Using the Traffic Analysis Agent for Windows

The Traffic Analysis Agent (version 1.30) for Windows runs on a Windows server or on a Windows workstation. The Traffic Analysis Agent for Windows monitors traffic on Ethernet, FDDI, or token ring segments.

The Traffic Analysis Agent for Windows is an RMON agent that implements functionality defined by the RMON MIB. It implements token ring extensions for RMON (RFC 1513) for token ring media, and a Novell proprietary MIB for FDDI media, in addition to implementing an RMON (RFC 1757) for Ethernet media.

The agent collects information about activity on your network and makes it available to Novell ConsoleOne via SNMP. The Traffic Analysis Agent for Windows also implements the first two groups of RMON2 (RFC 2021).

The following figure illustrates a functional view of the Traffic Analysis Agent for Windows:


Traffic Analysis Agent for Windows


Changes Made During Installation

When you install the Traffic Analysis Agent for Windows, the following files are copied to Windows:

Filename Location Description

lanzndis.sys

\WINNT\SYSTEM32\DRIVERS

Kernel mode driver interface

lanzctl.dll

\WINNT\SYSTEM32

Control module

lanzmem.dll

\WINNT\SYSTEM32

Memory manager module

lanzlib.dll

\WINNT\SYSTEM32

Library module

lanzdi.dll

\WINNT\SYSTEM32

User mode driver interface

lanzsm.dll

\WINNT\SYSTEM32

Monitor module

lanzhis.dll

\WINNT\SYSTEM32

History module

lanzael.dll

\WINNT\SYSTEM32

Alarm, event, and log module

lanzfcb.dll

\WINNT\SYSTEM32

Filter capture, buffer module

lanztr.dll

\WINNT\SYSTEM32

Token ring manager module

lanzfddi.dll

\WINNT\SYSTEM32

FDDI manager module

gtrend.dll

\WINNT\SYSTEM32

Trend module

lanzcon.exe

\LANZNT

Agent console application

lanzcon.chm

\LANZNT

Agent console help

gtrend.exe

\ZFS_AGNT\LANZCON

Tool for migration of trend data from the older agent.

mgmtapi.dll

\ZFS_AGNT\LANZCON

SNMP application file

msvcp50.dll

\ZFS_AGNT\LANZCON

MFC APIs required for LANZCON

lanzctl.dll

\ZFS_AGNT\LANZCON

Required for LANZCON

msflxgrd.ocx

%SystemRoot%\System32

Enables ActiveX* Controls in LANZCON

IMPORTANT:  The default directory location for the LANZCON application is zfs_agnt\lanzcon. You can change the location of LANZCON during installation.

The following sections provide information about optimizing and using the Traffic Analysis Agent for Windows:


Planning to Install the Traffic Analysis Agent for Windows

The Traffic Analysis Agent for Windows requires configuration of the Windows SNMP service before installing the agent.


Installing and Configuring the Windows SNMP Service

Before installing the Novell ZENworks Server Management agent, you must install and configure the Windows SNMP service. This is required to enable communication with the management server.

To install and configure SNMP on Windows:

  1. Install the SNMP service.

    1. In the Control Panel, select Network > Services > click Add.

    2. Select SNMP Service from the Select Network Service dialog box.

    3. Click OK.

    4. Enter the full path to the Windows distribution files.

    5. Click Continue.

  2. Configure SNMP to start automatically.

    1. In the Control Panel, double-click Services.

    2. Click SNMP > Startup.

    3. In the Startup Type options, select Automatic.

  3. Configure the SNMP Trap service to start automatically.

    1. In the Control Panel, double-click Services.

    2. Click SNMP Trap Service > Startup.

    3. In the Startup Type options, select Automatic.

  4. Specify the trap community name and trap destination address so that the agent sends traps to the management server.

    1. In the Control Panel, double-click Network.

    2. Click the Services tab then select SNMP Service.

    3. Click Properties.

    4. Click the Traps tab.

    5. Select a name from the Community Names box then click Add.

      The Add button is disabled if there are no Community Names available.

    6. If the public community name is not present, enter public.

    7. Click Add.

    8. Use the Trap Destinations box to add other DNS names and IP addresses in addition to the loopback IP address for the workstations or servers that should receive traps.

    9. Click OK.

  5. Set the SNMP security options trap community name so that SNMP packets from any host are accepted by the agent.

    1. In the Control Panel, double-click Network.

    2. Click the Services tab then select SNMP Service.

    3. Click Properties.

    4. Click the Security tab.

    5. In the Accepted Community Names box, click Add.

    6. In the Community Name box, enter public.

      The Accepted Community Names list displays the community names from which Windows will accept requests.

    7. Click Add.

    8. Select Accept SNMP Packets from Any Host then click OK.


Installing and Configuring the Windows 2000 SNMP Service

Before installing the Novell ZENworks Server Management agent, you must install and configure the Windows 2000 SNMP service. This is required to enable communication with the management server.

