- SNMP License (File name = LICENSE.KEY)
This is the license file for the SNMP module, all the Codima Toolboxes require this license.
How do I find the MAC Address of the Platform I wish to install on? - required to machine lock license.
The license files used by the Codima Toolboxes are linked to the MAC Address of the Platform you install the software on. To obtain the MAC Address of a Platform you should type ipconfig/all from a DOS window.
The MAC Address is a 12 digit hex number, e.g., 00-07-E9-5A-77-DB
To get to a DOS window, click Start, then Run, then type cmd in the text box.
If Host Platform has multiple MAC Addresses, you need only to supply one for the license link.
DOS Window example:-
Alternatively if you are using a demonstration system, you can make use of the automated facility to request a license upgrade, this facility automatically finds your MAC address.
Display showing interface used to request license upgrades:-
Deployment
Can I undertake dual port analysis (monitor more than one port simultaneously with the same system)?
Click below to obtain your copy of the Codima Toolbox Deployment Guide.
How do I monitor a full duplex connection?
Click below to obtain your copy of the Codima Toolbox Deployment Guide. This includes information on monitoring full duplex connections.
-
Portable tool
How do I clean the
Toolbox to
move onto a new Network?
Applies when using the Toolbox as a
portable tool.
There are a number of files that need to be deleted when you are using the
Toolbox as a portable tool or connecting a demonstration system to multiple
networks
| File Type | Location | Additional Information |
| History Database Files (*.hd2)
|
..\Express\History |
New empty files are created when you next launch the Toolbox, you
will need to select the file size. |
| Segment Map (Default.nwm)
|
..\Express\Map |
New empty file created on loading |
| SNMP list of targets for polling (Target.db)
|
..\Express\SNMP |
New empty file created on loading |
| Alarm Logs (*.xal)
|
..\Express\Alarms |
New empty files are created when you next launch the Toolbox. |
Scalability
- Node History Manager
Can I add Probes to extend the domain monitored by the Passive Analysis and Protocol Analysis tools?
Yes, you can add Probes to extend the domain monitored.
Deployment example - shows domain extended by adding additional Probes.
For detailed information, see FAQs - Remote Manager
How far back can I store network/device statistics and how much disk space would I need ?
This is a complex question as
there are many variables involved - some of which are network specific.
Key points
1. Each Toolbox* needs to allocates disk space for multiple History database
files for storing different sets of statistics - There are 30 database files in
total - size range can be from 8MB to 1048MB for each file. So for maximum
storage you can set for an individual database file to 1048Mb. The file will
wrap when full, so you always have the last 1048Mb worth of statistics.
*When monitoring large networks, you may need to use multiple Toolboxes to extend the domain monitored by the Protocol Analysis and Passive Analysis tools. For detailed information, see FAQs - Remote Manager
2. Codima uses a proprietary high speed statistics storage system which allows
it to collect bulk high resolution statistics e.g., minimum of 40 statistics for
500 devices in typically a few milliseconds on standard Host Platform.
3. For lower resolution statistics (network/device statistics based on 15 minute
intervals) - we can not give an exact figure, but typically a single Toolbox can
undertake months of tracking, before the file wraps. It is all dependant on the
range and volume of statistics being tracked.
See Help entries titled:-
-
Node History Manager
-
Protocol History Manager
4. For high resolution statistics (15 second intervals) - we can not give an
exact figure, but typically a single Toolbox can undertake several days/possibly
weeks of tracking, before the file wraps. It is all dependant on the range and
volume of statistics being tracked.
See Help entries titled:-
-
Node History Manager
-
Protocol History Manager
5. You also have daily, weekly, monthly report facilities that will take
information from history databases and create Word Reports. The report creation
takes place at end of day, week, and/or month - allowing you to continually have
trend report covering network/device statistics.
It is not possible to provide a figure for the amount of space needed to store
these word reports - that is subject to report size and report range activated.
So for long term usage would recommend checking free disk space on a regular
basis and removing older reports to make room for new ones. After running
reports on the network for a couple of months, the user would get an idea of how
much disk space a months worth of reports takes up.
For more information, see FAQ :-
Software Delivery and Software Updates
Demonstration software
You can download trial Toolbox software from the Codima Web site download page - all Toolboxes provide access to this tree branch
Evaluation software or Purchased software
URLs to download software are provided in the installation instructions attached to the license delivery email.
