The Whacked Mac Archives

home *** CD-ROM | disk | FTP | other *** search

/ The Whacked Mac Archives / The Whacked Mac Archives Version 1.0 (L0pht Heavy Industries, Inc.)(1996).iso / Pub (Expanded) / Network / EtherPeek_2.0.4_Demo.sea Folder / Read Me - EtherPeek Demo Notes < prev

Wrap

Text File | 1994-03-16 | 14KB | 134 lines

EtherPeek Demo - Version 2.0.4 Welcome to EtherPeek! Our easy-to-use Ethernet network analysis software allows a network manager to: • Capture every data packet on an Ethernet wire • Decode AppleTalk, IP, NetWare, DECnet, XNS, OSI, Banyan VINES, SNMP and other protocol-based packets • Filter packets by address, protocol, specific byte pattern, errors or size • Monitor and analyze network traffic patterns • Send packets for testing purposes • Set traffic alarms and send an electronic page This demonstration software is intended to provide the user with a complete and thorough overview of all of the features and functionality included in EtherPeek 2.0.4. The only use restrictions in this demonstration software are: 1. The "Send Packet" features are disabled 2. Capture is limited to one 15 second period per EtherPeek launch (unrestricted number of launches) A review of new features associated with release 2.0.4 of EtherPeek includes: 1. New decoders have been added for OSI (ES-IS, IS-IS and CLNP), for some new IP protocols (SMTP, POP, BOOTP, NTP, EGP, IGMP, OSPF, and RIP), and 802.1 Spanning Tree. 2. Hardware interface support has been added for: • Macintosh 840AV/ 660AV built-in Ethernet Port • PowerPC built-in Ethernet Port • E-Machines' EtherDock • Sonic Systems' micro/SCSI 3. Hardware interface support for the Asanté ENSC SCSI devices has been updated. The Asanté driver must be Version 5.3 or greater, used in conjunction with EtherPeek's new Hardware Interface, for full compatibility. 4. EtherPeek has been updated to use the latest laser printer drivers from Apple (version 8 and later). 5. EtherPeek's Main Window now provides more explicit protocol type information. Please refer to the "QuickTour" booklet which accompanies this demonstration software for specific examples and product feature exercises. This document gives a short summary of some of EtherPeek’s powerful features in the form of a short tutorial. WHAT YOU NEED TO RUN THIS DEMO Hardware Requirements: EtherPeek will run on any Macintosh for which a supported Ethernet Interface is available. At this release, supported adapters are available for the following: All members of the Macintosh Quadra and Centris Family (including AV models) All members of the Macintosh II family Macintosh Performa 600 and 800 Macintosh LC family Macintosh si Macintosh Classic Macintosh SE (using a SCSI adapter), SE/30 Macintosh PowerBook (using a SCSI adapter) Macintosh PowerBook Duo (using the E-Machines EtherDock adapter) Macintosh Portable (using a SCSI adapter) PowerPC ETHERNET ADAPTER CARDS SUPPORTED BY ETHERPEEK V. 2.0.4: 3Com EtherLink NB Apple Ethernet NB*, EtherTalk NB, Apple Quadra and Centris Built-In, Quadra AV Built-In, LC, LCII Asanté MacCon Series (SE/30, II, LC, IIsi, LCIII) Cabletron E5010/20/40/10-X/20-X/40-X E6010/20/30/40/10-X/20-X/30-X/40-X Cayman GatorCard E/II, IIsi, LC Compatible Systems Ether2, Ether•DS Dayna DaynaPort SE/30, II, IIsi, LC, EtherPort Series Dove FastNet IIIn, FastNet 030DS Farallon EtherMac Series, EtherWave Series, PhoneNet® SE/30,IIN Focus EtherLAN Series MaCNet NU460E National Semiconductor EtherNODE - 16NB Network Resources (NRC) Mac 1000 & 2000 Series, IIsi Novell EtherPort IIN, SE/30 Nuvotech NuvoLink II Racal Interlan NIA310 Ethernet Card Shiva EtherPort II, SE/30, LC Sonic Systems EtherTnT, EtherTwP, EtherA1 Series Technology Works Mac II Ethernet, LC, IIsi, Tri-Data Systems LanWay E-10 SCSI-TO-ETHERNET INTERFACES SUPPORTED**: Asanté EN/SC, Mini EN/SC Compatible Systems Ether+ Dayna Communications SCSI/Link3, Pocket SCSI/Link Focus Enhancements EtherLAN SC Nuvotech NuvoLink SC Sonic Systems micro/SCSI Technology Works Ethernet SC/SC-T * If you are using EtherPeek with Apple’s Ether NB adapter, please be sure to read the note about limitations with that card in the Hardware Interface folder. ** If you are using EtherPeek with a SCSI Ethernet adapter, please be aware of three basic limitations with these Ethernet connections. First, capture performance may be limited on busy networks, due to the limited memory in the SCSI device and the time that it takes to transfer packets from the device across the SCSI bus into EtherPeek. If this transfer does not happen quickly enough, the SCSI device may drop new, incoming packets with no indication to EtherPeek or to you. Secondly, some SCSI devices will not pass error