Some info taken from the release notes:
These Service Pack release notes describe the fixes provided with Sniffer Portable 4.7.5 Service Pack 2 (build number 4.70.537).
Service Pack 2 includes all the new features provided with the original Sniffer Portable 4.7.5 release, as well as those provided with Service Pack 1. New features from the original 4.7.5 release are listed and described in, "New Features in Sniffer Portable 4.7.5," below. New features from Service Pack 1 are listed and described in, "New Features from Service Pack 1," below.
=======================================================================
New Features from Service Pack 1
This Service Pack release includes all of the new features provided with Service Pack 1, as follows:
When viewing the settings for a display filter, you can now view filter names of more than 20 characters in length by placing the cursor over the filter name in the Capture Profiles dialog box or the Define Filters dialog box. (CQ# 20583)
When viewing a trace file, a new Time Search option allows you to do a textual search in the Relative, Delta, or Absolute time columns of the trace file. (CQ# 20581/20586)
When viewing a trace file from the Expert tab, you can now export data in HTML format from Host Table, Matrix Table, Protocol Distribution, and Statistics views. (CQ# 20573)
You can now set the default tab in the Host, Matrix, Protocol Distribution, and Global Statistics Monitor displays. The last selected tab will be the one displayed when the window is reopened. (CQ# 20575)
When viewing the Summary pane of a trace file, enhanced Print to File options now give you greater control of the columns to be printed as follows: (CQ# 20571/20587)
A WYSIWYG (What You See Is What You Get) view allows you to print columns exactly as you see them on screen.
You can drag and drop columns across the screen to print according to the on-screen order.
Using the Display > Display Setup > Summary Display tab, you can now specify exactly which columns you want to print in your Summary pane printout (columns included in the Summary pane display are also included in the printed output).
In contrast to previous releases, the Relative Time and Absolute Time fields can now be included in exported Summary pane output (if they are included in the Summary pane using the options in the Display > Display Setup > Summary Display tab).
The Summary pane details can now be printed regardless of length.
You can now select or deselect entire protocol families from the Advanced tab on the Define Filter dialog box. (CQ# 20576)
=======================================================================
What this Service Pack Fixes
This Service Pack resolves the following issues:
In certain cases, applying a Packet Type filter set up to capture or display only errored frames could cause Sniffer Portable to stop functioning. A Packet Type filter of this variety would have the Normal option in the Define Filter > Advanced tab > Packet Type list unchecked. (CQ# 16525)
When using Sniffer Portable with the Gigabit Ethernet adapter, the Channel Filters in the Define Filter > Gigabit Ethernet tab were not operating correctly. (CQ# 17129)
In certain cases, the data in the Expert's Hierarchical Tree pane would not update automatically after the objects in the Expert's Summary pane were resorted. (CQ# 19133)
Saving a trace file in the .ENC format caused dates in the saved data to slip by one day. (CQ# 19437)
Mouse-over functionality for the In Pkts and Out Pkts columns in the Host Table was not working. Allowing the cursor to hover over entries in these columns now displays a popup of the current value as it should. (CQ# 23510)
In certain cases, attempting to decode BGP traffic could result in blank displays in the the Decode tab's Summary and Detail panes. In addition, CPU usage could spin up to 100%. (CQ# 23561)
When using Sniffer Portable with the Gigabit Ethernet adapter, Hardware Address capture filters sometimes accepted traffic from MAC addresses other than those specified by the filter. (CQ# 23613)
LDAP Continuation Frames were mistakenly being decoded as continuations of missing frames. (CQ# 24103)
Under certain circumstances, the Detail pane in the Display window's Decode tab would appear blank for frames over 600 bytes in length. (CQ# 24420)
Fixes from Service Pack 1
In addition to the fixes listed above, this Service Pack also includes all the fixes provided with Service Pack 1:
Summary pane data printed to a file in CSV format contained a carriage return after the Relative Time field. This caused a single line of Summary pane data to appear on two lines when imported into a spreadsheet. (CQ# 14860)
If frames were missing from a multi-frame HTTP Reply, Sniffer Portable would mistakenly report "Continuation of missing frame" errors in the Detail pane for subsequent replies. When this occurs now, Sniffer Portable reports that the amount of data captured for a given HTTP reply is less than the amount of data expected based on the Content-Length field. Also, the "Continuation of missing frame" errors are no longer generated for subsequent replies. (CQ# 14981)
When displaying decoded data captured using the ATMbook, delta times for ATM cells were occasionally reported incorrectly, causing the mistaken impression that the individual cells making up a frame arrived out of order. (CQ# 16943)
Although Sniffer Portable decoded the first CIFS Write AndX frame in a trace file or buffer correctly, subsequent Write AndX frames were not decoded correctly. (CQ# 16987)
Large LDAP frames were not completely reassembled and decoded. (CQ# 17939)
Retransmitted TCP frames used to be flagged as such in the Summary pane of the Decode display. This feature was inadvertently removed and has since been restored. (CQ# 17982)
A retransmitted TCP frame now appears in the Summary pane with the following text:
"TCP: Retransmitted in frame xxx; yyy bytes of data."
