Re: Sniffer Resources [7:4410]
there are TONS of Sniffer resources out there. Unfortunately, many of them cost money because there are training courses to teach exactly what you're desiring to learn. Here are a few free (teaser) sites http://www.decodes.com/index.html http://www.networkuptime.com/ BTW, you might try issuing a search in your favorite search engine on "Sniffer trace diagnoses" or "network protocol decodes" More specifically, diagnoses that Sniffer Pro gives are NAI's analysis (based on years of decoding traces) of the trace decode(s). What specifically is the concern with the TTL's, retransmissions, long ack times, etc? Do you understand what they are and why they happen, and what the effect is of these diagnoses (if any)? If that is your concern, then read "Internetworking with TCP/IP volume 1" by Doug Comer. There's lots of theory of operation of the TCP/IP stack behind the diagnoses that the Expert spits out. The Sniffer help files help out with that theory a little bit too. Sniffer Pro sets certain threshholds for the Expert Analysis interpretations, and sometimes those threshholds are not accurate for your network. If you're looking for root cause, you'll have to dig a little deeper than just the diagnosis that Sniffer gives you, because once the diagnosis is done, the other 90% of the battle is isolating the problem and then convincing everyone else that that's where the problem lies based on YOUR detailed analysis and testing. And the diagnoses are not necessarily an indication that there is a problem in the network - sometimes, it's just a network characteristic that users are obliviously happy with and non-performance affecting. ...and everyone used to think that Sniffer traces were such an hard thing to read - I remember back in the "old days" before they gave the Expert diagnoses having to decode the conversations - now I've gotten lazy and started to trust the Expert! yikes...I'm sounding like an old guy here... ;-) -e- - Original Message - From: To: Sent: Monday, May 14, 2001 7:59 AM Subject: Sniffer Resources [7:4410] > Okay all you networking pros out there. Does anybody know of any good > Network General Sniffer resources? More specifically if I want to look > up diagnoses such as TTL's, retransmissions, long ack times etc.? > > jd > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4438&t=4410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffer Resources [7:4410]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, May 14, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Sniffer Resources [7:4410] Okay all you networking pros out there. Does anybody know of any good Network General Sniffer resources? More specifically if I want to look up diagnoses such as TTL's, retransmissions, long ack times etc.? jd FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4469&t=4410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffer Resources [7:4410]
TCP/IP Illustrated Vol.1 by Richard Stevens. Neil wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Okay all you networking pros out there. Does anybody know of any good > Network General Sniffer resources? More specifically if I want to look > up diagnoses such as TTL's, retransmissions, long ack times etc.? > > jd > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4490&t=4410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sniffer Resources [7:4410]
Thanks for the great links. One of the best things about this list is the sharing of links. Jim EA Louie wrote: > there are TONS of Sniffer resources out there. Unfortunately, many of them > cost money because there are training courses to teach exactly what you're > desiring to learn. > > Here are a few free (teaser) sites > > http://www.decodes.com/index.html > http://www.networkuptime.com/ > > BTW, you might try issuing a search in your favorite search engine on > "Sniffer trace diagnoses" or "network protocol decodes" > > More specifically, diagnoses that Sniffer Pro gives are NAI's analysis > (based on years of decoding traces) of the trace decode(s). > > What specifically is the concern with the TTL's, retransmissions, long ack > times, etc? Do you understand what they are and why they happen, and what > the effect is of these diagnoses (if any)? If that is your concern, then > read "Internetworking with TCP/IP volume 1" by Doug Comer. There's lots of > theory of operation of the TCP/IP stack behind the diagnoses that the Expert > spits out. The Sniffer help files help out with that theory a little bit > too. > > Sniffer Pro sets certain threshholds for the Expert Analysis > interpretations, and sometimes those threshholds are not accurate for your > network. If you're looking for root cause, you'll have to dig a little > deeper than just the diagnosis that Sniffer gives you, because once the > diagnosis is done, the other 90% of the battle is isolating the problem and > then convincing everyone else that that's where the problem lies based on > YOUR detailed analysis and testing. And the diagnoses are not necessarily > an indication that there is a problem in the network - sometimes, it's just > a network characteristic that users are obliviously happy with and > non-performance affecting. > > ...and everyone used to think that Sniffer traces were such an hard thing to > read - I remember back in the "old days" before they gave the Expert > diagnoses having to decode the conversations - now I've gotten lazy and > started to trust the Expert! yikes...I'm sounding like an old guy here... > ;-) > > -e- > > - Original Message - > From: > To: > Sent: Monday, May 14, 2001 7:59 AM > Subject: Sniffer Resources [7:4410] > > > Okay all you networking pros out there. Does anybody know of any good > > Network General Sniffer resources? More specifically if I want to look > > up diagnoses such as TTL's, retransmissions, long ack times etc.? > > > > jd > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4567&t=4410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]