Alarm Example, MAC Errors | Finisar Surveyor manual

Surveyor

User’s Guide

Alarm Example, MAC Errors

Figure 9-7. Alarm Example, MAC Errors

This example shows an alarm group consisting of five MAC Layer alarms: Errors (two alarms), Oversize Frames, CRC/Alignment, and Fragments. Each of these alarm counters are checked at five-second intervals. When an alarm threshold for any of these five alarms is exceeded, Surveyor issues an audible alarm and displays a message in Surveyor’s message window.

Assume that overall error rate is of particular interest in this example. The Severity setting instructs Surveyor to include a Warning message with all alarm messages when the error rate is greater than 250. The Actions setting instructs Surveyor to send an e-mail message whenever the rising value (threshold) for the overall error rate exceeds 250.

9-16

Image 200

Finisar Surveyor manual Alarm Example, MAC Errors

Contents

Surveyor Trademarks and Copyrights Finisar Software License AgreementLicense Term Limited Software Warranty Restricted Rights LegendPatent and Copyright Indemnification Limitation of Liability Customer Support Phone Customer Support FAXInternet Address World-Wide Web Mailing Address Table of Contents Configuring Surveyor Surveyor Resources and Modes Views Transmit Specification Capture and Display Filters Alarms 10-1 10-15 10-58 10-102 Multi-QoS 11-1 12-1 13-1Counters Utilities Implementation Profile Pre-Defined Filter TemplatesKeyboard Shortcuts Parser Names List of Figures 10-1 List of Tables Application Layer Host Table View, Table Column Descriptions 11-21 11-8 Surveyor Introduction Function Description Surveyor FunctionsSurveyor Functions Introduction Analyzer Devices Protocols SupportedFinisar Analyzer Devices Finisar Device Description XNS AppleTalk Phase2 DECnet PhaseOracle Suite IPX/SPX Suite Banyan Vines Suite IBM ISO Whats New in Release Capture to Disk and THGsE Analyzer SupportDisk Caching Capture Management New and Enhanced Protocol Decodes Expanded Multi-QoS SupportSmnp Extended Agent Surveyor System Requirements System RequirementsRAM PII Desktop PC Upgrading SurveyorSupported Analyzer Cards and Network Adapter Cards Installing Surveyor Installing Analyzer Hardware Installing Analyzer Hardware in a Desktop PCInstalling the THGm, Windows NT Installing THGm, Windows 2000/XP Installing Analyzer Hardware in a Notebook PC Cdrom Installation Installing More Than One Analyzer Card in a Notebook PC Compatibility Matrix Hardware/Software Compatibility Matrix Surveyor Surveyor System Launching Surveyor Default Account Names, Passwords and Privileges Basic Navigation Tips Surveyor Getting Started Module Toolbar Summary View Buttons and ToolbarsSurveyor Toolbar Buttons and Toolbars Detail View Toolbar Getting Started Data Views Toolbar Getting Started Surveyor Design window Filter Design ToolbarFilter States Design Toolbar Surveyor Capture View Toolbar Surveyor Getting Started File Formats Providing a Name Table to Surveyor Establishing Links for THGm Docking Windows Configuring the InterfaceCustomizing Views and Windows Capture View Display Options Configuring Surveyor Setting Histogram Colors Histogram Options Setting Histogram Zoom Factor Setting the Histogram Download SizeSetting the Monitoring View for a Module Choose Monitor View Preferences Configuring Chart Views Table Views Module Settings Properties Hardware Device Properties Default Module Settings Module Setting Default ValuesBuffer Size Packet Slice Slicing Size Expert Analysis Mode Non-Well-Known-Ports ModeStop-and-Save Capture Buffer Modes System Settings Monitor M-QoS Only ModeConfiguring