 |
||
United States
UK
 |
||
       |
||
 |
||
OmniPeek Product Family
AiroPeek SE & NX
AiroPeek VX
EtherPeek VX
Hardware
Other Products
|
EtherPeek NX Only
EtherPeek SE & EtherPeek NX
EtherPeek NX Only
The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map. The Configuration tab lets you control what part of the traffic in the Capture window’s buffer is displayed in Peer Map. The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if this option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn’t want new nodes to appear on the Peer Map as they are discovered.
The space shows you where protocol segments start and stop within conversations. This option is configurable by clicking the Options button. (Different from going to Tools -> Options).
Right-click on any Expert event and choose EventFinder Settings. Click the Show Info button for a description of the event and possible causes and remedies.
EtherPeek SE & EtherPeek NX
Since all WildPackets products make use of the underlying Operating System for all time computations, no patch will be necessary for our products to operate correctly with the new Daylight Saving Time Change. Important Vista Note: Vista Operating System has a facility for dynamic Daylight Saving Time calculations that takes into account the fact that different years may have different DST dates. The next release of the OmniPeek Product Family (available end of Jan. 2007) will include the code to use this new operating system facility. The end result is that everything will work correctly with Vista, but if a user has XP with the DST hotfix installed, the duration of captures that span the actual time change in past years may be incorrect since XP does not have the facility to understand that different years may have different DST dates.
EtherPeek NX 4.1 and EtherPeek SE 7.1 will load and run on 64 bit operating systems in 32 bit compatibility mode and support AMD and Intel x86 processors including the 64 bit capable Pentium and Xeon processors.
This may be caused by a display DPI setting that is larger than 96 DPI. Confirm that the display's DPI setting is set to 96 DPI by checking the configuration for this setting in the Advanced Settings portion of the Display Control Panel.
Network analysis tools are powerful and must be protected from misuse. Data captured and sent across the network may be sensitive, so EtherPeek has been designed from the ground up to adhere to strict IT security requirements.
In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, EtherPeek will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature. Here are a few more tips to improve the performance of EtherPeek: Disable the Monitor adapter (Monitor/Select Monitor Adapter/None) Turn off scroll during capture. Control + K will start/stop scroll. Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution. Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report. The following component is an additional module (not included in the standard package): Disable RMONGrabber (Tools/Options/Analysis Modules) If you need one of the other features, you can enable it when you are actually viewing the capture file. Also if you're on a switched network, you can try using the switch's mirroring or monitoring capability to zero-in on the traffic you're looking for. Try only mirroring ports one by one to avoid overloading the analyzer with traffic. For more information, please see our White Paper: Applying EtherPeek to Switched and Gigabit Ethernet Network Management
EtherPeek provides the ability to capture error packets only by installing one of the special drivers located in the "Driver" directory where you installed the program. To use these special drivers, you must have a compatible network adapter and a supported operating system configuration. Please refer to the "Readme.txt" file located in that directory. If you do not have a special driver installed, EtherPeek does not capture error packets but does provide the ability to report errors on your network if your NIC driver returns error statistics to EtherPeek. EtherPeek can provide statistics on these two error types: CRC error and Frame Alignment error (Runt and Oversize error packets are only available using the special driver). If your network adapter driver does not report error statistics, you may notice that error counts don't change in the Network Statistics window. You will find a list of all recommended error capture cards here: Note: Many of these older adapters are hard to obtain or unavailable at the present time. The reason for this is that in modern networks, error frame capture is a much less important part of protocol analysis than it used to be. That is not to say that error frames are unimportant. But, capturing error frames and analyzing their contents is not terribly useful, since the data contained within them are suspect by nature. In the days of coaxial and hub-based Ethernet, you could analyze the contents of a corrupted frame and make educated guesses about what had corrupted the frame. In today's switched networks it is much less important than it used to be due to the fact that:
Finally, keep in mind that even if you choose to use the error capture drivers, if you are on a switched network, you will still only see corrupted packets from the port that your adapter is actually on, since most switches do not pass error packets through a mirror/span port.
You will not be able to select the adapter running Windows XP and EtherPeek SE 4.1. To use EtherPeek with Windows XP, upgrade to the latest version of EtherPeek for full compatibility.
