home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
DP Tool Club 24
/
CD_ASCQ_24_0995.iso
/
vrac
/
lzfwqa.zip
/
251128.TXT
next >
Wrap
Text File
|
1995-06-16
|
10KB
|
287 lines
NOVELL TECHNICAL INFORMATION DOCUMENT
TITLE: Answers About LANalyzer for Windows 2.1
DOCUMENT ID: TID251128
DOCUMENT REVISION: A
DATE: 15JUN95
ALERT STATUS: Yellow
INFORMATION TYPE: Issue
NOVELL PRODUCT and VERSION:
LANalyzer for Windows 2.1
ABSTRACT:
NA
-----------------------------------------------------------------
DISCLAIMER
THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO
NOVELL. NOVELL MAKES EVERY EFFORT WITHIN ITS MEANS TO VERIFY
THIS INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS
DOCUMENT IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT
OR IMPLIED CLAIMS TO THE VALIDITY OF THIS INFORMATION.
-----------------------------------------------------------------
ISSUE
Answers for the most frequently asked questions about LANalyzer
for Windows (LZFW) 2.1
1. Question
Does LZFW work with a "True Blue" IBM 16/4 Token Ring board?
1. Answer
No.
These IBM boards use the TROPIC chipset and there is a limitation
in the chipset that won't allow it to go into Promiscuous Mode,
which is required by LZFW.
2. Question
What does "Promiscuous Mode" mean?
2. Answer
This is the mode in which the Network Interface Card (NIC)
receives and passes on all packets on the network, regardless of
which machine they are addressed to. The LZFW network analyzer
monitors network traffic by configuring its NIC to receive every
packet on the network.
3. Question
Is it possible to configure LZFW to see through the
server/router?
3. Answer
No.
LZFW will only see the packets on the segment that it is attached
to. (If activity from another segment is transmitted onto the
segment with LZFW, you will see that activity.) To see another
segment, you must move LZFW to that segment. Distributed
LANalyzer functionality is available in Novell's ManageWise
product.
4. Question
Can LZFW decode IBM NetBIOS traffic?
4. Answer
No.
It does not decode the IBM NetBIOS packets. It will present you
with the MAC-layer header information and a hex dump of the rest
of the packet. Netbios packets are included in the utilization,
packet rate, and error statistics, and the Station Monitor
screen.
A company called Triticom sells a product called DecodesPlus
which works with LZFW, NMS, and ManageWise. It provides decodes
for Netbios and Netbeui, DECnet including LAT, and Banyan Vines.
Triticom is located in Bloomington, MN.
Their phone number is (612) 937-0772.
5. Question
What is the complete list of protocols that LZFW will decode?
5. Answer
NetWare TCP/IP AppleTalk SNA NFS
------- ------ --------- --- ---
BCAST ARP AARP RH MOUNT
DIAG DNS ADSP RU NFS
IPX FTP AEP TH PORTMAP
LSP ICMP AFP XID RPC
NBIOS IP ASP
NCP OSPF ATP
NDS RARP NBP
NLP RIP RTMP
NLSP SNMP ZIP
RIP TCP
SAP TELNET
SER TFTP
SPX UDP
WDOG
6. Question
Are there any patches available on NetWire for LZFW 2.1?
6. Answer
Yes, there are two different patches.
LZW001.EXE - Corrects a Token Ring bug that shows all stations as
BRIDGED LZW002.EXE - Corrects loss of all packets with new
drivers.
These patches apply only to LZFW 2.1. Users of earlier versions
of LZFW should upgrade to the current version before installing
either of these patches.
7. Question
LZFW hangs when running on Token Ring.
7. Answer
Make sure TKENH.COM has been loaded after LSL and before your
Token Ring driver. TKENH was copied to the LZFW directory by the
LANalyzer install program. You should also apply the LZW001.EXE
and LZW002.EXE patches, and make sure you have the latest driver
for your NIC from the card vendor.
8. Question
Does LZFW work with OS/2?
8. Answer
No.
OS/2 does not support Windows virtual device drivers, which LZFW
uses to receive network traffic.
9. Question
APPLE.EXE be loaded?
10. Answer
No, but APPLE.EXE must be loaded for Appletalk support.
11. Question
Must NETX/VLM be loaded?