Ports to Scan WKP4620 Configuring Remote Communications RSP Time Out value Setting Update Timers Protocol Color Coding Default Display Timer Settings Display Timer Default Value Disk Capture Location Disk OptionsCache File Location Configuring Alarms Configuring Counter LoggingHistory Log File Settings and Default Values Log Setting Mmddhhmm.ss Mmmonth ddday hhhour mmminute sssecond Configuring a Multi-Port Tap or Switch Configuring a Multi-Port Tap or Switch Settings for Analyzer Devices Setting the Local COM Port for Taps and SwitchesConnecting a Tap with THGs or THGsE Resetting an Analyzer Device Click the Reset Host/Image Upgrade button Updating an Analyzer Device Surveyor.ini File Advanced ConfigurationCustomizing Expert Diagnostic Information Mapping= port num,short name,long name Assigning Names to Protocols MonitorMONITOR.INI Format Port num Short nameLong name MONITOR.INI Examples Mapping=2900,VIDEO,Video Audio Network Communicator Mapping=921,CXP,Company X ProtocolMapping=6063, XWIN6063,X Windows on port How Surveyor Assigns Protocol Names Monitoring Well-Known Ports 11. Default Names for Non-WKP TCP Ports 12. Default Names for Non-WKP UDP PortsMonitoring Non Well-Known Ports Name TCP port values Assigning TCP or UDP Ports to Protocol Parsers Mapping=port num,ip addr,parser name,name Port numIp addr Parser name Parser Names Surveyor Resources and Modes Resource Browser Remote Resources Surveyor Software Naming Remote IP Resources Aliases Host Properties Dialog Box for Establishing an Alias Privilege Description Resource ProtectionRemote User Privileges Settings option from the Module ModesHardware Devices Surveyor Resource Modes Description Resource Type Hardware Device Capabilities Ndis Synchronized ResourcesHardware Device Capabilities Hints and Tips for Resources Surveyor Views Static Data Tab Description/Action Summary ViewModule Window Tabs Within Summary View Detail View Vlan Detail View Using Capture + Monitor Mode in Detail View Summary Pane Capture ViewCapture View Window Configuring the Capture View Display Creating Filters from Capture ViewExporting and Printing Decodes Display Options Histogram Options Other Options Histogram Color Coding Histogram Display and Button Controls Views Histogram Display Showing Colors Histogram Default Colors Histogram Display, Large Capture Example Histogram Button Controls Histogram Mouse Controls Sizing/Selecting Areas with the Mouse Right Mouse Options in the Histogram Saving Portions of the DataLine Graph or Stair Step Linear Scale or Logarithmic Scale Packet Editor Resume AnalysisPacket Editor Buttons Button Description/Action Data Views Editing in Decode ViewEditing in Hex View Ring Statistics View Token Ring Only MAC Statistics View Rx MAC Statistics View Capture MAC Statistics View Tx Frame Size Distribution View Chart Protocol Distribution View Protocol Distribution View, Chart Buttons Protocols Chart Button Description/ActionProtocol Distribution View, Chart Buttons Packets NET Utilization/Error View Protocol Distribution View, Graph Type ButtonsDisplay Button Description/Action 10. Protocol Distribution View, Table Column Descriptions Host Table View 11. Host Table View, Table Column Descriptions Network Layer Host Table View 12. Network Layer Host Table View, Table Column Descriptions Application Layer Host Table View Host Matrix View 14. Host Matrix View, Table Column Descriptions Network Layer Matrix View 15. Network Layer Matrix View, Table Column Descriptions Application Layer Matrix View 16. Application Layer Matrix View, Table Column Descriptions Vlan Vlan View Table Column Description