The Expert alarm display for the Disassociation alarm included a misspelling. (CQ# 18155)
The Expert would not generate symptoms for retransmissions. (CQ# 18369)
Retransmitted frames were only decoded up to the IP layer. (CQ# 18445)
The Expert was not generating the Fast Retransmission alarm for fast retransmissions. (CQ# 18531)
Sniffer Portable would not decode SMB C Write Block Response Code 0x1F. (CQ# 18533)
The Sniffer Portable documentation did not state that Expert analysis is not available for the SDLC, X.25, or SMDS protocols. This is now stated in the Protocol Interpreters topic in the Sniffer help files (CQ# 19048)
SnifferBooks using the ISDN BRI module to monitor an ISDN BRI-U circuit may experience unacceptably long activation times when connected to certain makes/models of ISDN routers. The Sniffer Portable application reports clock loss prior to successful completion of line activation on the ISDN BRI U interface. This failure to activate the ISDN BRI U interface has been determined to be related to signal strength on the short side of the monitored circuit. An ISDN BRI U interface line attenuator has been developed to provide an additional line load on the short connection between the SnifferBook ISDN BRI module and either the NT1 or LT, depending on the placement of the SnifferBook within the circuit. This anomaly only affects ISDN BRI circuits using the U interface. Monitoring of ISDN BRI circuits using the S/T interface does not experience this problem. Additionally, the SnifferBook firmware has been modified to further improve activation times in conjunction with the use of the ISDN BRI-U line attenuator. These firmware changes alone are insufficient to reliably improve activation times. These firmware changes were first released in Sniffer Portable 4.70.04. (CQ# 19064)
In certain situations, Sniffer Portable was unable to decode CMIP traffic correctly. In particular, Sniffer Portable would interpret some frames as continuations of previous CMIP messages instead of as entirely new CMIP messages. (CQ# 19450)
In certain situations, Sniffer Portable was unable to reassemble SMB messages spanning multiple frames correctly. (CQ# 19577)
Sniffer Portable was unable to detect CMIP Abort messages when analyzing WAN traffic. (CQ# 19711)
Certain trace files would appear with blank entries in the Summary pane and could cause unstable performance. (CQ# 20112)
Using the Display > Find Frame command to search for frames in very large trace files could cause the system to become unstable. (CQ# 20212)
When scrolling through frames in the Summary pane, blank entries in the Summary and Detail panes could cause unstable performance. (CQ# 20893)
In certain cases, using the File > Print > Print to file option on a trace file including a frame which the Sniffer Portable was unable to decode could cause the application to stop functioning. (CQ# 20896)
Using the Any symptom/diagnosis string option in the Expert tab of the Display > Find Frame dialog box to search for an Expert alarm in the Decode display could cause the application to stop functioning. (CQ# 20910)
When creating a custom Multiple History Sample, the dialog box listing statistics available for inclusion in the History Sample would mistakenly include six 802.11b Unused entries. (CQ# 21159)
The driver provided for Xircom network adapters in Windows 98 SE was named incorrectly, preventing it from installing correctly. (CQ# 21162)
When in endstation mode with Autonegotiation enabled, a Xyratex card could fail to consistently link up to a Cisco 6509 series switch GBIC port. The Link LED on the Cisco 6509 could blink or fail to come on. (CQ# 21214)
When using the ATMbook with an OC-12 MMF PHY, the ATM 1 OK and ATM 2 OK LEDs were reporting their status incorrectly when cables were not connected to the PHY. (CQ# 21577)
NOTE: You must upgrade the ATMbook firmware for this fix to be applied. See the ATMbook documentation for instructions on how upgrade the ATMbook firmware.
