

12-10Surveyor User’s GuideLog Directory StructureThe following is the directory structure for log files. The root directory is the instal-lation direc

Page 311

13-1Chapter 1313 UtilitiesSurveyor includes the following utilities to enhance your ability to manage your Ethernet, Token Ring, or Fast Ethernet netw

Page 312

2-8Surveyor User’s Guide5. To update the device driver, click with the right mouse on My Network Places. Select Properties from the menu.6. Double-cli

Page 313

13-2Surveyor User’s GuideName Table UtilityA name table provides associations between easy-to-remember symbolic names (Mickey) and hard-to-remember ne

Page 314

13-3UtilitiesName Table Utility13Figure 13-1. Example Name Table Dialog BoxThere are several options you can set for the display and recording of nam

Page 315

13-4Surveyor User’s GuideName tables are limited to 5,000 entries. The Maximum Number of Entries field in the Name Table Settings dialog box must be a

Page 316

13-5UtilitiesNIS-to-Name Table Conversion Utility13NIS-to-Name Table Conversion UtilityThe NIS2NAM.SH utility converts an NIS name table on a UNIX sys

Page 317

13-6Surveyor User’s GuideSniffer™ Translator UtilityTranslators convert captured data back and forth between Surveyor capture file for-mat (.cap files

Page 318

13-7UtilitiesConvert Capture Files to Histogram Files13• Capture memory size• Error counters supported• MAC address• Module type• Buffer size• Vendor

Page 319

13-8Surveyor User’s GuideExtract Frames From a File Using a FilterThis utility allows you to extract frames from existing capture files, using a filte

Page 320

13-9UtilitiesExport Utilities13To export packet decode information, do the following:1. Set the Summary Pane of the Capture View window to display the

Page 321

13-10Surveyor User’s Guidenetworks. Surveyor exports data into a special .csv file format that can be easily read by the Optimal Performance product.P

Page 322

13-11UtilitiesExport Utilities135. Switch to the previously opened Charts window. To change windows, pull down the Windows menu and click on Charts.6.

Page 323

2-9InstallationCompatibility Matrix2Compatibility MatrixTable 2-3. Hardware/Software Compatibility Matrix FinisarTHGmPortable Surveyor 10/100 Ethernet

Page 324

13-12Surveyor User’s Guide

Page 325 - Overview counters of Expert

A-1Appendix AAImplementation ProfileBuffersThree types of buffers are essential to the execution of Surveyor’s features:How Resources Use BuffersSurve

Page 326 - → Display and

A-2SurveyorUser’s GuideTable A-2. Resource Use of BuffersResource Buffer UsageTHGm (Ten/Hundred/Gigabit module)THGm is a high speed network analyzer c

Page 327 - dialog box

Implementation ProfileHardware DependenciesAA-3Hardware DependenciesThe tables that follow in this section list functions supported by Surveyor that h

Page 328

A-4SurveyorUser’s GuideTable A-5. Hardware Capture FunctionsCapture Functions NDIS Card THGmPortable Surveyor 10/100 Ethernet Analyzer CardCapture Buf

Page 329

Implementation ProfileAbout NDIS ModeAA-5About NDIS ModeSurveyor in NDIS mode uses an NDIS driver and interfaces to a variety of network adapters. All

Page 330

A-6SurveyorUser’s GuideNDIS Configuration OptionsSetting the InterfaceThe Interface and Interface Mode options are grayed on the Module menu when an N

Page 331

B-1Appendix BBPre-Defined Filter TemplatesFilter TemplatesAll filter templates supplied with Surveyor are described below. Templates are defined by an

Page 332

B-2SurveyorUser’s GuideTable B-1. Surveyor Filter Templates, Ethernet EV2Filter Template Description Offset Value No. of Filters UsedAppleTalk Collect

Page 333

Pre-Defined Filter TemplatesFilter TemplatesBB-3Table B-2. Surveyor Filter Templates, IP and IPX over Ethernet EV2Filter Template Description Offset V

Page 334

Surveyor User’s GuideivAbout This GuideThis guide provides descriptions of the software components, features, and capabilities of the Surveyor product

