User ManualTable of ContentsIntroduction21Surveyor Functions22Analyzer Devices24Protocols Supported24What's New in Release 5.028Capture to Disk and THGsE Analyzer Support28Disk Caching28Capture Management28Expanded Multi-QoS Support29SMNP Extended Agent29New and Enhanced Protocol Decodes29Installation31System Requirements31Upgrading Surveyor32Installing Surveyor33Installing Analyzer Hardware34Installing Analyzer Hardware in a Desktop PC34Installing Analyzer Hardware in a Notebook PC35Installing More Than One Analyzer Card in a Notebook PC38Compatibility Matrix39Getting Started41The Surveyor System41Launching Surveyor41Basic Navigation Tips43Buttons and Toolbars46Surveyor Toolbar46Module Toolbar (Summary View)46Detail View Toolbar48Data Views Toolbar50Filter Design Toolbar53Filter States Design Toolbar53Capture View Toolbar55File Formats58.HST Extension – Capture Files58.CAP Extension – Internal Capture Files58.NAM Extension – Name Table Files58.CFD Extension – Capture Filters58.DFD Extension – Display Filters58.TSP Extension – Transmit Specifications58Providing a Name Table to Surveyor59Establishing Links for THGm60Configuring Surveyor61Configuring the Interface61Customizing Views and Windows61Capture View Display Options62Histogram Options64Setting the Monitoring View for a Module65Configuring Chart Views66Table Views66Module Settings (Properties)67Buffer Size68Packet Slice (Slicing Size)68Stop-and-Save Capture Buffer69Modes69MAC Control Frame70System Settings70Configuring Ports to Scan70Configuring Remote Communications71Protocol Color Coding72Setting Update Timers72Disk Options74Configuring Counter Logging75Configuring Alarms75Configuring a Multi-Port Tap or Switch76Setting the Local COM Port for Taps and Switches78Connecting a Tap with THGs or THGsE78Settings for Analyzer Devices78Resetting an Analyzer Device78Updating an Analyzer Device79Advanced Configuration80surveyor.ini File80Customizing Expert Diagnostic Information80Assigning Names to Protocols (Monitor)81Assigning TCP or UDP Ports to Protocol Parsers86Resources and Modes89Resource Browser89Remote Resources90Naming Remote IP Resources (Aliases)92Resource Protection93Modes94Hardware Devices94Synchronized Resources96Hints and Tips for Resources97Views99Summary View101Detail View102Using Capture + Monitor Mode in Detail View104Capture View105Capture View Window105Creating Filters from Capture View106Exporting and Printing Decodes106Configuring the Capture View Display106Using the Histogram Control107Histogram Color Coding108Histogram Button Controls112Histogram Mouse Controls113Saving Portions of the Data114Resume Analysis115Packet Editor115Data Views116Ring Statistics View (Token Ring Only)116MAC Statistics View (Rx)117MAC Statistics View (Tx)118Frame Size Distribution View118Protocol Distribution View119Utilization/Error View121Host Table View122Network Layer Host Table View123Application Layer Host Table View125Host Matrix View126Network Layer Matrix View128Application Layer Matrix View129VLAN View131Address Mapping View132Packet Summary View133Duplicate Address View (Expert plug-in only)133Expert View (Expert plug-in only)134Application Response Time View (Expert plug-in only)134Multi-QoS View (Multi-QoS software only)134Hints and Tips for Using Views135Capture and Display Filters137Getting Started with the Filter Interface137Creating Filters with Filter Templates138Creating and Applying a Conversation141Creating and Applying a Port Number143Selecting Filter Templates143Creating Custom Filter Templates144Filter Creation148Creating Filter Template Combinations148Filter Actions149Counter Conditions for Filters151Frame Types152Multi-State and Multi-Statement Filters153Filter Structure155Filter States156Filter Statements157Capture and Display Filter Differences158Activating Display Filters158Activating Capture Filters158Filter Examples159Filter Example, Capture Conversation159Filter Example, Template Combination161Filter Example, Capture TCP Port Traffic163Filter Example, Advanced Filter165Rules of the Capture or Display Filter166Hints and Tips for Using Filters167Filtering Tips Unique to THG-class Devices168Transmit Specification169Transmit Specifications169Transmit Specification Dialog Box170Repeating Frames173Stream Modes175Bursts175Transmission Mode176Specifying Transmit Data176Packet Editor176Changing Fields Directly in the Dialog Box177Using Templates179Creating Templates179Transmitting Capture Files180Transmit Specification Examples180Transmit Specification Example, Bursts182Hints and Tips for a Transmit Specification183Alarms185Current Module Alarms186Alarm Editor188Multi-QoS Alarms189Expert Alarms190Using Alarms with Different Devices191Thresholds and Alarms192Alarm Actions193Log File Settings194E-Mail Settings194Pager Settings195SNMP Trap Settings195Viewing the Alarm List and the Alarm Log198Hints and Tips for Alarms198Alarm Examples199Alarm Example, Utilization199Alarm Example, MAC Errors200Alarm Example, Frame Size201Alarm Example, VoIP Calls202Alarm Example, Expert and Application Response203Expert Features205Expert System