Proxim Harmony 802.11a Network Adapter 802.11a Technické informace

Observer Reference Guide September 2003

2 Introduction

92 The Statistics Menu Graph horizontal scale:• “Pixels/interval” spinbox—allows you to set how many pixels each interval display will occupy.• “Secon

Network Errors by Station Mode 93 Network Errors by Station ModeThe Network Errors by Station mode displays network error packets broken down by the s

94 The Statistics Menu • The summation header displays the number of stations and the total number of packets analyzed.• The station error list box sh

Network Vital Signs Mode 95 • Create Filter on station address(es)—activates the Filters dialog.• Create Filter on pair address(es)—activates the Filt

96 The Statistics Menu As with the Network Activity Display, the following colors have specific meanings:• A yellow line anywhere in the display repre

Network Vital Signs Mode 97 collisions, this means that some station on your network is not respecting the traffic of other stations. see “Collision E

98 The Statistics Menu • “Item color” dropdown—allows you to select the color of the main display item.• “Item plot” dropdown—offers a choice of the i

Network Vital Signs Mode 99 Summary List ViewPlot ViewDisplay PropertiesDifferent error thresholds can be set in the Display Properties dialog. The gr

100 The Statistics Menu • “Utilization %” spinbox—allows you to select the utilization threshold number.• “CRC errors % Total Packets” spinbox—allows

Network Vital Signs Mode 101 Setup PropertiesThe Setup dialog for Collision Expert Analysis lets you configure thresholds for warnings about aberrant

3 Installing ObserverSystem RequirementsWindows PC requirements: Pentium 400 or better with 256MB minimum RAM, 512MB recommended. Display: SVGA runnin

102 The Statistics Menu List ViewTo start Collision Expert Analysis, click the Collision Expert Analysis tab.Display PropertiesDisplay properties can

Network Vital Signs Mode 103 Right-Click Menu• Start Packet Capture on station address(es)—activates the Filters dialog.• Start Packet Capture on pair

104 The Statistics Menu 3D Chart ViewPie View

Pair Statistics (Matrix) Mode 105 3D Chart and Pie Display PropertiesData:• “Maximum items” spinbox—allows you to select the maximum items to be displ

106 The Statistics Menu This will make watching one conversation amongst many hundreds much easier. To zoom in, highlight the pair you are interested

Pair Statistics (Matrix) Mode 107 List ViewThe List view of Pair Statistics shows all pairs and the latency times between conversations.Display Proper

108 The Statistics Menu • IP address option button—allows you to view stations by IP address.• MAC address option button—allows you to view stations b

Pair Statistics (Matrix) Mode 109 Display PropertiesDisplay properties can be set by right-clicking on the display or by clicking the Settings button.

110 The Statistics Menu • Show all stations—shows all stations.• Show traffic only for selected stations—shows all traffic for the highlighted station

Pair Statistics (Matrix) Mode 111 • Start Packet Capture on station address(es)—activates the Filters dialog.• Start Packet Capture on pair address(es

4 Installing Observer Network Instruments’ fax numbers are:• (952) 932-9545 in the US and outside of Europe, and • +44 1959 569881 in Europe and the U

112 The Statistics Menu 3D Pie Chart View3D Chart and Pie View Display PropertiesData:• “Maximum items” spinbox—allows you to select the maximum items

Protocol Distribution Statistics Mode 113 are being used and if there are any unknown or misconfigured protocols on your network. You can have a maxim

114 The Statistics Menu 3D Pie Chart ViewSettings• “Use Current Filter” checkbox—Check this box if you want only packets matching the current filter c

RMON Tables 115 • “Define Protocols for Protocol Distribution Statistics”—displays a dialog that lets you define the protocols to be displayed:• Displ

116 The Statistics Menu both). By examining historical information you can tell whether this is a chronic problem, which might indicate the need for a

Router Observer 117 List and Dials ViewDials provide a “heads-up” immediate display of packets/second, bits/second, and interface utilization.Right-Cl

118 The Statistics Menu 3D Column Chart ViewPie ViewChart and Pie View Display PropertiesData:• “Maximum items” spinbox—allows you to select the maxim

Access Points Load Monitor 119 • “3D depth” spinbox—allows you to select the 3D depth of the graph items.• “3D angle” spinbox—allows you to select the

120 The Statistics Menu SettingsTo use the Access Points Load Monitor you will need to first configure the mode. This is done by clicking the Settings

Access Points Load Monitor 121 3D Column Chart ViewPie ViewChart and Pie View Display Properties

Running Observer or a Probe 5 Running Observer or a ProbeYou must reboot your PC before you can run Observer (or a Probe). Once rebooted, you can run

122 The Statistics Menu Data:• “Maximum items” spinbox—allows you to select the maximum items to be displayed.Graph:• “3D depth” spinbox—allows you to

Packet Size Distribution Statistics Mode 123 • “Source” option button• “Destination+Source” option button—in most cases, you will want to use the Dest

124 The Statistics Menu Display PropertiesDisplay properties can be set by selecting the right-click menu item or by clicking the Settings button. The

Top Talkers Statistics Mode 125 • Find—displays the Find dialog.• Settings—displays the Display Properties dialog.3D Column Chart View3D Pie ViewTop T

126 The Statistics Menu Menu PathStatistics->Top TalkersPurposeTop Talkers Statistics shows all stations on your network (subject to your filter cr

Top Talkers Statistics Mode 127 IP Properties Tab• “Remove inactive IP address after (min)” spinbox—removes inactive IP addresses (IP addresses which

128 The Statistics Menu MAC TabThe MAC view offers a display of stations by MAC address.Display PropertiesDisplay properties can be set by right-click

Top Talkers Statistics Mode 129 IP TabThe IP view offers a display of stations by IP address.To begin collecting statistics, click the Settings button

130 The Statistics Menu • “Bar height” spinbox—allows you to select the bar height.Wireless Types Tab (active for wireless analysis only)This display

Top Talkers Statistics Mode 131 Wireless Speeds Tab (active for wireless analysis only)This tab shows signal strength, quality, the overall rate and d

6 Installing Observer 5. Next, setup will ask if you want to install Observer, Advanced Probe, or RMON Probe. Select Observer.6. Setup will ask where

132 The Statistics Menu Wireless Latest Tab (active for wireless analysis only)This tab shows the strength, quality, and speed of the wireless network

Utilization History Mode 133 Once the Utilization History graph is displayed, it automatically begins capturing data. The display of the data will dep

134 The Statistics Menu Display PropertiesDisplay properties can be set by right-clicking on the display or by clicking the Settings button. The Setti

Utilization History Mode 135 3D Column Chart View3D Line Chart View

136 The Statistics Menu Dial ViewThe dial view of Utilization History provides a view of longer term information about your bandwidth utilization. The

Utilization Thermometer Mode 137 Utilization Thermometer ModeThe Utilization Thermometer displays the current network bandwidth utilization as a perce

138 The Statistics Menu Setup PropertiesTo use Web Observer you will need to first configure the mode. This is done by clicking the icon, which will

Web Observer 139 List ViewThe Web Observer mode can be activated from the main window by selecting Statistics > Web Observer. The main display show

140 The Statistics Menu • In bytes—displays the number of bytes sent from the listed station to the specified Web server.• Out packets—displays the nu

Wireless Access Point Statistics 141 Right-Click Menu• Start Packet Capture on station address(es)—activates the Filters dialog.• Start Packet Capture

Ethernet Errors By Station and NIC Driver Installation 7 packet in any way. Without some way of passing error packets up to the operating system or ap

142 The Statistics Menu This mode is an all-purpose tool for maintaining performance and security on a WLAN that uses APs, showing you: • Wireless sta

