there are TONS of Sniffer resources out there. Unfortunately, many of them
cost money because there are training courses to teach exactly what you're
desiring to learn.
Here are a few free (teaser) sites
http://www.decodes.com/index.html
http://www.networkuptime.com/
BTW, you might try issuing a search in your favorite search engine on
"Sniffer trace diagnoses" or "network protocol decodes"
More specifically, diagnoses that Sniffer Pro gives are NAI's analysis
(based on years of decoding traces) of the trace decode(s).
What specifically is the concern with the TTL's, retransmissions, long ack
times, etc? Do you understand what they are and why they happen, and what
the effect is of these diagnoses (if any)? If that is your concern, then
read "Internetworking with TCP/IP volume 1" by Doug Comer. There's lots of
theory of operation of the TCP/IP stack behind the diagnoses that the Expert
spits out. The Sniffer help files help out with that theory a little bit
too.
Sniffer Pro sets certain threshholds for the Expert Analysis
interpretations, and sometimes those threshholds are not accurate for your
network. If you're looking for root cause, you'll have to dig a little
deeper than just the diagnosis that Sniffer gives you, because once the
diagnosis is done, the other 90% of the battle is isolating the problem and
then convincing everyone else that that's where the problem lies based on
YOUR detailed analysis and testing. And the diagnoses are not necessarily
an indication that there is a problem in the network - sometimes, it's just
a network characteristic that users are obliviously happy with and
non-performance affecting.
...and everyone used to think that Sniffer traces were such an hard thing to
read - I remember back in the "old days" before they gave the Expert
diagnoses having to decode the conversations - now I've gotten lazy and
started to trust the Expert! yikes...I'm sounding like an old guy here...
;-)
-e-
----- Original Message -----
From:
To:
Sent: Monday, May 14, 2001 7:59 AM
Subject: Sniffer Resources [7:4410]
> Okay all you networking pros out there. Does anybody know of any good
> Network General Sniffer resources? More specifically if I want to look
> up diagnoses such as TTL's, retransmissions, long ack times etc.?
>
> jd
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4438&t=4410
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