Page 335 - Multi-QoS

2-10Surveyor User’s Guide

Page 336

B-4SurveyorUser’s GuideFilter Template Description Offset Value No. of Filters UsedRIP (IPX) Collect all frames with a RIP port in IPX packet types em

Page 337 - Control + Q

Pre-Defined Filter TemplatesFilter TemplatesBB-5Table B-3. Surveyor Filter Templates, TCP/IP over Ethernet EV2Filter Template Description Offset Value

Page 338

B-6SurveyorUser’s GuideFilter Template Description Offset Value No. of Filters UsedQ.931 Collect all frames with a Q.931 port when TCP is embedded in

Page 339

Pre-Defined Filter TemplatesFilter TemplatesBB-7Table B-4. Surveyor Filter Templates, UDP/IP over Ethernet EV2Filter Template Description Offset Value

Page 340 - Configuring Multi-QoS

B-8SurveyorUser’s GuideFilter Template Description Offset Value No. of Filters UsedNTP Collect all frames with an NTP port when UDP is embedded in Eth

Page 341

Pre-Defined Filter TemplatesFilter TemplatesBB-9Table B-5. Surveyor Filter Templates, Ethernet LLC/NovellFilter Template Description Offset Value No

Page 342 - → Module →

B-10SurveyorUser’s GuideTable B-6. Surveyor Filter Templates, Ethernet SNAPFilter Template Description Offset Value No. of Filters UsedSNAP Collect

Page 343 - All Calls Table

Pre-Defined Filter TemplatesFilter TemplatesBB-11Table B-7. Surveyor Filter Templates, Ethernet ISLFilter Template Description Offset Value No. of Fil

Page 344

B-12SurveyorUser’s GuideFilter Template Description Offset Value No. of Filters UsedISL_LDAP Collect all frames with LDAP ports when TCP is embedded

Page 345

Pre-Defined Filter TemplatesFilter TemplatesBB-13Filter Template Description Offset Value No. of Filters UsedISL_SMTP Collect all frames with SMTP p

Page 346

3-1Chapter 33 Getting StartedThe Surveyor SystemA complete Surveyor system consists of Surveyor software and at least one Finisar distributed net QoS

Page 347

B-14SurveyorUser’s GuideTable B-8. Standard Filter Templates, Token RingFilter Template Description Offset Value No. of Filters UsedMAC_Active_Monit

Page 348

Pre-Defined Filter TemplatesFilter TemplatesBB-15Filter Template Description Offset Value No. of Filters UsedMAC_Report_NAUM_Change Collect all Report

Page 349

B-16SurveyorUser’s GuideFilter Template Description Offset Value No. of Filters UsedMAC_Ring_Purge Collect all Ring Purge Token Ring MAC frames.117HEX

Page 350 - VQMon Metrics

C-1Appendix CCKeyboard ShortcutsFunction KeysFunction keys perform different operations depending on the window from which they are used. A table of t

Page 351

C-2SurveyorUser’s GuideStandard and Navigational KeysFunction keys perform different operations depending on the window from which they are used. Tabl

Page 352

Keyboard ShortcutsStandard and Navigational KeysCC-3Table C-6. Shortcut Keys from the Capture Filter WindowKey(s) ActionCtrl + N Bring up new default

Page 353 - Utilization Graph

C-4SurveyorUser’s Guide

Page 354

D-1Appendix DDParser NamesRecognized Parser Names The Parser Names recognized by Surveyor are organized by protocol suite in the following tables. Par

Page 355

D-2SurveyorUser’s GuideTable D-3. Parser Names, Apple Talk SuiteParser Name Protocol NameAARP AppleTalk Address Resolution ProtocolADSP AppleTalk Data

Page 356

Parser NamesRecognized Parser NamesDD-3Table D-5. Parser Names, Cisco SuiteParser Name Protocol NameCDP Cisco Discovery ProtocolDISL Dynamic Inter-Swi

Page 357

3-2Surveyor User’s Guideeach port on which you have installed a THGm analyzer card. Do not select ports for other devices. Click OK.Use the Local Port

