Even better, its free software.. You can download the win32 binary from here http://www.ethereal.com/distribution/win32/
I do believe that it requires the raw packet driver for the win32 build Which can be obtained here http://netgroup-serv.polito.it/winpcap/ These types of tools are excellent for low-level network monitoring. Ethereal especially, due to the fact that it supports filters. Choose which protocol that you want to capture. The winpcap library is also great, allowing you to use multiple *nix applications that rely on the LipPcap *nix library that have been ported to win32. Examples would include Ethereal, TCPdump, Nmap and some others.. Paul, hmm, a Cisco PIX eh.. My PIX experience is only moderate, but it may have shed some new light on things. What PIXos version are u at? I think that most of them by default include lines for 'fix up protocalname'... Not too sure what they do, but I have had problems with these lines.. To check these things telnet, better yet ssh, to your PIX. Enter enable mode and do a 'show conf'.. The first line of the config file should show you version info, a few lines down you might see something like 'fixup protocol http 80'.. If you see that you might want to try things without that line, or add it if you don't have it.. Just some thoughts, I know that misconfigured PIX firewalls can cause a boatload of problems.. Good luck ~John -----Original Message----- From: Evans Chris - cevans [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:49 PM To: NT 2000 Discussions Subject: RE: Network Monitor - Lost Frames Your welcome. Hey Paul is ethereal shareware? Either way can you point me to a website with info on it. I knd of like netmon but I am always open to others and would like to have a look. Thanks...Chris -----Original Message----- From: Doug Eubank [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:46 PM To: NT 2000 Discussions Subject: RE: Network Monitor - Lost Frames Thanks Chris and Paul, I appreciate all your help and ideas. I'll definitely give them a try. It's great to get outside opinions and a fresh look at something. Doug -----Original Message----- From: Evans Chris - cevans [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:33 PM To: NT 2000 Discussions Subject: RE: Network Monitor - Lost Frames Also, I would start looking for TCP retransmits using the built in experts. Get a decent capture about 10mb or so and stop the trace. Goto "Display captured data" and select Tools|Experts and run the TCP retransmit expert. This will give you a pretty good idea if your NIC is retransmitting packets. Some retrans are normal, excessive retrans could be several things. Most likely your NIC card settings don't match the settings on your switch. I.E NIC is 10/half switch is 100/full. Don't use auto negotiate on either. -----Original Message----- From: Evans Chris - cevans [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:27 PM To: NT 2000 Discussions Subject: RE: Network Monitor - Lost Frames This is by design. Netmon defaults to a 1mb buffer. Select Capture|Buffer settings and increase the buffer size. -----Original Message----- From: Paul Drumm [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:24 PM To: NT 2000 Discussions Subject: RE: Network Monitor - Lost Frames There is some room for expansion here. I would look at TCP window size and other "Auto" parameters. Make the window size larger. Look at getting and Intel PRO 100 where you can adjust the buffers. -----Original Message----- From: Doug Eubank [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24, 2002 7:28 PM To: NT 2000 Discussions Subject: Network Monitor - Lost Frames Hi all, I have noticed severe packet loss to my web server over the last week or so. After I deducted that it was an issue with the server itself and not its T1 connection, I ran NetMon to see if I found anything unusual. I did, and I was hoping someone could tell me what it meant. The capture shows the frame buffer filling up very quickly, and then we start to lose a great number of frames. It doesn't show any frames being dropped, just a large amount lost once the buffer is exceeded. Does anyone know if this is what's causing my packet loss, and what can be done to resolve the issue? We're running W2K with IIS5.0 on a Compaq ML530. Any help is appreciated. Doug ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ********************************************************************* The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