NCP fragmented frames were incorrectly decoded as "continuation of missing frame." (CQ# 21595)
Unknown Command Code Reply for NCP appears on different segments of a Load Balance network. (CQ# 21596)
In some cases, the Decode display does not indicate when there are gaps between sequence numbers in the frames in a trace file or buffer (that is, frames with a certain sequence number are missing). (CQ# 21598)
In some cases, clicking the Use Default button in the Multiple History dialog box for a custom Multiple History Sample would cause the application to stop functioning. (CQ# 21602)
The same FTP transaction would show different frame counts at the Expert Service and Application layers. (CQ# 21603)
Installing Sniffer Portable 4.7.5 on top of a Sniffer Portable 4.7 installation with Sniffer Voice 2.1 caused entries for Sniffer Voice topics to disappear from the Index tab in the Help Topics dialog box. (CQ# 21687)
When using Sniffer Wireless with the Proxim Harmony 802.11a adapter, stopping an active capture while the Log Expert Data option in the Database > Database Options dialog box was enabled caused the application to close unexpectedly. (CQ# 21813)
Robert A.H. Wullems
Sniffer University Instructor
SCM / CNX / MCP
Citee Education
the Netherlands
These Service Pack release notes describe the fixes provided with Sniffer Portable 4.7.5 Service Pack 2 (build number 4.70.537).
Service Pack 2 includes all the new features provided with the original Sniffer Portable 4.7.5 release, as well as those provided with Service Pack 1. New features from the original 4.7.5 release are listed and described in, "New Features in Sniffer Portable 4.7.5," below. New features from Service Pack 1 are listed and described in, "New Features from Service Pack 1," below.
=======================================================================
New Features from Service Pack 1
This Service Pack release includes all of the new features provided with Service Pack 1, as follows:
When viewing the settings for a display filter, you can now view filter names of more than 20 characters in length by placing the cursor over the filter name in the Capture Profiles dialog box or the Define Filters dialog box. (CQ# 20583)
When viewing a trace file, a new Time Search option allows you to do a textual search in the Relative, Delta, or Absolute time columns of the trace file. (CQ# 20581/20586)
When viewing a trace file from the Expert tab, you can now export data in HTML format from Host Table, Matrix Table, Protocol Distribution, and Statistics views. (CQ# 20573)
You can now set the default tab in the Host, Matrix, Protocol Distribution, and Global Statistics Monitor displays. The last selected tab will be the one displayed when the window is reopened. (CQ# 20575)
When viewing the Summary pane of a trace file, enhanced Print to File options now give you greater control of the columns to be printed as follows: (CQ# 20571/20587)
A WYSIWYG (What You See Is What You Get) view allows you to print columns exactly as you see them on screen.
You can drag and drop columns across the screen to print according to the on-screen order.
Using the Display > Display Setup > Summary Display tab, you can now specify exactly which columns you want to print in your Summary pane printout (columns included in the Summary pane display are also included in the printed output).
In contrast to previous releases, the Relative Time and Absolute Time fields can now be included in exported Summary pane output (if they are included in the Summary pane using the options in the Display > Display Setup > Summary Display tab).
The Summary pane details can now be printed regardless of length.
