Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks NN46110-602 manual Pcap features

Models: NN46110-602

1 230

Download 230 pages 7.59 Kb

Page 104

104 Chapter 5 Packet capture

PCAP initially occurs to the RAM buffer. A low priority task writes the RAM buffer to disk files, called the disk capture files. Although you can set the maximum size of this file, when the maximum file size is reached, PCAP can continue writing the captured data. You specify the directory where to save the files, and you use the automatic backup option (specific backup) to copy or move the files to another machine. If you use the automatic backup option, you must specify the path that specific backup uses to save PCAP files. If you want to back up a file every time the file changes, select auto trigger for the specific backup. For more information about automatic backup, see “Automatic backups” on page 52.

If you set the size of a disk capture file to a value other than 0, PCAP automatically saves the capture in a file and creates a new file with a name as follows:

<prefix>YYMMDD.<extNr>

where:

<prefix> is a two-digit prefix derived from the capture name that identifies the capture.

YYMMDD is the year, month, and day

<XXX> is a monotonically incrementing number that is the file extension.

The default value for the buffer size is:

•minimum 5 packets when capturing packets on disk, with no packet loss

•minimum 20 packets when capturing packets on disk, with packet loss

•1 megabyte (Mbyte) for capturing packets in RAM

PCAP features

Packet capture enables the VPN Router to perform the following tasks:

•simultaneously capture network traffic at different sources (physical interfaces, tunnels, and the VPN Router as a whole)

