How does the AddressWizard resolve names ?
The AddressWizard has two options for resolving DNS names.
One option is to use standard WinSock calls. This leads to a reverse DNS call, if there is no entry in the windows "hosts" file. Then the DNS server configured in Windows is used. You can locally speed up the resolve-names process, if you have a hosts file which is as complete as possible (and of course as up to date as possible). If you altered the hosts-file, you have to restart for the changes to take effect.
The other (default) option is to configure the program to send the reverse DNS request packets directly to the DNS server(s) configured in the AddressWizard network configuration. This works very fast compared to the usage of WinSock calls. However you can`t use this option if the AddressWizard and your DNS server are running on the same machine.
Which addresses can the AddressWizard detect during passive scan mode?
This depends on the device with which the AddressWizard-PC is connected to the network. If the network is completely switched, all addresses which communicate with the PC via TCP/IP or respectively have sent packets to this PC are shown. If the network to which the Address Wizard PC is connected uses ("shared media"), all addresses which communicate with another station on the net are shown and added to the address table.
Why is long-term monitoring important?
Permanently running monitoring software should provide an information basis of long-term statistical data. A hierarchic fragmentation of the data by years, months, and days is useful. Many errors can be avoided, if the net is permanently monitored and the network parameters are controlled. You can often intervene before an error becomes visible for the users. Even if you do not watch the recordings on a regularly basis, you can track back if necessary.
What is possible with the accounting module of NetControl ?
If an ISP arranges a payment system with his customers, of if a company wants to divide the costs between separate departments, you will always use the same mechanisms:
Portbased billing:
The easiest way is to assign one port to each "customer" and bill all traffic (bytes) which occur on that port with a per byte-price.
In this case you don't have to differentiate by service (IP-Port), or the actual partner (IP- or MAC-address). If the customer is connected to a manageable switch or. router, the counters for In und Out (BytesIn and BytesOut) can be used as also recorded.
Traffic related billing:
If there is no explicit port for each customer, so you have to analyze the traffic. This is also necessary, if the costs for different services or different communication partners are different. If there is one common cable for the uplink, you can measure the traffic here, e.g. with the program " NetControl for Windows Or you use Router and Switches with NetFlow* capability. The NetFlow packets can also be analysed by NetControl.
What is a hub ?
A hub is a device which connects the cables from the different computers of a network to each other. It builds a common collision domain and segment among them. All frames (even frames with errors) are simultaneously transmitted to all connected computers.
What is a switch?
Network-switches are more intelligent as hubs. They store the frames first and send them only to the port, the destination-computer is connected to. Switches filter erroneous frames. Normally the throughput of a switch is higher than of a hub, but the latency is also higher.
Routers are necessary if IP packets are send to different IP-networks. They change the MAC-Address of the frames. Stations can only send to data to other IP-networks, if they have a route to do so. Mostly all data send to IP networks other than your own is send to the configured default router
Netload is the per cent usage of the available network-bandwidth independent of. the available connection speed.
NetFlow* is a trademark of Cisco Inc.. NetFlow records contain information about the data which passes a router (or switch). The records are send via UDP. NetFlow identifies the traffic-flow between hosts. Traffic-flows are targeted to a specific destination, which is defined through IP address and port number of the transport layer.
What is Net-Recording ?
Net-Recording is the permanent recording of relevant measurement-data taken from a network simply by listening. If you want to add components to your network, you really should know the nature of your network. As errors often don't show up immediately, but become more and more expectable by the change of network parameters, a permanent network supervision becomes a necessity. By a certain size of the network, to immune to total network crash, net-recording is a sort of life assurance. Such precaution results in higher uptimes and lower support costs.
What is a protocol analyser ?
A protocol analyser is a program, that reads the frames of the network it is connected to, and resolves the content into source, destination and type of content. Such an analyser requires good knowledge of the structure of the used protocol. You'll find free protocol analysers here:
When does a protocol analyser make sense
A protocol analyser normally is used, if you want to know what is wrong with certain frames on your network. Permanent use makes no sense because of the amount of data to be stored. It is a suitable additional tool if an error is assumed on the protocol layer.
The WakeOnLAN (WOL) technology is used to remotely wake up a sleeping or powered off PC remotely over the network. This is accomplished by sending a specific packet of information, called a Magic Packet frame, to a node to be awakened. When a PC capable of receiving the specific frame goes to sleep, it will enable the Magic Packet mode in the LAN controller, and when the LAN controller receives a Magic Packet frame, it will alert the system to wake up again.
What is the difference between "active" and "passive" supervision
Basically you can divide network supervision programs to be passive (only "listening") or active ("requesting"). Passive programs don't stress the net. But in fully switched environments, it is difficult to find measurement points where you can listen to the whole traffic of the network.
NetControl is a completely passive supervision program. The AddressWizard can work actively and passively
MAC-addresses (or Hardware-addresses) are world wide unique. They contain 6 Byte (48 Bit). Every station on the LAN (Ethernet) puts its own 6 Byte in every frame when it sends data over the network. The first three bytes identify the manufacturer of the Ethernet board (vendor code), the rest is a number that identifies the station. MAC-addresses usually are noted hexadecimal (i.e. 00 00 FB 48 56 56).
NetControl uses a list of vendor codes to show vendor names instead of the first three address bytes. (RFC-1340) .
(Transmission control protocol and internet protocol).
TCP/IP is a collection of network protocols for the realisation of computer to computer communication. It is important to understand, that TCP/IP is no product or program. It is a collection of rules for the structure of data packets and their transmission. These agreements are stipulated in the Requests for Comments (RFC). TCP/IP provides the independence of the application from the next lower network layer.
TCP is a protocol that controls the transmission of data packets. It is a connection oriented stream (of bytes) protocol. The next lower network layer transmits the frames to the correct recipient.
Each device in a TCP/IP network is identified by network wide unique, 32 bit long IP-address. IP-addresses usually are given as 4 decimal numbers separated by dots (i.e. 194.127.156.150). Each address consists of two parts. The first part is the network-address, and the last part is the host-address.
With the Netmask an IP-Address is separated into a network part and a host part. There are 4 standard-net masks: 255.0.0.0, 255.255.0.0 and 255.255.255.0 The 255-sites define the netpart:
e.g..:
IP-address. | 20.5.5.4 |
Subnetmask: | 255.0.0.0 |
=> Network: | 20.0.0.0 |
=> Host: | |
ARP resolves the MAC-addresses to the IP-addresses. If the recipient of a packet is only known by IP-address but not MAC, the ARP-protocol asks with a broadcast, which station has the specific IP-address.
Broadcast-packets are sent to all stations in the network.
The MAC-destination address is FF-FF-FF-FF-FF FF (hex.).
The definition of IP-broadcasts is not as easy. NetControl gives you the following possibilities, which IP-addresses should be counted as broadcasts.
- all addresses, ending with .255 ,
- all addresses, ending with .255.255 ,
- all addresses, ending with .255.255.255 or
- only the address 255.255.255.255.
Additionally you have to choose, if ARP packets should be counted as IP-broadcasts.
A high broadcast-load is dangerous because all stations have to process these packets. For this reason it is important, to have an eye on broadcasting stations. This can be very easily realised with the NetControl hit lists of most active broadcast senders.
What is SNMP ?
SNMP is the abbreviation for Simple Network Management Protocol. It is a interface for requesting information from devices which support this interface (e.g. switches, router).
links:
Adressranges
ARP
Broadcasts
ICMP (PING)
Netmask (Subnetmask)
Router
SNMP
TCP/IP-Protocol
VLANs
* NetFlow is a registered Trademark of Cisco Inc.
