RE: DDR logging line opening ? [7:44798]

[C restion]

Use a sniffer in combination with this log. This will help you identify
which traffic opens the DDR link and which not.

If there are any other ways, let me know.

Rgds,
Crestion


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44815&t=44798
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet Session Traces....Needing help! [7:44793]

[C restion]

Hey Mark,

First thing to do is use filters. Personally I use NAI's Sniffer Pro, which
quickly allows you to select a session based on IP addresses and/or
protocol. Ethereal should have this functionality as well.

First create a filter based on the server's IP address, and look for any
broadcast-traffic. This should quickly let you determine wether it's
keepalives are send as broadcast or unicast.

If you can't find any broadcast keep-alives (i.e. this is not the problem),
enhance your filter to show you one specific session. Check the entire
packetflow step-by-step and determine the set-up of the connection, data
transfer and finally the termination of the connection. This should give you
a better idea of what's going on. I'd recommend taking traces on both sides
of the connection (so both server and client side) and compare them.

Personally I don't think broadcast keep-alives are the problem, since
keep-alives imply terminating a connection after a certain amount of missed
keep-alives. And you already stated your server does not terminate the
session.

Anyway, hope this helps. 

Rgds,
Crestion




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44814&t=44793
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fwd: no lmi - dlci inactive - telco says my proble [7:44774]

[C restion]

Hmmmwho is your telco? For the old Concert network (now BT Ignite) I
know they use ANSI LMI with a keep-alive interval of 10 secs. Make sure your
settings match your telco's.

What I always advise to do is to use a sniffer to see what's actually going
on on the line. This way you can quickly identify if your router is
receiving the right LMI type at the interval the telco states.

Hth,
Crestion


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44812&t=44774
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token ring Question. [7:44805]

[C restion]

Hi Ivan,

Mac addresses only have local significance. So for your scenario, host X
sends a packet with it's own MAC address as the source and the router TR
interface as the destination MAC address. The router then rebuilds the
packet and sends it out the ethernet interface with the Ethernet interface
as the source MAc address and host Y as the destination MAC address.

Hth,
Crestion


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44809&t=44805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: accessing server slow over t1 [7:44355]

[C restion]

Hey George,

Before you start taking any actions, first use a Sniffer to see what is
causing the delay. It's no use implementing anything unless you know it's
going to be effective.

Hth,
Crestion


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44604&t=44355
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: bit time [7:44144]

[C restion]

For 16Mb Token Ring that would lead to 1 bit per 62.5 nanoseconds. I.e. one 
bit-time is 62.5 nanoseconds.

Rgds,
Remmert


>From: "Pierre-Alex Guanel" 
>To: "C restion" , 
>Subject: RE: bit time [7:44144]
>Date: Tue, 14 May 2002 09:47:44 -0500
>
>Thank you Remmert. Can I assume that with a 16 Mb Token ring a bit time
>would be 16 bits per seconds?
>
>Pierre-Alex
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of C
>restion
>Sent: Tuesday, May 14, 2002 6:32 AM
>To: [EMAIL PROTECTED]
>Subject: RE: bit time [7:44144]
>
>
>Hi Pierre,
>
>A bit-time is the time it takes to send a bit.
>
>For 10Mb Ethernet a bit-time is a 100 nanoseconds (10 Megabit per second, 
>so
>1 bit per 100 nanoseconds), for Fast Ethernet it is 10 nanoseconds and so
>on.
>
>So if a workstation on a Fast Ethernet network were to wait 5 bit-times, it
>actually waits 50 nanoseconds.
>
>Hth,
>Remmert
_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44269&t=44144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Slow Links. [7:44141]

[C restion]

Hi Murali,

With Etherpeek you can only examine the ethernet sides of your connection 
(which in this case should probably enough since the problem seems to be on 
the Ethernet-segment between router C and the Win98 client). As far as I'm 
aware you can only sniff serial links with a professional package like 
Sniffer Pro. Should anybody know of a freeware tool, let me know.