Wireless Access Point Statistics 143 • Associations—The number of associations (connection sessions) that have been established with this AP.• Bytes—T

144 The Statistics Menu Right-click MenuIn Graph and List views, you can create a filter or start a packet capture on any listed station or AP. You ca

Wireless Site Survey 145 General Information TabThis table summarizes essential information about what access points and stations are currently visibl

146 The Statistics Menu Management Frames TabDisplays detailed information about wireless management frames, including association requests and respon

Wireless Site Survey 147 Signal TabDisplays detailed statistics on wireless signal strength and quality, as well as data rates being used by stations

148 The Statistics Menu • Retries—Total number of retries reported on this channel.• Min Quality—The poorest quality signal seen, expressed as a perce

Configuring Triggers and Alarms 149 Start the Triggers and Alarms mode by clicking the Start button.The initial Triggers and Alarms display shows the

150 The Statistics Menu 3. Once you have set which alarms you would like to activate, select the “Triggers” tab to configure the specific Alarm option

Configuring Triggers and Alarms 151 the ten second time period, this 10 second time period is not considered as data for this trigger.This value ensur

8 Installing Observer • For PCMCIA adaptershttp://www.networkinstruments.com/html/osup1002.htmlWireless NIC Driver InstallationFor Observer to properl

152 The Statistics Menu This value ensures that the trigger will not be activated during a slow period of network activity when a particular device or

Configuring Triggers and Alarms 153 Ethernet Frame Errors by StationThis trigger activates when there is an Ethernet frame error by station observed.•

154 The Statistics Menu the trigger. For example, if you set the minimum number of packets to 1000 and the averaging period to 10 seconds, then if les

Configuring Triggers and Alarms 155 • “Use current filter profile” checkbox—when selected, allows you to use the current protocol filter.Number of Pac

156 The Statistics Menu Sequence of Bytes at OffsetThis trigger allows you to set a trigger on a user-defined event.• “Sequence (hexadecimal)” textbox

Configuring Triggers and Alarms 157 • “Exclude hardware addresses” combo box—allow you to select the hardware address.• “Use current protocol filter”

158 The Statistics Menu • “Averaging period (sec)” spinbox—Specify how long to collect packets for calculating the average.• “Use current filter profi

Configuring Triggers and Alarms 159 • “Modify Known AP” button—Launches a dialog from which you can provide a list of known Access Points.• “Use curre

160 The Statistics Menu • “Print to the default Windows printer” checkbox—when selected, prompts Observer to print a trouble ticket to the default Win

Configuring Triggers and Alarms 161 •WRITE THE WHOLE EVENT LOG option button—if selected, writes the whole event log.• “Use these settings for all ala

Ethernet Errors By Station and NIC Driver Installation 9 2. Click the Hardware tab and then the Device Manager... button to display the Device Manager

162 The Statistics Menu The Management Information Base, or MIB, for Observer’s traps is NETINST-MIB.MIB and will be found in the “Observer Files” dir

Wireless Vital Signs 163 display shows aggregate errors for your ring. Should these aggregate errors indicate a problem, specific errors by station ar

164 The Statistics Menu PurposeThe Wireless Vital Signs mode shows current wireless activity mapped with current wireless error conditions on your WLA

Network Summary 165 Dial View:In Dial View, vital signs are plotted against 4 axes, each representing one of the four protocol-defined bit rates. This

166 The Statistics Menu PurposeThe Network Summary’s browsable tree is a convenient place to find all the major statistical counts of bandwidth usage,

167 Trending and Analysis MenuNetwork Trending ModeNetwork Trending OverviewObserver’s Network Trending mode, in conjunction with the Network Trending

168 Trending and Analysis Menu provides a more accurate statistical picture than a protocol analyzer that tries to process all incoming data. A protoc

Network Trending Mode 169 Network Trending Network Trending is where Observer collects data for later viewing with the Network Trending Viewer. Networ

170 Trending and Analysis Menu The Internet Observer Trending pane contains the following items:• Pairs—lists the number of station pairs on the netwo

Network Trending Mode 171 6. To start Network Trending, choose Trending/Analysis > Network Trending from the main Observer menu or click on the Sta

10 Installing Observer 5. Click Next. The Wizard asks you how you want to update the driver:6. Choose “Search for a suitable driver for my device (rec

172 Trending and Analysis Menu • “Modify Network Trending and Internet Observer TCP/IP Subprotocols” button—click to display the List of IP SubProtoco

Network Trending Mode 173 9. To delete the selected protocol, click on the YES button. To cancel the delete request, click on the NO button.Network Tr

174 Trending and Analysis Menu data flowing on your network (when Network Trending uses a constant amount of disk space for each collection period).•

Network Trending Mode 175 • “Statistics collection interval” textbox—allows you to set the time period, in minutes, for which Network Trending will lo

176 Trending and Analysis Menu • View Probe data listing option button—when selected, allows you to view the Probe data listing.• Start Network Trendi

Network Trending Mode 177 Network Trending data. Branches with a root entry ending in “(Internet)” contain Internet Observer data. Branches ending in

178 Trending and Analysis Menu The Statistics Toolbar contains the following buttons in order from top to bottom:Stations activity time—displays when

Network Trending Mode 179 The Options Toolbar (IP Trending)When displaying IP trending data, the Options Toolbar contains the following buttons—in ord

180 Trending and Analysis Menu Show data by time—shows data by time. List—shows data in list format.Line graph—shows data as a 2-D line graph (not av

Network Trending Mode 181 The Options Toolbar (Internet Trending)When displaying Internet trending data, the Options Toolbar contains the following bu

Ethernet Errors By Station and NIC Driver Installation 11 A file locator dialog is displayed:8. Enter (or browse to) the following directory (assuming

182 Trending and Analysis Menu Using Network Trending Viewer to Display ResultsTo start Network Trending Viewer:1. Open Network Trending Viewer.2. Sel

Network Trending Mode 183 Network Trending Viewer – Observer List ViewNetwork Trending Viewer – Observer Alternate Columns View

184 Trending and Analysis Menu Network Trending Viewer – Observer Separate Columns ViewNetwork Trending Viewer – Pie Chart View

Network Trending Mode 185 Network Trending Viewer – Internet List Internet Patrol ViewNetwork Trending Viewer – Internet List IP to IP Pairs (Matrix)

186 Trending and Analysis Menu Network Trending Viewer – Internet List IP SubprotocolsWAN Delay AnalysisWAN Delay Analysis compares both ends of a con

WAN Delay Analysis 187 When you select the Connection Dynamics button, the following items are displayed in the Header bar:• File 1—displays the numbe

188 Trending and Analysis Menu WAN Analysis Setup PropertiesCaptured Buffer Files to Analyze:• “File 1” and “File 2” textboxes—displays the captured b

WAN Delay Analysis 189 • “Time Synchronization Window (mSec)” spinbox—allows you to set the maximum number of seconds for time synchronization.• “Maxi

190 Trending and Analysis Menu • Rename button—displays the Modify Profile Name dialog.Profile IP Map Values:• IP1—displays the IP address of the firs

WAN Delay Analysis 191 time, matched packets, direction of packets, dropped packets (will be displayed in red type), time of first packet, and time of

12 Installing Observer The wizard displays a list of compatible drivers:10. Choose the appropriate analyzer driver with the “NI” prefix (“NI/Nortel Ne

192 Trending and Analysis Menu “Color” dropdown—allows you to select the color of the display item you have selected.Application AnalysisMenu PathTren

Application Analysis 193 Graph ViewApplication Analysis Graph view shows you transactions: total, completed, and failed:Note that if you have chosen t

194 Trending and Analysis Menu SettingsYou can change the display properties of the graph (its colors, scale, etc.) by clicking the Graph tab on the s