packets, so EtherPeek is unable to detect packet errors. And, finally, with version 58 and greater of the AppleTalk driver, SCSI devices cannot be used with GetTheirAddress to associate Ethernet addresses with Responder Names across a network. SOFTWARE REQUIREMENTS: System 6.0.5 or greater and AppleTalk version 54 or greater. Any System 7 revision FEATURES REVIEW • EtherPeek version 2.0.X Filtering Mechanism With the release of version 2.0 (August, 1993), EtherPeek’s filtering mechanism was greatly enhanced, and continues to be enhanced with each subsequent upgrade. To exercise this feature, choose "Filters..." from the "Capture" menu. Then, double click on one of the filter names shown in the window, or add a filter by choosing Add or Duplicate from the Filter menu that will appear at the end of the top row of menu choices once in the Filters window. EtherPeek can process an unlimited number of filters, each of which has an address, protocol, offset and error section. For a packet to “pass” the filter and be captured, it must pass each enabled section of the filter, i. e., it is AND’d with any other enabled sections. A packet must pass only one of multiple, enabled (checked) filters to be captured ( i. e., multiple filters which are enabled are OR’d together). The filter mechanism is identical when used during capture or post-capture analysis, or for start and stop triggering, although each of these cases has its own independent enabling mechanism. EtherPeek has over 350 filters included on the disk for you to import into the Filters window and enable at will. Version 2.0.4 has been further upgraded to include even more filters for OSI and IP/TCP/UDP. • Support for More Protocol and Address Types The Name Table and filters in EtherPeek 2.0.x fully support the 802.2 standard protocol types (LSAP and SNAP types) as well as the Ethernet Type 2 protocols. DECnet addressing and support for a greatly expanded list of Ethernet Type 2 protocols has been added in release 2.0.4. • Pre-Configured Names & Filters The “EP Names & Filters” folder which is on the distribution disk contains over 350 pre-configured filters broken into protocol categories: AppleTalk, DECnet, IP, NetWare, SNA and Other. To load these filters, bring up the capture filters from the Capture menu and then choose Load Filters... from the File menu. When filters are loaded, they are stored in the EtherPeek Preferences file in the System Folder. Each filter is over 500 bytes long so if you load many filters, your preference file may get quite large. Also, enabling many filters will slow capture processing. These folders also contain Name Table text files which can be imported into the Name Table to take advantage of some pre-configured known names for the protocols and vendor IDs of interest. To exercise the power of EtherPeek's filtering mechanism and experience the usefulness of the new Filter Statistics window, try the following: 1. Bring up the Filters Window and enable a few filters that will capture packets on your network. 2. Click on the Start Capture button. If you resize EtherPeek‘s Main Window to be wider, a column is displayed on the right which shows which filter each packet passed in order to be captured. 3. Choose Filter statistics from the Statistics menu. The number of packets captured by each filter is shown in a bar graph. To generate the most useful filter statistics, you may want to control the order that filters are applied to packets. For example, you may wish to filter first for NBP Reply packets and then for other NBP packets. If the NBP filter is applied first, then the NBP Reply filter will never be used since NBP packets will always pass via the NBP filter applied first. However, if the NBP Reply filter is applied first instead, the NBP filter will indicate all NBP packets which are not an NBP Reply. Initially, filters are applied in the order that they are enabled (checked). However, whenever the filters are sorted or the program exits and then is re-launched, the filters are thereafter applied in the order that they appear in the filter window (if they are enabled). For this reason, once you have an ordering of the filters that you like, you may want to sort the window by the order that the filters were enabled or by the depth of filtering in the packet. Both of these sorting options are provided by the Sort item under the Filter menu. • Additional Analysis Features All of the statistics are recomputed when you use post-capture filtering (Select) and the "Swap Selected" and "Hide" options under the Edit menu. Once packets are selected in the Main Window, as a shortcut you may hold down the option key while pulling down the Edit menu