Ethervision is designed to monitor and display activity of an Ethernet Local
Area Network (LAN). EtherVision works with all Ethernet media types including
coax, twisted pair, and fiber. Operations exist to monitor Ethernet traffic
activity and errors in real-time, show network utilization, assign user names
to network addresses, and more. Such information about traffic activity
enables the user to determine network loading, show traffic generated by
individual stations (also called nodes), and resolve problems.
There are two real-time monitoring display modes available while monitoring
traffic. These modes are:
- normal -- Tracks packets and kilobytes sent by each station
- skyline -- Aggregate network traffic display over time + network
utilization
Within each display mode, there are error counters and numerous options to
tailor the display.
Alphanumeric names may be associated with network addresses making it easier to
interpret network activity displays. This information is stored in a file
which may be recalled and changed at anytime. The basic operations available
in EtherVision are summarized in
OPERATION
The demo for EtherVision (which monitors a simulated network) is run by typing
EV_DEMO from the directory containing EV_DEMO.EXE. When EtherVision is first
invoked, the user is presented with a main menu. An action from this menu may
be selected by pressing the first letter of the option or moving the cursor
up/down with the up/down arrow keys and then pressing Enter. As a shortcut,
pressing the first letter of the option causes immediate action. The user may
return to the main menu at any time by pressing the Esc key. Each menu option
is described in more detail below.
Assigning Names
Selecting the ASSIGN NAMES from the main menu allows you to associate names
with network addresses. For example, the name 'Robert' may be given to the
address 0000860005FC (address are always 12 hex digits = 48 bits), making it
easier to remember what devices and workstations are at what network adapter
addresses. Upon selecting this option, a screen appears in which two new
windows are presented along with the function key options at the bottom of the
display. The Name Assignments window displays a column of network addresses
(in hex) followed by the name. If no name has been assigned by the user, then
the default appears which consists of the station address preceded by "NAME?-". If there are more names than can be displayed, an arrow will appear in the
lower left-hand corner of the window. Then, the names which are displayed in
the window can be changed by moving the highlight bar up and down using the
arrow keys or PgUp/PgDn (page up/page down) keys. Arrows will appear in the
upper left-hand corner and/or lower right-hand corner of the window to
indicate the presence of more names above or below the ones displayed. The
lower window is for user input. To change a name, select the station address
by moving the highlight bar up and down using the arrow keys or PgUp/PgDn keys
and press Enter.
To perform other functions, use the function keys as follows: Function key F2
(Add Name) allows a name to be added or changed. If the network has been
actively monitored prior to assigning names, the network addresses that were
active are displayed, followed by name currently associated with that network
address. Pressing F2 allows the user to input a new or different name for a
given address. Function key F3 (Del Name -- Delete Name) will prompt the user
to delete the name currently selected at the highlight bar. Function key F4
(Sort Addr -- Sort Address) sorts the entries in ascending order by station
address. Function key F5 (Sort Name) sorts the entries in ascending order by
alphanumeric name. Function key F6 (Load -- Load File) allows the user (in
the operational version only) to load a previously created name file. The
file may be created with a spreadsheet (with ASCII comma delimited
import/export capability), word processor, or within EtherVision itself.
Function key F7 (Save -- Save File) will (in the operational version only)
save the name assignments to a file, in ASCII comma delimited format.
Function key F8 (CLR --Clear) will clear all of the name entries. To leave
Assign Logical Names, press the Esc key to return to the main menu.
Monitoring Traffic
Selecting MONITOR TRAFFIC from the main menu puts EtherVision into its real-
time monitoring mode showing various activity on the Ethernet. The top of
this display shows the date and time when monitoring began or when the
displayed was cleared using the F7 function key. Most of the display is
devoted to showing the stations (up to 80; use the arrow keys or PgUp/PgDn to
show additional stations if there are more) and their packet counts (those
packets sent by that station).
The bottom portion of the display shows other counters and conditions. From
left to right, these counters and status indicators are explained as follows:
STNS or stations, shows the total number of active stations (counting the
number of stations on the display would yield the same result). If there are
more stations (over 80) than can be displayed on the screen, then the up/down
arrow keys and the PgUp/PgDn keys may be used to show the additional stations.