Page 358 - Channel Table Details

D-4SurveyorUser’s Guide Table D-8. Parser Names, IBM SuiteParser Name Protocol Name3270 3270 TerminalNETBEUI NetBIOS Extended User InterfaceSNA Server

Page 359

Parser NamesRecognized Parser NamesDD-5BOOTP Bootstrap ProtocolDHCP Dynamic Host Configuration ProtocolDNS Domain Name ServerFTP File Transfer Protoco

Page 360

D-6SurveyorUser’s Guide SGCP Simple Gateway Control ProtocolSMTP Simple Mail Transfer ProtocolSNMP Simple Network Management Protocol (versions 1, 2,

Page 361

Parser NamesRecognized Parser NamesDD-7NBCAST Netware Broadcast Message Protocol NCP Netware Core ProtocolNDS Netware Directory Services NLSP Netware

Page 362

D-8SurveyorUser’s GuideTable D-14. Parser Names, H.323 SuiteParser Name Protocol NameASN.1 Abstract Syntax Notation 1H323GD H.323 - Gatekeeper Discove

Page 363

Parser NamesRecognized Parser NamesDD-9Table D-16. Parser Names, Cisco IP Telephony SuiteParser Name Protocol NameSSP Skinny Station ProtocolSCCP Skin

Page 364

D-10SurveyorUser’s Guide

Page 365

Glossary-1Glossary.CAP extensionFile extension for all capture files. .CFD extensionFile extension for all capture filters. .DFD extensionFile extensi

Page 366 - Exporting Multi-QoS Data

Glossary-2SurveyorUser’s GuideAlarm BrowserA window used to list, select, and set alarms. Alarm Falling ThresholdFalling threshold value to be compare

Page 367

Glossary (continued)Glossary-3Application Response TimeThe time required to establish a session with an application protocol, measured in milliseconds

Page 368

3-3Getting StartedBasic Navigation Tips35. THGm analyzer cards have two interfaces, RJ45 for 10/100 copper wire and a G-BIC for 1000 Mbps fiber optic.

Page 369 - Counters

Glossary-4SurveyorUser’s GuideCapture ModeThe mode in which Surveyor receives network data and stores it in the Capture Buffer. Capture ViewA window f

Page 370 - Error Counters

Glossary (continued)Glossary-5Detail ViewThe primary monitoring view for a single network resource. Multiple views of each resource can display in the

Page 371

Glossary-6SurveyorUser’s GuideExpert ViewSurveyor data view showing expert symptoms and expert counters for a time period.FragmentsA counter showing t

Page 372 - Ring error counters

Glossary (continued)Glossary-7HostA computer upon which a particular program or resource is located. In the context of Surveyor, the host is the compu

Page 373 - Expert Counters

Glossary-8SurveyorUser’s GuideMode of OperationDefines the current relationship between Surveyor and a resource. Surveyor can transmit data from a res

Page 374

Glossary (continued)Glossary-9NISName Information Service. OversizeA counter showing the total number of packets received that were longer than the 15

Page 375

Glossary-10SurveyorUser’s GuidePacket TypeThe type of packet sent in transmission mode. Packet types are IP, IPX, ARP, and AARP, or any other type spe

Page 376

Glossary (continued)Glossary-11Root StatementThe first statement in all capture filters. Specifies global variables and global val-ues.SA Source addre

Page 377 - Counter Log File Overview

Glossary-12SurveyorUser’s GuideTHGm (Ten/Hundred/Gigabit module)A hardware device available from Finisar that allows the capture/transmit of net-work

Page 378 - Log Directory Structure

Glossary (continued)Glossary-13Traffic RateWhen transmitting from Surveyor, a percentage of the maximum capacity of the network to carry packets.Trans

Page 379 - Utilities

3-4Surveyor User’s GuideYou can also access Capture View from Summary View to view a Capture file. From Summary View, click the button in the Survey

Page 380 - Name Table Utility

Glossary-14SurveyorUser’s GuideVoice over IP (VoIP)Industry term for the carrying of voice traffic over the Internet Protocol. This term is sometimes

Page 381

Index-1IndexSymbols.CAP File Extension 3-18.CFD File Extension 3-18.DFD File Extension 3-18.HST File Extension 3-18.NAM File Extension 3-18.TSP File E