•capture inbound or outbound traffic, or both

NN46110-602

Image 104

Nortel Networks NN46110-602 manual Pcap features

Contents

Nortel VPN Router Troubleshooting Copyright 2007 Nortel Networks. All rights reserved TrademarksRestricted rights legend Statement of conditionsNortel VPN Router Troubleshooting Nortel Networks Inc. software license agreementGeneral Contents Chapter Status and logging Chapter Troubleshooting Chapter Packet capture Appendix a MIB support Appendix B Using serial PPP Index Contents NN46110-602 Figures Figures NN46110-602 Tables Tables NN46110-602 Before you begin Text conventionsItalic text Acronyms L2TP Related publications Hard-copy technical manuals How to get help Finding the latest updates on the Nortel Web siteGetting help over the phone from a Nortel Solutions Center Getting help from the Nortel Web siteGetting help through a Nortel distributor or reseller Features New in this releaseSnmp interface index enhancement Automatic backupsPcap enhancements Chapter VPN Router administration Administrator settingsVPN Router administration Dynamic password ToolsSystem configuration File managementSimple Network Management Protocol Snmp VPN Router administration Click Enable for User IP Address Pool Admin Snmp Traps windowTo configure the amount Chapter Status and logging Sessions ReportsStatistics SystemHealth check Accounting Accounting recordsRadius accounting Data collection taskTimestamp Logs Event logSelect Status Event Log Event logsCapture and display filters Configure Display Entity System log Security logConfiguration log Chapter Administrative tasks ShutdownUsing the recovery diskette RecoveryAccessing the diskette drive Recovery Diskette window Software/backup/v101/SN01001 Administrative tasks Automatic backups Using the GUI for automatic backup Transferring backup files through SftpTriggering a backup when a file or directory changes Select Admin Auto BackupAutomatic Backup window appears. Figure Click Configure Specific Backup Specific Automatic Backup window To overwrite a file, click Overwrite files at destinationUsing the CLI for automatic backup Backing up changes to specific files or directories Stopping the backup of specific files and directoriesBacking up specific files and directories Using Sftp to transfer backup files Stopping the transfer of backup files using SftpUpgrading the software Disabling new loginsSelect Admin Shutdown Click Disable new logins. Figure Select Admin File System Checking available disk spaceCreating a control tunnel to upgrade from a remote location Backing up system files Creating a recovery disketteSelect Admin Recovery and click Create Diskette Select Admin Upgrades Retrieving the new softwareFTP menu example Before completing the upgrade Internal Radius Accounting Interim Radius Accounting RecordApplying the software After you upgrade the softwareSelect Admin Shutdown and deselect Disable new logins Administrative tasks Chapter Troubleshooting Troubleshooting tools Client-based toolsSystem-based tools Other toolsSolving connectivity problems Diagnosing client connectivity problemsCommon client connectivity problems Login not allowed at this time Authentication failedRemote host not responding Maximum number of sessions reachedExtranet connection lost Other IPsec errorsNo proposal chosen Problems with name resolution using DNS services Network browsing problems Cannot browse the network with NetBEUITroubleshooting Diagnosing WAN link problems Check the T1/V.35 interface Check the Hdlc framing Check the PPP layerSolving performance problems Performance tips for configuring Microsoft networkingEliminating modem errors Hardware encryption accelerator connectivityWhat should be configured on the Pptp or IPsec client? Why should Wins settings be different for extranet access? What Wins settings are recommended?What can you try on the Wins server when it is not working? Can I control which machine is the master browser? Why are subnet masks important? What should I do about subnets? Why cant I browse another client in a different tunnel? Troubleshooting Additional information Solving general problems Web browser problems and the VPN Client ManagerImproving performance with Internet Explorer Long delays when Web browsingEnabling Web browser options Web browser error messages Clearing your Web browser cache when upgradingInternal error message Clearing cacheNew administrator login ignored Excess resource consumption using Internet ExplorerDocument not found message Internet Explorer 4.0 multiple help windowsReporting a problem with a Web browser System problemsPower failure Distorted background imagesGroup and user profile settings not saved Select Servers Ldap Click Stop ServerSolving routing problems Client address redistribution problemsSolving firewall problems An error occurred while parsing the policyAn error occurred while communicating with the VPN Router Action Close the Stateful Firewall ManagerUnable to communicate with the VPN Router Authorization failed. Please try againContents of the database may have changed Deselect Cache JARs in Memory System files were not loaded properlyAction Troubleshooting NN46110-602 Chapter Packet capture Pcap features Security features File formatTunnel captures Capture typesPhysical interface captures Global IP captures Triggers Filters and triggersCapture filters Saving captured data Memory considerationsPerformance considerations Enabling packet capture on a VPN Router Enter Privileged Exec mode Serial main menu appearsSetting the Pcap file path Capturing packets to disk fileSetting the maximum number of disk capture files Setting the size of the RAM bufferSetting the size of a disk capture file Creating a capture object Configuring and running packet capture objectsSaving captured data Configuring a capture object CES#capture ether0 Tunnel capture parameters Using the show capture command to display capture status Starting, stopping, and saving capture objectsCES# show capture Exit Capture Configuration mode Sample packet capture configurationsInterface capture object using a filter and direction Interface capture object using triggers CES#show capture test-filter-inCES#capture test-trigger start Tunnel capture object using a remote IP address CES#show capture test-trigger Capture state Stopped by stopLocate the Microsoft Windows row and click local archive Installing Ethereal softwareViewing a packet capture output file on a PC Click ethereal-setup-n.nn.n.exe Saving, downloading, and viewing Pcap filesViewing a Pcap file with Sniffer Pro Global IP captureDeleting capture objects and disabling packet capture Click Tools Options Protocol ForcingCES# no capture test-trigger Packet capture NN46110-602 Snmp RFC support Novell IPX MIBNovell RIP-SAP MIB RFC 1850-OSPF