good Sniffer Pro resources?

i have to take an "nai.com" Sniffer trace next week.

issue is that there's a network clash of a unix box that is being marked for Cisco QOS.

since this is 1st instance of tracing this, i'm not sure what to look for in the decode log.

the program's help file sucks.

stephen

sniffer pro is no different than ethereal, or any other packet capture program..

Span the port the unix box is on to another, setup the sniffer PC on that port, and then pull a trace...

If you believe the issue to be further downstream of the switch the unix box is on, you would need to move the sniffer to a more advantageous position..

If you want I could post or email the method used to filter out just the traffic coming out of the unix box, or filter based on two devices..

packet-level.com has alot of sniffer stuff, I have other stuff I could make available too on how to use it..

what exactly is the problem, and what are you hoping to be able to capture and see ?

Learning how to use Sniffer Pro and learning what to look for in the decode logs when troubleshooting are two totally different things.

Figuring out SnifferPro is not that hard. Just play around with it for 4-5 hours...I'm sure you'll get the hang of it. Make sure you learn how to use the display filter.

I would suggest using the majority of your time to learn as much as you can about what you are actually trying to see. If you understand the step-by-step procedure of what's supposed to happen, figuring out what's wrong is much easier. Also, it'll give you a better idea where to place your sniffer, or if one would be of any benefit at all.

"issue is that there's a network clash of a unix box that is being marked for Cisco QOS."

I don't understand what you mean. The Unix box isn't getting the expected network priority?

i know how to use it.

just need to know what to look for when we recreate the issue.

Cisco QOS is being installed on this computer. Something goes wrong and this computer loses network connection. will check layer 1 connections. will check each interface for errors between the server and switch.

i have to travel there, and haven't been totally filled in on what exactly has gone wrong. most people are out for vacation.

stephen

Looking for interface errors and other "sh int" anomolies is the first thing I'd check. It might be a good idea to run an MRTG-type graph on the interface connected to the server. If the connection dies at a specific time or consistant intervals, it might give a clue to the problem. I can't see how Cisco QOS would kill a connection though. This might be a case where the staff is blaming the problem on the technology they know the least about.

as always, whenever there's an issue that could be network related, i have to take a trace. as long as i prove out my network to be good.

it's the 1st deployment, and there is some type of incompatibility between QOS and this server's OS.

i'll find out more tomorrow.

thanks for packet-level.com.

stephen