Path: utzoo!dptcdc!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!kwe From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) Newsgroups: comp.dcom.lans Subject: Re: general recommendations on tools Summary: hardware tester and protocol analyzer Message-ID: <29783@bu-cs.BU.EDU> Date: 18 Apr 89 21:48:47 GMT References: <3763@phri.UUCP> Reply-To: kwe@buit13.bu.edu (Kent England) Followup-To: comp.dcom.lans Organization: Boston U. Information Technology Lines: 69 In article <3763@phri.UUCP> roy@phri.UUCP (Roy Smith) writes: > > Given a finite but large amount of money (say, anywhere from $5k to >$50k) what equipment would you suggest we need. I'm not so much looking >for specific brands or models, but the type of functionality we should have >on hand to maintain a network of this size and complexity (a half dozen >ethernet and AppleTalk segments spread around 3 or 4 buildings spanning 6 >city blocks interconnected with repeaters, bridges, and kboxes with 50-75 >hosts of various makes running various operating systems talking IP, >DECNet, and AppleTalk). And, of course, we expect the network to keep >growing in as-yet undefined ways. I do know that many of the leased line >links are going to be replaced by fiber some time in the next year or so. > > I already have on my short list some kind of Bit Error Rate Tester >and some kind of hardware ethernet snooper, but don't really know what sort >of features I should be looking for in each. I know that in theory TDRs >are useful for checking cables, but I've never used one and don't really >know how important (or useful) it is to have one. >-- With respect to Ethernet, you most need a hardware analyzer and a protocol analyzer. Our hardware analyzer is the Cabletron LAN-MD. It can test transceiver cables and transceivers on and off net. With a pair, you can blast packets on the Ethernet and test connectivity and break bridges, etc. Then you need a protocol analyzer. The one that catches all the packets is the H-P. It is expensive and not very portable, so we chose the Excelan LANalyzer. There is also the Network General Sniffer and the SpiderMonitor. You could also take a portable PC and run FTP's LANWatch. I think the Excelan board and software is around $5k and then add the cost of a portable PC. We chose, at the time, an NEC portable with a nice screen and hard disk. You might want to think of a 386 machine at this point. With a protocol analyzer, you want to be able to take apart any protocol of the given family. I think tcpdump is a good model of what to look for in terms of filter and display capability, but most analyzers have some nice real-time displays and other features you might like. tcpdump is hard to program. We find that the hosts table and other features are very important. You might like to trap Ethernet addresses by host name as well as IP address by host name. Helps to spot those "new" hosts that might be giving you trouble. We look for arp requests for broadcast addresses, gratuitous forwarding of broadcast addresses, icmp messages (like excessive redirects and other sorts of difficulties), rip exchanges, link level broadcasts, peak and average traffic loads (helps find storms). Lots of stuff, let your imagination run wild. :-) With respect to AppleTalk, you need the same thing. There are protocol analyzer tools for the Mac, but I would favor a dedicated box. Not sure what to do about the hardware analyzer. I think the Sniffer and the LANalyzer both offer EtherTalk, so it shouldn't be hard for them to support LocalTalk as well. TDRs aren't very useful. If your cable plant is so messed up a TDR is useful, then you are already in big trouble. Just joking :-) A TDR is essential when installing cable to check it out and it may be used to find cable faults, although we have never had one that got by the eyeball detector. You have leased lines and you want a BERT? Again, not so useful. I find that leased lines are either up or down. It may be nice to verify that the error rate is such-and-such and beat on your carrier, but that is already a losing game. They won't do anything until the line is really dead. Again, a little humor there :-) --Kent England, Boston University