Version 2 Management Information BaseRFC 2667-IP Tunnel MIB RFC 1724-RIP Version 2 MIB ExtensionRFC 1213-Network Management of TCP/IP-Based Internets RFC 2787-VRRP MIB RFC 2737-Entity MIBRFC 1573-IanaIfType MIB RFC 2233-If MIBRFC 2571-Snmp-Framework MIB RFC2790-Host Resources MIBRFC2495-DS1 MIB RFC2863 Interface MIB 64 bit counters support VPN Router MIBCestraps.mib-Nortel proprietary MIB TRAP-TYPEVariables Newoak.mib Hardware-related traps Appendix a MIB support Appendix a MIB support Appendix a MIB support Server-related traps Appendix a MIB support Login-related traps Software-related trapsIntrusion-related traps System-related trapsInformation passed with every trap Provides trap categories and explanations Provides descriptions for the VPN Router traps Appendix a MIB support VPN Router traps MIB descriptions Appendix a MIB support VPN Router traps MIB descriptions Attached Failed Please note that X corresponds to Is not reachable and at least one Appendix a MIB support Appendix a MIB support VPN Router traps MIB descriptions IfReasonForStatus-ces-reason for the change in status Appendix a MIB support VPN Router traps MIB descriptions That triggered this event Appendix a MIB support VPN Router traps MIB descriptions Appendix a MIB support VPN Router traps MIB descriptions That triggered this event Appendix B Using serial PPP Establishing a serial PPP connectionSetting up a Dial-Up Networking connection Double-click the Microsoft Dial-Up Networking iconSelect System Settings Setting up the VPN RouterSetting up the modem Appendix B Using serial PPP Troubleshooting Serial PPP Dialing in to the VPN RouterCause ActionsAction PPP option settings Appendix B Using serial PPP NN46110-602 Certificate messages Error removing CA certificate fileInstalled new CA certificate from file TCert task creation failed TCert X.509 certificates disabled in flash memoryTCert Shutdown complete Isakmp messages Isakmp 13 No proposal chosen in message from xxx a.b.c.dIsakmp 13 Authentication failure in message from xxx a.b.c.d Isakmp 13 xxx a.b.c.d has exceeded idle timeout-logging out No response from client-logging outCouldnt install route for remxxx@xxx Branch office messagesSSL messages Checking chain invalid parent certChecking chain invalid child cert Child cert xxx not valid signature by xxxConfiguration file xxx does not exist Database messagesNo matching trusted CA certs Failed to startLdif file could not restore Security messagesAccount xxxxxx uid xxx not found in account AuthServer ldap inconsistent no server type in entrySecurity store new system name xxx failed-xxx Conn backlog reached, possible SYN attackSecurity store new system IP address xxx failed-xxx Error copying entry xxx to Error copying subentries of xxx toError copying tree xxx to Security store new system subnet mask xxx failed-xxxError deleting entry Error deleting treeSchemaCls Database schema not available LocalAuthServer failed remove-xxxSession xxx uid invalid-authentication failed Session xxxxxx invalid uid-authentication failedXxx xxx being referenced by Session xxxxxx session rejected-system is initializingSession xxxxxxxxx xxx auth method not allowed Session xxxxxxxxx AddLink failed xxx current linksSession xxxxxxxxx L2TP host xxx account misconfigured Session xxxxxxxxx account is disabledSession xxxxxxxxx IP address assignment failed Session xxxxxxxxx account has max linksSession xxxxxxxxx connect Qos level xxx full Session xxxxxxxxx authentication failed usingSession xxxxxxxxx account not allowed now Session xxxxxxxxx login rejected new logins disabled Disable logins after restart checkbox is selectedSession xxxxxxxxx no memory free xxx threshold Session xxxxxxxxx only one session/static address allowedSession xxxxxxxxx pool address xxx already in use Session xxxxxxxxx session directed to use serverSession xxxxxxxxx static address xxx already in use Session xxxxxxxxx system has max sessionsRadius server-name server timed out Radius accounting messagesRadius no reply from server server-nameport number Non-matching ID in server response Radius server-name server failedIndicated packet length too large Unsupported response type number received from server Received bad attribute type from serverResponse OK Radius user-name accounting record sent to server-name OKRadius no reply from Radius server server-nameport number Radius authentication messagesLogin failure due to Server network connection failure Radius server-name server timed out authenticating user-name Non-matching id in server response Radius server returned access challenge Radius access challenge receivedRadius server rejected access Radius server-name sent challenge for user-nameRadius user-name access Denied by server server-name Radius user-name access OK by server server-nameOspf Disabled Routing messagesOpened OSPF-RTM connection Ospf EnabledClosing OSPF-RTM connection Can not accept x.x.x.x as router id LoadOspfAreas FailedLoadOspfIntf Failed VR xxx Starting xxx as Master forVR xxx Shutting down xxx on VR xxx Starting xxx as Backup forVR xxx Starting xxx as master delayed Backup for Unable to get configuration for VR RIP xxx RIP EnabledRIP xxx RIP Disabled RIP xxx Cant alloc main nodeRIP xxx Circuit xxx deleted RIP xxx Unable to register with UDPRIP xxx setsockopt RIP socket xxx Sorcvbuf xxx failed RIP xxx bind RIP socket xxx failedRIP xxx Unable to spawn timer task xxx for RIP RIP xxx cid xxx mismatched auth password fromInterface nnn not present, deleting from config Interface nnn replaced, resetting configInterface nnn replaced, deleting from config HWAccel nnn not present, deleting from configAppendix C System messages NN46110-602 Appendix D Configuring for interoperability Configuring the Cisco 2514 router, VersionVPN Router and Cisco 2514 network topology NN46110-602 Following is a show config command Configuring the VPN Router for Cisco interoperability Appendix D Configuring for interoperability Connecting to IRE SafeNET/Soft-PK Security Policy Client Mask10.42 Click Pre-Shared KeySafeNet/Soft-PK Security Policy Editor dialog box appears Configuring the VPN Router for IRE interoperability Encapsulation Protocol ESPSA Life Seconds and 3000 Seconds Go to Profiles Networks and click EditThird-party client installation Considerations for using third-party clients Appendix D Configuring for interoperability Configuring the VPN Router as a branch office tunnel Configuring the VPN Router as a user tunnel Set Perfect Forward Secrecy PFS to match the client sideTo configure the VPN Router as a user tunnel Configuring IPX IPX client IPX group configuration Sample IPX VPN Router topologyWindows 95 and Windows Windows NTIPX topology Nortel VPN Router Troubleshooting Appendix D Configuring for interoperability NN46110-602 Index Index Pptp Wins