Return-Path: Received: from fort-point-station.mit.edu by po12.mit.edu (8.9.2/4.7) id SAA10142; Mon, 4 Dec 2000 18:08:42 -0500 (EST) Received: from lists.wildpackets.com (lists.wildpackets.com [192.216.124.33]) by fort-point-station.mit.edu (8.9.2/8.9.2) with SMTP id SAA12121 for ; Mon, 4 Dec 2000 18:08:07 -0500 (EST) Received: from wildpackets.com by lists.wildpackets.com with SMTP; Mon, 4 Dec 2000 15:01:36 -0800 Mime-Version: 1.0 Message-Id: Date: Mon, 4 Dec 2000 15:01:58 -0800 To: "EtherPeek for Windows Maintenance" From: Janice Spampinato Subject: WildPackets DECEMBER 2000 Maintenance Mail - WIN Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: Precedence: Bulk List-Software: LetterRip Pro 3.0.7 by Fog City Software, Inc. List-Unsubscribe: Status: O X-Status: X-Keywords: X-UID: 5 X-Evolution: 00000005-0000 Dear WildPackets' Product Maintenance Owner: Thank you for your support for our product development efforts through your purchase of Extended Maintenance. Your purchase insures that you will receive the latest information on all WildPackets product developments through monthly maintenance newsletters and periodic emailings while your maintenance is in effect. Monthly maintenance news also provides access to the service folder, which houses product updates, upgrades, free utility software and more. As mentioned last month, we are pushing the full monthly maintenance email out to each of you, but also post the complete document to the maintenance area on our web site. In this way, you can always have access to the mail if you should lose or erase the email version. The December password to the maintenance area of our web site and to your service folder is "risotto". To get to the maintenance area of our web site, see our home page at http://www.wildpackets.com. There is a box in the support section that allows you to login to gain access to Maintenance Mail. The URL to access the service folder is ftp://service:risotto@ftp.wildpackets.com/root/service/. If you prefer to use an ftp client to gain access, please log on to ftp.wildpackets.com with the user id "service" and password "risotto". This will get you to the root directory and from there you'll be able to access the service folder. ============================================= SECTION 1. ETHERPEEK & TOKENPEEK * EtherPeek/TokenPeek Version 4.1 RELEASED! * EtherHelp v4.1 On the Way... * 802.11b Packet Analysis Position Statement * WebStats Analysis Module SHIPS! * NEW! Napster Plug-in * NEW! Internet Attack Plug-in * UPDATED Decoder and Plug-in SDK Updates AVAILABLE * Secure your Network with EtherPeek + iNetTools + CyberWallPLUS SECTION 2. WATCHPOINT * WatchPoint Lite(tm) FREEWARE * WebStats vs. WatchPoint SECTION 3. COMPLEMENTARY TOOLS * NetSense v4.05 UPDATE * ProConvert v2.31 UPDATE * NetDoppler (tm)...When Pinging is Not Enough! * PacketScrubber (tm) SECTION 4. TRAINING * Take our Training Self Assessment Quiz * 2001 Public Class Schedule * Maintenance Owner Training Discount * CNX2000 CERTIFICATION * T.E.N. Video Training Series SECTION 5. MARKETING AND E-COMMERCE * Net3 Group Acquired! * Maintenance mail now @ http://www.wildpackets.com SECTION 6. INTERNATIONAL NEWS * EXPONET Wrap-up * December Purchase INCENTIVES * WILDPACKETS TRAINING COMING! SECTION 7. TECHNICAL SUPPORT * Q&A - When I installed EtherPeek 4.1, why did it "nuke" my old version? - How do I get access to my old Name Table after upgrading to version 4.1? * NEW! TIP OF THE MONTH! The 6 Types of ARP * Web-based Technical Support Report Form * Writing your own Decoders and Plug-ins * Net-Troubleshooting Listserv and How to Subscribe * Net-Troubleshooting Searchable Archives * Networking Terms Glossary Available =========================================== SECTION 1. ETHERPEEK & TOKENPEEK =========================================== ETHERPEEK v4.1 RELEASED Thanks to many of you, we have a very stable and well-tested EtherPeek version 4.1 release ready and waiting for you at: ftp://service:risotto@ftp.wildpackets.com/root/service/epw/ THE PASSWORD TO EXTRACT THE EXECUTABLE IS "ayla.lynne". Your current v4.x serial number will launch the application, once extracted. Version 4.1 has several significant new features, including the ability to support web stats data collection through the new WebStats Analysis Module. A few other notable additions include: - Graphing of any Node, Protocol, or Summary Statistic over time. - Global Threshold Alarms now available for any Node, Protocol or Summary Statistic. - Greatly enhanced Statistics Output system allows exporting of statistics as XML, HTML, or Text based reports. - New Internet Attack Plug-in tests for LAND, Tear Drop, Gin, Jolt, Oversize IP, Pimp, Rip Trace, and