Hello everyone. My company uses Fluke Networks Optiview and Protocol
Expert for packet capture. In the past I have used Microsoft Netmon and
Sniffer Pro 4.7, but neither of those tools are available to me today.
Instead, I am turning to Ethereal. It has great flexibility and works
well under Windows 2000 and FreeBSD.
My question is in regards to analyzing a capture. Although "Expert"
reporting is arguably useful, if it's tuned right it can help speed up
productivity. I'm wondering if there are any tricks or undocumented
tips that people use to help discover problems when looking at an
Ethereal or TCPDUMP capture? I work in an environment with heavy TCP
traffic and 99% is unicast. Fairly typical I suppose. We have
approximately 70 Wintel machines (gigabit and 100TX), one AS400 on
Ethernet, Stratus running VOS, Foundry LAN equipment (Big Iron, Fast
Iron, Server Iron switches), and Cisco 2600, 3600, and 7200 routers.
Mostly frame relay WAN connections. More than anything, I'm curious how
people spot issues in Ethereal that are normally discovered by an Expert
system in other packet capture applications. My guess is "knowledge and
skill" - as an elite professional will not need an expert system. :)
Regards,
Mark Holloway
Sr. Network Engineer - Arclight Systems, LLC
702-253-3861 // mobile 702-349-6170