NetXRay Protocol Analyzer and Network Monitor Installation Guide. Release 3.0

NetXRay Protocol Analyzer and Network Monitor Installation Guide Release 3.0

Network General, Sniffer, Distributed Sniffer System, SniffMaster and NetXRay are registered trademarks of Network General Corporation and/or its wholly owned subsidiaries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. All specifications may be changed without notice. 1997 Network General Technology Corporation. All rights reserved. September 1997 Part Number: 3037701

. About This Manual Preface This manual describes the new features that have been added to the NetXRay Protocol Analyzer and Network Monitor Version 3.0, and describes how to install or uninstall the product. Table i describes the organization of this manual. Table i. Scope of Each Chapter in this Manual Chapter Chapter 1, Introduction Chapter 2, Installation Contents Describes the product, its enhancements from the previous version, and notes a system requirement change. Describes system requirements, and install and uninstall procedures for Windows 95 and Windows NT 4.0. Technical Support Network General Technical Support is available from 6 a.m. to 6p.m. Pacific time, weekdays. Technical Support is available via telephone, FAX, FAX-on-Demand, TDD for the hearing impaired, Internet mail, electronic bulletin board, and the World Wide Web home page. Outside of support hours, you may leave a voice message. Our Technical Assistance Centers are located in California and the United Kingdom. If you purchased your Network General Corporation product from one of our International Distributors, you must contact that distributor for support assistance. Please review our World Wide Web site at http://www.ngc.com for information about contacting our International Distributors. Table ii describes the various ways to access Technical Support. Network General Corporation v

: NetXRay Installation Guide Table ii. Network General Technical Support Department North American and International, 0600 1800 (PST), Monday Friday Telephone Number (North America only) +1-800-395-3151 Telephone Number (other International) +1-650-473-2090 FAX +1-650-473-2540 FAX-on-Demand (North America) +1-800-764-3329 FAX-on-Demand (other International) +1-650-473-2690 Europe, 0730 1730 (GMT), Monday Friday Telephone - France (toll-free) 0800 90 72 91 Telephone - Germany (toll-free) 0130 81 92 37 Telephone - Switzerland (toll-free) 0800 55 00 29 Telephone - Europe - Voice +44 1753 827590 FAX +44 1753 827520 e-mail uk_support@ngc.com Worldwide TDD for the hearing impaired 650-473-2444 SniffNet BBS (300 to 28,800 bps) 650-327-3875 Internet Address World Wide Web (Internet) information support@ngc.com http://www.ngc.com World Wide Web You can obtain additional information about Network General and its products and services from the World Wide Web at http://www.ngc.com. Training Network General offers a comprehensive set of training courses focused on hands-on network analysis, monitoring, and vi Network General Corporation

Training troubleshooting using Network General products. Courses can be conducted at your site, at central locations throughout the globe, or at training centers in Menlo Park and Anaheim, California; Chicago, Illinois; and Atlanta, Georgia. For more information about these courses, contact your sales representative or call Network General Corporation. Network General Corporation vii

NetXRay Installation Guide viii Network General Corporation

Chapter 1 Introduction Network General s NetXRay Protocol Analyzer and Network Monitor is a powerful Windows 95- or Windows NT-based network management tool that lets you capture and decode network packets, monitor statistics, and simulate network traffic on your network. It supports networks running on Ethernet, Fast Ethernet (100BASE-T), Token Ring, and 100VG-AnyLAN topologies. NetXRay is designed to take full advantage of the Windows 32-bit multitasking feature. It runs concurrently with other Windows applications while maintaining high performance. Its ease of installation and intuitive windows user interface makes NetXRay simple to use. Packet Capturing and Decoding NetXRay is capable of capturing all packets at wire speed in 10 Mb Ethernet. When used with various addresses, protocols, and data pattern boolean filters, it allows you to capture and pinpoint network trouble areas accurately and effectively. The IP address filter provides a powerful means of capturing conversations between nodes that span across routers. NetXRay also comes with predefined sample filter definitions to assist you in creating custom capture filters. Packet capture supports saving packets to files in real time. With the capture trigger mode, it can be used to capture a large amount of network traffic based on a preset date/time or network event. NetXRay decodes all major protocols. It provides an SNMP decode to help you see standard and proprietary MIB OID names and enumerates symbolic names. NetXRay also supports SNMP over IP, IPX, and MAC. NetXRay supports custom decode plug-ins, a set of user-written Data Link Libraries (DLLs), which lets developers write their own protocol decode routines to Network General Corporation 1-1

