Perle Knowledgebase

How to perform a LAN trace using Windows NT or 2000

Issue:
How to perform a LAN trace using Windows NT or 2000.

Solution:

The Windows Network Monitor that is included in Windows NT and 2000 can capture LAN data sent and recieved by itself only. The full version is included in the Windows Small Business Server edition.

The following setup will capture LAN packets being sent/recieved between the Windows Host and the Perle device.

1. Add the Network Monitor

Windows NT
add through Control Panel - Networks - Services - Add Network Monitor Tools and Agent

Windows 2000
add through Control Panel - Add/Remove Programs - Add/Remove Windows Components - Management + Monitoring Tools - Network Monitor Tools

2. Configure the Network Monitor Filter

You will need to know the MAC address of the Perle. You can obtain this in multiple ways:
- Read the Ethernet address as printed on the unit
- Obtain the Ethernet address from the management utility
- Ping the Perle and view the ARP table using "arp -s"

Programs - Administrative Tools - Network Monitor

Capture Option - Filter

Windows NT
Double click (edit) the default entry under AND (Address Pairs) of:
Include NT Server (Ethernet) <--> *ANY
Select the Edit Address button
Select the Add button
Create an entry for the Perle
Type = Ethernet
Address = MAC address of Perle
Name = Friendly name for list
Select Permanent Address
Save the address list to a file if you want
OK
Select the Perle on the Station 2 list of devices
OK
Your Filter should now show:
Include NT Server (Ethernet) <--> Perle name (Ethernet)
OK

Windows 2000
Highlight ADD (Address Pairs)
Select Add Address button
Select Edit Addresses button
Select Add button
Create an entry for the Perle
Name = Friendly name for list
Select Permanent Name
Address = MAC address of Perle
Type = Ethernet
Save List if you wish
Close
Under Station 1 select LOCAL
Under Direction select <-->
Under Station 2 select the Perle
OK
Your Filter should now show:
Include Local (Ethernet) <--> Perle name (Ethernet)
OK

3. Start the Capture

Select Capture - Start
If you are using TCP/IP, open a command prompt and ping the Perle to verify the capture. You should see an entry appear in the Capture window.
Select Capture - Stop when completed
Select File - Save As to store the capture

Note: freeware Network Analysers are available such as Wireshark which offer more functionality.
When using Wireshark you can add a capture filter to narrow down the trace.
example by IP address: host xxx.xxx.xxx.xxx
example by MAC address: ether host xx:xx:xx:xx:xx:xx:xx:xx

Article ID:	278
Published:	2/24/2003 9:39:16 AM
Last Modified:	1/29/2018 9:49:50 AM
Keywords:	network, sniffer
Issue Type:	Trouble Shooting