WinNuke Attacks. - Napster traffic pinpointed through new Napster Plug-in. - Log File Stats bar shows number of entries by severity, and allows filtering of the log by severity. - New Sound Notification allows you to assign sounds to important network events. - IP subnet filtering using CIDR notation. NEW ETHERPEEK V4.1 PACKET DECODERS - CHAP - Challenge Handshake Authentication Protocol (RFC 1994) - IGMP - Internet Group Management Protocol v2 (RFC 2236) - ISAKMP - Internet Security Association and Key Management Protocol (RFC 2408) - MGCP - Media Gateway Control Protocol (RFC 2705) - PAP - Password Authentication Protocol (RFC 1334) - PPTP - Point to Point Tunneling Protocol (RFC 2637) - SIP - Session Initiation Protocol (RFC 2543) - SLP - Service Location Protocol (RFC 2608) - H.225 - Call signaling and media stream packetization (RAS) - NDS - NetWare 5 NCP Novell Directory Services - Napster For a complete list of decoders included with EtherPeek, please visit http://www.wildpackets.com/support/knowledge_base/etherpeek_win#1 TOKENPEEK v4.1 RELEASED TokenPeek has been released as well, with most of the additions specified for the version 4.1 release of EtherPeek above. Registered TokenPeek owners can download the software from the following URL: ftp://service:risotto@ftp.wildpackets.com/root/service/tpw/ THE PASSWORD TO EXTRACT THE EXECUTABLE IS "zefram.alan". Your current v4.x serial number will launch the application, once extracted. ETHERHELP V4.1 ON THE WAY The upgraded version of EtherHelp is currently making its way through our QA process and is expected to ship later this month. We'll send you email once we've placed the software in your service folder. 802.11b POSITION STATEMENT EtherPeek currently does not support 802.11b. However, we recently announced that we will be supporting 802.11b with a new product release in late 2000 or early 2001. This position statement is a start at defining our current palce in the market and where we intend to go from here. Wireless Packet Capture Details for Windows Users: 1. To capture packets, EtherPeek requires an NDIS 3 or higher driver. For adapters based on one of the following Intel (Digital) chipsets: 21040, 21041, 21140, 21142, or 21143, a user can install an Ethernet driver supplied by WildPackets that will enhance EP's ability to capture error packets. In either case, these Ethernet cards require that the driver support the "promiscuous" call aka "capture-all-frames-regardless-of-address." 2. Many of the wireless cards have NDIS 3 or higher drivers. However, we have found extremely limited support of promiscuous mode under the Windows platform. Without support for the promiscuous call the machine running EtherPeek may only able to capture packets that are addressed to the wireless machine running EtherPeek. We have also found that the latest Lucent drivers on some operating systems result in no packets being captured. 802.11b Details: 3. Wireless network traffic uses its own control protocol to transmit and receive data through the air. The typical 802.3 packet header is modified and/or prepended with additional data. This protocol also includes interactions to determine which RF channel, which base station to use (if any) and in general how to allocate the channel to the communicating participants. Some of these packets have no equivalent 802.3 counterparts. 4. An appropriate question to ask is: If you are capturing packets on 802.11b with a protocol analyzer, what packets should you reasonably expect to see? There are (at least) three possible answers: (a) Only the packets transferring in and out of the wireless machine running the protocol analyzer software. (b) All the packets that are being transmitted on the same RF channel that the machine running the protocol analyzer is connected. (c) All the packets on all the RF channels on the air in the vicinity of the machine running the protocol analyzer. In case 4(c) above, this mode is sometimes referred to as "RF monitor mode." Depending upon the vendor implementation, the data content in the captured packets may be encrypted. Each of these three possibilities in (4) also has two options: to include the 802.11b headers and control information or to ignore this data and make the packets look just like 802.3 Ethernet packets. WildPackets is committed to providing a comprehensive solution to support 802.11b that will include 802.11b headers and control information as well as possibly other 802.11b-specific features in the near future. NEW WEBSTATS ANALYSIS MODULE NOW SHIPPING! WebStats, the first in a planned series of Analysis Modules, enables you to use EtherPeek to go beyond packet capture and inspection to analyze the dataflow that