Application Analysis 195 By checking the Graph Specific Request box, you will limit the completed, failed, and total transactions statistics being gra

196 Trending and Analysis Menu

197 The Tools MenuDiscover Network Names ModeCaptures network addresses and assigns them aliases.Menu PathTools->Discover Network NamesPurposeDisco

198 The Tools Menu List View1. To start Discover Network Names, select Tools > Discover Network Names from the main Observer menu or click on the

Discover Network Names Mode 199 Add Alias1. To add an alias, click on the Add Entry button. The Add Alias dialog will be displayed. 2. Select an Addre

200 The Tools Menu Right-Click Menu• Start Packet Capture on station address(es)—activates the Filters dialog.• Start Packet Capture on pair address(e

Discover Network Names Mode 201 Right-Click Menu• Start Packet Capture on station address(es)—activates the Filters dialog.• Start Packet Capture on p

Network Instruments Hardware Probes and Systems 13 *The table below shows what driver to select for each of the supported wireless NICs:Network Instru

202 The Tools Menu Click on the IP button to display the setup options.• “Replace aliases by newly discovered name” checkbox—allows you to replace any

Discover Network Names Mode 203 • “Replace aliases by newly discovered name” checkbox—allows you to replace existing aliases with a newly discovered n

204 The Tools Menu • an ASCII (text) file that contains line entries for each MAC Address entry (these files must have a .ali filename extension)The f

Ping/Trace Route 205 LocalAddressTable.adr, is stored in the LocalAddressTable directory under the Observer installation directory.1. You can add a ne

206 The Tools Menu PurposeObserver’s Ping/Trace Route permits the user to see if specific stations on an IP network are active and to trace a route fr

Replay Packet Buffer 207 • “Packet size” dropdown—if the Ping option button is selected, this edit box selects the number of “ping” packets, or ICMP e

208 The Tools Menu Main pane:• “Select buffer” textbox and button—allows you to enter the name of the buffer (.BFR) file to be transmitted. Enter the

SNMP MIB Editor 209 SNMP MIB EditorSee “The MIB Editor” on page 352.SNMP MIB WalkerLets you walk a MIB to determine what objects it contains.Menu Path

210 The Tools Menu • The “Choose existing SNMP devices...” button allows you to pick an SNMP device to create a MIB profile from a list of SNMP device

Switch Station Locator 211 Viewing the MIB TreeSelecting the View Tree button from the Walk Agent MIB dialog displays the Walk Agent MIB Tree Viewer.

14 Installing Observer

212 The Tools Menu PurposeSelect this option from the Tools menu to view the MAC addresses of devices connected to switches on the network. The Switch

Switch Station Locator 213 • “Community” text box—Enter the IP community of the switch on which you want to locate stations. Note that this string is

214 The Tools Menu • Port If Number—The SNMP Port Interface number for the station• Port Name—The name of the port connected to the station.• Address—

Traffic Generator 215 You can display the Traffic Generator dialog in Observer by selecting Tools > Traffic Generator.• “Packet size” textbox—allow

216 The Tools Menu Traffic Generator Right-Click Menu• Set Destination Address—displays the Select Address dialog.• Set Source Address—displays the Se

Edit Switch Scripts 217 you’ve entered the code, click Tools -> Enterprise Licensing to display the Enterprise Licensing dialog:• Identification—di

218 The Tools Menu Edit SNMP Switch Script Filesee “SNMP Scripts” on page 319.Define Protocols for Protocol Distribution StatisticsSee “Settings” on p

Switch Setup Dashboard 219 Switch Setup Dashboardsee “Main Switch Dashboard – Switch Setup Tab” on page 309.Select Address Table for Local Observersee

220 The Tools Menu The table below lists all the rule types and setup options. A setup dialog is displayed when you first create a rule; you can edit

Filter Setup for Selected Probe 221 The following sections detail all the types of filter rules and their settings.Specify a WAN DLCI by number.Specif

15 Main Observer DisplayThe main Observer display includes a number of display components that can be docked or free floating. Most display areas can

222 The Tools Menu Filtering by AddressThis rule lets you look at traffic by address or address pair. Setup options are described below:Filtering for

Filter Setup for Selected Probe 223 Filtering by Packet LengthYou can filter for packets that are less than, greater than, or equal to a given length

224 The Tools Menu Filtering for a Text, Hexadecimal, or Binary PatternWhen defining a Pattern rule, you can enter a specific offset from the beginnin

Filter Setup for Selected Probe 225 Filtering by PortFiltering by port is useful in many different troubleshooting and security monitoring scenarios.

226 The Tools Menu Filtering by WAN DLCIIf you have deployed one of Network Instruments WAN Probes or Systems (or you are post-filtering a packet capt

Filter Setup for Selected Probe 227 Filtering by Wireless Access Point, Data Rate, and Signal StrengthObserver includes filter rules useful for 802.11

228 The Tools Menu Here’s how to create a simple, one-rule filter to capture that traffic:1. Choose Filter setup for selected Probe from the tools men

Filter Setup for Selected Probe 229 4. Choose IP as the address Type, and Single address as the range for both address 1 and address 2. Select (or ent

230 The Tools Menu view, you can right-click to set a filter or direct a filtered capture from that station. You can set a pattern filter by right cli

Filter Setup for Selected Probe 231 programmed to send mail whenever the honeypot receives packets on ports 23 or 80 from a system outside of your net

16 Main Observer Display Observer BasicsObserver MenusFile Menu• License Observer—when Observer is not licensed, this displays the Licensing dialog. I

232 The Tools Menu From the Multiple Filters Selection dialog, you can:• Select which filters to apply by clicking the checkboxes.• Edit and Delete fi

233 The Options MenuObserver General OptionsThe Observer General Options dialog allows you to select the general settings for Observer. These include

234 Observer General Options •The Disable Observer features options let you choose to disable selected Observer features for bandwidth, processor, or

Observer General Options 235 Observer General Options–Notifications TabThe Notifications tab lets you set up the page and email services that Observer

236 Observer General Options • Server IP address—IP address of the pager service provider.• Port number—port number of the pager service provider.For

Observer General Options 237 Configuring Your Paging ServiceYou may have to modify some settings in order to adapt to the local environment. It will b

238 Observer General Options dialing: Observer will dial only the numbers and pause for approximately one-half second for each comma character. 5. Sel

Observer General Options 239 Configure TAP SettingsTAP (Telecator Alphanumeric Protocol) is a messaging industry standard protocol for sending message

240 Observer General Options • “Use error control” checkbox—allows you to select whether or not the modem’s error control features will be enabled.• “

Observer General Options 241 • “Modem line” dropdown—allows you to select from among the currently defined modem devices. These devices are from those

Observer Basics 17 • Load and Analyze Observer Capture Buffer—allows you to load a previously saved packet buffer for analysis by the Decode and Analy

242 Observer General Options Advanced Pager Settings1. Check the “Apply advanced pager settings” checkbox and click on the ADVANCED button to display

Observer General Options 243 Pager Service Tray IconWhen Observer is launched, the icon is displayed in the Windows tray. You can right-click on the

244 Observer General Options Paging Server SettingsThe Paging Server Setting dialog contains the following items:• “Wait for service connection” (seco

Observer General Options 245 • Refresh event list button—clears the event list.Send PageThe primary use of Send Page is to enable the user to test the

246 Observer General Options Observer General Options – SNMP TabThis tab will not be active unless you have purchased a licensed copy of Observer Suit

Observer General Options 247 SNMPv1 is, in practice, by far the most commonly-used standard; very few agents support SNMPv2.• “Repeat alarm notificati

248 Observer General Options Observer General Options – Trending Tab• “Network Trending Folder” sets the location for Observer to store Network Trendi

Observer General Options 249 • which Observer console (local or remote) to direct the data to.Creating a Probe InstanceTo set up a Probe Instance, fol

250 Observer General Options The Memory Configuration dialog is displayed:4. Select an appropriate Capture Buffer size given the local system’s availa

Observer General Options 251 The Probe Adapters and Redirection tab will now list the new Probe instance:Configuring User Accounts for Secure AccessIf

18 Main Observer Display Capture Menu• Packet Capture—displays the Packet Capture mode.• Decode and Analysis—displays the Decode and Analysis submode.