Address Mapping View17. Vlan View, Table Column Descriptions Duplicate Address View Expert plug-in only 18. Address Map View, Table Column Descriptions19. Duplicate Address View, Table Column Descriptions Vlan ID Multi-QoS View Multi-QoS software only Expert View Expert plug-in onlyApplication Response Time View Expert plug-in only Hints and Tips for Using Views Surveyor Filter Design window Getting Started with the Filter InterfacePress the Create/Modify Capture Filter Creating Filters with Filter Templates Available Filter Templates box Add Port Numbers to Custom Filter Templates Sample Filter Design window is shown below Creating and Applying a Conversation Protocol and Frame TypeStation Addresses ISL, Q+EV2 Traffic Direction Indicator Apply Conversation to Template Check Box Creating and Applying a Port Number Selecting Filter TemplatesDefining Port Numbers Conversation Element Description Custom Templates Based on Pre-Defined Templates Multiple Byte Patterns in Filter TemplatesCreating Custom Filter Templates Custom Templates Based on Specification of Byte Patterns Entering Values that Cross Byte Boundaries Bit-Level Filtering Filter Creation Creating Filter Template Combinations Filter Actions Operator Buttons for Template Combinations DescriptionNot Template Combination box Actions for Capture Filters Capture Filter ActionsAction Description Packets until the buffer is %% full field Display Filter Actions Actions for Display FiltersCounter Conditions for Filters Global Values that Affect Capture Filter Actions Frame TypesCapture Filter Global Values Capture Filter Global Description Multi-State and Multi-Statement Filters Frame types are shown in Table Example Filter States Design Window Filter Structure GoTo Current State Filter StatesChanging States Changing Filter Operation Filter Statements Activating Capture Filters Capture and Display Filter DifferencesActivating Display Filters Filter Examples Filter Example, Capture Conversation Surveyor Filter Example, Template Combination Filter Design Window, Template Combination Example Surveyor Filter Example, Capture TCP Port Traffic Filter Design Window, Capture TCP Port Example Surveyor Filter Example, Advanced Filter Advanced Filter, Filter States Design Window Rules of the Capture or Display Filter Hints and Tips for Using Filters Filtering Tips Unique to THG-class Devices Transmit Specification Transmit Specifications Transmit Specification Dialog Box Defined Streams List Box Radio Buttons and Fields for Defining a Stream Transmission Mode and Status Controls Transmit Specification Control ButtonsStream Buttons Stream Function Buttons Repeating Frames Transmit Specification Control ButtonsControl Button Transmit Specification Function Surveyor Stream Mode Rate Setting Stream ModesBursts Stream Modes Packet Editor Transmission ModeSpecifying Transmit Data Changing Fields Directly in the Dialog Box Packet Editor Button Editing Function DA and SA Fields Packet TypePacket Size Data Field Using Templates Creating Templates Transmit Specification Examples Transmitting Capture Files Transmit Specification Example, Packet Gaps Transmit Specification Example, Bursts Transmit Specification Dialog Box, Bursts Hints and Tips for a Transmit Specification Surveyor Alarms Current Module Alarms Current Module Alarms Alarms Mqos Alarm EditorAlarm Editor Description Multi-QoS Alarms Data Link Layer, Ethernet Expert AlarmsTransport Layer Using Alarms with Different Devices YES Thresholds and Alarms Alarm Actions Alarm Actions Description Support by Host Type Log File Settings Mail SettingsAlarm Actions Settings Pager Settings