Hth,
Crestion

>From: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: RE: Slow Links. [7:44141]
>Date: Tue, 14 May 2002 18:20:33 +0400
>
>Hi..
>
>I have a small improvement on the problem.. now this is what i did.. on rtr
>C i put access-lists such that only reqd data passes through..  and this
>resulted in clients logging without any problems.. also the users there 
>said
>that after this was put the client part of this foxpro based application
>would not display errors of no connection or connection timing out.. all
>that i could see was there was a lot of activity on the RTR 805.
>
>Can this be due to excessive broadcast of the netbios ?? that 
>helper-address
>has opened the ports for..? if so which ports and protocols to permit.
>
>i want to remove the access-list since 805 is really a small router to do
>too much of packet processing..
>
>i would like to know if i am going in the right direction.
>
>Crestion --thanks for the mail.. i shall do that and let me see what it has
>to say ?
>
>can Etherpeek monitor serial links across on router ?
>
>thanks,
>Murali
>
>
>
>-Original Message-
>From: C restion [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, May 14, 2002 3:39 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Slow Links. [7:44141]
>
>
>Hi Murali,
>
>This definitely is a strange problem. I would advise to put sniffers on 
>both
>ends of the connection (so one between the NT Server and Router A and one
>between router C and the Win98 client), try to logon and than watch the
>packet flow for any anomalies. Especially keep an eye on the 'delta time'
>column and watch for a sudden increase in time. This usually points to 
>where
>the connection gets 'stuck' and will help you pinpoint the problem.
>
>If your company doesn't have professional sniffers, you could probably get
>the same result with one of the freeware sniffers (Etherpeek, etherreal).
>
>Hth,
>Crestion
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44268&t=44141
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Securing a Aironet 350 [7:44152]

[C restion]

Btwthere's a great article on Wireless security on
http://www.networkcomputing.com/1303/1303ws2.html

This article also shows the importance of finding the right balance between
risk assessment, cost and convenience.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44219&t=44152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Securing a Aironet 350 [7:44152]

[C restion]

Steven,

Way off Hmmmthe only thing I indeed forgot to mention is the
directional antenna-danger, but to say I'm way off...that's a strong
statement.

First of all let me clarify myself. My final comment, "Again, which solution
to go for depends on your security needs and how much you're willing to
spend." basically says it all. As much as we techies would love to be in the
ideal networking world where everything came free, this is NOT reality.
Networking is here to support business and not the other way around.

If in this case the signal stays within the building and our friend is the
only one with a wireless card, basic WEP and access-control are all you
need. There is no business need or potential risk whatsoever to justify
purchasing expensive VPN-equipment. Again, you are right about the
directional antenna danger, but if the AP is placed on the 48th floor of a
building withouth any adjacent buildings even those won't help you too much.

So you're right about WEP not being safe, I never claimed it to be safe. WEP
does exactly what it's designed to do, namely provide minimum level security
to get the efforts off getting on a Wireless network about as high as the
efforts to get on a wired network. The rule that additonal security is
required applies to both the wired as the wireless network.

To summarise: ideally you would use all the security measures available to
secure your wireless network. In reality you decide what measures to take
based upon business needs (i.e. what costs are justifyable).

Rgds,
R



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44214&t=44152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: bit time [7:44144]

[C restion]

Hi Pierre,

A bit-time is the time it takes to send a bit. 

For 10Mb Ethernet a bit-time is a 100 nanoseconds (10 Megabit per second, so
1 bit per 100 nanoseconds), for Fast Ethernet it is 10 nanoseconds and so on.

So if a workstation on a Fast Ethernet network were to wait 5 bit-times, it
actually waits 50 nanoseconds.

Hth,
Remmert


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44203&t=44144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Slow Links. [7:44141]

[C restion]

Hi Murali,

This definitely is a strange problem. I would advise to put sniffers on both
ends of the connection (so one between the NT Server and Router A and one
between router C and the Win98 client), try to logon and than watch the
packet flow for any anomalies. Especially keep an eye on the 'delta time'
column and watch for a sudden increase in time. This usually points to where
the connection gets 'stuck' and will help you pinpoint the problem.

If your company doesn't have professional sniffers, you could probably get
the same result with one of the freeware sniffers (Etherpeek, etherreal).

Hth,
Crestion


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44204&t=44141
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Securing a Aironet 350 [7:44152]

[C restion]

Hi Rich,

First thing to do is to trace the signal. I.e. what are the physical limits
of the RF. Special wireless tools (like the Sniffer Wireless) are available
to help you with this, but the software delivered with your Aironet can tell
you a lot as well.
If the signal stays within the building, 128-bits WEP and an access-control
list (i.e. which MAC-addresses are allowed and which not) should be
sufficient.
If the signal spreads to for example the car-park, additional security
measures are advisable. Depending on how much you're willing to spend,
several options are available. A firewall behind the AP, VPN-tunnels, etc.
are all expensive, but secure solutions. Again, which solution to go for
depends on your security needs and how much you're willing to spend.

Hth,
Remmert


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=44201&t=44152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]