252 Observer General Options To display security information by user account, press the User Account button to the left of the Probe Instances button.

Observer General Options 253 Creating or Editing a User AccountTo create a new account click New User Account; to edit an existing account, select the

254 Observer General Options Check the desired options and click OK. When you grant this account access to another Probe instance, the permissions wil

Observer General Options 255 Right click any instance and select Edit Probe Instance... to access the memory allocation dialog:This dialog lets you se

256 Observer General Options Enter a descriptive name for the custom memory configuration and select a previous configuration as a model for the new c

Selected Probe or SNMP Device Properties 257 reserves its memory from Windows upon startup so that no other applications can use it and cause the buff

258 Selected Probe or SNMP Device Properties Edit Probe Entry Tab• “Name” textbox—displays the name of the Probe. Note: The Local Probe title address

Selected Probe or SNMP Device Properties 259 Note: When switching from Advanced to Switched mode, you must configure Observer for switched operation.

260 Selected Probe or SNMP Device Properties • “Maximum capture buffer (MB)”—displays the maximum capture buffer Observer will allow you to configure

Selected Probe or SNMP Device Properties 261 Wireless 802.11a/b TabThis tab is available if the currently selected Probe is an 802.11b wireless device

Observer Basics 19 • Efficiency History—displays the Efficiency History mode. See “Efficiency History” on page 73.• Errors by Station—displays the Eth

262 Selected Probe or SNMP Device Properties • Primary Antenna Only—If you are not using the standard snap on antenna, choose this option if the ante

263 Actions MenuRedirecting ProbesWhen using Observer with a Probe you can redirect a Probe from one Observer console to another, or from another to t

264 Actions Menu RMON Probe Configuration – Edit Probe Entry TabThis section provides Observer with the basic RMON Probe connection and timing values.

Adding/Configuring an RMON Probe 265 • “Vital signs report (refresh) period (10-600 sec)” textbox—allows you to define the number of seconds between r

266 Actions Menu • “Network type” display—allows you to view the network type the Probe is monitoring.• “Network speed” display—allows you to view the

Adding, Editing, or Deleting an SNMP Device 267 Trap Destinations TabThis tab lets you the define SNMP management systems that will receive traps. T

268 Actions Menu

269 Real-Time ExpertOverviewReal-Time Expert incorporates all of the features of Observer and adds Observer’s Expert system to help identify problems

270 Real-Time Expert identification. Should a particular packet require further investigation, its decode is only a click away.• Server Analysis—displ

Getting Started with Expert Analysis 271 You may also view the Expert Thresholds (OSI Model) display by clicking the button.Expert Thresholds define

20 Main Observer Display • Triggers and Alarms—displays the Triggers and Alarms mode. See “Triggers and Alarms Mode” on page 148.Trending/Analysis Men

272 Real-Time Expert 1. Click the Edit Expert Profile button to begin the process. This will display the Edit Expert Profile dialog.2. To create a new

Getting Started with Expert Analysis 273 Data Link Tab• Broadcast Storm—triggers the number of broadcast frames per second.• Ethernet Alignment—frames

274 Real-Time Expert • Token Ring Beacons—number of beacons present on the ring.• Token Ring Burst Errors—burst error reports per minute.• Token Ring

Getting Started with Expert Analysis 275 Network Tab• ICMP Echo Requests—the maximum number of ICMP echo requests (pings) per workstation per second.•

276 Real-Time Expert Transport Tab• IPX Busy—percentage of server busy replies. • IPX Retransmissions—percentage of IPX retransmissions.• NETBIOS Retr

Getting Started with Expert Analysis 277 Session TabSession data is compiled for all data associated with a particular port-based conversation. This i

278 Real-Time Expert the local network and Internet/WAN and for initial connection (slow connect) as well as for ongoing communications (slow response

Getting Started with Expert Analysis 279 Values are required for the local network and Internet/WAN, and for ongoing communications (slow response).•

280 Real-Time Expert • LPD Application Processing Time—defines the application processing time delay for LPD that is considered marginal and critical.

Using Real-Time Expert 281 Using Real-Time ExpertReal-Time Expert analyzes all captured packets and each captured packet’s contents in order to identi

Observer Basics 21 • Ping/Trace Route—opens the Ping/Trace Route window. • Replay Packet Buffer—displays the Replay Packet Buffer mode. • SNMP MIB Edi

282 Real-Time Expert • Expert Summary—a collection of critical events from the various Expert Events sections, as well as a display of non-TCP based e

Using Real-Time Expert 283 If the amount of RAM available for the Observer buffer is not large or is not large enough to capture the event in question

284 Real-Time Expert Number of Expert list entries to keep:• “TCP conditions and events” textbox—defines the number of TCP items that will be tracked.

Using Real-Time Expert 285 Expert Global Settings – IP Range TabThese items define how Real-Time Expert identifies which conversations are local (netw

286 Real-Time Expert Expert Global Settings – TCP/IP TabThese items define how IP conversations will be identified.Compact multiport connections to a

Using Real-Time Expert 287 would be as many separate conversations recorded for the Real-Time Expert system as there are IP addresses collected. It is

288 Real-Time Expert Expert Global Settings – What-If Analysis TabThis dialog sets the default items for the What-If Analysis display.Graph Settings:•

Expert Displays 289 • “Server” spinbox—allows you to set the default server processing time. Server processing time is the amount of time the server r

290 Real-Time Expert Expert Button BarThe Expert button bar has three sections: Summary, Expert Data, and Analysis. The Summary and Expert Data sectio

Expert Displays 291 The Summary is typically the first place to begin using the Expert. Once a general set of metrics is identified with respect to th

© 2003 Network Instruments, LLC iLimited Warranty—SoftwareNetwork Instruments, LLC will replace defective media or documentation for a 60-day

22 Main Observer Display Actions Menu• Redirect Probe—displays the Probe Redirection dialog. Redirecting a Probe lets the Observer console connect and

292 Real-Time Expert Analysis is offered for both client and server.TCP Events Row DefinitionsStation Columns:• First “Station/Port->” column—displ

Expert Displays 293 marginal values are displayed for Internet/WAN data that may naturally be slower than local response time data.Each level, for cri

294 Real-Time Expert • Station1/Port <-> Local network—sends conversation data (by port) for Station1 and all other stations on the local networ

Expert Displays 295 The ICMP Events dialog tracks ICMP errors and reports the error, station, port, and number of occurrences of the error.For specifi

296 Real-Time Expert NetBIOS EventsThe NetBIOS Events dialog tracks NetBIOS communication errors. Columns display the protocol, status, number of pack

Expert Displays 297 A wizard then displays a series of dialogs that let you configure what will be included in the report and the pathname under which

298 Real-Time Expert Retransmissions and lost packets are flagged in red for quick identification. The packet display can contain either a brief or de

Expert Displays 299 determine if the problem with this connection is temporary and transient, or indicates a more serious problem on the network.Conne

300 Real-Time Expert The graph on the top of the Server Analysis display shows the response times for each level of simultaneous requests. An average

Expert Displays 301 You can only do What-If modeling on conversations that have a recorded server (the second address in any conversation) delay.The t

Observer Basics 23 • Observer General Options—displays the Observer General Options dialog. These options include general Observer options and options