Views206Getting Started with Expert View206Expert Overview Details208Expert Layers210Expert Symptoms, Analyses, and Network Entities214Symptoms214Analyses215Entities215Expert Diagnostic Messages219Working with the Expert System220Configuring the Expert System220Module Settings for the Expert System221Setting Expert Alarms221Customizing Expert Diagnostic Information221Exporting Expert Data222Printing Expert Data222Working with Timestamps222Working with Analyzer Devices223Application Response Time223Application Layer224Excessive Mailslot Broadcasts224FTP Login Attempts225Missed Browser Announcement226NCP File Retransmission227NCP Read/Write Overlap228NCP Request Denied229NCP Request Loop230NCP Server Busy231NCP Too Many File Retransmissions232NCP Too Many Requests Denied233NCP Too Many Request Loops234NFS Retransmissions235No HTTP POST Response236No Server Response237Slow HTTP GET Response238Slow HTTP POST Response239Slow Server Connect240Slow Server Response241SMB Invalid Network Name242SMB Invalid Password243Session Layer244No WINS Response244TNS Slow Server Connect245TNS Slow Server Response246Transport Layer247Idle Too Long247Non Responsive Station248TCP Checksum Errors249TCP Fast Retransmission250TCP Frozen Window251TCP Long Ack253TCP Repeat Ack254TCP Retransmissions255TCP RST Packets256TCP SYN Attack257TCP Window Exceeded258TCP Window Probe259TCP Zero Window260Too Many Retransmissions261Network Layer262Duplicate Network Address262HSRP Coup263HSRP Errors264HSRP Resign265ICMP All Errors266ICMP Bad IP Header267ICMP Destination Host Access Denied268ICMP Destination Host Unknown269ICMP Destination Network Access Denied270ICMP Destination Network Unknown271ICMP Destination Unreachable272ICMP Fragment Reassembly Time Exceeded274ICMP Fragmentation Needed [D/F set]275ICMP Host Redirect276ICMP Host Redirect for TOS277ICMP Host Unreachable278ICMP Host Unreachable for TOS279ICMP Inconsistent Subnet Mask280ICMP Network Redirect281ICMP Network Redirect for TOS282ICMP Network Unreachable283ICMP Parameter Problem284ICMP Port Unreachable285ICMP Protocol Unreachable286ICMP Redirect287ICMP Required IP Option Missing288ICMP Source Quench289ICMP Source Route Failed290ICMP Time Exceeded291ICMP Time to Live Exceeded292Illegal Network Source Address293IP Checksum Errors294IP Time to Live Expiring295ISL BPDU/CDP Packets296ISL Illegal VLAN ID297OSPF Broadcasts298RIP Broadcasts299Router Storm300Same Network Addresses301SAP Broadcasts302Total Router Broadcasts303Unstable MST304Zero Broadcast Address305MAC Layer306Bad Frames306Broadcast/Multicast Storms307CRC Frame counter308Excessive ARP309Excessive BOOTP310Excessive Broadcasts311Excessive Collisions312Excessive Multicasts313Fragment Frame314Illegal MAC Source Address315Jabber Frame316Network Overload317New MAC Stations318Oversized Frame319Overload Frame Rate320Overload Utilization Percentage321Physical Errors322Runt Frame323Same MAC Addresses324Total MAC Stations325Hints and Tips for Expert Features326Summary of Expert Counters and Symptoms327Multi-QoS335Protocols Supported by Multi-QoS336Using Multi-QoS with Analyzer Hardware336Multi-QoS User Interface Overview337Surveyor and RTCP Jitter Values339Configuring Multi-QoS340Multi-QoS Performance Optimization342Call Filtering with Multi-QoS342All Calls Table343Field Descriptions for All Calls Table344Call Range Graphs and Summaries345Call Jitter, Call RTCP Jitter, Call Setup Time345Dropped Packets, RTCP Dropped Packets347Field Descriptions for Call Range Summaries349VQMon Metrics350Utilization Graph353Field Descriptions for Call Details354Channel Table Details358Filtering on Single Channels363Call Playback363Customizing Multi-QoS Table Displays364Customizing All Calls or Range Summary Tables364Customizing Channel Tables365Exporting Multi-QoS Data366Exporting All Multi-QoS Data to CSV Format366Exporting a Single Multi-QoS Table to CSV Format367Counters369Packet Counters369Custom Counters370Error Counters370Expert Counters373Multi-QoS Counters377Counter Log File Overview377Log Directory Structure378Utilities379Name Table Utility380Building a Name Table From the Network382NIS-to-Name Table Conversion Utility383Sniffer™ Translator Utility384Internet Advisor™ Translator Utility384Get Version Information Utility384Convert Capture Files to Histogram Files385Merge Histogram Files385Extract Frames From a File Using a Filter386Logging Utilities386Export Utilities386Exporting Packets386Exporting Tables to CSV Format or Graphs to a Bitmap387Exporting to Optimal CSV Format387Exporting Counter Log Files to Excel388Implementation Profile391Buffers391How Resources Use Buffers391Hardware Dependencies393About NDIS Mode395Captured Packets395Capture Rate / Transmit Speed395Counters395Rx Counter Display395Transmit Specification395NDIS Configuration Options396Setting the Interface396Set Capture Buffer and Packet Slicing Size396Pre-Defined Filter Templates397Filter Templates397Keyboard Shortcuts413Function Keys413Standard and Navigational Keys414Parser Names417Recognized Parser Names417Glossary427Index441Size: 4.23 MBPages: 454Language: EnglishOpen manual