Page 382

Index-2SurveyorUser’s Guide–B–Bad Frames 12-5bitmaps, exporting 13-9Bridge Protocol Data Unit (BPDU) 10-92Broadcast/Multicast Storms 10-103, 12-5Buff

Page 383

Index-3Index (continued)Token Ring, list of 12-4Excessive BOOTP 10-106Excessive Broadcasts 10-107Excessive Collisions 10-108Excessive Mailslot Broadca

Page 384 - Sniffer™ Translator Utility

Index-4SurveyorUser’s GuideICMP Fragmentation Needed 10-71DA and SA fields 8-10DA field 8-3Data field 8-3Data views 6-1, 6-18Address Map View 6-34App

Page 385 - Merge Histogram Files

Index-5Index (continued)CRC Frame 10-104Duplicate Network Address 10-58Excessive ARP 10-105Excessive BOOTP 10-106Excessive Mailslot Broadcasts 10-20Fr

Page 386 - Export Utilities

Index-6SurveyorUser’s Guide–F–Filter Actions 7-13Capture 7-14Counter 7-14display 7-15Filter Example, Advanced Filter 7-29Filter Example, Capture Conve

Page 387

Index-7Index (continued)–K–Keyboard shortcuts C-2–L–Launching 3-1layers, expert system 10-6learn addresses 13-3learn names 13-2remote resources 13-4Li

Page 388

Index-8SurveyorUser’s GuideNCP Server Busy 12-6NCP Too Many File Retransmissions 10-28NCP Too Many Request Loops 10-30NCP Too Many Requests Denied 10-

Page 389

Index-9Index (continued)Set Default button 4-12protocols in conversations 7-5, 7-7protocols supported 1-4–Q–Quality of Service 11-1–R–RAM 2-1Range Ed

Page 390

3-5Getting StartedBasic Navigation Tips3• If you have the Expert plug-in, use the button in Detail View to bring up the expert views.• If you have t

Page 391 - Implementation Profile

Index-10SurveyorUser’s GuideDelete 8-4Edit Data 8-4Modify 8-4Stream contents 8-3Stream modes 8-7Frame Rate 8-7Packet Gap 8-7Traffic Rate 8-7Stream siz

Page 392

Index-11Index (continued)Capture View toolbar 3-15Address Map View button 3-17Application Layer Host Table View button 3-16Application Layer Matrix Vi

Page 393 - that have

Index-12SurveyorUser’s GuideTotal MAC stations 10-121Total Router Broadcasts 12-8Total Tx Collision Counter 12-3Traffic direction indicator 7-5, 7-7T

Page 394

Index-13Index (continued)resizing docking windows 4-1–X–X offsets (wildcard) 8-10–Z–Zero Broadcast Address 10-101

Page 395 - About NDIS Mode

Index-14SurveyorUser’s Guide

Page 396 - NDIS Configuration Options

3-6Surveyor User’s GuideButtons and ToolbarsSurveyor ToolbarOpen buttonOpens a file, typically a capture file (.CAP). A dialog box displays showing al

Page 397 - Pre-Defined Filter Templates

3-7Getting StartedButtons and Toolbars3Capture Mode buttonPlaces the currently selected resource in capture mode. This button is gray if the resource

Page 398

3-8Surveyor User’s GuideDetail View ToolbarSave buttonSaves the current contents of the capture buffer to a file. A dialog box displays, allowing you

Page 399 - Filter Templates

3-9Getting StartedButtons and Toolbars3Capture Filter buttonDisplay the Capture Filter window. The window displays a previously opened filter or the d

Page 400

vTable of ContentsChapter Page1 Introduction ... 1-1Surveyor Functions

Page 401

3-10Surveyor User’s GuideData Views Toolbar (Expert and Multi-QoS buttons)Ring Statistics View button (Token Ring Only)Brings up tables showing in

Page 402

3-11Getting StartedButtons and Toolbars3Host Table View buttonSelects Host Table View for viewing information. You can see MAC stations and their asso