302 Real-Time Expert Server Characteristics:• “Server type” dropdown—options include Database, Ftp, Level, and Web servers. Each different server sele

Expert Displays 303 • Show Reference Lines—displays a “reference line” indicating the speed of the network/WAN from the initial capture data. This wil

304 Real-Time Expert The RTP timestamp units are based on the sampling rate for a particular payload type. In the case where there are multiple source

305 Switched Observer Introduction to Switched ObserverObserver provides the ability to gather statistics and capture port data for switched environme

306 Switched Observer example, if a system on port 3 of a switch has a packet destined for port 7, the switch will create a virtual segment between po

Introduction to Switched Observer 307 and switches from lower-end manufacturers do not offer any management options whatsoever.If your switch does not

308 Switched Observer RMON and protocol analysis is not typically complementary in the way SNMP and protocol analysis can be. Rather, RMON is the “pro

Using the Switch Dashboard 309 • you must either write a script for Observer to control the mirroring or use one of the scripts included, and• you mus

310 Switched Observer Each switch being monitored will require a setup in the Switch Dashboard Dialog. This dialog can be displayed by selecting Tools

Using the Switch Dashboard 311 • “Switch script style” dropdown—allows you to select Telnet or SNMP. See “Switch Scripts” on page 312.• “Looping mode”

24 Main Observer Display • Windows—opens the Windows dialog that displays all open modes.Help Menu• Contents—displays the Help files contents.• Search

312 Switched Observer Switch Dashboard – Switch Management Log Tab• “Log switch management communication” checkbox—when selected, all communication wi

Switch Scripts 313 the switch in a timed fashion to manipulate the management properties of the switch. Observer emulates a VT100/ANSI emulator when s

314 Switched Observer the editor makes the task of entering tokens easier and will contribute to the overall accuracy of the script. Each line that is

Switch Scripts 315 Script TokensThe available script tokens are:• SEND-> token—follow this token by any sequence of keystrokes to be sent. • WAITFO

316 Switched Observer • {RepeatCharacter} button—sends the character immediately after the “>” for the number of times immediately after the charac

Switch Scripts 317 # send the next passwordSEND->mynextpassword{Enter}# wait for the switch to respond, and wait for the# CiscoSwitch# promptWAITFO

318 Switched Observer # turn port 1 monitoring offSEND->no port monitor FA0/1# wait for the switch to respond, and wait for the# CiscoSwitch (confi

Switch Scripts 319 SNMP Scripts Observer’s SNMP switch scripts are text files with the extension “.snm”. An example SNMP switch script file name might

320 Switched Observer the editor makes the task of entering tokens easier and will contribute to the overall accuracy of the script. Each SNMP command

Switch Scripts 321 “SET->” is the token“OID” is the specific SNMP OID (Object Identifier). An example OID would be “1.3.6.1.4.1.343.6.10.1.7.0”. “O

Observer Basics 25 Settings ToolbarYou can decide the look of certain mode views and you can choose the general settings of Observer.Each of Observer’

322 Switched Observer Note: Initial connection to the switch is done in the Switch Dashboard. See “Using the Switch Dashboard” on page 309.# Note 1: T

Switch Scripts 323 [Port2on]SET->1.3.6.1.4.1.343.6.10.2.4.1.21.1.1.2={Integer}=1PAUSE->20SET->1.3.6.1.4.1.343.6.10.1.7.0={Integer}=1PAUSE->

324 Switched Observer Switched ModesDiscover Network Names – SwitchedDiscover Network Names works in the same way for both switched and non-switched m

Switched Modes 325 1. Click on a checkbox next to a port. You may also select one or more ports by Control-clicking and then clicking CHECK SELECTED o

326 Switched Observer automatically scale from modem speeds of 1000 bits/second to gigabit speeds of 1000 megabits/sec.Y-axis values automatically to

Switched Modes 327 port is attached to only one system, or may display “multiple addresses” if the port is attached to multiple system via a downstrea

328 Switched Observer

329 Observer Suite: SNMP Management ConsoleSNMP Management Console is a part of Network Instruments’ Observer Suite, bringing the cross-platform SNMP

330 Observer Suite: SNMP Management Instead of defining a large set of commands, SNMP places all operations in a GetRequest, GetNextRequest, GetBulkR

SNMP Overview 331 MIBsA Management Information Base (MIB) is a formal description of a set of network objects that can be managed using the Simple Net

26 Main Observer Display Each icon launches a certain action.Actions are described below:Mode Commands ToolbarAll of Observer’s modes share some commo

332 Observer Suite: SNMP Management (All other MIBs are extensions of this basic management information base.) MIB-I refers to the initial MIB defini

Introduction to SNMP Management Console 333 done by SNMP Management Console and no specific OID knowledge is required to use SNMP Management Console.S

334 Observer Suite: SNMP Management Network Instruments designed SNMP Management Console as a highly functional, easy-to-use feature of FrameMaker Su

Introduction to SNMP Management Console 335 • The MIB Compiler compiles SNMP MIBs into the binary format used by SNMP Management Console and offers a

336 Observer Suite: SNMP Management Check the device or server manuals for more information on installing or enabling SNMP agents.Configuring SNMP Ma

Using SNMP Management Console 337 • List of SNMP Agents pane—displays each agent as an icon. Agents are queried by request files that define five type

338 Observer Suite: SNMP Management before deciding that the request was lost and the number of times SNMP Management Console will resend the packet.

Configuring SNMP Agents 339 only SNMP Extension is to have access to this sort of SNMP agent, set the IP address to the SNMP Extension’s console addre

340 Observer Suite: SNMP Management Some SNMP agents will respond to a menu request only if the management station IP address exists in the agent&apo

Configuring SNMP Agents 341 Network Device Properties – Notification TabNotify on Trap/Alarm:• “Email address” textbox—allows you to enter the email a

Observer Basics 27 Moving ButtonsTo move buttons from the main Observer display, drag the button and drop it in the desired location while holding dow

342 Observer Suite: SNMP Management Edit an SNMP AgentTo edit an agent, right-click on an existing agent entry and select the PROPERTIES menu item.De

Configuring SNMP Agents 343 or cascading formats. One window per agent is opened. Select a tiling choice from the Windows menu or click the appropriat

344 Observer Suite: SNMP Management malfunctioning. When an agent is down, the Event Log displays a message indicating that SNMP Management Console e

Collecting SNMP Agent Information 345 the chart in the current agent information window if one is open, or will open a new agent information window if

346 Observer Suite: SNMP Management Chart Properties – Chart Items Tab• Show items—displays your choice of monitored items in a chart.Chart Propertie

Collecting SNMP Agent Information 347 • “Polling frequency (sec)” spinbox—allows you to set how frequently SNMP Management Console will poll an agent

348 Observer Suite: SNMP Management Lists have only one limitation regarding type of object: they cannot display tabular objects. Lists can display t

Collecting SNMP Agent Information 349 4. The updated list information will be displayed. Collecting Forms InformationForms are SNMP Management Console

350 Observer Suite: SNMP Management To modify the sampling behavior of a form, right-click on the form and select FORM PROPERTIES. The Form Propertie

Collecting SNMP Agent Information 351 to collect information row by row until it reaches the end of the table. This process is called “traversing the

28 Main Observer Display • Reset button—allows you to reset the currently-selected button to its original values.Toolbar Setup – Commands Tab• Categor

352 Observer Suite: SNMP Management level of activity, or other condition. SNMP Extension collects incoming trap messages constantly. “Trap” and “tra

The MIB Editor 353 • Device Types (Requests)—a request file is the actual file sent to an SNMP agent, polling and/or setting the states of various MIB

354 Observer Suite: SNMP Management Using the MIB EditorThe following number of definitions may help in navigating the MIB editor dialogs.MIBMIBs are

