1. Validate SMTP Settings
* The SMTP configuration settings must be valid. Click on the Admin button, then click on SMTP Settings. Check the SMTP settings for the mail server that is configured. Send a test email to insure success for alerts, daily reports and scheduled reports.

2. Verify policy and monitor for the discovered IP address
* Confirm that the desired device IP address has been discovered by PacketTrap IT and is in the correct policy. For example, the server policy has the Exchange Server monitor enabled by default. Therefore, we conclude that any alerts related to the Exchange server services, processes or counters would fire.
* Confirm that Exchange Server monitor is checked in the device's policy. Double check to see that the device's policy indeed has the monitor checked. The monitor not being checked in the assigned policy is the most common reason an alert is not sent.

3. Validate that the Alert is enabled and configured to send to at least one valid email address
* Edit any alert. Confirm that the 'Notify on Conditions Met' box is checked and the expected email address appears in the ‘To:’ field.
* Verify that the desired condition is configured correctly. For example, an alert condition can be set to fire for 'Exchange 2003 Local Queue Length is over 0'. The alert will fire when the queue length is over 0 in this case.

4. Verify that the alert has not already fired.
* An alert can have any number of conditions. If an alert fires for any of those other conditions and the alert has not been reset, the same alert will not fire even if the desired condition has been satisfied. From our example, if the alert has fired and not been reset, a new alert will not fire even if the Exchange 2003 queue is greater than 0.

 

Troubleshooting NetFlow / sFlow / jFlow on PacketTrap IT.

* Verify that the device exporting flows is pointed to the computer where PacketTrap IT is installed. For Cisco devices, 'sh ip flow export' in a telnet session displays the netflow statistics. Make sure that the flows are exporting to the IP where PacketTrap IT is installed. Is the device on the same subnet as the computer running PacketTrap IT? Cisco recommends that the flow collector be on the same subnet as the flow exporter. However, if you device is not, make sure that the flow traffic can flow across firewalls by making access rules to allow UDP protocol on the port that is configured on the flow router.
* Verify that the primary IP of the device has been discovered by PacketTrap IT. Routers often have more than one IP PacketTrap IT needs to listen for NetFlow on the Primary IP. To be thorough, use Network discovery to discover all of the Netflow device's IPs. Make sure that all of the discovered IPs are in a policy that has Netflow enabled. The Networking policy has NetFlow enabled by default. Enabling NetFlow on any policy can be accomplished by selecting the Netflow monitor.
* Verify that the computer running PacketTrap IT is listening on 2055, 6343 and 9995. Open a command prompt and type 'netstat -a -p udp -o'

Proto Local Address Foreign Address State
UDP 0.0.0.0:69 *:*
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:514 *:*
UDP 0.0.0.0:1434 *:*
UDP 0.0.0.0:2055 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:6343 *:*
UDP 0.0.0.0:9555 *:*
UDP 0.0.0.0:9995 *:*
* Install and run a packet capture application (i.e. wireshark.org) on the computer running PacketTrap IT. If there are no UDP packets or CFLOW packets going to those ports (2055, 6343 or 9995) then a firewall or router is dropping the flow packets. Consult your administrator and or firewall rules.

To support HP devices, you must configure the device using the following configuration template. Login to your HP switch via Telnet. Enter configure terminal by typing 'conf t'.
Note: This information is stored in flash memory or a tftp server. Because of this, the settings are lost if the switch is reset.
setmib sFlowRcvrAddress.1 -o 0AC70199 (Where 0AC70199 is the IP address of the computer in hexidecimal where PacketTrap IT is installed.)
setmib sFlowRcvrPort.1 -i 6343 (You may also send sFlow on 2055 or 9995)
setmib sFlowRcvrOwner.1 -D net sFlowRcvrTimeout.1 -i 100000000 ('Net' is just a label. Substitute any name you wish to use as a label.)
(In the following statements you may substitute 'sFlowMib' = 1.3.6.1.4.1.14706.1 For example setmib sFlowMib.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 1)
(this step is optional)
setmib 1.3.6.1.4.1.14706.1.1.5.1.4.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 37 (This line sets the sample rate. In this case we have set it to 37. Default Sampling rate is 512 for HP devices.)
setmib 1.3.6.1.4.1.14706.1.1.5.1.3.11.1.3.6.1.2.1.2.2.1.1.1.1 -i 1 (enable sFlow. In this command we have enabled sFlow for port 1 which appears in bold. Repeat this command substituting the second to last number for the port you want to enable sFlow on.)
(this step is optional)
setmib 1.3.6.1.4.1.14706.1.1.6.1.4.11.1.3.6.1.2.1.2.2.1.1.2.1 -i 8 (Line 6 sets the polling interval for the port. In this case we have set the polling rate to 8 on port 2. The default interval is 60. Repeat this command substituting the second to last number for the port you want to enable sFlow on.)

Enable sFlow on your Extreme device.
To support Extreme devices, you must configure the device using the following configuration template.
enable sflow
configure sflow config agent 10.199.5.10
configure sflow collector 192.168.72.67 port 6343
configure sflow sample-rate 128
configure sflow poll-interval 30
configure sflow backoff-threshold 50
enable sflow backoff-threshold
enable sflow ports all
The sFlow collector value must reflect the IP address where PacketTrap IT is installed.