Page 403

3-12Surveyor User’s GuideRefresh buttonUpdate the information in all open views.Duplicate Address Button (Expert plug-in only)Brings up a table showin

Page 404

3-13Getting StartedButtons and Toolbars3Filter Design ToolbarCreate Filter buttonCreates a new filter. The default window appears for the Filter Desig

Page 405

3-14Surveyor User’s Guideare designated with an extension of .CFD files and display filters with an extension of .DFD.Save Filter buttonSaves the curr

Page 406

3-15Getting StartedButtons and Toolbars3Capture View Toolbar Open File buttonOpens a capture file (.CAP

Page 407

3-16Surveyor User’s GuideResume Load buttonCapture files are loaded to Capture View as a background process. Pressing this button resumes the backgrou

Page 408

3-17Getting StartedButtons and Toolbars3Host Matrix View buttonSelects Host Matrix View for viewing captured information. You can see all conversation

Page 409

3-18Surveyor User’s GuideFile FormatsThe following file formats are supported in Surveyor:.HST Extension – Capture FilesFile extension for capture da

Page 410

3-19Getting StartedProviding a Name Table to Surveyor3Providing a Name Table to Surveyor A default name table file, hosts.nam, is included with the so

Page 411

viSurveyor User’s GuideDetail View Toolbar ... 3-8Data Views Toolbar ...

Page 412

3-20Surveyor User’s GuideEstablishing Links for THGm The THGm is often connected to a device that cannot auto negotiate the connection, such as when m

Page 413 - Keyboard Shortcuts

4-1Chapter 44 Configuring SurveyorConfiguring the InterfaceIn Surveyor, you can control the appearance of windows, the primary monitor view, the appea

Page 414

4-2Surveyor User’s Guidecompletely close a docking window. If you close a docking window, use the options from the View menu to get the window back.Yo

Page 415

4-3Configuring SurveyorConfiguring the Interface4Use the middle portion of the dialog box to set up the display of the Summary column. The Summary col

Page 416

4-4Surveyor User’s GuideUse the bottom portion of the dialog box to set the point from which Surveyor will measure time when calculating and displayin

Page 417 - Parser Names

4-5Configuring SurveyorConfiguring the Interface4Setting Histogram Zoom FactorSet the Zoom Factor changes the number of data points that remain in the

Page 418

4-6Surveyor User’s GuideConfiguring Chart ViewsProtocol distribution view and frame size distribution view can be customized using buttons within the

Page 419 - Recognized Parser Names

4-7Configuring SurveyorModule Settings (Properties)4Module Settings (Properties)Module settings configure options for the capture, monitor, and transm

Page 420

4-8Surveyor User’s GuideModule settings are described in the subsections below. Default values for Module Settings are shown in Table 4-4:Buffer SizeP

Page 421

4-9Configuring SurveyorModule Settings (Properties)4For THGm modules, the default is no packet slicing (full packet length). For THGm, the slicing siz

Page 422

viiContents (continued)Advanced Configuration... 4-20surveyor.ini File...

Page 423

4-10Surveyor User’s Guidewill be listed in the Application Tables as in the following example: UDP non-WKP:4620This feature only affects the tables or

Page 424

4-11Configuring SurveyorSystem Settings42. A dialog box appears showing the ports within the local system. Check the box of only those ports you want

Page 425

4-12Surveyor User’s GuideProtocol Color CodingSurveyor provides a real-time protocol decode called Packet Summary View and protocol decodes in Capture

Page 426

4-13Configuring SurveyorSystem Settings4:Table 4-7. Strip Chart Display TimersThe values for polling timers must be between 1 and 214783647 seconds. T

Page 427

4-14Surveyor User’s GuideDisk Options Surveyor supports saving and examining very large capture files. Two disk options are available to support large

Page 428 - Glossary-2

4-15Configuring SurveyorConfiguring Alarms4Configuring Counter LoggingCounter log files contain snapshots of Surveyor counter information. All MAC lay

Page 429 - Glossary-3

4-16Surveyor User’s GuideUsing E-mail with Surveyor is turned off by default. If you want to use this feature, you must reset a parameter in the Surve

