Date: Thu, 28 Mar 2002 11:10:07 -0700 From: Colin Harford <colin.harford@mail.su.ualberta.ca> To: <chip.wiegand@simrad.com>, <freebsd-questions@freebsd.org> Subject: Re: OT - network sniffing - is this what I need? Message-ID: <B8C8AA8F.981C%colin.harford@mail.su.ualberta.ca> In-Reply-To: <OF53FC5FD6.EBA64FC5-ON88256B8A.005AF2D5-88256B8A.005C9340@simrad.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/3/02 9:50 AM, "chip.wiegand@simrad.com" <chip.wiegand@simrad.com> wrote: > This isn't necessarily FreeBSD related, only partly. It's network > trouble-shooting related. > I hope you don't mind my posting here, it you're not interested, then > please disregard this > message and move on to other messages. >=20 > I have a situation at work where we think we may need to do some network > sniffing, packet=20 > tracing, something to figure out if one particular workstation's problems > are caused by the > network connection, hub, switch, nic, whatever. >=20 > Here's the situation - > Workstation1 is in the warehouse shipping dept. It scans product barcodes > into the ERP=20 > program - MAS200. The scanned-in numbers are automatically inserted into > the invoice and > a packing list is printed. The invoice then is handled by accounting. >=20 > The problem -=20 > Occasionally in the process above a line that was scanned will be dropped= . > That is, it will not > appear on the invoice, but will appear on the packing list. The product i= s > shipped, the packing > list shows all is well. The next day the invoice is processed, but missin= g > one item, but it may > not be noticed because the accounting people don't know what was supposed > to be on the=20 > original order, they just see what was generated from the scanning > station. This means product > goes out and we have no record of it, and get no money for it. Not good. > We have a consultant > for MAS200 here who wrote a report for the shipping guys to run that > supposedly shows what > lines, if any, were dropped. Then we can fix the problem so the dropped > lines are inserted into > the invoice and all is well with invoicing all the product going out. >=20 > So, that brings us to the job of determining why/where/how the lines are > being dropped. We > have been led to believe we need to do some sniffing on the network > connection at the work- > station (a winnt box) to see if the dropped lines ever get sent to the > MAS200 server (a winnt box). >=20 > Would using a sniffer be the best method of tracking down such a problem? > If so, any suggested > sniffers? If not, any suggestion for a better trouble-shooting method. I > have looked at ettercap, but > that looks like overkill, if it will even run. I have a 2 FreeBSD > workstations on the network I can do > the sniffing from. >=20 > Regards > -- > Chip Wiegand > Computer Services > Simrad, Inc > www.simrad.com > chip.wiegand@simrad.com >=20 > "There is no reason anyone would want a computer in their home." > --Ken Olson, president, chairman and founder of Digital Equipment > Corporation, 1977 > (They why do I have 9? Somebody help me!) >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To me it seems quite unlikely, that it would be a network related problem, but, it could very well be. In order to see everything on your network, your sniffer is going to have t= o be connected to everything. The best way would be to have a central hub (and no switches between the machines you want to look at) and have your FreeBSD station running on there. [There can not be any switches in the way between the two machines] So your feed would come to a hub, and connected to the hub is your freebsd sniffer, the nt scanner box and the nt database box. Your FreeBSD machine is then able to watch all packets sent to each of those machines. Of course, this is not really necessary, if a connection is being dropped b= y a physical error, running a series of pings between the machines (ie, buy NeoTrace) will show you if there is indeed packet loss. If you want to go with it, you may want to use something like Ethereal to watch the packets. I run it on my OpenBSD and FreeBSD machines to watch things, the nice thing about Ethereal is it can decode the packets. If you want to do it for long term, you may want to take the time and run somethin= g like Snort. =20 HTH, if you have any more questions, feel free to ask. Colin Harford =A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Systems and Network Administrator =A0=A0=A0=A0 Apple Product Professional =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =A0=A0=A0=A0 Computer and Network Support =A0=A0=A0=A0=A0=A0=A0=A0 University of Alberta Students' Union =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Phone: (780) 492-4241 =A0=A0Fax: =A0(780) 492-4643 http://www.su.ualberta.ca "I sense much NT in you, NT leads to Blue Screen. Blue Screen leads to downtime, downtime leads to suffering. NT is the path to the darkside." - Unknown Unix Jedi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8C8AA8F.981C%colin.harford>