and the "Hide Selected Packets" item becomes "Hide Unselected Packets". • Create New Filters More Quickly There are several shortcuts for creating filters. You can select one or more packets in the Main Window and then choose the "Make Filter..." item from the "Special" menu. A filter is created for each selected packet with the address and protocol fields pre-configured based upon the corresponding fields in the selected packets. You can also create a filter based upon a node or protocol in a statistics window and (optionally) another node or protocol in the statistics details windows. Click on the node or protocol in the statistics window and then click on the Show Details button. Click on additional nodes and/or protocols in the detail window. Then choose the Make Filter... item from the Special menu. A filter is created with the relevant corresponding information. In all cases, the filter is presented so that you may edit the fields over and above the pre-configured information. You may also Cancel and NOT add the filter if you change your mind. • Quick Selection of Related Packets In some cases, you may not need to create a filter to see packets involved in a network conversation. In each of the situations described in the section above about creating filters more quickly, you may choose the Select Related Packets item from the Special menu instead of Make Filter... as described. This will cause EtherPeek to create a temporary filter and then select packets using it, all in one step! • Smart Decoders & Threads In decoding packets, some protocols can reveal more information in their decode if a “thread” is formed between the request packet and the response packet of a transaction. Among all the protocols that EtherPeek decodes, this improvement is only necessary within NetWare, the IP protocol NFS and the AppleTalk protocols PAP, ASP and AFP. Other protocols decoded by EtherPeek do not require (nor could they benefit from) “threads” per se. EtherPeek automatically forms threads and makes use of them as you step through the decoding of successive packets. However, if you select one packet in the Main Window and then choose the "Make Threads" item from the Special menu, EtherPeek will try to find any corresponding request and response packet related to the selected packet in order to subsequently decode the selected packet with more information. If two or more packets are selected in the Main Window when the Make Threads item is chosen, EtherPeek will only look among the selected packets for the request and response pairs. Stated another way, if you use post-capture filters (Select) or Select Related Packets to select packets in the Main Window and then look at those packets in order, there is really no need to use the Make Threads command. However, if you select a packet at random or select multiple packets in a conversation that you wish to view in reverse or random order, Make Threads may help you get more decoded information out of those packets. • Create Name Table Entries More Easily You can create entries in the Name Table from any of the node or protocol statistics windows or by using packets selected in the Main Window. Simply click on the items of interest and choose "Insert Into Name Table..." from the Special menu. EtherPeek will only prompt you for the names of any items which are NOT already in the Name Table. • Use Wildcards to Help Investigate EtherPeek v. 2.0.x introduced the wild card feature in address and protocol specifications. This powerful feature can be used to find generalized protocol types (e.g., all forms of DECnet) and as an aid to investigate unknown addresses using the established vendor IDs defined for Ethernet interfaces. A Name Table file containing a complete list of vendor IDs is found in the “Other” folder within the “EP Names & Filters” folder. Import this into your Name Table to use the wild carding capability of EtherPeek. • Additional Demo Notes Since capture time is limited to 15 seconds in this demo, sample data is also provided, should you wish to use it. Choose "Load Packets" under the File menu when EtherPeek's Main Window is the frontmost window on the screen to select any of the sample files in the EtherPeek Samples folder. The QuickTour document that accompanies this demonstartion software will step you through a variety of explanations and exercises with these samples. Thank you for reviewing the features and functionality offered by our software! For further information, please contact us. The AG Group, Inc. 2540 Camino Diablo, Suite 200 Walnut Creek, CA 94596 (800) 466-AGGP (Sales) (510) 937-7900 voice (510) 937-2479 fax internet: info@aggroup.com AppleLink: AG.GROUP