keeshu@nikhefk.UUCP (Kees Huyser) (05/13/87)
About two weeks ago I asked the good people in Netland to share their thought about Ethernet Monitoring programs on PC's with me. The response was (I expected no less) fast and good. Below you will find a summary of the answers I received; I hope they will help some of you the way they helped me. -- Kees | UUCP : keeshu@nikhefk.uucp or {[wherever]!seismo}!mcvax!nikhefk!keeshu | BITNET : keeshu@hasara5.bitnet | FIDO : kees huyser at 508/15 (SagaNet_MacBBS) or 500/11 (HCC_Amsterdam_1) | SNAIL : kees huyser, NIKHEF-K, PO Box 4395, 1009 AJ Amsterdam, Netherlands ====================================================================== SUMMARY OF ETHERNET MONITORING ON PC'S ====================================================================== From: foster@seismo.uucp (Glen Foster) Organization: Computing Analysis Corp., Arlington, VA 3Com has a program called "EtherSpy" that may do some of what you want, it is similar to the MIT netwatch progam that allows you to look at individual packets on the cable. It has a few more bells and whistles than the MIT program, like assignment of logical names to particular addresses, some protocol dependent decoding capabilities (3Com's protocols, of course), etc. Run it on an AT, it drops too many packets on a PC. The program is ``unsupported'' by 3Com but your local 3Com support office can probably get you a copy (especially if they sense a potential sale). I was not charged for mine, I'll have to check for distribution rights, if it's ok and you can't get it from 3Com, I'll send you a copy. The MIT PCIP netwatch program provides somewhat more limited functionality but is completely free of charge and works adequately. Neither of these could be described as "protocol analyzers" but could be useful, especially in a development environment. I will be interested in what you learn. Glen Foster ==================================================================== From: ncrwic!jmatrow@ncr-sd.uucp Organization: NCR Corporation, Wichita, Kansas The LANalyzer from Excelan would be worth investigating. ===== John Matrow Automation Engineering, NCR E&M Wichita <john.matrow@Wichita.NCR.COM> {sdcvax,cbatt,dcdwest,nosc.ARPA,ihnp4}!ncr-sd!ncrwic!john.matrow ====================================================================== From: rmarks@bbking.PRC.Unisys.COM Organization: Unisys/Knowledge Systems Organization, Bluebell, PA Excellan has a good board and software. It has an onboard processor with 1 meg memory. The display software is a little weak but I am told it has been improved since I used it six months ago. Cost is $10,000 with quantity discounts available. Richard Marks 215-542-2139 ====================================================================== From: normt@ihlpa.uucp Although this is not quite the arrangement you want, Excelan Inc. has a "LANalyzer EX 5000E" which does this real well. It is a PC board with an Ethernet controller, 80186 co-processor, and 2Meg of memory. The software is a real nice menu driven package, which allows you to set up various virtual receive channels and monitor (i.e. time averages, totals of everything, statisical figures) for any or all of these channels, plus you can optionally store and buffer to memory or disk any or all of the received packets. There is also limited capability for transmitting packets. 5 different packets can be stored and then transmitted on a time or at some time interval or to produce a certain load characteristic. (i.e. 10, 20, 50% ... load on network). We have been using it for about a year now to analyze our network of 10-12 microprocessors, and have found NO bugs or problems. This isn't quite what you want, since you are looking for a software package to sit on an already existing interface, but it really does the trick. I don't believe there is any way to use this without the hardware supplied, it is just to dependant on the arrangement. If you want more information or the address of Excelan (in the US) send me mail and I'll get the info to you. Norm Tiedemann (312) 979-3535 AT&T Bell Labs Naperville, IL 60566 mcvax!seismo!ihnp4!ihlpa!normt ====================================================================== From: csib!jwhitnel@csi.uucp (Jerry Whitnell) Organization: Communications Solutions Inc., San Jose, Ca Network General makes a product called the Sniffer that can be used to monitor traffic on Ethernet. The Sniffer monitors and stores data packets which can be displayed for further investigation. There is some statistics in the product but it is primarily for debugging network applications. You can reach them at: Network General Corp 1296B Lawerence Station Road Sunnyvale, CA USA 94089 (408) 734-0464 I've used the Token Ring version of the Sniffer (there is also a combined Ethernet/Token Ring) and consider it very well done. I also know both the founders, but have no other connection (finacial or otherwise) with them. BTW, they also have a demo of the Token Ring product, so they should have one for the Ethernet. Be sure to ask about it. Jerry Whitnell Communications Solutions, Inc. ====================================================================== From: dave@rosevax.rosemount.com (Dave Marquardt) Organization: Rosemount Inc., Eden Prairie, MN Well, with either the MIT or CMU PC/IP packages, you get a program called "netwatch". This program watches every packet going by, and displays them by type, source address, destination address, etc. It also keeps statistics on how many of which type of packets are going by. I don't think it's quite what you'd want, but it might be useful. Dave -- Dave Marquardt dave@rosevax.Rosemount.COM {cbosgd,ihnp4,uiucdcs}!rosevax!dave ====================================================================== From: Andy