The MIB Editor 355 Compiled MIBsSNMP Management Console compiles the MIB prior to using it to create requests. This is done to save on memory when par

356 Observer Suite: SNMP Management how you actually encode each data item in a message is defined by the ISO 8825/ITU X.209 standard.The Compile Pro

The MIB Editor 357 6. Once the MIB is successfully compiled, it will be automatically listed in the MIB Editor with the other compiled MIBs.7. Should

358 Observer Suite: SNMP Management The structure of the SNMP polling process suggests that an SNMP request can be considered a single object. By com

The MIB Editor 359 Creating A Custom Request File1. To create a custom request file, from the MIB Editor select Mode Commands > New Request File or

360 Observer Suite: SNMP Management 1. To create a new, blank chart, right-click on Charts and select NEW CHART. A new chart, entitled “New Chart” wi

The MIB Editor 361 Object Properties WizardClick on the YES button to display the New Item Properties dialog.• “Label” textbox—allows you to enter a l

Running Probes with Multiple Interface Cards 29 Activate Map mode by selecting View > Show Probe List as a Map.Once a Probe is displayed on the map

362 Observer Suite: SNMP Management Attached MIB Object• “ID” display—allows you to view the ID label for the chart item.• “Name” display—allows you

The MIB Editor 363 Set Triggers• “Chart item” display—allows you to view the chart item name.• “Upper threshold” checkbox—when selected, allows you to

364 Observer Suite: SNMP Management • Page phone number• Play sound file• Execute command line• Add to event logThese actions can be configured indep

The MIB Editor 365 3. Right-click on the new expression to rename it, if desired.4. Right-click on the renamed expression and select EDIT EXPRESSION t

366 Observer Suite: SNMP Management You may use MIB objects from two or more different compiled MIBs.5. Once complete, select Mode Commands > Save

The MIB Editor 367 3.4. Click on the “Set Triggers” tab to configure the trap’s alarms and to display the Set Triggers tab. Alarm actions can be set i

368 Observer Suite: SNMP Management • “Execute command line” checkbox—if selected, a triggering event will cause a DOS or Windows program to be run.

The MIB Editor 369 When the Form Editor is active, Mode Commands contains the following items:• Select Control—permits the selection of one or more co

370 Observer Suite: SNMP Management • Paste MIB Object—permits the insertion of a MIB object that has been cut or copied to the Windows Clipboard. •

The MIB Editor 371 When the Forms Designer is active, Mode Commands > Align Controls submenu contains the following items:• Undo Last Operation—rev

30 Main Observer Display Map sizes and color:• “Horizontal size” textbox—allows you to select the horizontal size of the map.• “Vertical size” textbox

372 Observer Suite: SNMP Management • Make the Selected Controls the Same Width as the Last Selected control—causes the selected controls or objects

The MIB Editor 373 Text Field Properties• “Wrap text (multi-line)” checkbox—allows you to break between words and wrap to multiple lines.• “Clip text

374 Observer Suite: SNMP Management Edit Field Properties• “Multiline” checkbox—if selected, the text will break between words and wrap to multiple l

The MIB Editor 375 • If the Arithmetic expression option button is selected, the bottom pane of the dialog will include a SET EXPRESSION buttonSetting

376 Observer Suite: SNMP Management 3. The Set Expression Indexes dialog will be displayed.4. Select the index you wish to modify and enter your chos

The MIB Editor 377 • “Associated MIB object” dropdown—allows you to choose among the MIB objects attached to the form. Combo Box Properties• “Sort lin

378 Observer Suite: SNMP Management Group Box Properties • “Label” textbox—allows you to add a descriptive label for the group box.• “Right aligned t

The MIB Editor 379 • “Stretch to bounding rectangle” checkbox—if selected, the bitmap will be stretched to the limits of the rectangular boundary, eve

380 Observer Suite: SNMP Management • “Associated MIB object” dropdown—allows you to select which of the MIB objects attached to the form will be pol

The MIB Editor 381 Enumerated Bitmap PropertiesStyles:• “Stretch to bounding rectangle” checkbox—if selected, the bitmap will be stretched to the limi

Uninstalling Observer 31 • Insert Ellipse—displays the Shape Description dialog.• Show Probe and SNMP Devices List—allows you to view the Probe and SN

382 Observer Suite: SNMP Management Configure Bitmap LabelText color:• Reverse option button—if selected, the label’s text color will be the reverse

The MIB Editor 383 Edit Ranges/Values1. Click on the <undefined value> line. 2. Click on the icon to choose the default bitmap to be displayed

384 Observer Suite: SNMP Management ConclusionThe complexities involved in the design and building of custom forms are considerable, but are more tha

The MIB Walker 385 SNMP MIB WalkerThe MIB Walker is accessed by selecting an SNMP device from the SNMP Agents pane and clicking Tools > SNMP MIB Wa

386 Observer Suite: SNMP Management 4. SNMP Management Console’s MIB Walker will step through all higher branches of the MIB tree (starting at the in

The MIB Walker 387 View MIB TreeSelecting the VIEW TREE button from the Walk Agent MIB dialog displays the Walk Agent MIB Tree Viewer. The Walk Agent

388 Observer Suite: SNMP Management Be careful to use the proper type of value when setting the value. If you attempt to set an integer SNMP value to

SNMP Technical Overview 389 By the end of 1991, the standard SNMP MIB specification was extended by the Remote Network Monitoring MIB (RMON). RMON pro

390 Observer Suite: SNMP Management When the management station needs information from an SNMP agent, it sends an SNMP request. SNMP specifications a

SNMP Technical Overview 391 specifications are used to describe the MIB objects: Abstract Syntax Notation One (ASN.1) and Basic Encoding Rules (BER).

ii Network Instruments Observer Reference GuideTechnical SupportNetwork Instruments provides technical support:By phone (depending on where you are

32 Main Observer Display

392 Observer Suite: SNMP Management ipAddrEntry OBJECT-TYPESYNTAX IpAddrEntryACCESS not-accessibleSTATUS mandatoryDESCRIPTION“The addressing informat

SNMP Technical Overview 393 The GetRequest PDU is used by the management station to retrieve the values of one or more objects from an agent. These va

394 Observer Suite: SNMP Management • “enterpriseSpecific” trap—the SNMP agent is notifying the management station about an event defined by the vend

395 Observer Suite: Web ReportingWeb Publishing Service is a part of Network Instruments’ Observer Suite, bringing Observer’s reporting ability to any

396 Observer Suite: Web Reporting allows an administrator to not only define which reports and statistics should be published for outside viewing, bu

Configuring Web Publishing Service 397 The Set Access to Trending Information tab lets you specify which statistics will be available for viewing and

398 Observer Suite: Web Reporting • “Network IP subprotocol distribution” checkbox—if selected, displays the major IP subprotocol distribution (e.g.,

Configuring Web Publishing Service 399 Web Server Options TabThe Web Server Options tab contains the following items:• “Request password to access Web

400 Observer Suite: Web Reporting • “Web server port” textbox—this textbox sets the port that will be used for accessing the Web server. Changes to t

Using Web Publishing Service 401 The Web Publishing Service Welcome page will be displayed.Whether or not you have configured Web Publishing Service t

33 The Capture MenuPacket Capture ModePacket Capture mode captures network traffic and stores the data for later viewing in the Packet View Decode win

402 Observer Suite: Web Reporting • Probe list—lists the Probes (including the built-in, local Probe that is part of Observer) for which trending dat

Using Web Publishing Service 403 • “Network IP group protocol distribution” checkbox—if selected, the report will capture network IP group protocol di

404 Observer Suite: Web Reporting • Show Report button—generates the report and displays the Trending Report page.The report has two parts:• Contents