To install and configure SNMP on Windows 2000:

  1. Install the SNMP service.

    1. In the Control Panel, select Administrative Tools then Configure Your Server.

    2. In the Application Server option, select Terminal Services.

    3. Click Start.

    4. In the Windows Components Wizard, double-click Management and Monitoring Tools.

    5. Select Simple Network Management Protocol.

    6. Click OK.

    7. Click Next.

      SNMP is started automatically after installation.

  2. Configure the SNMP Trap service to start automatically.

    1. In the Control Panel, select Administrative Tools > Services.

    2. Click SNMP Trap Service > Startup.

    3. In the Startup Type options, select Automatic.

  3. Specify the trap community name and trap destination address so that the agent sends traps to the management server.

    1. In the Control Panel, select Administrative Tools > Services

    2. Double-click SNMP Service.

    3. Click Properties.

    4. Click the Traps tab.

    5. Select a name from the Community Names box then click Add.

      The Add button is disabled if there are no Community Names available.

    6. If the public community name is not present, enter public.

    7. Click Add.

    8. Use the Trap Destinations box to add other DNS names and IP addresses in addition to the loopback IP address for the workstations or servers that should receive traps.

    9. Click OK.

  4. Set the SNMP security options trap community name so that SNMP packets from any host are accepted by the agent.

    1. In the Control Panel, select Administrative Tools > Services.

    2. Double-click SNMP Service.

    3. Click Properties.

    4. Click the Security tab.

    5. In the Accepted Community Names box, click Add.

    6. Select a name from the Community Name box.

      The Accepted Community Names list displays the community names from which Windows 2000 will accept requests.

    7. Click Add.

    8. Select Accept SNMP Packets from Any Host > click OK.

IMPORTANT:  After installing the SNMP services, you should re-install the service packs again.


Optimizing the Traffic Analysis Agent for Windows

The Traffic Analysis Agent for Windows parameters are configured for optimal performance on Windows. You can optimize the performance of the agent to suit your networking environment.

This section explains how to optimize the agent and monitor the functionality Traffic Analysis Agent for Windows using the agent console (LANZCON) for Windows. For details, see Using LANZCON.

The following sections explain the Traffic Analysis Agent for Windows configuration options:


Configuring the Traffic Analysis Agent for Windows

The Traffic Analysis Agent for Windows provides default values for modules and parameters. You can change the default values to optimize the performance of the Traffic Analysis Agent for Windows.

You can configure the following modules of the Traffic Analysis Agent for Windows:

You can configure the following parameters of the Traffic Analysis Agent for Windows:


Configuring the Modules of the Traffic Analysis Agent for Windows

By default, all agent modules are enabled to load. You can choose to disable the modules.

To disable the modules of the Traffic Analysis Agent for Windows:

  1. From the LANZCON main menu, click Configure > Traffic Analysis Agent Modules > Disable.

  2. Deselect the module you want the agent to monitor.

  3. Click OK.


Configuring the Parameters of the Traffic Analysis Agent for Windows

The Traffic Analysis Agent for Windows modules are loaded with default parameters. You can modify the parameters to optimize the performance of the agent.

The following table describes the parameters of the Memory Manager module:

Parameter Default Value Range Description

Memory Bound

4 MB

1 MB - 10 MB

Sets the upper limit of available memory that can be allocated dynamically to the Traffic Analysis Agent for Windows.

Memory Age

168 hours

1 hour - 720 hours

Controls the duration for which the Traffic Analysis Agent for Windows stores data in memory.

When the duration setting is reached, existing data is purged from memory.

To modify the Memory Bound parameter:

  1. From the LANZCON main menu, click Configure > Traffic Analysis Agent Parameters.

  2. Click the Memory Manager tab.

  3. Move the Memory Bound slider to the point you want to set as the memory bound value.

To modify the Memory Age parameter:

  1. From the LANZCON main menu, click Configure > Traffic Analysis Agent Parameters.

  2. Click the Memory Manager tab.

  3. Move the Memory Age slider to the point you want to set as the memory age value.

IMPORTANT:  Restart the Traffic Analysis Agent for Windows to ensure that the agent utilizes the changed parameter values. For details, see "Management and Monitoring Services Installation" in the Novell ZENworks 6.5 Server Management Installation Guide.

The following table describes the parameters of the Station Monitor module:

Parameter Default Value Range Description

TopN Station

4 reports

2 - 10 reports

Controls the number of TopN reports the agent can generate.

Generate Duplicate IP Address Alarms

On

-

Controls the generation of duplicate IP address alarms.

To specify the number of TopN reports you want the agent to generate:

  1. From the LANZCON main menu, click Configure > Traffic Analysis Agent Parameters.

  2. Click the Station Monitor tab.

  3. Select the number of TopN reports.

To stop generation of duplicate IP address alarms:

  1. From the LANZCON main menu, click Configure > Traffic Analysis Agent Parameters.

  2. Click the Station Monitor tab.

  3. Deselect the Generate Duplicate IP Address Alarms check box.

The following table describes the Network Trend parameter:

Parameter Default Path Description

Trend Files Location

system root\GTREND

Specifies the directory path and location where trend files (*.GT) are created and updated.