represents your internet presence and to acquire vital statistics for the TCP client/server transactions on your network. WebStats, an EtherPeek upgrade option that can be ordered now, requires IE 5.0 or later. Maintenance owners receive a 20% discount from the $595.00 USD SRP. NAPSTER PLUG-IN WITH ETHERPEEK V4.1 A new Napster Plug-in with a list of common Napster ports (user-configurable through the Plug-in Options Dialog) is shipping as part of the new EtherPeek v4.1 release. The Plug-in sends informational notifications when it sees Napster login, search, or download packets. It also keeps Summary Stats for those same items (number of logins, searches, and downloads) plus total packets and bytes used by Napster. This is all made more useful by the fact that you can graph or make alarms based on these statistics. So, if you want EtherPeek to tell you who is responsible for putting Napster traffic on your network and provide bandwidth utilization for same, check out this new Plug-in! INTERNET ATTACK PLUG-IN A new Internet Attack Plug-in ships as a standard part of the version 4.1 release of EtherPeek. This Plug-in replaces the LAND Attack and Oversize IP (Ping of Death) Plug-ins that have previously shipped with EtherPeek. Please see the list of features associated with the 4.1 release above for an idea of the various attacks that can be detected with this new Plug-in. NEW DECODER AND PLUG-IN SDKS Updated Decoder and Plug-in SDKs for EtherPeek v4.1 are now available from: ftp://service:risotto@ftp.wildpackets.com/root/service/epw/ SECURING YOUR NETWORK WITH ETHERPEEK+iNETTOOLS+CYBERWALLPLUS Network-1 Security Solutions, Inc. and WildPackets are promoting the combined use of EtherPeek and iNetTools with Network-1's CyberwallPLUS suite of security products to provide an all-inclusive solution for securing multi- protocol, internal networks. By combining EtherPeek, iNetTools and CyberwallPLUS, network administrators can: * continuously test and verify network security policies * generate real-time alerts for security breaches * revisit network security and perform regular audits To learn more about CyberWallPLUS, please visit http://www.network-1.com. =========================================== SECTION 2. WATCHPOINT =========================================== WATCHPOINT LITE(tm) FREEWARE READY AND WAITING! WatchPoint Lite, a powerful freeware product that offers real-time web server monitoring, is now shipping. Ideal for small to medium-sized organizations who host their own servers, WatchPoint Lite's in-depth HTTP and FTP analysis and reporting capabilities are borrowed from WildPackets' complete site performance and usage monitoring system, WatchPoint. The freeware version gives businesses a comprehensive view of internet traffic patterns and web site performance, including critical information on visitors, page views, downloads, server performance, network usage and more. WatchPoint Lite Freeware is available from the WildPackets' web site now. To download a copy, please visit http://www.wildpackets.com/demos/. WEBSTATS VS. WATCHPOINT In discussing WebStats and WatchPoint with customers, questions often arise about the differences between the two products. To address these questions, we have created a comparative matrix of the information delivered by each tool, which is included here. WatchPoint WebStats Analysis Reports X X Summary Stats X Server Comparisons X All Network Statistics X Network Response Times X Server Response Times X X Domains X X Referrers X Referrer Errors X X Error Types X Rejected Connections X X Error Pages X X Top Entry Pages X X Aborted Server/Client Transfers X Status Codes X X Unique IP Addresses X X General Transactions X Transaction Database X By Method Transactions X X Page Hits Per Hour X X Resource Hits Per Hour X X Transactions Per Hour X Configurable Time Windows X Path Tracking X X IP Tracking X Browser Types X X Visitors X Transactions by MIME Type X CGI Variables X Profiles X X WP Export X Multiple Domains Per Server X X Users Security Profiles X X HTML Output X XML Output X CSU Output =========================================== SECTION 3. COMPLEMENTARY TOOLS =========================================== NETSENSE v4.05 UPDATE NetSense version 4.05, a "WildPacket-ized" update release of the software featuring some additional product capability and minor bug fixes, is now shipping. Registered NetSense owners can download from: ftp://netsense:pompei@ftp.wildpackets.com/root/netsense/. Your existing license key will launch the new release. A complete list of product feature additions and fixes is included in the Readme that accompanies the update. If you are not a NetSense Maintenance owner but are interested in