Using Web Publishing Service 405 Click the INTERNET TRENDING button on the Web Publishing Service Welcome page to display the Internet Trending Report

406 Observer Suite: Web Reporting • “Switch IP group protocol distribution” checkbox—if selected, the report will capture switch IP group protocol di

Using Web Publishing Service 407 • Show Report button—generates the report and displays the Trending Report page.The Switch report is similar to the N

408 Observer Suite: Web Reporting Click the INTERNET TRENDING button on the Web Publishing Service Welcome page to display the Internet Trending Repo

Using Web Publishing Service 409 Internet Observer• Station (by MAC)—the MAC address of the first station in the conversation.• Talking to (by IP)—the

410 Observer Suite: Web Reporting It is possible to select any line or lines in the report. By clicking on either the CONNECTION DETAILS, the STATION

Using Web Publishing Service 411 SNMP TrendingAllows you to view SNMP trending data.Click the SNMP TRENDING button on the Web Publishing Service Welco

34 The Capture Menu Capture and then clicking on the Settings button. The Capture Setup dialog will be displayed.• “Capture Buffer size (Kilobytes)” t

412 Observer Suite: Web Reporting • “Average in time intervals” checkbox—if selected, the report will capture the average in time intervals you have

Creating Comparison Reports 413 Creating Comparison ReportsThe procedure for creating comparison reports is identical to that for creating summary rep

414 Observer Suite: Web Reporting

415 Observer Suite: RMON ConsoleRMON Console is a part of Network Instruments’ Observer Suite bringing the RMON (Remote Monitoring) standard to the Ob

416 Observer Suite: RMON Console RMON Probe and modify the read and write community string (if necessary). Once this information is entered, click on

RMON Modes 417 standard). Filtering by layer 3 IP address is not supported by the RMON standard. See “Filter Setup for Selected Probe” on page 219.Pac

418 Observer Suite: RMON Console Web Observer Mode• Comparative Standard Observer Mode Functionality: Similar• RMON Limitations: No ping test is avai

RMON Modes 419 Packet Size 1024-1518 Byte PacketsBroadcast PacketsBytesCollisionsCRC & Alignment ErrorsFragmentsJabbersMulticast PacketsOccurrence

420 Observer Suite: RMON Console NAUN ChangesOccurrence of Hardware AddressRing Poll EventsRing Purge EventsRing Purge PacketsSequence of Bytes at an

RMON Modes 421 Packet Size 1024-1518 Byte PacketsThe number of packets (including bad packets) received that were between 1024 and 1518 octets in leng

Packet Capture Mode 35 Windows to multi-task the receiving and analysis of the data going and coming from the Observer PC.• Do not include traffic fro

422 Observer Suite: RMON Console Note: The RMON standard does not consider an event to happen unless both Upper and Lower Thresholds have been crosse

RMON Modes 423 integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).Note: It is entirely normal f

424 Observer Suite: RMON Console For example, if you define an offset-sequencing trigger to look for telnet packets (i.e., looking for TCP port 23),

RMON Modes 425 Packet Size 4096-8191 Byte PacketsThe number of good non-MAC frames received that were between 4096 and 8191 octets in length inclusive

426 Observer Suite: RMON Console Claim Token PacketsThe number of claim token MAC packets detected by the Probe.Congestion ErrorsThe number of receiv

RMON Modes 427 MAC BytesThe number of octets (bytes) of data in MAC packets (excluding those that were not good frames) received on the network (exclu

428 Observer Suite: RMON Console Soft Error ReportsThe number of soft error report frames detected by the Probe.Token ErrorsThe number of token error

429 DICOM ExtensionIntroduction to DICOMThe Informationstechnische Dienstleistung division of Siemens AG in Germany has developed, in cooperation with

430 DICOM Extension • PDUs of DICOM Upper Layer Protocol—Observer’s Packet Summary window shows captured PDUs of DICOM Upper Layer Protocol in order o

Capturing Data in Observer’s DICOM Extension 431 1. Start Observer.2. Open the Packet Capture window by selecting Capture > Packet Capture. This vi

36 The Capture Menu Additionally, since it is more efficient collecting only partial packets, if you are having trouble keeping up with your bandwidth

432 DICOM Extension 2. Select Mode Commands > Select IP Address Pair to open the DICOM Address Filter Setup dialog.3. Enter the source IP address,

DICOM Extension Decode Window 433 3. Select a *.BFR file.4. Confirm your selection with “Open.”If the IP addresses of the communication partners are u

434 DICOM Extension Evaluating Data in Observer’s DICOM ExtensionIn order to be able to represent and evaluate a DICOM communication, the data must be

DICOM Extension Decode Window 435 The ‘;’ character acts as a delimiter.• Tag—two WORDS separated by a commaExample: 0008,0016• Description—text that

436 DICOM Extension Example: Verification SOP ClassExample: 1.2.840.10008.1.1;Verification SOP ClassImportant Things to Note:• The maximum permitted l

437 TroubleshootingGeneral PrinciplesAlthough most installations of Observer will proceed without any trouble, due to the vast number of network confi

438 Troubleshooting Specific IssuesNDISObserver is reporting that your network adapter card does not support promiscuous mode.• Contact your network c

How do I connect Observer to a Probe across a Firewall? 439 Load Driver Could Not Open VMONI1 ServiceObserver is telling you that you have not install

440 Troubleshooting

441 Observer Suite Custom Decode KitIntroduction Observer Suite’s Custom Decode Kit gives an experienced C++ programmer the ability to add custom, pro

Packet Capture Mode 37 5. To clear the capture buffer and stop the capture, click the CLEAR button.6. To view captured packets, click the Decode butto

442 Observer Suite Custom Decode Kit The Custom Decode DLL entry point functions: CustomDecodeFrame(), CustomDecodeIP(), CustomDecodeUDP(), and Custo

Files Included 443 void * pProtocolFieldStart,long nProtocolLength,long nOffsetFromBeginningOfPacket,long nBitmapLevel,DWORD dOpenTreeList,HWND hwndTr

444 Observer Suite Custom Decode Kit These are the standard Microsoft Development Studio AFX files.Only an experienced C++ programmer should modify a

445 Using Observer from HP OpenViewOverview All Observer-family analyzers include the tools you need to integrate Observer into Hewlett-Packard’s Open

446

©1994-2002 Network Instruments, LLC 447Numerics79327Heading1Efficiency History 73AActions 159Active highlight 39Add SNMP Device 339Address Fi

Network Instruments Advanced and RMON FrameMaker448 Network Instruments Observer Reference Guideuses of DICOM 429Discover Network Names (Address Boo

©1994-2002 Network Instruments, LLC 449List View 82Internet Observer IP Pairs (Matrix) 83Internet Observer IP Subprotocols View 86Internet Pa

Network Instruments Advanced and RMON FrameMaker450 Network Instruments Observer Reference GuideView Menu 17Observer ToolbarsActions Toolbar 26Mode

©1994-2002 Network Instruments, LLC 451switched 326Sniffer®formatsaving 41reading, writing Sniffer® files 67SNMPcommunity name 338general pri

38 The Capture Menu other independent modes, Ethernet Vital Signs and Collision Expert are accessed, enabling the user to view an Ethernet network’s v

Network Instruments Advanced and RMON FrameMaker452 Network Instruments Observer Reference Guideconfiguring 149Triggers and Alarms ModeActions 157–1

Packet Capture Mode 39 Observer’s active highlight option is activated. This option shows the highlighted sections of actual data in the raw area of t

40 The Capture Menu Saving Capture Buffers and Decodes• Save Capture Buffer—displays the Save Packet Capture dialog.The Save Packet Capture dialog con

Packet Capture Mode 41 • “Append packets to existing file” checkbox—when selected, allows you to add packets to the existing file.• “Replace hardware

© 2003 Network Instruments, LLC iiiTable of ContentsIntroduction...

