humtech@ucschu.UCSC.EDU (Mark Frost) (09/22/88)
Is there some sort of analyzer for AppleTalk? We have TrafficWatch, but that only displays graphical info and not the same level of diagnostics as an EtherNet Analyzer. Our problem is that our AppleTalk/PhoneNet network is getting slow and sometimes some nodes (macs) will completely freeze. This is not because we have very many users or that they are generating unusually high levels of traffic (at least not that we have seen). Often we can see this sluggishness using CAP's AUFS file server system. Today, we were copying a file using the file server and the mac we were using, just hung up completely (showing the wristwatch, and the little arrows in the upper left hand corner of the screen). Our AppleTalk/LocalTalk (whatever they're calling it nowadays) is connected to our Ethernet via a Fastpath which goes to our UNIX machine. We would like to diagnose this weird problem before we expand the network further. We have also had problem with both MacIP and NCSA Telnet just freezing up (and subsequently closing their connections). I've heard of InterPoll. Does it do more than TrafficWatch? Is it a commercial product and not Shareware/Freeware? Your help is GREATLY appreciated, Mark Frost Office of the the Computing Coordinator Humanities Division University of California at Santa Cruz Internet: humtech@ucschu.UCSC.EDU Bitnet: humtech@ucschu.bitnet
han@Apple.COM (Byron Han, Architect) (09/25/88)
Interpoll is available from your authorized Apple dealer. It is NOT
public domain, freeware, shareware or beerware.
I have not used TrafficWatch so I cannot comment on features relative
to each other. Interpoll can be used to generate network maps and
perform other network diagnostic functions such as finding round trip
delay times, checking to see what versions of the System/Finder/LaserWRiter
drivers are being used by people on the network.
Hope this helps.
------------------------------------------------------------------------------
Byron Han, Communications Architect "Just say NO to MS-DOS."
Apple Computer, Inc. -------------------------------------
20525 Mariani Ave, MS27Y domain: han@apple.COM
Cupertino, CA 95014 UUCP:{sun,voder,nsc,decwrl}!apple!han
-------------------------------------- GENIE: BYRONHAN
ATTnet: 408-973-6450 Applelink: HAN1 CompuServe: 72167,1664
------------------------------------------------------------------------------morgan@JESSICA.STANFORD.EDU (09/27/88)
Mark Frost writes: > Is there some sort of analyzer for AppleTalk? Yes, but ... The only existing proper AppleTalk analyzer is the Sniffer from Network General, which is an Ethernet- (or token ring-) attached DOS machine (various flavors of portables) with separately available modules for decoding a wide variety of protocol stacks, including TCP/IP, XNS, ISO, and most recently AppleTalk (I'm not sure if you can buy the AppleTalk module yet, but it's "announced"). It can analyze both EtherTalk and UDP-encapsulated AppleTalk (as used by KIP and K-Star and CAP). Alas, it connects at the moment only to Ethernet, not LocalTalk. Even more alas, it will run you $20K or so. It's certainly a blot on Apple and its networking community that the only decent AppleTalk analyzer is on a DOS machine. On the other hand, you can probably make some progress on your problem using a little program called "Peek" that simply collects and displays LocalTalk packets. You have to do all the packet analysis by hand, but you wanted to learn AppleTalk anyway, didn't you? I'm not sure of the status of Peek. I believe it first appeared as part of a developer's support package from Apple in 1985. I'm not sure if Apple expects it to be handed about, or if it's available from APDA, or what. - RL "Bob" Morgan Networking Systems Stanford
wnn@DSUNX1.DSRD.ORNL.GOV (W. N. Naegeli) (09/27/88)
We have had problems with Macs freezing up too. We have only 6 Macs, 4 PCs, and 3 LaserWriters on this LocalTalk cable, connected through a KFPS-3 to Ethernet and other LocalTalk cables. I suspected that the freezes were caused by noise, reflections, or possibly attenuation on the PhoneNet, which was not properly installed. We also had problems with a noisy NEC LC-890 SilentWriter. Since we have corrected the wiring problems and are more catious about connection the SilentWriter to the network, we have not had reports of freeze ups on the Macs, though some PCs have had problems which appear to have been caused by InBox PC, the net mail program from Symantec. InterPoll is not a diagnostic package. It simply lists all the nodes and even sockets on the network, even accross KFPSs, and if you install the Responder in the System Folder of a Mac, InterPoll can remotely determine the version number of the System, Finder, LaserWriter driver, etc.