11. Answer
No, but if NETX/VLM isn't loaded, you will not be able to gather
NetWare names.
12. Question
What is "Server Monitoring"?
12. Answer
When LZFW is started, the server monitoring function broadcasts a
"Get Nearest File Server" packet.
For a file server to respond to the broadcast request, it must
have the following parameter set:
"SET RespondToNearestFileServer = ON"
This is the default setting.
A known limitation of NetWare 3.x SFT III servers is that they do
not respond to this broadcast packet.
All the servers that respond to this broadcast will be added to
the "Server Monitor" screen.
Not all servers always respond.
For whatever reason, some might fail to respond every time.
Novell believes that this is due to the server being busy and
that responding to the packet is a low priority.
This explains why some servers sometimes get in the list and
others do not, and the exact list seems to change.
Now, LZFW has a list of servers to poll. The idea is to go down
the list of servers, one at a time, and send them a packet. If
they respond, server monitoring moves on to the next server until
it reaches the end of the list. Then, it starts over at the top
of the list. One server from the list is polled ever 15 seconds,
so the amount of network traffic generated is very minimal.
If a server fails to respond to the poll, it goes into a "retry"
mode. Server monitoring tries more frequently to poll the server
(every 2 seconds or so) for three tries. If the server has not
replied to any of the polls, server monitoring calls it down and
send an alarm. Then server monitoring moves on to the next
server. When it cycles around the list again, it tries the down
server to see if it is back up.
After several times through the list, server monitoring
"rebuilds" the list. This gets rid of servers which have been
down for a long time or have been moved. It also picks up new
servers that came up since server monitoring started. The
rebuild process restarts from scratch and creates a new list.
Unfortunately, a side effect of this is that servers can tend to
"come and go" from the list. There is no way to "Fix" or "Set"
the list to poll. You can only determine the servers you want or
do not want.
The easiest way to see this algorithm in action is to set up a
capture filter between "This Workstation" and "ANY." Let server
monitoring run for an hour or so. Then "Post Filter" on NetWare
SAPs. Do this by double clicking on the SAP layer in the decode,
and it will appear as follows:
=========== Service Advertising Protocol =============
Router polling is exactly the same except that NetWare RIP
packets are used in place of SAP packets.
13. Question
What does "Server Record Mismatch" mean?
13. Answer
You had a GP Fault in LZFW and tried to start again without
rebooting.
You must reboot Windows after any GP Fault.
14. Question
How is a "server overload" detected?
14. Answer
When a workstation sends a request (say a file read) the server
will normally respond in a few milliseconds or less. If it takes
more than 1 or 2 seconds, the client assumes that the packet was
dropped and retransmits it. The server sees the second request
as a duplicate of the one it already queued and sends the "Hold
on" packet.
These "hold on" packets are seen by LZFW and if enough of them
occur in 1 minute (15 by default) then we send an alarm. The
user may start noticing a slowdown of the network at the same
time.
This will allow you to begin responding to the problem before the
users know what's happening.
See the NetWare expert help and tutorial in LZFW for more
information on likely causes and solutions for this problem.
15. Question
There seems to be something wrong with the name file. Not all of
my names are being used.
15. Answer
There are a few things known to cause problems with the name
file.
Check the name file and correct any of the following conditions:
-- A. Names must be no longer than 20 characters.
-- B. There must be no blank lines.
-- C. There must be a <CR> after every line including the last.
The algorithm that removes duplicate names at the end of name
gathering has a limitation. The limitation is that it can only
deal with 1024 names. When you do name gathering, the current
name file is copied into a buffer and the new names from the
current name gathering are added to it. Once you get over 512
names in the file, you really can't add to it. The solution for
large name files is to merge the files by hand. Save the
original name file and delete everything except for the broadcast
address and name. Then rerun name gathering and merge the 2
files by hand. You can remove the duplicates manually as well,
if necessary.
If you use the tool on many networks and really only need a
subset at any one time, consider maintaining multiple name files.
That is, give each network its own name file and just remember to
copy the correct one over to NAMES_ET.CSV or NAMES_TR.CSV.
-----------------------------------------------------------------
Any trademarks referenced in this document are the property of
their respective owners. Consult your product manuals for
complete trademark information.
-----------------------------------------------------------------