NetXRay Installation Guide parse and display proprietary protocols within the NetXRay packet display framework. Viewing packets is easy with NetXRay. With multithread design to support decoding and displaying simultaneously, the packets display immediately after you open the captured buffer or file, no matter how large it may be. Protocols are displayed in color-coded summary, detail, and hex panes, and each may be individually sized and positioned. NetXRay s address book provides a method for associating hexadecimal hardware addresses with user-defined symbolic names. It is used in designing filters, displaying decodes, and viewing the host table and the matrix table. Monitoring Network Statistics NetXRay provides long-term traffic analysis in graphical format. It is capable of monitoring multiple network statistical variables concurrently, allowing you to predict future network needs and plan for them accordingly. Alarms are generated any time preset threshold parameters are exceeded, informing you of network exception conditions that may require immediate attention. NetXRay monitors and displays a network segment s packet rate, utilization, and error rate in real time. Statistical counters for all network detail parameters are maintained in memory and may be exported to Excel format for tabulation or charting. The host table maintains each network node s traffic statistics in real time. It keeps MAC, IP network, IP application, IPX network, and IPX transport-layer information in separate tables, and may be viewed in table, bar, or pie chart formats. The host table may be sorted by any statistical variable of your choice, in either ascending or descending order. The matrix table maintains network node pair conversation traffic statistics in real time. It keeps MAC, IP network, IP application, IPX network, and IPX transport-layer information in separate tables, and may be viewed in traffic map, table, bar, or pie chart formats. The matrix table may be sorted by any statistical variable of your choice, in either ascending or descending order. The traffic map provides a birds-eye view of network traffic patterns in real time. It gives a complete graphical presentation of the traffic pattern between network nodes. 1-2 Network General Corporation

Generating Traffic Load Generating Traffic Load The protocol distribution function reports network usage based on the network layer, TCP/IP application layer, and IPX transport-layer protocols. It can monitor IPX/SPX, TCP/IP, NetBIOS, AppleTalk, DECnet, SNA, Banyan and other protocols. It supports the TCP/IP Application Distribution function, which reports on the percentage or cumulated load of each TCP/IP application as part of TCP/IP traffic. NetXRay monitors popular applications, such as NFS, FTP, Telnet, SMTP, POP2, POP3, HTTP (WWW), Gopher, NNTP, SNMP, X-Window, and others. It also monitors IPX transport-layer protocols such as NCP, SAP, RIP, NetBIOS, Diagnostic, Serialization, NMPI, NLSP, SNMP, and SPX. Other protocols are grouped into an Others category. NetXRay s traffic generator is a great tool for application developers or anyone who needs to test network hardware and software components. NetXRay will play back captured packets one at a time or in a batch. Individual packets may be edited before transmission. To generate various traffic loads, you can modify the time delay between packets, or packets may be played back continuously. Since NetXRay allows transmitting and capturing packets simultaneously, you can perform both functions with a single system, saving you both equipment and desk space. Taking Advantage of Windows 95 and Windows NT Features NetXRay is written as a true Windows 95 or Windows NT application, including a Windows 95-compliant graphical user interface. It supports many advanced features including property pages, drag and drop, split windows, tab view, context menus, long file names, tool tips, and docking windows. Standard Windows 95 and Windows NT installation and uninstallation support are also included. Network General Corporation 1-3

