130
Chapter 3
Generic Troubleshooting Tools
Checksum: 0xffff [17-18]
Length: 34 [19-20]
Transport Control:
Reserved: %0000 [21 Mask 0xf0]
Hop Count: %0000 [21-22 Mask 0xfff]
Packet Type: 17 NCP - Netware Core Protocol
Destination Network: 0x00000000 [23-26]
Destination Node: ff:ff:ff:ff:ff:ff Ethernet Brdcast
[27-32]
Destination Socket: 0x0452 Service Advertising
Protocol [33-34]
Source Network: 0x00000010 [35-38]
Source Node: 00:00:1e:04:52:43 [39-44]
Source Socket: 0x4010 IPX Ephemeral [45-46]
SAP - Service Advertising Protocol
Operation: 3 NetWare Nearest Service Query
[47-48]
Service Type: 4 File Server [49-50]
Extra bytes (Padding):
. ....NBU 03 c1 00 00 00 00 4e 42 55 [51-59]
Frame Check Sequence: 0x01000000
As you see from the previous packet decodes, there is a lot of information
that can be found out about a given network. The key is to know what you
are searching for when looking through the results of a protocol analyzer. By
looking at decodes and seeing where problems might be occurring, you can
resolve network failures more quickly.
Now, let's look at the way LANWatch works.
LANWatch
LANWatch is a software protocol analyzer made by Precision Guesswork, Inc.
It is similar to EtherPeek because it can be installed on machines that have
Ethernet connections to the network. The interface watches all of the traffic on
the broadcast domain. Here is a screen shot of LANWatch.
Take a look at the front screen of LANWatch, shown in Figure 3.6. The
graphic in the figure shows the normal set of menus: File, Edit, View, Filter,
Options, Window, and Help.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com