becoming one, you can purchase maintenance for one or two years and receive product upgrades and updates as one of your maintenance benefits. NetSense 12-month Extended Maintenance = $125.00 NetSense 24-month Extended Maintenance = $200.00 To order NetSense maintenance, please contact marjorie@wildpackets.com. For those of you new to the product, NetSense analyzes all communications included in an EtherPeek or TokenPeek packet trace, and provides: * ProblemFinder Expert Help System * Rules-based Client/Server Transaction Analysis * Error Packet Analysis * Ethernet Fragment Analysis * Protocol Utilization Maps, Charts and Graphs * Ethernet and Token Ring Problem Analysis * Global Statistics * Top 10 Lists * Network Latency Measurements * Application Throughput Analysis * Visual Packet Displays * A "What If" Feature that allows you to predict application load/response times under varying conditions (different LAN/WAN bandwidth, more). NetSense for EtherPeek/TokenPeek is $476.00 for maintenance owners (SRP $595.00), and can be purchased directly from sales@aggroup.com. NetSense product information, demonstration software, FAQ, and a .PDF version of the NetSense Guide are available from http://www.wildpackets.com/netsense/. PROCONVERT v2.31 ProConvert version 2.31, a minor update release that addresses a slicing problem when writing to tcpdump, is now shipping. Registered ProConvert owners can request the new version and password to extract the executable by sending email to marjorie@wildpackets.com. For those of you new to the product, ProConvert takes packet traces from a variety of packet analyzers and converts them to/from "Peek" format, allowing you to view packets captured on a different analyzer with EtherPeek, TokenPeek or NetSense. ProConvert for EtherPeek/ TokenPeek is $99.00 (SRP $295.00) for maintenance owners and available directly from sales@wildpackets.com. FOR A COMPLETE LIST OF THE PACKET FORMATS THAT PROCONVERT IS ABLE TO CONVERT TO/FROM PEEK FORMAT, PLEASE VISIT OUR KNOWLEDGE BASE AT http://www.wildpackets.com/support/knowledge_base/proconvert NETDOPPLER...WHEN PINGING IS NOT ENOUGH! NetDoppler is a powerful, Windows-based utility that performs route discovery, latency tests, and throughput tests to remote hosts. NetDoppler builds a tree of IP nodes representing the packet path and is ready to perform serious testing and baselining from the moment you install it. There's no need for specialized software such as SNMP or remote monitoring agents! NetDoppler utilizes several features of the ICMP Echo (Ping), IP, and DNS protocols to perform a variety of tasks and tests on remote hosts, and provides extensive statistics and graphing functions to easily interpret your results. Unique to NetDoppler is the ability to perform throughput tests based on both a single packet as well as packet streams to a remote host and back. This allows you to test the effect of latency on a client/server application that sends a single packet and receives a single reply (i.e. a 1:1 command/reply window) vs. an application that is able to send and receive multiple packets in succession to "fill the pipe" between the client and server. NetDoppler is now available for purchase through the WildPackets' Web Store. The price for the utility is $149 USD. For more information and a demonstration version of the software, please visit the product pages at http://www.wildpackets.com. NEW! PROTECT YOUR PACKET TRACES WITH PACKETSCRUBBER(TM) PacketScrubber is a new utility that removes sensitive or confidential data from frames within your protocol analyzer's saved trace files. Selected data is changed to "null data" (all zeros) allowing you to send your trace files outside of your organization for analysis or troubleshooting purposes. PacketScrubber contains SmartScrub(tm) technology, allowing you to scrub frames on a selective basis. SmartScrub has the ability to scrub layer by layer and protocol by protocol. If you want to scrub the entire DLC frame, leaving no network layer or higher layer information at all, SmartScrub affords you that capability. If you want to only scrub your file transfers, then SmartScrub allows you to only change FTP packets. For IP packets, you also have the option of translating your IP addresses to the default private class address range (as recommended by RFC 1918) or any address of your choosing. PacketScrubber is now available for purchase through the WildPackets' site. To order, please visit the product pages at http://www.wildpackets.com. The price for the utility is $99 USD, regularly $169 SRP. =========================================== SECTION 4: TRAINING =========================================== TAKE OUR TRAINING SELF-ASSESSMENT