liam@cs.qmc.ac.uk (William Roberts) (09/29/88)
I have got 3/4 through writing a program to run on a Sun and emulate the EtherTalk <-> KIP encapsulation work that our Kinetics box is currently doing. As part of this effort I wrote an analyser for the AppleTalk protocols that fly past. I ran into a number of snags: 1) The Sun facility I am using, the Network Interface Tap (see man 4 nit), is somewhat odd and doesn't work properly. I managed to get round it though... 2) The AppleTalk protocols are not properly layered in the sense that you can analyse a packet out of context: anything on top of ATP is interpreted by the two ends and PAP/AFP are not distinguished by anything obvious in the headers. I haven't solved this, or done anything to improve on it... Finally, it isn't as fast (Sun 3/50) as the Kinetics box anyway, and spooling to lwsrv is VERY SLOW (effective throughput via the K-Box is about 2000-6000 bits per second, worse through my Sun talking to the other host). Historical question: why can't you combine the TRel of an XO ATP transaction with the TReq for the next? Most of what I see is (output from the analyser): Time LAP DDP skt ATP ATP User ms src dst src dst flg code bm tid (who knows!) 59260: L 124 127 |D 253 153 |A X-- TReq 01 t547 | 02 43 00 00 | 24 bytes: 12 0e 41 46 50 60360: L 124 127 |D 253 153 |A X-- TReq 01 t547 | 02 43 00 00 | 24 bytes: 12 0e 41 46 50 62160: L 127 124 |D 153 253 |A -E- TRsp 00 t547 | 00 00 00 00 | 62160: L 124 127 |D 253 153 |A --- TRel 01 t547 | 00 00 00 00 | 62180: L 127 124 |D 153 253 |A -E- TRsp 00 t547 | 00 00 00 00 | 62280: L 124 127 |D 253 153 |A X-- TReq 01 t548 | 02 43 00 01 | 62340: L 127 124 |D 153 253 |A -E- TRsp 00 t548 | 00 00 00 00 | 62340: L 124 127 |D 253 153 |A --- TRel 01 t548 | 00 00 00 00 | 62340: L 124 127 |D 253 153 |A X-- TReq 01 t549 | 02 43 00 02 | 62400: L 127 124 |D 153 253 |A -E- TRsp 00 t549 | 00 00 00 00 | 62400: L 124 127 |D 253 153 |A --- TRel 01 t549 | 00 00 00 00 | The next TReq often gets sent within 1ms of the previous TRel, which is in turn less than 1ms from the TResp from the other end (particularly in bulk protocols like AFP). Also note that the two TReqs for t547 got answered in quick succession (within 20ms) after a delay of nearly 3 and 2 seconds: it would probably be valuable to put timers in CAP end (node 127 is our Kinetics box, forwarding to a Sequent Balance) so that duplicate requests which are "too close" get ignored. I could make the Sun code available if people want it - though it is still somewhat raw. -- William Roberts ARPA: liam@cs.qmc.ac.uk (gw: cs.ucl.edu) Queen Mary College UUCP: liam@qmc-cs.UUCP LONDON, UK Tel: 01-975 5250
Bowman@SCIENCE.UTAH.EDU (Pieter) (10/02/88)
William,
Please do make your code available. There are many of us
needing tools of this sort, but with not enough time to write
them ourselves.
Pieter
bowman@science.utah.edu
-------van@helios.ee.lbl.GOV (Van Jacobson) (10/03/88)
The current version of tcpdump (a network analyzer that runs on a Sun-3/whatever running Sun OS 3.x) dumps KIP format appletalk packets (i.e., DDP in UDP). Tcpdump is available for anonymous ftp from host ftp.ee.lbl.gov (128.3.254.68), file tcpdump.tar.Z (a compressed unix tar file -- remember to set ftp "binary" mode before you issue the ftp "get"). - Van
hewitt@adams.cs.unc.edu (W. Joe Hewitt) (10/04/88)
In article Bowman@SCIENCE.UTAH.EDU (Pieter) writes:
] William,
]
] Please do make your code available. There are many of us
]needing tools of this sort, but with not enough time to write
]them ourselves.
Very true. I have also asked for my copy. But, what I really need
is something that will let me trap packets to and/or from a given
node, count short packets, display network load, etc. I need
the AppleTalk equivalent of Excelan's LANalyzer. It can be
either hardware or just software; I don't care.
I have TrafficWatch from Farallon and the other basic network aids,
but nothing will let me get into what is really happening on the
net. I have been following the discussion on InterPoll and have
ordered my copy, but I still don't think that it is what I am looking
for. Does anyone else have a need for a good AppleTalk management
tool? Is there anything available? If so, I'll take one.
Cheers!
--
_ _ _ _ _
) ( / \ ) ) _/__/_ W. Joe Hewitt
\ ^ / _/__/___ _ /__ / _ _ _ o / / System Admin
\_/ \_/ o (_/ (__)__(/__ / / (/__(_/\_)_(_(__(__ hewitt@cs.unc.edunorm@shorty.CS.WISC.EDU (Norman Jacobs) (10/07/88)
I am working on a network monitor on the Sun 3/110 running SunOS 4.0, and I can't figure out how nit works. I was directed here because there is reference to a appletalk analyzer availiable. Well, I went and got it, but when I got it unpacked and ready to go, I noticed that it is only the executable. What I was really looking for is some source that would let met put a Sun in permisc mode, and read packets. Can anyone out there help me? Thanks in advance, Norman Jacobs norm@cs.wisc.edu | norm@shorty.cs.wisc.edu