How do I get the latest software version?
You should set up your Host Platform so that it is able to access to the Web. Then you can use the Automatic Installation Update facility. This will automatically tell you if there is an update to the system available. You will also need to be authorized to receive updates.
You can also use the Help Menu, where the option Check for Updates will open a Web page listing the available updates, which you can select to download.
For more information see Help entry titled:-
-
How to upgrade Software
Getting Started
Is there any guidance available to help me get started?
Yes, the following reference documents are available :-
-
autoAnalyzer tree branch - Getting Started Guide - PDF File
-
autoAnalyzer tree branch - Operations Guide - Power Point Presentation, a URL to access this guide is provided directly to end users and resellers.
Applications, Scope and Operations
What are the Benefits of using the Protocol Analysis tool?
-
Real time analysis.
-
When bottlenecks are found you have a tool that can be deployed to see exactly what is happening on the wire – provides a Real time decode with field specific help.
-
-
Expert Analysis
-
You have a Protocol Expert System that provides an Expert analysis of capture frames and pre-saved frame files. It can be used to focus on important activities and look for patterns.
-
-
Extensive post and pre capture filtering capabilities.
-
You can easily set frame filters to capture and view protocol dialogs.
-
You can apply negative filters, to exclude frames that are not needed for troubleshooting.
-
You also have specialist functions for text based protocols like SIP, FTP and HTTP, that include floating text searches.
-
Enabling a string of text to be matched without the need to know where the text is located in the frame.
-
-
You can create reference frame files to improve your understanding of protocol operations, making troubleshooting easier.
-
For example you can create Reference files that contain the protocol dialogs associated with login, close down, loading an application, running a print job. The Reference frame files can be compared with frame files obtained when problems are encountered. You can compare them for anomalies. Then use them as evidence when escalating problems.
-
If there are changes in your network software version you can also review the reference files to learn how the upgrade effects an operation.
-
For more information review the Features and Benefits Video Tutorial for the Tools in all Codima Toolbox:-
Click here to access the sign in page for the Tutorials:-
or click here to obtain a copy of the Codima Toolbox Features and Benefits list.
What are the Benefits of using the Passive Analysis tool?
-
Real time analysis.
-
When bottlenecks are found you have a tool that can be deployed to show traffic patterns.
-
Traffic pattern analysis can highlight vulnerabilities on your network.
-
Traffic patterns analysis can show patterns such as on line gaming activities and identify participants.
-
-
Independent analysis.
-
The tool is analysing the traffic monitored on the wire, it is not dependant on getting information from devices, which can be effected by network problems or by performance problems.
-
-
Evidence at your finger tips - Reports covering the history of traffic patterns gathered using passive analysis can be automatically produced or produced on demand for selected time periods. They will enable you answer questions such as:-
-
Who is using the most bandwidth?
-
Who is using the largest/smallest frames?
-
Which Protocols are using the most bandwidth?
-
Who is sending ICMP?
-
Who is using SNMP?
-
Who is browsing the Web the most?
-
Which Protocols are using the largest/smallest frame sizes?
-
Which Applications are using the most bandwidth?
-
What priority ranges are being used on the network?
-
Which Protocols have the highest priority routing?
-
Which Nodes have the highest priority routing?
-
What size of frames are being prioritised?
-
-
You can be proactive : Major changes in the traffic and error patterns monitored by the Passive Analysis tool can be reported via the Global Alarm System.
-
The Global Alarm System uses multiple alarm reporting methods (SNMP traps, emails, SMS text messages) and has an embedded email client that is independent of the Networks own email facilities.
-
For more information review the Features and Benefits Video Tutorial for the Tools in all Codima Toolbox:-
Click here to access the sign in page for the Tutorials:-
or click here to obtain a copy of the Codima Toolbox Features and Benefits list.
What functions/tools are accessible via the autoAnalyzer tree branch - what are they used for?
The main tools accessible via the autoAnalyzer tree branch are the :-
-
Passive Analysis tool - provides statistical analysis, includes Live Views covering real time traffic patterns.
-
Protocol Analysis tool - provides real time packet analysis and an expert system to analysis captured frames.