QUIZ To help determine which WildPackets training class suits your level of experience, we've put together a Self Assessment Quiz which consists of 23 questions broken into 4 sections (one for each class level) that can be downloaded or taken on-line. Please visit to take the quiz, and then let Stephanie Temples (stephanie@wildpackets.com), our Training Coordinator, help you through the registration process for the class (or classes) that will work for you! 2001 PUBLIC TRAINING CLASS CALENDAR Santa Clara, CA WP-100, Feb. 5-6 Santa Clara, CA WP-101, Feb. 7-9 Santa Clara, CA WP-103, Feb. 12-13 Santa Clara, CA WP-104, Feb. 14-16 San Diego, CA WP-100, Mar. 5-6 San Diego, CA WP-101, Mar. 7-9 San Diego, CA WP-103, Mar. 12-13 San Diego, CA WP-104, Mar. 14-16 San Francisco, CA WP-100, Apr. 16-17 San Francisco, CA WP-101, Apr. 18-20 San Francisco, CA WP-103, Apr. 23-24 San Francisco, CA WP-104, Apr. 25-27 Boston, MA WP-100, May 14-15 Boston, MA WP-101, May 16-18 Boston, MA WP-103, May 21-22 Boston, MA WP-104, May 23-25 Walnut Creek, CA WP-100, Sept. 10-11 Walnut Creek, CA WP-101, Sept. 12-14 Walnut Creek, CA WP-103, Sept. 17-18 Walnut Creek, CA WP-104, Sept. 19-20 Los Angeles, CA WP-100, Oct. 15-16 Los Angeles, CA WP-101, Oct. 17-19 Los Angeles, CA WP-103, Oct. 22-23 Los Angeles, CA WP-104, Oct. 24-26 Raleigh, NC WP-100, Nov. 5-6 Raleigh, NC WP-101, Nov. 7-9 Raleigh, NC WP-103, Nov. 12-13 Raleigh, NC WP-104, Nov. 14-16 **************************************************** **MAINTENANCE OWNERS RECEIVE A 10% TRAINING DISCOUNT** **************************************************** CNX 2000 CERTIFICATION WildPackets, Sniffer Technologies, Agilent, and Optimized Engineering Corporation, among other leading network management vendor organizations, have joined together to form a consortium to update and expand the Certified Network Expert (CNX) program. This program certifies IT professionals in the management of next generation, high-speed networking and application technologies. Major vendors and their customers recognize the need for a standardized certification program such as CNX that measures and documents the level of expertise of their networking staff and other professionals they may consider hiring. For information about CNX 2000 certification, please visit http://www.cnx.org. T.E.N. REMOTE VIDEO WORKSHOP SERIES WildPackets offers a comprehensive, self-paced, video-based training program geared specifically for the IT Professional. The T.E.N. (Technology, Engineering, Networking) Program has been developed by our training partner, O.E.C., with the intent of providing an in-depth, self-paced training series for those: * new to packet and network analysis needing to understand basic networking and protocol fundamentals before attending a WP Public or on-site class. * wishing to reinforce the education gained from a WP Public or on-site training. * looking for a specific path to prepare for the industry- standard CNX (Certified Network Expert) certification. WHO WOULD BENEFIT FROM THIS VIDEO WORKSHOP PROGRAM? * Any Network or IT Professional who uses, or needs to understand, network and protocol analysis in order to do their job. * Education, training and certification entitlements are becoming key factors in attracting and retaining IT talent. This comprehensive program gives a Training, Human Resource or IT Manager the means of providing a variety of convenient and effective methods for delivering in-depth instruction in a cost- and time-effective manner to their IT staff. For a complete outline of the video series content, please visit http://www.wildpackets.com/training/ =========================================== SECTION 5: MARKETING AND E-COMMERCE NEWS =========================================== NET3 GROUP NOW PART OF WILDPACKETS, INC.! Net3 Group, developers of NetSense, ProConvert, NetDoppler, PacketScrubber, the IP Subnet Calculator and the Network Calculator, was recently acquired by WildPackets, Inc. Our new combined company would like to invite you, your staff, your colleagues, your friends, and anyone else who might be interested, to visit http://www.wildpackets.com, register there, and receive a FREE copy of the latest release of the IP Subnet Calculator for your efforts. If you choose, you can go on to complete our network management survey form and receive, in addition, a FREE 3-in-1 Network Calculator and register to win a fabulous WildPacket's T-shirt! While at the site, please peruse our new product pages for NetSense, ProConvert, NetDoppler and PacketScrubber, check out WebStats, Training Classes et al, and download any demos that might be of interest. YOUR MONTHLY MAINTENANCE EMAIL ON THE WEB Please visit http://www.wildpackets.com