Page 430 - Glossary-4

4-17Configuring SurveyorConfiguring a Multi-Port Tap or Switch4The Surveyor software can be used to control which LAN segment is selected by the tap o

Page 431 - Glossary-5

4-18Surveyor User’s Guide4. Use the Bypass check boxes to set any network segments that you want to restrict from being used with the analyzer. Any se

Page 432 - Glossary-6

4-19Configuring SurveyorSettings for Analyzer Devices42. Click on the icon for the remote analyzer device in the Resource Browser.3. Choose Properties

Page 433 - Glossary-7

viiiSurveyor User’s GuideNetwork Layer Matrix View ... 6-30Application Layer Matrix View...

Page 434 - Glossary-8

4-20Surveyor User’s Guide8. Enter the IP address of a server that runs BOOTP and/or TFTP protocols in the IP Boot Server field.9. If you are updating

Page 435 - Glossary-9

4-21Configuring SurveyorAdvanced Configuration4directory and will use that file for its diagnostic information. If no EXPERT-MSG.INI file is found in

Page 436 - Glossary-10

4-22Surveyor User’s Guide<port num> is a two-byte value that appears in a port fields of a TCP or UPD packet header. It identifies the protocol

Page 437 - Glossary-11

4-23Configuring SurveyorAdvanced Configuration4Example 2Assume that a company is using a proprietary protocol named “Company X Proto-col” that uses UP

Page 438 - Glossary-12

4-24Surveyor User’s GuideHow Surveyor Assigns Protocol NamesSurveyor explicitly monitors a predefined set of protocols/applications that use TCP or UD

Page 439 - Glossary-13

4-25Configuring SurveyorAdvanced Configuration4Monitoring Non Well-Known PortsSurveyor also collects information about a subset of ports that fall out

Page 440 - Glossary-14

4-26Surveyor User’s GuideAssigning TCP or UDP Ports to Protocol ParsersUse the ANALYSIS.INI file to assign any built-in Surveyor parser to a TCP or UD

Page 441 - Numerics

4-27Configuring SurveyorAdvanced Configuration4thermore suppose the network administrator only wants to decode TCP port 11964 when associated with IP

Page 442

4-28Surveyor User’s Guide

Page 443

5-1Chapter 55 Resources and ModesSurveyor can gather statistical information and view network data from a variety of hardware sources. The types of in

Page 444

ixContents (continued)Stream Modes ... 8-7Bursts ...

Page 445

5-2Surveyor User’s GuideDouble-click on a resource to display a default view of the resource in Summary View. If a remote resource is protected, you a

Page 446

5-3Resources and ModesRemote Resources5 Figure 5-1. Remote Host ConnectionsLocalLANSegmentNDIS network adapter,CMM or CMM2BoardRemoteLANSegmentSurvey

Page 447

5-4Surveyor User’s GuideNaming Remote IP Resources (Aliases)The Resource Browser initially displays all nodes on a subnet using the IP Address. Users

Page 448

5-5Resources and ModesRemote Resources5Hovering the mouse over a top-level node which has an alias displays the name with the IP Address in parenthesi

Page 449

5-6Surveyor User’s GuideModesModes are applied to resources. Each resource can be in a different mode. The modes available with Surveyor depend on the

Page 450

5-7Resources and ModesHardware Devices5.Table 5-3. Hardware Device CapabilitiesDevice Hardware Device CapabilitiesTHGm (Ten/Hun-dred/Thousand module)T

Page 451

5-8Surveyor User’s GuideSynchronized ResourcesSynchronized resources are multiple hardware devices (two THGm) that have been connected so that they us

Page 452

5-9Resources and ModesHints and Tips for Resources5resources are recognized by the synchronized resource icon in the Resource Browser. Synchronizing r

Page 453 - Zero Broadcast Address 10-101

5-10Surveyor User’s Guide• Use synchronized THGm modules for full-duplex capture.• For options to be displayed under the Host menu, you must select th

Page 454 - Index-14

6-1Chapter 66 ViewsThere are numerous ways to view data from Surveyor. This section describes the primary windows you use to view data, and the actual

Commentaires sur ces manuels

Pas de commentaire