Snmp Trap Settings Trap Settings for THGs Trap Settings for Surveyor Hosts Viewing the Alarm List and the Alarm Log Hints and Tips for Alarms Alarm Examples Alarm Example, Utilization Alarm Example, MAC Errors Alarm Example, MAC Errors Alarm Example, Frame Size Alarm Example, Frame Size Alarm Example, VoIP Calls Alarm Example, Call Jitter and Call Setup Time Alarm Example, Expert and Application Response 10. Alarm Example, Expert and Application Response Surveyor Expert Features Expert System Views Getting Started with Expert ViewApplication Response Time View Duplicate Network Address View Expert Features Expert Overview Details Expert Overview Detail Table Example Expert Layers Layer Description Expert Application Layer Example 10-8 Expert Symptoms and Analyses by Layer Expert Analyses Tables in the Detail Area for Symptoms Expert Symptoms, Analyses, and Network EntitiesSymptoms Entities AnalysesTables in the Detail Area for Analyses Entities for the Transport Layer Example Network Lists for Entities Application/Session Lists for EntitiesTransport Lists for Entities Data Link Lists for Entities Expert Diagnostic Messages Expert Diagnosis Example Configuring the Expert System Working with the Expert System Module Settings for the Expert System Setting Expert Alarms Working with Timestamps Exporting Expert DataPrinting Expert Data Application Response Time Working with Analyzer Devices Rate of change of SMB Mailslot Broadcasts=40 Application LayerExcessive Mailslot Broadcasts Login attempts=4 FTP Login AttemptsExpert Symptom Missed Browser Announcement Time passed since last announcement=4000 ms 3000 ms NCP File Retransmission Between 00000010.0207012303E3 and 302A9950.000000000001 NCP Read/Write Overlap NCP Request Denied Requests denied within 100 ms=5 NCP Request Loop Loops on same request in 100 ms NCP Server Busy Rate of change of NCP Server Busy=5 NCP Too Many File Retransmissions File retransmission ratio is 8 / 28 = 28% NCP Too Many Requests Denied Requests denied ratio is 8 / 28 = 28% NCP Too Many Request Loops Requests loops ratio is 8 / 28 = 28% NFS Retransmissions No Http Post Response Http Post request not responded No Server Response Smtp server not responded Slow Http GET Response Slow Http GET response=3608 ms 2000 ms Slow Http Post Response Slow Http Post response=2918 ms 2000 ms Slow Server Connect Slow FTP server connect=298 ms 200 ms Slow Server Response Slow Smtp server response=1258 ms 1000 ms SMB Invalid Network Name Invalid network name in tree connect SMB Invalid Password Invalid password Wins request not responded within 1000 ms Session LayerNo Wins Response TNS Slow Server Connect Slow TNS server connect=298 ms 200 ms TNS Slow Server Response Slow TNS server response=238 ms 200 ms Transport Layer Idle Too Long Non Responsive Station Station 206.250.228.11 not responding TCP Checksum Errors SA=206.250.228.69 DA=206.250.228.11 TCP Fast Retransmission TCP Frozen Window 10-48 TCP Long Ack TCP Repeat Ack Acknowledgement number is less than the one before TCP Retransmissions TCP RST Packets TCP SYN Attack Rate of change of TCP SYN’s=150 Data length of 128 bytes exceeds last window size TCP Window ExceededCount TCP Window Probe Between 206.250.228.69/TCP/IP WKP1988 206.250.228.11/SMTP TCP Zero Window Expert Diagnosis Too Many Retransmissions Retransmission ratio is 49 / 50 = 98% Addr=206.250.228.67 Network LayerDuplicate Network Address Hsrp Coup SA=206.250.226.11 DA=206.250.228.69 Hsrp Errors Hsrp Resign Icmp All Errors Parameter ProblemDestination Unreachable Source Quench Redirect Icmp Bad IP Header Icmp Destination Host Access Denied Cannot