Linton <andy@cheviot.ncl.ac.uk> Organization: Computing Laboratory, U of Newcastle upon Tyne, UK NE17RU If you use the 3Com board and MIT's PC/IP software there is an Ether monitor program bundled in with that software. It may work with the Micom board - I don't know. Other PC/IP type implementations may have similar programs. -- SENDER : Andy Linton PHONE : +44 91 232 9233 ARPA : andy%cheviot.newcastle.ac.uk@cs.ucl.ac.uk JANET : andy@uk.ac.newcastle.cheviot UUCP : andy@cheviot.UUCP ====================================================================== From: robert@acad.uucp (Robert Wenig ext 609) Organization: Autodesk, Sausalito, CA 3COM has a product called ETHER-PROBE which can monitor all types of ethernet activity including XNS, TCP-IP, etc. ====================================================================== From: fair@ucbarpa.Berkeley.EDU (Erik E. Fair) Organization: USENET Protocol Police, Western Gateway Division Give FTP Software in Cambridge, MA, USA a yell (they can be reached through romkey@xx.lcs.mit.edu on the ARPANET); they have an ethernet monitoring program that runs under MS/DOS with a wide variety of PC ethernet interfaces. Erik E. Fair ucbvax!fair fair@ucbarpa.berkeley.edu ====================================================================== From: Susan Pollack <susan@nrcvax.uucp> We saw you request on the net. Network Research Corp. has developed a networking product which runs on various computers from PCs (MS-DOS and Xenix) to large DEC hosts (VMS). We have both XNS and TCP implementations. Our PC products run on the 3Com 3C501, 3C505 and Micom 5010 boards. Our basic packages includes telnet and ftp functions. In addition, we offer a substantial library package and a network monitoring package. I believe this package, running on top of our standard FUSION Network Software standard package will provide you with the features you were asking for. We offer network statistics, network test and packet monitoring capabilities. Please let me know where we can send additional information about our product. ------ Susan R. Pollack USENET- ...ihnp4!nrcvax!susan ...{sdcsvax|hplabs}!sdcrdcf!psivax!nrcvax!susan ARPA ihnp4!nrcvax!susan@BERKELEY.EDU.ARPA U.S. Mail Network Research Corporation 2380 N. Rose Ave., Oxnard, CA 93030 Telephone 805-485-2700 (outside CA 800-541-9508) ====================================================================== From peter@xios.uucp Tue May 12 18:33:01 1987 Organization: XIOS Systems Corporation, Ottawa, Ontario, Canada In response to your letter about Ethernet analyzers: We have an Excelan LANalyzer (version 1.4). We bought the Compaq 286 and the LANalyzer kit separately, since it was LOTS cheaper that way. It's an extremely useful tool to have, and we're mostly happy with it, but that's probably just because any Ethernet analyzer is a whole lot better than none. There are several bugs in the software, some of which will hang the PC. None of these bugs alone causes big problems (you can always just reboot!), but taken together they're a bit of a hassle. The documentation is pretty good, but so far I'm not thrilled with the support -- I sent in some problem reports in January, and I haven't heard anything about them yet. There's one program to collect data and another one to display it in the language of the protocols. It would be much nicer to have it all in the same program. Packets can be filtered based on size, errors, or matched patterns, but you must decide on the filtering before running the test. (You can search for packets (using similar criteria) after collecting them, but you can't eliminate any from the display or the buffer.) The display format isn't great -- summary lines in one window; hex & ASCII in another, and the user interface is via function keys whose meanings keep changing. The statistics gathering and display is quite good. Another product that seems much better is Network General's "Sniffer". I have used a demo diskette, but not the real software and hardware, so I don't know about documentation and support. There are two versions: one for Ethernet/802.3 and one for IBM token ring (I think there is also a version which handles both.) They sell it only as a package (with the PC), but the price seems pretty good. The user interface is great -- tree structured menus laid out across the screen, with the level above and below in the tree shown to the left and right of the current level. There is just one program, which knows LOTS about TCP/IP protocols (Telnet, FTP, SMTP, DOMAIN, TCP, UDP, IP, ICMP, ARP) and some about other protocols (ISO, XNS). Packets can be filtered both during collection and after, based on protocol (e.g. "show all SMTP and ARP packets"), but filtering based on arbitrary data in the packet is limited to a few bytes. Display of selected packets is very nice -- a summary window, a protocol window, and a hex/ascii window. You can turn these windows on and off and zoom in on them, and you can have two sets of windows to look at two different places in the sequence side-by-side. In summary, the LANalyzer is better for: - statistics gathering and display - pattern matching anywhere in the packet - low level Ethernet testing (e.g. interframe spacing) and the Sniffer is better for: - user interface - knowledge of protocols - filtering and display based on protocol type - display formats Feel free to call me or send me mail if you have questions. Peter Manson peter@xios.UUCP (613) 725-5411 ===================<end of summary>========================= | UUCP : keeshu@nikhefk.uucp or {[wherever]!seismo}!mcvax!nikhefk!keeshu | BITNET : keeshu@hasara5.bitnet | FIDO : kees huyser at 508/15 (SagaNet_MacBBS) or 500/11 (HCC_Amsterdam_1) | SNAIL : kees huyser, NIKHEF-K, PO Box 4395, 1009 AJ Amsterdam, Netherlands