NAI Sniffer triggers 2

[wybnormal]

Has anyone made a trigger for starting a capture on a broadcast storm alarm and then loop for all broadcast storms? I've tried a few ways but I can not get it to startup right and run for the 180 seconds after the inital catch.

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[SpenceP]

HI Mike,

Try the following...

1. Alter the Broadcast storm settings in tools>Expert Options>Alarms to an acceptable level depending on the speed of the network you are analysing.
2. Go to Capture>Define Filter. Create a new capture filter which saves to hard disk but captures everything. Set the buffer size to about 16Mb, this should be enough. Also make sure unique names is ticked.
3. Go to Capture>Trigger Setup. Click enable on both the start and stop triggers.
4. Click define on the start trigger. Click new and call it something like "Broadcast Storm". Click on alarms and check the Broadcast/Storm alarm. Click OK
5. In the start trigger change the Capture filter to the one defining in Num. 2
6. Click on Define on the stop trigger. Click new and call it "180 seconds". Click on Time and check the Stop after and change time period to 180 seconds. Click OK.
7. Click on repeat mode and this should now be ready to work.

Spencer Parker
Axial Systems

 

[wybnormal]

I'll try it today

Mike S "Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[wybnormal]

Spencer-

the trigger worked fine.. now I just have to convince the client their network really does perform worse then they thought ;-) Broadcast storms every 2-3 minutes.. gotta love IPX and IP trying to cohabitate on the same wire. Classic case of huge backbone, all flat and 10 1/2 at the desktop.. gee.. wonder why things are slow?

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[SpenceP]

HI Mike,

Glad to hear the trigger worked fine. The trigger is one of the most powerful features in Sniffer yet the documentation is very poor. The best tip I can give you with the trigger function is follow the flow diagram it shows and you should be fine.

Spence
Axial

 

[wybnormal]

Poor doesnt begin to describe the documentation of Sniffer. How they can charge what they do with the lousy docs is beyond me.

I can see I need to work with the triggering and get to know it better. It's a great feature and I can see many applications for it.

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[Guest_imported]

Might try Sniffer University to brush up those Sniffer skills

 

[wybnormal]

I did.. but the quality is very dependent on the instructor and where the class is at. In my case, we had several rank beginers and never made it to triggers except in passing enough so I'd remember later it was there

Mike S

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[SpenceP]

If people would find it useful, I'll write a Triggers FAQ for the site. I train customers at least once a week on this subject so I should be able to come up with a "Triggers Basics" guide fairly quickly.

Spencer Parker
Axial Systems

 

[wybnormal]

I vote for the FAQ !! I've done the same in the Cisco Forum as there certain things that constantly come up.

"good show..good show" ;-)

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin