User manual

ManualsBrandsMikMek ManualsComputer equipmentSubMicro

You can obtain a free packet sniffer called 'Ethereal' from the following link-

http://www.wireshark.org/ or

http://sourceforge.net/project/showfiles.php?group_id=255. Note: In June 2006 Ethereal was renamed

Wireshark due to trademark issues. All references below are valid for either Wireshark or Ethereal.

Important Note: On a switched network, in order to see all the network traffic, both the Boca and computer

should be connected to a non-switched hub. Some switches have the ability to replicate all traffic on all ports to

a single port so that you can plug your analyzer into that single port to sniff all traffic. See the section below titled

'Capturing Packets' for more details.

1. Install Ethereal on the same computer that the Boca was initially installed on.

2. Under 'capture' > 'options' select a buffer size necessary to capture all the packets that might be sent

during the test. This will vary depending on the network traffic, the amount of tickets sent and what the

problem is. If the problem is one where the printer stops printing after a large amount of tickets are sent

then we recommend you set as large a buffer as possible.

3. Under 'capture' > 'options' select an interface (there are sometimes several to chose from). Then start

capturing.

4. Stop after a few seconds and make sure you see packets being captured or else you must select a

different interface.

5. Restart capturing packets.

6. Send print jobs to the printer.

7. After a problem develops, stop the capture immediately. Note: If the problem is one where the printer

stops printing you should wait up to 5 minutes before stopping the capture. This allows us to see if your

system has stopped sending us data for some reason.

8. Save the project under the 'file' tab.

9. Email file to us along with a description of the events that happened during the capture session. Include

the appropriate IP addresses so we can identify the printer and server packets.

Capturing Packets: (source - http://ethereal.netmirror.org/faq.html)

Q 7.1: When I use Ethereal to capture packets, why do I see only packets to and from my machine, or

not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor?

A: This might be because the interface on which you're capturing is plugged into an Ethernet or Token Ring

switch; on a switched network, unicast traffic between two ports will not necessarily appear on other ports - only

broadcast and multicast traffic will be sent to all ports. Note that even if your machine is plugged into a hub, the

"hub" may be a switched hub, in which case you're still on a switched network.

Note also that on the Linksys Web site, they say that their auto-sensing hubs "broadcast the 10Mb packets to

the port that operate at 10Mb only and broadcast the 100Mb packets to the ports that operate at 100Mb only",

which would indicate that if you sniff on a 10Mb port, you will not see traffic coming sent to a 100Mb port, and

vice versa. This problem has also been reported for Netgear dual-speed hubs, and may exist for other "auto-

sensing" or "dual-speed" hubs.

Some switches have the ability to replicate all traffic on all ports to a single port so that you can plug your

analyzer into that single port to sniff all traffic. You would have to check the documentation for the switch to see

if this is possible and, if so, to see how to do this. See the switch reference page on the Ethereal Wiki for

information on some switches. (Note that it's a Wiki, so you can update or fix that information, or add additional

information on those switches or information on new switches, yourself.)

Note also that many firewall/NAT boxes have a switch built into them; this includes many of the "cable/DSL

router" boxes. If you have a box of that sort, that has a switch with some number of Ethernet ports into which

you plug machines on your network, and another Ethernet port used to connect to a cable or DSL modem, you

can, at least, sniff traffic between the machines on your network and the Internet by plugging the Ethernet port

on the router going to the modem, the Ethernet port on the modem, and the machine on which you're running

Ethereal into a hub (make sure it's not a switching hub, and that, if it's a dual-speed hub, all three of those ports

are running at the same speed.

If your machine is not plugged into a switched network or a dual-speed hub, or it is plugged into a switched

network but the port is set up to have all traffic replicated to it, the problem might be that the network interface

on which you're capturing doesn't support "promiscuous" mode, or because your OS can't put the interface into

promiscuous mode. Normally, network interfaces supply to the host only:

• packets sent to one of that host's link-layer addresses;

• broadcast packets;

• multicast packets sent to a multicast address that the host has configured the interface to accept.