If the capture was performed on a machine using a 3Com or Broadcom card AND the flagged packets were sent by the capturing machine, then this problem is most likely due to a special issue with cards configured for TX Checksum Offload. (Note: we reproduced this issue on 3Com and Broadcom cards, but suspect it may occur on other cards as well.) Turning off 'TX checksum offload' in the advanced setting for the card usually fixes this issue. Some cards are configured by default for checksum offload. (For example, the 3c905 and 3c920.) When this feature is enabled, the Windows TCP/IP stack does not calculate the IP and TCP checksums but leaves them as 0x0000. (You can see this in the decoded packets.) When the packet reaches the network card, the checksum is then calculated, inserted into the packet, and sent out on the wire. EtherPeek gets a copy of each outgoing packet before it is sent. EtherPeek sees the 0x0000 checksum and believes these packets have a bad checksum, so it flags them incorrectly. For Broadcom network cards, you may be able to turn off this setting in the registry.
Yes, starting with EtherPeek 5.0/EtherPeek NX 2.0, simultaneous capture from multiple adapters is supported.
Yes, this is possible. For instance, if I have the vendor ID of the MAC (00:04:75 for 3Com), your filter would like look this 00:04:75:*:*:*
Some drivers report incorrect link speeds (e.g., they may report 100 Mbps when it should be 10 Mbps). To override, choose the correct network speed setting in the Network Speed dialog available through the Capture menu.
If the text in windows captions appears truncated or windows are cut off, you may have "Large Fonts" enabled. Return the setting to "Small Fonts" to correct this problem. Change the "Font Size" setting by clicking the "Advanced" button in the Display Control Panel's "Settings" tab.
Fortunately, the Application Data\WildPackets\EtherPeek directory is not deleted when you uninstall, and it includes your files for your name table, filters, and global log. The default location of the Application Data folder is different for different operating systems. Windows 98 - the default location is C:\Windows\Application Data. Windows Me - the default location is C:\Windows\Profiles\(username)\Application Data. Windows NT 4.0 - the default location is C:\Winnt\Profiles\(username)\Application Data. Windows 2000 - the default location is in a directory in the root drive where the operating system is installed (typically C:\) with the pathname: Documents and Settings\(username)\Application Data. For example, the application data for the Administrator of an NT 4.0 system running EtherPeek 1.0 would be cached in: C:\Winnt\Profiles\Administrator\Application Data\WildPackets\EtherPeek\1.0. You can get back your old names/filters in either of these two ways: 1. Move or copy the Names.nam and/or Filter.flt from the Application Data area in Application Data\WildPackets\EtherPeek\1.0 to their new location in Application Data\WildPackets\EtherPeek\. (Starting with EtherPeek 1.1, they will no longer be kept in the version number folder.) You may also do this for the global log file, Peek.log. or 2. Launch the new version of EtherPeek and go to View/Name Table or View/Filters and click on the Import button. The files are not in the default location where you installed EtherPeek; you will need to navigate to the Application Data folder. Duplicate entries will automatically be ignored when importing either the names or filters.
This error means that there are not enough memory/resources available to load the file. A solution would be our SQL filter Plug-in. This plug-in creates a SQL database of packet headers from real-time captures or loaded file captures. Once installed, the SQLFilter Plug-in will appear under the Tools view in EtherPeek, you will be able to select packets based on the results of queries that were entered. By using the SQLFilter Plug-in to index trace files into a database, files of any size can be read back into EtherPeek using SQL queries. The SQLFilter Plug-in is available to WPDN (WildPackets Developer Network) members; you can sign up for an account here: https://wpdn.wildpackets.com/login.php?pUrl=/downloads/sql_filter_plugin.php
Yes, this is possible with the SQL filter Plug-in. This plug-in creates a SQL database of packet headers from real-time captures or loaded file captures. Once installed, the SQLFilter Plug-in will appear under the Tools view in EtherPeek, you will be able to select packets based on the results of queries that were entered. By using the SQLFilter Plug-in to index trace files into a database, files of any size can be read back into EtherPeek using SQL queries. The SQLFilter Plug-in is available to WPDN (WildPackets Developer Network) members; you can sign up for an account here: https://wpdn.wildpackets.com/login.php?pUrl=/downloads/sql_filter_plugin.php |
|
||||||
| COPYRIGHT © 2008 WILDPACKETS, INC — PRIVACY STATEMENT · CONTACT US | CORPORATE · PRODUCTS · SOLUTIONS · SERVICES · SUPPORT · PARTNERS · BUY NOW |
|
All registered and unregistered trademarks are the sole property of their respective owners |
|