You can now select or deselect entire protocol families from the Advanced tab on the Define Filter dialog box. (CQ# 20576)
=======================================================================
What this Service Pack Fixes
This Service Pack resolves the following issues:
In certain cases, applying a Packet Type filter set up to capture or display only errored frames could cause Sniffer Portable to stop functioning. A Packet Type filter of this variety would have the Normal option in the Define Filter > Advanced tab > Packet Type list unchecked. (CQ# 16525)
When using Sniffer Portable with the Gigabit Ethernet adapter, the Channel Filters in the Define Filter > Gigabit Ethernet tab were not operating correctly. (CQ# 17129)
In certain cases, the data in the Expert's Hierarchical Tree pane would not update automatically after the objects in the Expert's Summary pane were resorted. (CQ# 19133)
Saving a trace file in the .ENC format caused dates in the saved data to slip by one day. (CQ# 19437)
Mouse-over functionality for the In Pkts and Out Pkts columns in the Host Table was not working. Allowing the cursor to hover over entries in these columns now displays a popup of the current value as it should. (CQ# 23510)
In certain cases, attempting to decode BGP traffic could result in blank displays in the the Decode tab's Summary and Detail panes. In addition, CPU usage could spin up to 100%. (CQ# 23561)
When using Sniffer Portable with the Gigabit Ethernet adapter, Hardware Address capture filters sometimes accepted traffic from MAC addresses other than those specified by the filter. (CQ# 23613)
LDAP Continuation Frames were mistakenly being decoded as continuations of missing frames. (CQ# 24103)
Under certain circumstances, the Detail pane in the Display window's Decode tab would appear blank for frames over 600 bytes in length. (CQ# 24420)
Fixes from Service Pack 1
In addition to the fixes listed above, this Service Pack also includes all the fixes provided with Service Pack 1:
Summary pane data printed to a file in CSV format contained a carriage return after the Relative Time field. This caused a single line of Summary pane data to appear on two lines when imported into a spreadsheet. (CQ# 14860)
If frames were missing from a multi-frame HTTP Reply, Sniffer Portable would mistakenly report "Continuation of missing frame" errors in the Detail pane for subsequent replies. When this occurs now, Sniffer Portable reports that the amount of data captured for a given HTTP reply is less than the amount of data expected based on the Content-Length field. Also, the "Continuation of missing frame" errors are no longer generated for subsequent replies. (CQ# 14981)
When displaying decoded data captured using the ATMbook, delta times for ATM cells were occasionally reported incorrectly, causing the mistaken impression that the individual cells making up a frame arrived out of order. (CQ# 16943)
Although Sniffer Portable decoded the first CIFS Write AndX frame in a trace file or buffer correctly, subsequent Write AndX frames were not decoded correctly. (CQ# 16987)
Large LDAP frames were not completely reassembled and decoded. (CQ# 17939)
Retransmitted TCP frames used to be flagged as such in the Summary pane of the Decode display. This feature was inadvertently removed and has since been restored. (CQ# 17982)
A retransmitted TCP frame now appears in the Summary pane with the following text:
"TCP: Retransmitted in frame xxx; yyy bytes of data."