IMPORTANT:  If you delete the *.GT file. all the previous trend information will be lost.

To specify a path to a location for storing trend data:

  1. From the LANZCON main menu, click Configure > Traffic Analysis Agent Parameters.

  2. Click the Network Trends tab.

  3. Enter or browse to select the directory path to the location where you want the Traffic Analysis Agent for Windows to store trend data.


Automatically Loading the Agent with the SNMP Service

The Traffic Analysis Agent depends on the Microsoft* SNMP service on Windows. When SNMP starts, it loads agent DLLs in its address space. After the agent is installed, it will be always loaded by the SNMP service, by default, whenever the service starts.

You can enable or disable loading of the agent DLLs with SNMP by checking the desired options in the Novell Traffic Analysis Agent Loading with SNMP dialog box. If you disable the agent, the SNMP service will start normally but the Traffic Analysis Agent will not work. The Traffic Analysis Agent will neither capture packets by placing the NIC cards into the promiscuous mode nor will respond to SNMP requests.


Using LANZCON

This section explains how you can use the LANZCON utility to configure and diagnose the Traffic Analysis Agent for Windows.

LANZCON for Windows is a graphical user interface provided by the Traffic Analysis Agent for Windows to configure the agent modules and parameters and to diagnose the agent. You can use LANZCON to obtain information about network segments monitored by the agent to help you troubleshoot problems.

To open the LANZCON utility, do one of the following:

To use LANZCON utility with different SNMP community strings, do the following:

  1. Go to the \lanzcon directory.

  2. Enter the following at the command prompt:

    LANZCON <community name>

    IMPORTANT:  If you launch LANZCON without using the command line argument, the default community string is PUBLIC.

You can perform the following tasks with LANZCON:


Viewing Network Adapters

On loading LANZCON, you will see the Network Adapters window. The Network Adapters window displays information about monitored adapters in two panes.

The following table describes the two panes in the Network Adapters window:

Pane Displays Description

Left pane

Adapter Tree view

Displays a list of network adapters discovered by the Traffic Analysis Agent for Windows.

The default view displays a collapsed tree. You can expand each network adapter in the tree to view the list of RMON tables for the selected adapter.

Right pane

Table view

Displays details about the object you select in the left pane.

If you select an adapter in the left pane, interface table (RFC 1213) details such as media type, MAC address, and description of the selected adapter are displayed in the right pane.

If you select an RMON table in the left pane, table data is displayed in the right pane.


Enabling or Disabling Network Adapter Monitoring

The Traffic Analysis Agent for Windows collects information about monitored adapters and displays it in the right pane of the Network Adapters window.

By default, adapter monitoring is enabled. LANZCON lets you disable adapter monitoring. If you disable adapter monitoring, the Traffic Analysis Agent for Windows will stop collecting data for the adapter and the RMON tables for the adapter will be deleted.

IMPORTANT:  You cannot disable monitoring FDDI adapters through LANZCON.

To enable adapter monitoring:

  1. Select an adapter in the left pane of the Network Adapters window.

  2. Click View > NetWork Adapters > Enable.

To disable adapter monitoring:

  1. Select an adapter in the left pane of the Network Adapters window.

  2. Click View > NetWork Adapters > Disable.


Viewing the Agent Log

The Traffic Analysis Agent for Windows logs significant events and error messages that occurred during a session.

To view the agent log:

  1. From the LANZCON main menu, click View > Agent Log.


Viewing the Agent Status

You can view the status of the agent from the Traffic Analysis Agent Status window. The agent status window indicates whether the agent modules are loaded or not loaded.

To view the agent status:

  1. From the LANZCON main menu, click View > Agent Status.


Viewing RMON Tables

RMON tables are listed under each network adapter. You can view the RMON tables by selecting a table in the left pane of the Network Adapters window. RMON table data is displayed in the right pane.

The Network Adapter tree displays the following RMON tables:

  • Statistics
  • History Control
  • History Data
  • Host Control
  • Host Entry
  • Host TopN Control
  • Host TopN Entry
  • Matrix Control
  • Matrix SD Entry
  • Filter, Channel, and Buffer

The Alarm Information tree displays the following RMON tables:

  • Alarm
  • Event
  • Log


Viewing SNMP Traps

The Traffic Analysis Agent for Windows monitors network segments and sends traps to the management server. Novell ConsoleOne displays the alarm when it receives the trap from the management server.

Trap information is displayed in the SNMP Traps window. For each trap, the table shows trap data that can be obtained.

Statistic Explanation

Receive Time

Displays the time when the trap occurred

Trap Summary

Displays a description of the trap

IMPORTANT:  LANZCON will receive trap notifications if you have ensured that Windows SNMP has been configured to send traps to a loopback trap destination address. For details, see Planning to Install the Traffic Analysis Agent for Windows.

To view SNMP traps from LANZCON main menu, click View > SNMP Traps.