to login and get the latest edition of your monthly maintenance email. Enter "service: for the userid and "risotto" for this month's password, and this month's maintenance email contents will be available to you. =========================================== SECTION 6. INTERNATIONAL NEWS =========================================== EXPONET WRAP UP Exponet, an international trade fair and convention for networking technology, enterprise computing, internet and telecommunications took place November 21-23 in Cologne, Germany. WildPackets joined our German distributor, Brainworks and garnered hundreds of leads for EtherPeek for Windows, NetSense, WebStats, WatchPoint and our new products through live product demonstrations held in the booth. Most visitors at the show were amazed by the new v4.1 features, by the extensibility of the EtherPeek platform through WebStats and other add-in tool use and the affordability of our product offerings. INCENTIVES FOR DECEMBER New product bundle incentives are coming your way this month for orders placed through our international partners only. Please watch your mail and take advantage of these offers while they are in effect! Tania Traboulsi (tania@wildpackets.com) can disclose all incentive details and help you process orders. WILDPACKETS, INC. TRAINING GOES GLOBAL! WildPackets is now able to offer our training courses to an international audience with the recent appointment of Horizon-MTS as our training partner-distributor for the European markets. Horizon-MTS is the largest technical training company in the U.K. with offices spanning the pan-European market. They work exclusively in the networking market. Along with training, they will be a distributor for EtherPeek as well. Please check their web site for a further explanation of who they are and what they do. We are pleased to have them join us as one of WildPackets' global team of Partners! =========================================== SECTION 7. TECHNICAL SUPPORT =========================================== TECHNICAL SUPPORT Q&A Q. When I installed EtherPeek 4.1, why did it "nuke" my old version? When I could not find my serial number in an emergency situation, I would have liked to use my old version until I could locate my 15-digit serial number. A. You must have missed a new screen which was added to the EtherPeek for Windows installer. If it detects that you have any prior versions of EtherPeek installed, it asks "Uninstall previous version?" The default is Yes. Q. I followed the 4.1 install instructions and un-installed 4.02 before installing 4.1. Based on the following statement I did not create a new back-up of my name table or filter table. "To save your existing name table and filter settings from your previous 4.0 version of EtherPeek, you do not need to do anything. These settings files are stored in the system's Application Data folder and are not removed during un-install." I have 4.1 up and running, however, I do not have access to by name table. I noted that 4.1 is in a new directory structure. Did I miss a step associated with the directory structure change? Any advice on how to get access to my name table as it existed just before I started the install procedure would be a big help. A. Fortunately, the Application Data\AG Group\EtherPeek\4.0 directory is not deleted when you uninstall, and it includes your 4.0.x files for your name table, filters, and global log. The default location of the Application Data folder is different for different operating systems. Windows 95/98 - default location is C:\Windows\Application Data. Windows Me - default location is C:\Windows\Profiles\(username)\Application Data. Windows NT 4.0 - default location is C:\Winnt\Profiles\(username)\Application Data. Windows 2000 - the default location is in a directory in the root drive where the operating system is installed (typically C:\) with the pathname: Documents and Settings\(username)\Application Data. For example, the application data for the Administrator of an NT 4.0 system would be cached in: C:\Winnt\Profiles\Administrator\Application Data \AG Group\EtherPeek\4.0. You can get back your old names/filters in either of these two ways: 1. Launch EtherPeek 4.1 at least once and quit so that the Application Data directory for WildPackets 4.1 EtherPeek is set up. Then move the Names.nam and/or Filter.flt from the old Application Data area in Application Data\AG Group\EtherPeek\4.0 to their new location in Application Data\WildPackets\EtherPeek\4.1. Note the differences in the path are WildPackets (not AG Group) and 4.1 (not 4.0). You may also do this for the global log file, Peek.log. - or - 2. Launch EtherPeek 4.1 and go to View/Name Table or View/Filters