The Expert alarm display for the Disassociation alarm included a misspelling. (CQ# 18155)
The Expert would not generate symptoms for retransmissions. (CQ# 18369)
Retransmitted frames were only decoded up to the IP layer. (CQ# 18445)
The Expert was not generating the Fast Retransmission alarm for fast retransmissions. (CQ# 18531)
Sniffer Portable would not decode SMB C Write Block Response Code 0x1F. (CQ# 18533)
The Sniffer Portable documentation did not state that Expert analysis is not available for the SDLC, X.25, or SMDS protocols. This is now stated in the Protocol Interpreters topic in the Sniffer help files (CQ# 19048)
SnifferBooks using the ISDN BRI module to monitor an ISDN BRI-U circuit may experience unacceptably long activation times when connected to certain makes/models of ISDN routers. The Sniffer Portable application reports clock loss prior to successful completion of line activation on the ISDN BRI U interface. This failure to activate the ISDN BRI U interface has been determined to be related to signal strength on the short side of the monitored circuit. An ISDN BRI U interface line attenuator has been developed to provide an additional line load on the short connection between the SnifferBook ISDN BRI module and either the NT1 or LT, depending on the placement of the SnifferBook within the circuit. This anomaly only affects ISDN BRI circuits using the U interface. Monitoring of ISDN BRI circuits using the S/T interface does not experience this problem. Additionally, the SnifferBook firmware has been modified to further improve activation times in conjunction with the use of the ISDN BRI-U line attenuator. These firmware changes alone are insufficient to reliably improve activation times. These firmware changes were first released in Sniffer Portable 4.70.04. (CQ# 19064)
In certain situations, Sniffer Portable was unable to decode CMIP traffic correctly. In particular, Sniffer Portable would interpret some frames as continuations of previous CMIP messages instead of as entirely new CMIP messages. (CQ# 19450)
In certain situations, Sniffer Portable was unable to reassemble SMB messages spanning multiple frames correctly. (CQ# 19577)
Sniffer Portable was unable to detect CMIP Abort messages when analyzing WAN traffic. (CQ# 19711)
Certain trace files would appear with blank entries in the Summary pane and could cause unstable performance. (CQ# 20112)
Using the Display > Find Frame command to search for frames in very large trace files could cause the system to become unstable. (CQ# 20212)
When scrolling through frames in the Summary pane, blank entries in the Summary and Detail panes could cause unstable performance. (CQ# 20893)
In certain cases, using the File > Print > Print to file option on a trace file including a frame which the Sniffer Portable was unable to decode could cause the application to stop functioning. (CQ# 20896)
Using the Any symptom/diagnosis string option in the Expert tab of the Display > Find Frame dialog box to search for an Expert alarm in the Decode display could cause the application to stop functioning. (CQ# 20910)
When creating a custom Multiple History Sample, the dialog box listing statistics available for inclusion in the History Sample would mistakenly include six 802.11b Unused entries. (CQ# 21159)
The driver provided for Xircom network adapters in Windows 98 SE was named incorrectly, preventing it from installing correctly. (CQ# 21162)
When in endstation mode with Autonegotiation enabled, a Xyratex card could fail to consistently link up to a Cisco 6509 series switch GBIC port. The Link LED on the Cisco 6509 could blink or fail to come on. (CQ# 21214)
When using the ATMbook with an OC-12 MMF PHY, the ATM 1 OK and ATM 2 OK LEDs were reporting their status incorrectly when cables were not connected to the PHY. (CQ# 21577)
NOTE: You must upgrade the ATMbook firmware for this fix to be applied. See the ATMbook documentation for instructions on how upgrade the ATMbook firmware.
NCP fragmented frames were incorrectly decoded as "continuation of missing frame." (CQ# 21595)
Unknown Command Code Reply for NCP appears on different segments of a Load Balance network. (CQ# 21596)
In some cases, the Decode display does not indicate when there are gaps between sequence numbers in the frames in a trace file or buffer (that is, frames with a certain sequence number are missing). (CQ# 21598)
In some cases, clicking the Use Default button in the Multiple History dialog box for a custom Multiple History Sample would cause the application to stop functioning. (CQ# 21602)
The same FTP transaction would show different frame counts at the Expert Service and Application layers. (CQ# 21603)
Installing Sniffer Portable 4.7.5 on top of a Sniffer Portable 4.7 installation with Sniffer Voice 2.1 caused entries for Sniffer Voice topics to disappear from the Index tab in the Help Topics dialog box. (CQ# 21687)
When using Sniffer Wireless with the Proxim Harmony 802.11a adapter, stopping an active capture while the Log Expert Data option in the Database > Database Options dialog box was enabled caused the application to close unexpectedly. (CQ# 21813)
Robert A.H. Wullems
Sniffer University Instructor
SCM / CNX / MCP
Citee Education
the Netherlands