Overview

Management Team

Events

Press Releases

Reviews & Awards

In the News

Case Studies

Customers

Jobs

WatchPoint

OmniPeek Product Family

OmniPeek

OmniEngine

OmniVirtual

Omnipliance

Omnipliance Portable

Analysis Cards

Free Utilities

Why WildPackets?

Full-Duplex 10 Gigabit

Gigabit

VoIP

Total Wireless Analysis

Industry Solutions

Real World Applications

Video Demos

Training / Courses

Consulting

Custom Engineering

MyPeek - Developer Portal

Product Support

Legacy Product Support

Product Activation FAQs

Downloads

Maintenance Programs

White Papers

WildPackets Forums

Technical Compendium

Additional Resources

Tech Support Requests

Technology Partners

Industry Alliances

Channel Partners

Training Partners

Integration Partners

Software

Software Upgrades

Hardware

Training

Maintenance Renewal

Contact Sales

	MyPeek WPDN Partners Login Worldwide Sites China UK United States more to come... Downloads Contact Us Site Map View Cart

Product Support

Product Activation FAQs

Downloads

Maintenance Programs

White Papers

WildPackets Forums

Technical Compendium

Additional Resources

Tip of the Month

Wireless Tips

Plugin Tips

Product Versions

Networking Books

Networking Glossary

Networking Links

Tech Support Requests

> > > Tip of the Month

Tip of the Month

April 2001

The Wonderful Thing About Triggers Is That Triggers Are Wonderful Things!

As you become more experienced with the features of your protocol analyzer, you will appreciate the benefits of applying Triggers from time to time.

Triggers are set up like filters; but, instead of accepting only certain frames into the capture buffer, Triggers start or stop the capture. You may want to set up a Trigger that will continue capturing packets after a trigger event so that you capture packets that led up to as well as follow the event. EtherPeek, TokenPeek and AiroPeek allow you to have simultaneous captures from one adapter. The first capture can be set to stop on the Trigger while a second can be set to start on the Trigger. That way, you can look at a buffer of packets that led up to the event and a second buffer of packets after the event.

If you know the precise event that you are waiting for, such as an ICMP packet containing a "host unreachable" message or a packet from your server containing an SMB return code of "invalid password," setting up a Trigger is very straight forward. Simply start with a trace containing the event you are looking for and look inside the packet of interest for the appropriate patterns and offsets to set up your Trigger. Don't have such a trace? Then force the event yourself while capturing with your analyzer.

Now for the challenging part. What if you have no clue what the event will be? For example, what if there are random times that your server locks up for no apparent reason? This is where a couple of handy analysis tricks come into play.

Trick #1: Detecting a failed server.

This technique is for Windows-based servers but can be generalized for other servers and services as well. Set up the following batch file on a workstation:

:TOP
NET VIEW \\A_SERVER
If errorlevel 1 GOTO FAIL
GOTO TOP
:FAIL
PING 215.16.173.4

Make sure that \\A_SERVER is the name of the server in question, and that the Ping IP address is either your analyzer or one that will cross the segment where your analyzer is located. Then, set up your Trigger to recognize a Ping (ICMP Echo) packet to 215.17.173.4 from the IP address of the workstation performing the Ping. That way, when the server fails, the NET VIEW command will time out and the Ping statement will be executed, sending a packet to cause your analyzer to Trigger! As with any Trigger, always test it first (a manual Ping in the above example will be sufficient). Also, make sure that you test the load on your network of the batch file. Despite the tight GOTO loop in the example, this batch file actually consumes less than 1% of a 100 Mbps Ethernet.

Trick # 2: Stopping the analyzer remotely.

Suppose your server or some other device fails. Assuming that you have a nice large buffer and have a near immediate notification from a user or help desk that something has failed on the segment being analyzed, simply set up a Trigger similar to the first example, but manually ping the analyzer from your desktop with a Trigger set on an ICMP Echo packet from your IP address.

WildPackets understands that one size does not fit all. Moreover, we all face new challenges every day. WildPackets Custom Engineering performs software development and systems integration, complementing WildPackets products and enhancing the capabilities of Network Operations Centers.
Learn more...

WildPackets offers a full spectrum of professional services, available remote and on-site. Our network engineers provide expertise for your network troubleshooting, capacity planning, or baseline performance analysis needs.
Learn more...

Pump Up The Volume
If you are using WildPackets® OmniEngine or WildPackets® Omnipliance, chances are you are interested in collecting, storing, and analyzing very large volumes of packet data. The key word here is VOLUME! On highly utilized gigabit or 10 gigabit links, hundreds of thousands, or even millions, of packets can be collected in just a few seconds. Processing that many packets takes a lot of horsepower, and OmniEngine is strong enough to handle the flow in most cases. However, every computer system has its limits, so you need to know how to maximize the packet volume that OmniEngine can accommodate. Here are some best practices to consider when setting up your capture options.

COPYRIGHT © 2008 WILDPACKETS, INC — PRIVACY STATEMENT · CONTACT US	CORPORATE · PRODUCTS · SOLUTIONS · SERVICES · SUPPORT · PARTNERS · BUY NOW
All registered and unregistered trademarks are the sole property of their respective owners spam goes here b_jenkins1@wildpackets.com