Analysis can be undertaken with a single Toolbox or you can use a Probe in conjunction with a Remote Manager to extend the domain.
The autoAnalyzer tree branch also provides access to a map display created by monitoring frames on the segment. This should not be confused with the mapping functions accessible via the autoMap tree branch, which is an active enterprise level discovery tool.
Segment Map example :-
This display is a central point to access devices specific information and Live Views covering real time traffic patterns, using right click menu.
SNMP Browsing
The autoAnalyzer tree branch also provides access to facilities that use SNMP to browse devices.
- Automatic restart
Can I automatically reload the Toolbox when Platform is powered on?
Yes, the process is exactly the same as it would be for any other applications, i.e., you include a short cut to the application in your Start up folder.
This facility is especially relevant to Probes.
- Frame Capture
Can I decode frames captured using Wire Shark™ (formally known as Ethereal™)?
Yes, you can open .pcap files in the Toolbox, they will be converted to .frm files on loading.
Can I view frames captured by
the Toolbox on Sniffer™
Yes, once you have saved a Frame file in the Toolbox frame
format (.frm),
you can select to save it in Sniffer™ format,
The Save as facility converts .frm format to .enc format
(older DOS format ethernet type), not the newer .cap format.
This format can be read by Sniffer Pro™ v4.5 and Wire Shark™ (formally know as Ethereal™).
You can filter frames pre and post capture, the help facility associated with the Toolbox provides detailed information on the filter process. You can also set Negative (exclusion) filters and floating text filters. Floating Text filters allow you to filter on strings of texts within text based protocols, like FTP, HTTP, SIP.
- Internet Tools
Can I trace routes and highlight route changes?
Yes, you can use the Trace Route facility, which has a feature to save trace route results to logs and when a later trace route is run, it will show the changes to the route.
Trace route display example:-
What type of Live Views are available show statistical trends?
The following live views are provided:-
-
Frames - Live view covering Frame count statistics
-
Bit Rate - Live view covering Bit Rate statistics
-
Protocols - Live view covering Protocols statistics
-
Priorities - Live view covering Frame Priority statistics
-
Frame Size - Live view covering Frame size statistics
-
ICMP - Live view covering ICMP statistics
The views apply to Segment Level statistics and Node level statistics:-
Can I find out if on line games are being played on the network?
Yes, the Live Views facility can be used to track Games. There is a protocol group called Games. The user can add ports to the Games Protocol Group using the Protocol History Manager if they identify any ports associated with specific on line games. The Segment Map shows each of the devices that are being passively monitored by the Toolbox. Each device has a protocol palette next to it, if the Passive Analysis tool sees the device transmitting or receiving traffic from the ports in the Games Protocol Group, the palette would show the color allocated to Games. You can then right click on the device to access its Live View - see example below:-
What is the Protocol History Manager?
It is a facility to help track protocol patterns, the Toolbox is able to track a wide range of protocols. Some to the more important protocols are grouped together to enable you to view patterns. The patterns are used by the Reports Manager and the Segment Maps Protocol Groups
The Protocol History Manager is used to:-
- Define the frame match values for each protocol tracked.
- Define the frame match values to use to gather statistics for a protocol group.
- Define the Diff Serv values (priorities) to track.
You can use the edit facilities associated with the Protocol History Manager to change what is tracked, for example you can:-
- add new protocols
- add new match values (e.g., ports) to existing protocols
- delete existing protocols.
- Mapping Network
There are two methods which can be used to provide maps:-
-
Real time segment maps provided when you use the functions accessible via the autoAnalyzer tree branch :-
Created by monitoring the frames on the Segment and using the name discovery facility.
See FAQ entry titled :- Segment Map
Segment Map example (local segment):-
A Remote Manager can be used to view Segment Maps for each Probe from a central point.
Remote Manager view covering Segment Map for a local segment and two Probes (each probe is allocated a unique color):-
Devices in the Segment Map displays can be sorted and moved.
-
Enterprise level topology maps (in Microsoft® Office Visio® format) provided when you use the functions accessible via the autoMap tree branch
Created using the Codima Discovery Engine to gather topology information and Microsoft® Office Visio® to present results.