be reached by SA=206.250.228.11 DA=206.250.228.69 Icmp Destination Host Unknown Icmp Destination Network Access Denied Icmp Destination Network Unknown Icmp Destination Unreachable 10-69 Icmp Fragment Reassembly Time Exceeded Icmp Fragmentation Needed D/F set Icmp Host Redirect Icmp Host Redirect for TOS Icmp Host Unreachable Icmp Host Unreachable for TOS Icmp Inconsistent Subnet Mask Addr=206.250.228.69. Subnet mask=255.255.255.240 Icmp Network Redirect Icmp Network Redirect for TOS Icmp Network Unreachable Icmp Parameter Problem Icmp Port Unreachable Icmp Protocol Unreachable Icmp Redirect Icmp Required IP Option Missing Icmp Source Quench Icmp Source Route Failed Icmp Time Exceeded Icmp Time to Live Exceeded Illegal Network Source Address Addr=255.255.255.255 IP Checksum Errors IP Time to Live Expiring TTL=1 SA=206.250.228.69 and DA=206.250.228.11 ISL BPDU/CDP Packets ISL Illegal Vlan ID Vlan ID=1036 Ospf Broadcasts RIP Broadcasts Router Storm Rate of change of Router Broadcasts=5 Same Network Addresses Addr=255.23.252.6 SAP Broadcasts Total Router Broadcasts Unstable MST Rate of change of Topology=10 Zero Broadcast Address Addr=0.0.0.0 MAC Layer Bad Frames Broadcast/Multicast Storms Rate of change of Bcast/Mcast Packets=500 CRC error with more than 63 bytes CRC Frame counter Excessive ARP Rate of change of ARP Requests=20 Excessive Bootp Rate of change of Bootp/Dhcp Requests=25 Excessive Broadcasts Excessive Collisions Excessive Multicasts CRC error with less than 64 bytes Fragment Frame Illegal MAC Source Address Addr=FFFFFFFFFFFF CRC error with more than 1518 bytes Jabber Frame Network Overload Utilization=42% New MAC Stations Oversized Frame Oversized frame has more than 1518 bytes Overload Frame Rate Overload Utilization Percentage Physical Errors Rate of change of Errors=450 Runt Frame Runt frame has less than 64 bytes Same MAC Addresses Addr=00800F13A65B Total MAC Stations Hints and Tips for Expert Features Configuration dialog box Summary of Expert Counters and SymptomsResponse Time Alarm editor Summary of Expert Features Summary of Expert Features TOS ISL BPDU/CDP Surveyor TCP RST Surveyor Multi-QoS Using Multi-QoS with Analyzer Hardware Protocols Supported by Multi-QoS Multi-QoS User Interface Overview Channel View Table Call Summary Range TableAll Calls Table Surveyor and Rtcp Jitter Values Summary Range GraphsCall Tables for a Specific Range Call Details for a Single Call Configuring Multi-QoS Multi-QoS Configuration Refresh Options MQoS Window Management Alarm Log Monitor OnlyProtocol Type Timeout Value Multi-QoS Performance Optimization Call Filtering with Multi-QoS Red Phone All Calls TableH323 Field Descriptions for All Calls Table All Calls Table Field Descriptions Call Jitter, Call Rtcp Jitter, Call Setup Time Call Range Graphs and Summaries Multi-QoS Configuration, Call Jitter Ranges Dropped Packets, Rtcp Dropped Packets Multi-QoS Packets Dropped Graph Example Multi-QoS Configuration, Packets Dropped Field Descriptions for Call Range Summaries Call Range Summary Field Descriptions VQMon Metrics Multi-QoS R-factor Example Multi-QoS Configuration, R-factor Ranges Ranges for R-factors Network R-factor User R-factor Utilization Graph 10. Multi-QoS Utilization Graph Example Field Descriptions for Call Details 11. Example Call Details Window H.323 Sccp Call Field Descriptions FID H.323 Call Field Descriptions Field Name Description SIP Call Field Descriptions Field Name Channel Table Details 10. Unknown Call Field Descriptions 12. Channel Table Example 11. H.323, SIP, or Unknown Channel Table Column Descriptions Multi-QoS 12. Sccp Channel Table Column