and click on the Import button. The files are not in the default location where you installed EtherPeek; you will need to navigate to the Application Data folder. Duplicate entries will automatically be ignored when importing names, but it is necessary to manually delete the default 4.1 filters before importing the 4.0.x filter file. If you do not do this, you will have duplicate filters. TIP O'THE MONTH - THE SIX ARP TYPES Did you know that there are six variations of the Address Resolution Protocol (ARP)? Understanding the different types can be very useful when troubleshooting address resolution problems on your network. ARP runs directly inside a frame, not over IP or any other higher layer protocol. Classic ARP - This is the one that you're probably most familiar with. It is used when a node knows the IP address of another device on it's subnet, but doesn't know the device's MAC address. For example, a workstation needs the MAC (physical) address of its default gateway (router) and sends an ARP broadcast packet containing the default gateways IP address as the destination protocol address. The gateway responds (hopefully), returning its MAC address. Gratuitous ARP - Ah yes, those "gratuitous" or unsolicited ARPs sent on a periodic basis by nodes to let other nodes know that they are still there. This helps prevent the other node's ARP cache from aging out the entry of the gratuitous sender. You can tell if it's a gratuitous ARP by looking inside the packet and seeing if both the source protocol address and destination protocol address are set to the node's IP address. DHCP ARP - Relatively "new" (RFC 2131), this is the ARP you SHOULD see sent by a workstation after it obtains an IP address from a DHCP server. The workstation double checks to see if any node (at least within it's DLC broadcast domain) already has the IP address. You can discern this ARP packet type by looking at it with your protocol analyzer and seeing if the workstation sets the source protocol address to 0.0.0.0 and the destination protocol address to it's own IP address This prevents other listing devices from updating their ARP cache just in case a different node already has it. Unfortunately many platforms, including all Windows versions through Windows 2000, send a Gratuitous ARP after DHCP, which could update listening nodes with the wrong MAC address in the event of a duplicate IP address. Inverse ARP - The opposite of ARP, allows a node to find an IP address associated with a known MAC address. You usually won't see too many of these in a LAN, but more so in a "WAN" that connects two or more LANs. For example, in Frame Relay, IARP is one way to map data link circuit identifiers (DLCI)-to-IP. Reverse ARP - Used primarily by diskless workstations. In this case, the sent ARP packet will contains the workstation's MAC address in both the sender and recipient hardware address fields. In this case, there must be an RARP server to return an IP address to the workstation. Because RARP can not return other critical IP information such as the subnet mask or default gateway, we rarely see RARP used anymore. Diskless workstations will now use BOOTP or DHCP. UnARP - Still experimental (see RFC 1868), but a technique to immediately age-out listening ARP caches when a node removes itself from the network. The packet (sent as a response packet, not a request packet) will contain the sender's IP address but have the source and destination MAC addresses TECHSUPPORT REPORT FORM AT WWW.WILDPACKETS.COM When you need to address a technical support issue with one of our tech support staff and are not in an emergency situation, please use the new Tech Support Reporting Form available at http://www.wildpackets.com/support/. You can also use this form to report product anomalies or request product enhancements. NET TROUBLESHOOTING ON-LINE FORUM Have a network problem you can't solve? Seen a packet you can't identify? Is your printer, router or server doing odd things to your network? Do you need somewhere to turn for some informed, expert advice? Then join the WildPackets' net-troubleshooting e-mail list and post your question to an audience of over 1,000 of your networking professional peers. To SUBSCRIBE TO NET-TROUBLESHOOTING@WILDPACKETS.COM, send an email to net-troubleshooting-on@lists.wildpackets.com. NET-TROUBLESHOOTING SEARCHABLE ARCHIVES Net-Troubleshooting archives are now accessible from http://www.wildpackets.com/support/network_central/listserver. NETWORKING TERMS GLOSSARY Check the reference folder in your service directory for a Networking Terms Glossary and help yourself to a copy! ----- To unsubscribe, please send a message to EPW_Maint-off@lists.wildpackets.com.