See FAQ page covering autoMap tree branch
Visio View drawing examples - shows some of the Topology views available:-
This type of map can be saved as a Microsoft® Office Visio® file (.vsd) or a Web page (.htm).
- Alarm facilities
What are the Benefits of using the Global Alarm System?
-
You can be proactive : Automatic notification of threshold breaches.
-
You have multiple alarm reporting methods.
-
Ensuring that you can integrate the tool with your operating practices, for example if you have an SNMP Management system, the alarms can be reported to it as SNMP Traps or if your engineers prefer email notifications or SMS text messages, then alarms can be reported that way.
-
-
You have controlled Alarm Reporting
-
Flood control ensures you are not overloaded with alarm reports - can avoid generating an alarm report for very short lived events and stop the same alarm condition being logged too many times.
-
Email and SMS Alarm report frequency is controlled - multiple alarms reports are included in single Emails/SMS Messages.
-
-
You have predefined alarm thresholds on key events - ensuring system works out of the box.
-
You have an embedded email client – independent of the Networks own email facilities, so will be able to report on any failures associated with the platform hosting the Networks email client.
For more information on Features and Benefits click here to obtain a copy of the Codima Toolbox Features and Benefits list.
Can I have alarm reports automatically emailed to me?
Yes. This tool
uses a Global Alarm System to log and report Threshold alarms. The Global Alarm
System can be set up to apply one or more of the following actions
• Log the alarm report
• Send out an SNMP Trap when a threshold value is breached (goes above threshold
setting) or when a value drops (goes below threshold setting).
• Send a notification email or SMS text message when a threshold value is breached (goes above
threshold setting) or when a value drops (goes below threshold setting).
For detailed information on this facility, see Help entries titled
-
How to email alarm reports
-
How to set SNMP Traps
-
How to set alarm thresholds
-
How to configure Email Client
- Reports
What are the benefits of using the Reports Manager? - when using the Passive Analysis tool
The key benefit is it that this tool provides you with evidence at your finger tips. Producing a wide range of Reports that can be used to show both network trends and isolate problems. The Passive Analysis tool includes :-
-
Reports covering the history of traffic patterns gathered using passive analysis. They will enable you answer questions such as:-
Who is using the most bandwidth?
Who is using the largest/smallest frames?
Which Protocols are using the most bandwidth?
Who is sending ICMP?
Who is using SNMP?
Who is browsing the Web the most?
Which Protocols are using the largest/smallest frame sizes?
Which Applications are using the most bandwidth?
What priority ranges are being used on the network?
Which Protocols have the highest priority routing?
Which Nodes have the highest priority routing?
What size of frames are being prioritized?
For more on the Reports Manager tool - see FAQs - Reports Manager
For more information on Features and Benefits click here to obtain a copy of the Codima Toolbox Features and Benefits list.
What kind of Statistics Reports are available?
There are a number of different types of Statistic Reports, they include :-
-
HTML Reports created using information in History Charts.
-
Pre defined Statistics Reports - accessible via the Reports Manager tree branch, these reports can be produced as HTML Reports or scheduled as daily, weekly, monthly Word reports.
For additional information, see FAQ - Reports Manager
- Remote Operations
What is the Remote Manager - what is it used for?
The Remote facilities provide remote viewing and control. A Remote Manager is used to view and in some cases control the Remote systems, These remote systems can be:-
| Type of Remote system | What is it used for:- |
|
|
Enables you to use the functions accessible via remote systems autoAnalyzer and autoVoIP tree branches. Extends the domain being monitored by the Passive Analysis tool |
|
Enables you to use the functions accessible via the remote systems autoMonitor or autoPinger tree branches. |
|
Enables you to remotely control the stress testing process used by the
VoIP Pre Deployment Assessment
tool For more information, see FAQ - autoVoIP Blaster Tree branch and the VoIP Pre Deployment Assessment tool section in the Codima Toolbox Deployment Guide |
It provides the console view to show the information supplied by the Probes.
For more information - see :-
What are Probes - what are they used for?
They are Remote Systems that provide the Remote Manager with access to the following tree branches on the remote system.
- VoIP Monitoring tool- provides monitoring functions for VoIP (SIP and Skinny) networks.