42 The Capture Menu dialog you are interested in some particular section of the capture, you can specify only that section.• “First packet” textbox—al

Packet Capture Mode 43 which can be most useful for a programmer analyzing packet details in depth. You can have Observer print Ethernet addresses or

44 The Capture Menu To delete a comment from a packet header, right click the header and choose Delete comment... from the popup menu.Finding Packets

Packet Capture Mode 45 PostFilter• Choose PostFilter from the Decode window’s Tools menu to re-filter a captured buffer or saved buffer using a differ

46 The Capture Menu • “Expand 2nd level trees” checkbox—when selected, causes the tree decode display to expand all second level trees.• “Expand 3rd l

Packet Capture Mode 47 • “Assign protocols to dynamically assigned port numbers” checkbox—when selected, allows you to manually assign port numbers to

48 The Capture Menu Packet View Settings – IPv6 TabYou can select from the following option buttons:• Compressed hexadecimal• Not compressed hexadecim

Packet Capture Mode 49 Packet View Settings – Column Order TabYou can select the column order by highlighting an item (the checkbox does not have to b

50 The Capture Menu Packet View Settings – Protocol Colors Tab• Text Color button—displays the Color dialog allowing you to select the text color.• Ba

Packet Capture Mode 51 Packet View Settings – Protocol ForcingProtocol forcing allows you to examine packets that have unknown or proprietary packet h

iv Network Instruments Observer Reference GuideSaving and Replaying Saved Statistical Modes... 166Trending and

52 The Capture Menu Decode and Analysis – Packet Header and Decode Panes Right-Click Menu• Start Packet Capture on Source Station Address—allows you t

Packet Capture Mode 53 Decode and Analysis – Summary ViewSummary View gives summary information on the packets contained in the capture, whether it is

54 The Capture Menu The selection bar can be used to determine whether All, IP and its subprotocols, or IPX and its protocols will be displayed. If IP

Packet Capture Mode 55 Decode and Analysis Protocols – List View Right-Click Menu• Expand All—allows you to expand all branches.• Close All—allows you

56 The Capture Menu Data:• “Maximum items” spinbox—allows you to set the maximum items to be displayed.Graph:• “3D depth” spinbox—allows you to set th

Packet Capture Mode 57 Decode and Analysis Protocols – Pie ViewDecode and Analysis Protocols – Pie View Display PropertiesData:• “Maximum items” spinb

58 The Capture Menu Decode and Analysis Protocols – Pie View Right-Click Menu• Expand All—allows you to expand all branches.• Close All—allows you to

Packet Capture Mode 59 • Find—displays the Find dialog.• Display Properties—displays the Display Properties dialog.Decode and Analysis Top Talkers Vie

60 The Capture Menu • Multicasts—displays the total number of multicasts.• Multicasts/s—displays the total number of multicasts per second.Decode and

Packet Capture Mode 61 Decode and Analysis Pairs (Matrix) Pairs (Matrix) view in Decode and Analysis is similar in appearance and function to Observer

© 2003 Network Instruments, LLC vSNMP Overview...329Introd

62 The Capture Menu Decode and Analysis Pairs (Matrix) – List ViewDecode and Analysis Pairs (Matrix) – List View Display Properties• “Item” dropdown—a

Packet Capture Mode 63 Decode and Analysis Pairs (Matrix) – List View Right-Click Menu• Start Packet Capture on station address(es)—activates the Filt

64 The Capture Menu Decode and Analysis Pairs (Matrix) – Dial View Right-Click Menu• Cursor—allows you to select the cursor type. You can select from

Packet Capture Mode 65 To view Decode and Analysis – Internet Observer View, click on the “Internet Observer” navigation tab at the bottom of the Deco

66 The Capture Menu • Total packets—displays the total number of packets in the capture sent (in either direction) between the station listed in Stati

Packet Capture Mode 67 Decode and Analysis Internet Observer – IP Subprotocols ViewWhen IP Subprotocols is selected from the selection bar, a tabular

68 The Capture Menu *.enc—for Ethernet captures*.trc—for Token Ring captures*.fdc—for FDDI captures*.cap—for CAP filesOptions for reading or writing S

69 The Statistics MenuBandwidth UtilizationShows bandwidth usage statistics for your network.Menu PathStatistics ->Bandwidth Utilization. The mode

70 The Statistics Menu Graph ViewGraph View Display PropertiesTo set the display properties, either:• right-click the display,• click the icon, or•

Bandwidth Utilization 71 • “Item line thickness” dropdown—allows you to select the thickness of the line (in pixels). This field is only active if “Li

vi Network Instruments Observer Reference Guide

72 The Statistics Menu Dial View3D Column Chart View3D Column Chart View Display PropertiesTo set the display properties for list view, click Settings

Efficiency History 73 The Graph fields are:• “3D depth” spinbox—allows you to select the 3D depth of the graph items.• “3D angle” spinbox—allows you t

74 The Statistics Menu Unlike most of the diagnostic modes, Efficiency History generates a small amount of network traffic: 420 packets per minute on

Efficiency History 75 Graph ViewDisplay PropertiesTo set display properties, click the Settings button. The Display Properties dialog offers configura

76 The Statistics Menu Dial ViewDisplay PropertiesThere are no display properties available for this view.List ViewInternet Observer Mode (Internet Pa

Internet Observer Mode (Internet Patrol, Pairs Matrix, IP Subprotocols) 77 PurposeInternet Observer mode permits you to examine Internet traffic on yo

78 The Statistics Menu • IP Subprotocols by Station sub-mode parameters option buttons—allows you to configure the display of the port by port data: e

Internet Observer Mode (Internet Patrol, Pairs Matrix, IP Subprotocols) 79 List ViewList View PropertiesRight-Click Menu• Start Packet Capture on stat

80 The Statistics Menu • Find—displays the Find dialog.• Display Properties—displays the Display Properties dialog.Pair Circle ViewDisplay PropertiesD

Internet Observer Mode (Internet Patrol, Pairs Matrix, IP Subprotocols) 81 Talking to name:• DNS name option button—allows you to select to talk to st

1IntroductionAbout this GuidePurposeThe Observer Reference Manual comprehensively describes every menu option, mode, tool and setup dialog in the Obs

82 The Statistics Menu 3D Column Chart ViewYou can determine how the chart collects its data by clicking on the dropdown:You can select from the follo

Internet Observer Mode (Internet Patrol, Pairs Matrix, IP Subprotocols) 83 Display PropertiesData:• “Maximum items” spinbox—allows you to select the m

84 The Statistics Menu On a local network, this view will show all Internet usage IF the IP addresses are static. If you are using DHCP on your local

Internet Observer Mode (Internet Patrol, Pairs Matrix, IP Subprotocols) 85 • Start Packet Capture on pair address(es)—activates the Filters dialog.• C

86 The Statistics Menu • “Color” dropdown—allows you to select the color of the display item.Station name:• DNS name option button—allows you to selec

Internet Observer Mode (Internet Patrol, Pairs Matrix, IP Subprotocols) 87 can be created. “Other” indicates a protocol that did not match the criteri

88 The Statistics Menu Graph:• “Bar height” spinbox—allows you to select the bar height.Right-Click Menu• Start Packet Capture on station address(es)—

Network Activity Display 89 at a glance the health of a network and can warn of impending slowdowns due to broadcast or multicast storms.The indicator

90 The Statistics Menu Things to note:• Error thresholds can be set in the Display Settings dialog. • The gray area behind the current display is the

Network Activity Display 91 mode. The clock counts down the number of seconds left in the “Seconds/Interval” time period until data will be written to