NetXRay Installation Guide Since Windows 95 and Windows NT support true 32-bit multitasking, you are able to capture data, view multiple captured files, record network history, and monitor your network from NetXRay concurrently, even while running other applications. In fact, NetXRay is capable of capturing all data packets at the same time as it is generating traffic loads onto the network, a feature that rivals many higher-priced network analyzers. NetXRay s interactive Help function is tightly integrated into Windows 95 and NT environments and supports many advanced Help functions previously unavailable under Windows 3.1. New Features in NetXRay Version 3.0 New Feature Summary NetXRay Version 3.0 adds a significant amount of enhanced features that are the collective results of many users inputs and comments provided during the past twelve months. Network General appreciates your continuing support and help in making NetXRay a better product. This New Features section describes only those features that are missing or changed from the NetXRay Protocol Analyzer and Network Monitor User s Guide Version 2.5. If you want to know more about the basic operation of NetXRay, refer to the NetXRay Protocol Analyzer and Network Monitor User s Guide Version 3.0. New features in Version 3.0: The two-step installation of NetXRay on Windows NT has been combined into one. You are no longer required to go to the Control Panel to install the NETXRAY.SYS driver. IP, IP Application, and IPX Host/Matrix functions have been added. A new traffic map display has been added for MAC, IP, and IPX matrix. Utilization distribution and packet-size distribution analysis has been enhanced. A post-analysis function has been integrated as part of the packet viewer function. 1-4 Network General Corporation

New Features in NetXRay Version 3.0 System Requirement Change There is now support for sending SNMP traps from the Alarm Manager. There is now support for reading and writing Network General Sniffer 5.0 files and reading Sniffer 5.0 compressed files. NetXRay now decodes IP/LDAP. NetXRay includes full 4-digit year-dating for Year 2000 compliance. NetXRay Version 3.0 supports Windows NT 4.0 and Windows 95. Windows NT 3.51 and prior releases are no longer supported. Network General Corporation 1-5

NetXRay Installation Guide 1-6 Network General Corporation

Chapter 2 Installation System Requirements This chapter describes how to install NetXRay Version 3.0 on a Windows NT 4.0 or Windows 95 system. Separate installation procedures are provided for installing from floppy disks or CD-ROM. This chapter also describes how to uninstall NetXRay from your system. IMPORTANT: If you have already installed a previous version of NetXRay, uninstall that version before installing Version 3.0. Refer to Uninstalling NetXRay Software on page 2 3 for information about how to uninstall the software. The following system requirements are recommended for NetXRay Version 3.0. Intel-based industry standard computer with 80486 DX/50 processor (minimum); Pentium 90 or faster (preferred). DRAM memory: For Windows 95: 12 Mbytes (minimum); 16 Mbytes (preferred). For Windows NT: 24 Mbytes (minimum); 32 Mbytes (preferred). VGA color monitor, 640 x 480 16-color (minimum); 1024 x 768 256-color (preferred). Microsoft Windows 95 or Microsoft NT 4.0, Production Release Version A network interface card supporting an NDIS 1.2 (32-bit) driver, installed and operating with at least one network protocol (for example, TCP/IP, NetBEUI, or Microsoft IPX-compatible stack). CD-ROM drive or 3.5-inch, 1.44-Mbyte floppy disk drive. Network General Corporation 2-1

NetXRay Installation Guide Minimum 8 Mbytes of available hard disk space for NetXray programs. Installing a Network Interface Card If you have not already installed your network interface card, follow the manufacturer s instructions to install and set up the card for Windows 95 or Windows NT. There are no special set up requirements for using a network interface card with NetXRay. Installing NetXRay from Floppy Disks The following procedure explains how to install NetXRay on Windows NT 4.0 or Windows 95 from floppy disks. To install NetXRay on Windows NT 4.0 or Windows 95 from floppy disks: 1. Insert NetXRay Disk 1 into the floppy drive. 2. Click the Start button, then click Run... 3. Enter drive letter:setup, where drive letter is the physical drive letter where Disk 1 resides, and click OK. 4. Enter your name, company name, and the full 18 characters of your serial number including the two dash (-) characters. Click Next. NOTE: All 18 characters of the serial number are case-sensitive. You must enter them just as they are printed on the registration card. 5. Follow the instructions on your screen until NetXRay is installed successfully. Installing NetXRay from a CD-ROM The following procedure explains how to install NetXRay on Windows NT 4.0 or Windows 95 from a CD-ROM. 2-2 Network General Corporation

