From owner-freebsd-questions Thu Mar 28 9:10: 3 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.simrad.no (mail.simrad.no [193.69.73.2]) by hub.freebsd.org (Postfix) with ESMTP id BF3B137B404 for ; Thu, 28 Mar 2002 09:09:31 -0800 (PST) To: freebsd-questions@freebsd.org Subject: OT - network sniffing - is this what I need? MIME-Version: 1.0 X-Mailer: Lotus Notes Build M11_11052001 Beta 4 November 05, 2001 Message-ID: From: chip.wiegand@simrad.com Date: Thu, 28 Mar 2002 08:50:56 -0800 X-MIMETrack: Serialize by Router on S_INET01/S_EXT(Release 5.0.6a |January 17, 2001) at 28.03.2002 18:09:32, Serialize complete at 28.03.2002 18:09:32 Content-Type: text/plain; charset="US-ASCII" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This isn't necessarily FreeBSD related, only partly. It's network trouble-shooting related. I hope you don't mind my posting here, it you're not interested, then please disregard this message and move on to other messages. I have a situation at work where we think we may need to do some network sniffing, packet tracing, something to figure out if one particular workstation's problems are caused by the network connection, hub, switch, nic, whatever. Here's the situation - Workstation1 is in the warehouse shipping dept. It scans product barcodes into the ERP program - MAS200. The scanned-in numbers are automatically inserted into the invoice and a packing list is printed. The invoice then is handled by accounting. The problem - Occasionally in the process above a line that was scanned will be dropped. That is, it will not appear on the invoice, but will appear on the packing list. The product is shipped, the packing list shows all is well. The next day the invoice is processed, but missing one item, but it may not be noticed because the accounting people don't know what was supposed to be on the original order, they just see what was generated from the scanning station. This means product goes out and we have no record of it, and get no money for it. Not good. We have a consultant for MAS200 here who wrote a report for the shipping guys to run that supposedly shows what lines, if any, were dropped. Then we can fix the problem so the dropped lines are inserted into the invoice and all is well with invoicing all the product going out. So, that brings us to the job of determining why/where/how the lines are being dropped. We have been led to believe we need to do some sniffing on the network connection at the work- station (a winnt box) to see if the dropped lines ever get sent to the MAS200 server (a winnt box). Would using a sniffer be the best method of tracking down such a problem? If so, any suggested sniffers? If not, any suggestion for a better trouble-shooting method. I have looked at ettercap, but that looks like overkill, if it will even run. I have a 2 FreeBSD workstations on the network I can do the sniffing from. Regards -- Chip Wiegand Computer Services Simrad, Inc www.simrad.com chip.wiegand@simrad.com "There is no reason anyone would want a computer in their home." --Ken Olson, president, chairman and founder of Digital Equipment Corporation, 1977 (They why do I have 9? Somebody help me!) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message