Packets shows the grand total of all packets counted. Kbytes or kilobytes
shows grand total, in thousands of bytes, of all packets counted. Bcast or
Broadcast, shows the number of packets that were broadcast to all stations.
PPS/Peak indicates the packets per second and peak packets per second since
monitoring began.
CRC shows the number of packets in which the cyclic redundancy check performed
on the packet by the EtherVision adapter did not agree with the value in the
packet, indicating garbled bits within the packet. Each time a CRC error
occurs, a "beep" will be heard. Align or alignment shows the number of packets
in which the bits have "shifted" out of alignment. Whenever an alignment error
occurs, a "beep" will be heard. Frgmt or Fragment shows the number of packets
which have truncated prematurely. Fragment errors usually indicate
collisions. Each occurrence of a fragment error will cause a "beep" to be
heard. MU or Missed/Unprocessed indicate the inability for the hardware
and/or software to keep up with Ethernet traffic. A triangle under the M
indicates that the hardware (adapter/PC) missed a packet. A triangle under
the U indicates that the software (EtherVision itself) was unable to process
the packet before its buffer filled. On an 80386-based PC, this should rarely
happen. On an 80286-based PC this may happen during periods of heavy,
sustained traffic. This "MU" feature is unique to EtherVision -- many
competing monitor programs will not indicate that packets could not be
processed in time. Elapsed indicates the elapsed time since monitoring began
or was cleared using function key F7.
The bottom most line displays the function keys and their assignments. These
function keys are discussed in more detail as follows:
Function key F2 (Stn ID -- Station Identification) is used to change the way
in which the station IDs are displayed. The default is either the node
address or the station's logical name. The logical name is shown if the user
loaded names or assigned names prior to monitoring, using the Assign Names
option from the Main Menu (if there is a name assigned to an address which is
not active, then a '-' will appear after the name instead of a packet count.)
If the logical name is not chosen for display, then the station ID is shown as
the station's network addresses in hex notation. Pressing function key F2
will toggle between these three different formats.
Function key F3 (Sort STN -- Sort Station) will sort the station by IDs, in
ascending order. The ordering is determined by the way the station IDs are
displayed. For example, if the station names are displayed, then the sort
will be by name. Likewise, if the station addresses are displayed, then the
sort will be by station address. Both sorts are in ascending order.
Function key F4 (Sort CNT -- Sort Count) will sort the stations by the number
of packets. The sort is in descending order such that the most active
stations appear first.
Function key F5 (Cnt/Pct -- Station Count/Percent) toggles between displaying
of either the station packet counts or percentage of total packets counted.
Function key F6 (Pkt/Sky -- Packet/Skyline) Toggles between the packet count
display and skyline/network utilization display. If the skyline is chosen,
then the screen will display total packet counts on a logarithmic scale by the
second or by the minute, for the last 60 seconds or 60 minutes respectively.
The second or minute mode is selected when the skyline is displayed by
pressing function key F8. The network utilization scale is update once per
second and will show a solid bar when the network is utilized more than 1
percent. The peak utilization is marked with a triangle.
EQUIPMENT REQUIREMENTS FOR OPERATIONAL VERSION
EtherVision is designed to work with virtually all PC/MS-DOS machines with a
Novell NE2000 compatible Ethernet adapter card installed. PC/MS-DOS 3.1 or
higher and a minimum of 384K of free RAM is required (more RAM gives
EtherVision more buffers). Since Ethernet can accommodate in excess of 16,000
packets per second, best possible network monitoring performance is achieved
with a PC with a fast 80286 (12 Mhz or better) or 80386 processor (a feature
unique to EtherVision is notification of packets that could not be processed
because the hardware (adapter + PC) could not keep up and notification if the
software (EtherVision) could not keep up). A monochrome or color display may
be used. EtherVision is not copy-protected but is serialized.
ORDERING INFORMATION
The operational EtherVision is priced at $225, which includes a user's
manual, and choice of 3 1/2" or 5 1/4" diskette. EtherVision with a Triticom
certified 16-bit Ethernet adapter is priced at $525. For more information or
to order contact Triticom at P.O. Box 11536, St. Paul, MN 55111; (612) 937-