- VoIP Troubleshooting tool - provides Troubleshooting functions for VoIP (SIP and Skinny) networks.
autoAnalyzer tree branch - used by:-
-
Passive Analysis tool - provides statistical analysis, includes Live Views covering real time traffic patterns.
-
Protocol Analysis tool - provides real time packet analysis and an expert system to analysis captured frames.
They are used to provide local management, monitoring and analysis facilities. The following diagram shows how multiple Probes can be deployed to extend the domain managed:-
Displays showing the Remote Manager and Probe deployment - Remote Manager in these examples has access to tools locally:-
It is also possible to access and control probes from an external site.
Display showing the Remote Manager and Probe deployment -
Remote Managers in this example have no access to tools locally:-
For more information - see :-
- SNMP Management Systems
Can I integrate with SNMP Managers?
Yes, this is done by accessing the fully integrated SNMP Module. This module can add value to an already installed SNMP Manager, in a number of ways. Including the following:-
EXTEND MANAGERS RANGE TO COVER NON-SNMP NODES/TRAFFIC
- Issue Traps to the Manager in respect of problems associated with Non-SNMP Compliant Nodes, immediately extending the SNMP Managers range.
- Issue Traps in respect of all the Traffic/Errors on a Segment. (i.e., monitoring actual real time loading and errors, not the loading/error information obtained from SNMP compliant nodes), providing the manager with a complete/impartial view of the segments traffic.
This will use information obtained from Passive Analysis of the Network.
Traps can be issued to multiple SNMP Managements systems, for full information, see Help entry titled:- How to set SNMP Traps
The SNMP Manager must have compiled the Codima MIB. The MIB {Enterprise.226} is included in the file set installed with the Codima Toolbox.
..:\Program Files\Codima\Express\SNMP\CODIMA-EXPRESS-MIBs\
Codima MIBs are installed with the Toolbox
- C:\Program Files\Codima\Express\snmp\Codima Mibs.
These are the MIBs that need to be compiled by the third-party SNMP Management system.
- MIBs
:-
What is the
This is a tool to automate the MIB Walk process and email results back to Codima, it is specifically designed to obtain information for the customization of the Codima Discovery engine.
Help entries titled "How to run SNMP Sim Generator" are included with these tools.
Note: To provide a successful MIB walk you must
use the correct community strings for the device you are browsing.
The easiest way to obtain a MIB walk is to use the SNMP Sim Generator, this runs the MIB walk and automatically emails the results to Codima.
Note: To provide a successful MIB walk you must
use the correct community strings for the device you are browsing.
The SNMP Sim Generator will do the Mib walk and email results automatically.
- Netflow :-
What is NetFlow and does the Codima Toolbox support it?
NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. The Codima Toolbox does not currently support this.
The Codima Toolbox provides it's analysis instead by using a mixture of information obtained from both passive monitoring and active analysis:-
-
Passive Monitoring - information obtained using the on line frame capture facilities
-
Active Analysis - information obtained using the SNMP Polling engine - part of the Bottleneck Analysis tool
Yes, click below to obtain Check list:-
-
Passive Analysis/Protocol Analysis : Check list - for facilities accessible via the autoAnalyzer Tree branch
If I have problems with the system what evidence do I need to supply?
Click below to obtain a hard copy of the evidence requirements for the Toolbox.
How do I check that the Toolbox is correctly configured to enable me to monitor traffic?
Click below to obtain your copy of the Codima Toolbox Deployment Guide.
What is the latest Microsoft® Patch level that the Codima Toolbox software been tested with?
The process of testing with Microsoft® patches is an ongoing one, latest level tested is as follows :-
-
Windows XP Service Pack 3
-
Windows 2003 Server SP 2
-
Windows Vista SP1
-
Window Server 2008 SP1
-
Windows 7
Copyright/Disclaimer
Copyright ©2011 Codima Inc. All Rights
Reserved.
Information in this document is subject to change without notice and does not represent a commitment on the part of Codima Inc. Codima Inc. reserves the right to revise or change this document without obligation of Codima Inc. to notify any person of the revision or changes. Information in this document is believed to be accurate at the time of publication but no liability whatsoever can be accepted by Codima Inc. arising out of the use of this information. Also, this document could include typographical errors or technical inaccuracies.
Any trademarks or trade names owned or registered by any other company and used in this document are the property of their respective companies