Uninstalling NetXRay Software To install NetXRay on Windows NT 4.0 or Windows 95 from CD-ROM: 1. Insert the NetXRay CD in the CD-ROM drive. 2. If Setup launches automatically, go to step 5. 3. If Setup is not launched automatically, click the Start button then click Run... 4. Enter drive letter:setup, where drive letter is the physical drive letter where the CD resides, and click OK. 5. Enter your name, company name, and the full 18 characters of your serial number including the two dash (-) characters. Click Next. NOTE: All 18 characters of the serial number are case-sensitive. You must enter them just as they are printed on the registration card. 6. Follow the instructions on your screen until NetXRay is installed successfully. Uninstalling NetXRay Software Use one of the following procedures to uninstall NetXRay from a Windows NT or Windows 95 system. IMPORTANT: You should uninstall a previously installed version of NetXRay before attempting to install an upgrade. Use the following procedure for uninstalling NetXRay (any version) from Windows 95 or NetXRay 3.0 from Windows NT 4.0. IMPORTANT: If you have NetXRay 2.5 installed on Windows NT 4.0, skip to the next procedure. To uninstall NetXRay from a Windows NT or Windows 95 system: 1. Select Control Panel from the Start button. 2. Double-click the Add/Remove Programs icon. 3. Select NetXRay. 4. Click the Add/Remove button to start removing NetXRay. 5. Click OK when uninstall completes. Network General Corporation 2-3

NetXRay Installation Guide 6. Restart your system. NOTE: NetXRay creates additional data files such as its Network Address Book or packet capture files that you have saved. It saves these files in its local directory. Since they do not exist during installation and are not registered by the Setup program, the Uninstall program will not be able to remove them. You must manually review and remove them. Use the following procedure to uninstall NetXRay 2.5 from a Windows NT 4.0 system. To uninstall NetXRay 2.5 from a Windows NT 4.0 system: 1. Select Control Panel from the Start button. 2. Double-click the Network icon. 3. Select the Service page. 4. Select NetXRay Driver and click Remove. 5. Click Yes to confirm. 6. Click Close. 7. Click Don t Restart Now when prompted by the Network Setting Changed dialog box. 8. Select Control Panel from the Start button. 9. Double-click the Add/Remove Programs icon. 10. Select NetXRay. 11. Click the Add/Remove button to start removing NetXRay. 12. Click OK when uninstall completes. 13. Restart your NT system. NOTE: NetXRay creates additional data files such as its Network Address Book or packet capture files that you have saved. It saves these files in its local directory. Since they do not exist during installation and are not registered by the Setup program, the Uninstall program will not be able to remove them. You must manually review and remove them. To uninstall NetXRay from a Windows NT 3.5.1 1. Select Control Panel from the Main group. 2. Click the Network icon. 2-4 Network General Corporation

Uninstalling NetXRay Software 3. Select Cinco NetXRay Driver from the Installed Network Software List box, click Remove. 4. A dialog box asks you for confirmation. Click Yes. 5. The Network Setting dialog box is now shown. Click OK. 6. A Network Setting Changed dialog box is displayed asking you to restart your NT. Click Don t Restart Now. 7. Go to the NetXRay group, click Uninstaller. NetXRay is now completely removed. 8. Restart your NT. NOTE: NetXRay creates additional data files, for example, Network Address Book, packet capture files saved, in its local directory. Since these files do not exist during installation and are not registered by the SETUP program into a log file, the Uninstall program will not be able to remove them. You need to manually review and remove them. Network General Corporation 2-5

NetXRay Installation Guide 2-6 Network General Corporation