SNA and MTX controllers

I captured some packets between mtx controllers and an SNA server, Is anyone astute in the analysis of these packets? I didn't see anything pertinent.

Site is complaining of sessions dropping and the capture is during the timeframe.

While it might be hard to do, are you able to post the packets captured here?

If you have sessions dropping (assuming TCP), I'd look straight into the sequence, acknowledgment numbering and tcp flags to track connections that have been reset or lost and see where the problem is coming from.

Such cases are quite hard and time consuming to trace, but they are the best way of 'seeing' what on earth is happening.

Yep I'd be looking at the flags as well.. look for alot of RSTs or suchlike.

Btw UHS, i just noticed that you use the same avatar as our other forum mod tfs.. hehe thats gonna irk him (he's very dangerous.. have you seen the picture of him on the team page --- ex Navy SEAL, military special operations chap --- we're not really allowed to talk about it much though)

:roll:

Thanks guys for the suggestions.

Okay first, do you want the whole capture pasted here? Nah, can't make me do it! So, given that, how can I get that info up here?

Secondly, in the 802.3 section of the packet decode I notice the trailer consists of data that I recognize from other packets on network, does that have significance. for instance the site is running SolarWinds and in the LLC packet of SNA packets bound for the controller I see portions and sometimes whole portions of "version statements", community strings, and other data that I know is from SolarWinds. Is this a manifestation of a conflict or too heavy a touch by this software. (I run this package on my entire network and have never seen evidence of it in other packets.) Could just be a tangent, I tend to do that when I've exhausted my knowledge base, haha.

I run the entire WAN including 78 sites and my site (Corporate) but the LAN at the site is the responsibility of the staff there until they need my assistance. As is the case with this controller dropping which I can usually figure out (except this time.) The sight wants to have a tech out to replace a NIC on it but I say not this time. They seem to hold onto a notion of "it solved it last time."

Sahirh, if you notice, I changed my avatar! Didn't want any covert ops in my sector...(that I don't know about anyway)...lol.

Thank god bout the avatar change UHS, rumour had it that tfs was getting all set to sort things out !

About your problem, I'm lost without the packet capture. Can you export it to some format and then upload it somewhere (if its not too large).