Descriptions Playback PCMU/PCMA Data Filtering on Single ChannelsCall Playback Customizing Multi-QoS Table Displays Customizing All Calls or Range Summary Tables Customizing Channel Tables 14. Multi-QoS Channel Table View Options, Sccp Example Choose Export Multi-QoS Data... from the File menu Exporting Multi-QoS DataExporting All Multi-QoS Data to CSV Format Exporting a Single Multi-QoS Table to CSV Format 11-34 Counter Type Description Packet CountersMAC Layer Counter Types Error Counters Custom Counters Counters Last frame received Expert Counters Network Unknown, Destination Host Unknown, Destination Net Overload Utilization Percent Surveyor Multi-QoS Counters Counter Log File Overview Log Directory Structure Utilities Name Table Utility Utilities Building a Name Table From the Network NIS-to-Name Table Conversion Utility NIS2NAM output-name-table Sniffer Translator Utility Internet Advisor Translator UtilityGet Version Information Utility Sniffer Translator Utility, Tool Menu Options From the Tools menu, choose Merge Histogram Files Convert Capture Files to Histogram FilesMerge Histogram Files Extract Frames From a File Using a Filter Logging UtilitiesExport Utilities Exporting Packets Exporting Tables to CSV Format or Graphs to a Bitmap Exporting to Optimal CSV Format Exporting Counter Log Files to Excel Choose Export to Optimal Performance from the File menu 13-11 13-12 Buffers How Resources Use BuffersTable A-1. Buffer Types Used By Surveyor Buffer Type Description Table A-2. Resource Use of Buffers Resource Buffer Usage Table A-4. Hardware Transmit Functions Hardware DependenciesTable A-3. Hardware Real-Time Functions Table A-5. Hardware Capture Functions Table A-6. Hardware Connectivity About Ndis Mode Captured PacketsCapture Rate / Transmit Speed Counters Set Capture Buffer and Packet Slicing Size Ndis Configuration OptionsSetting the Interface Pre-Defined Filter Templates Filter Templates ARP MacdabroadcastHEX Fffffffffff Macdamulticast Eigrp IcmpIgmp DEC SAP IPX RIP IPXRsvp DNS TCP FTPHttp Imap Sccp SmtpTCP Telnet Dhcp DNS UDPMgcp UDP NB-DATAGRAM NTP RIP UDPSIP Snmp Dsap HEXHEX F0F0 HEX E0E0 Nmpi Snap HEX AAAA03Snaparp Snapcdp Islarp Isldns TCPIsleigrp Islftp Islldap HEX FfffffffffffHEX 01005EFFFFFF Islmgcp TCP Islsmtp IslsspIsltcp Isltelnet HEX 0B HEX 0CHEX 0D HEX 0F HEX 2AHEX 0E Nonmac Keyboard Shortcuts Function Keys Standard and Navigational Keys Keyboard Shortcuts Surveyor Recognized Parser Names Table D-1. Parser Names, DLC SuiteParser Name Protocol Table D-2. Parser Names, Applications and Others Table D-4. Parser Names, Banyan Suite Table D-3. Parser Names, Apple Talk SuiteParser Name Protocol Name Table D-7. Parser Names, Fujitsu Suite Protocol Name Table D-5. Parser Names, Cisco Suite Protocol NameTable D-6. Parser Names, DECnet Suite Protocol Name Table D-8. Parser Names, IBM Suite Table D-9. Parser Names, Internet Suite Table D-9. Parser Names, Internet Suite Protocol Name Table D-10. Parser Names, Internet Next Generation Suite Table D-11. Parser Names, Netware Suite Table D-12. Parser Names, PPP Suite Protocol Name Table D-13. Parser Names, XNS Suite Protocol Name Table D-14. Parser Names, H.323 Suite Table D-15. Parser Names, ITU Codecs Table D-19. Parser Names, VPN Suite Protocol Name Table D-17. Parser Names, Other Multimedia Protocol NameTable D-18. Parser Names, Intel Suite Protocol Name Surveyor Glossary Alarm Browser Avvid Capture Mode Dram Expert View Log Files Ndis NIS Pause Sccp Token Error Transmit Specification WKP Index Index-2 Index Index-4 Index-5 Index-6 Index-7 Index-8 Index-9 Index-10 Index-11 Index-12 Index-13 Index-14