How to config interlan routing between Cisco and HP.
One of our users, Yasir Irfan, is writing a series of articles on how to configure intervlan routing between Cisco Catalyst switches and HP Procurve swithces. We thought this would be useful for the PacketTrap IT community.
Find part one of the Series here.
Find part two of the Series here.

Why isn't my SNMP enabled device responding?
• Verify that the device supports MIB II (http://www.faqs.org/rfcs/rfc1213.html)
• Please check the security tab of the SNMP Service properties on a computer that is not responding to SNMP requests.
• Verify that you are using the correct community string.
• Also verify that the computer in question can receive SNMP packets from the computer running PacketTrap IT. (Default protocol and port for SNMP traffic is UDP 161)
SNMPsecurityTAB.jpg
Checking these items should solve your issue.

Configure your alerts to send to the phone number email address of the corresponding provider. This will send an SMS message to the mobile device. I've listed a few of the US addresses below as example.
T-Mobile: phonenumber@tmomail.net
Virgin Mobile: phonenumber@vmobl.com
Cingular: phonenumber@cingularme.com
Sprint: phonenumber@messaging.sprintpcs.com
Verizon: phonenumber@vtext.com
Nextel: phonenumber@messaging.nextel.com
where phonenumber = your 10 digit phone number

 

Enable Sflow on your Foundry device.

To support Foundry devices, you must configure the device using the following configuration template.
Note: Ensure your Foundry device supports sFlow version 5.
config> int e 1/1 to 4/48
interface> sflow forwarding
config> sflow destination 10.199.1.199 6343
config> sflow sample 128
config> sflow polling-interval 30
config> sflow enable
The sFlow destination value must be the IP where PacketTrap IT is installed.

Enable J-flow on your device.
*Telnet or VNC to the J-flow device
* Login with valid credentials
* Open a terminal session if one is not running
* Click the 'terminal' icon on the top menu bar strip.
* type 'cd /tmp' and hit enter
* type './flowenable 192.168.1.90 public {ip address of your workstaion}' and hit enter.

Configure SMTP settings in Admin section.
Click on the SMTP Settings button. Configure the following fields:
* From Email Address - Enter any valid structured email address i.e. packettrapit@yourdomain.com
* SMTP Server and port - Enter Fully Qualified Domain Nane and port
* Logon Information User Name and Password - This is necessary along with a valid email address if you wish to send mail alerts and / or reports outside your domain. If sending within domain these fields can be left blank.
* Check the checkbox if your email server uses Secure Password Authentication
* Enter an email address to test configuration

How do I configure SNMP or WMI for my Windows machine?
Enabling SNMP on targeted devices is necessary if one wants to receive SNMP information from those devices. This information includes monitoring CPU and memory usage via PacketTrap IT pt360 Tool Suite.
Enable SNMP on Windows Vista
Step 1: Navigate to the Control Panel and double click ‘Programs and Features
Step 2: Click ‘Turn Windows features on or off’.
Step 3: Scroll down to the ‘SNMP feature’ check both boxes and click ‘Ok’. Wait for windows to enable the software.
Step 4: Now go back to the Control Panel and double click ‘Administrative Tools’.
Step 5: Inside ‘Administrative Tools’ double click ‘Computer Management’.
Step 6: Under ‘Services and Applications’ click ‘Services’
Step 7: Scroll down to the ‘SNMP Service’ in the right hand pane.
Step 8: Double click the ‘SNMP Service’ and navigate to the ‘Security’ tab. Make sure the ‘Accept SNMP packets from any host’ is selected. For routine public enablement, under ‘Accepted community names’ click ‘Add’. Leave ‘Community rights’ as ‘READ ONLY’ and enter ‘Public’ for the ‘Community Name’. (A customized SNMP Community string can also be used.)
Step 9: Click ‘Ok’ twice until you’re back at the above ‘Services’ screen. Right click the ‘SNMP Service’ and select ‘Start’. Done!
Additional Resources
An article containing useful information on SNMP can be found on the CISCO site at: http://www.cisco.com/warp/public/535/3.html
Configuring SNMP Support for Cisco Devices: http://www.cisco.com/univercd/cc/td/doc
Enable SNMP on Windows XP
Step 1: Navigate to the Control Panel and double click ‘Programs and Features’.
Step 2: Click ‘Add/Remove Windows Components’.
Step 3: Select and double-click on Management and Monitoring Tools.
Step 4: Make sure both boxes are selected and click OK.
Step 5: You are returned to the previous dialogue. Click on Next
Step 6: When that configuration is completed, click finish. Return to the Control Panel and double- click ‘Administrative Tools’.
Step 7: Inside ‘Administrative Tools’ double click ‘Computer Management’.
Step 8: Under ‘Services and Applications’ click ‘Services’ and then scroll down to the ‘SNMP Service’ in the right hand pane.
Step 9: Double click the ‘SNMP Service’ and navigate to the ‘Security’ tab. Make sure the ‘Accept SNMP packets from any host’ is selected. For routine public enablement, under ‘Accepted community names’ click ‘Add’. Leave ‘Community rights’ as ‘READ ONLY’ and enter ‘Public’ for the ‘Community Name’. ( A customized SNMP Community string can also be used.)
Step 10: Click ‘Ok’ twice until you’re back at the above ‘Services’ screen. Right click the ‘SNMP Service’ and select ‘Start’. Done!
Enabling WMI on Windows
WMI comes pre-installed on XP/Vista by default. To insure accessibility via WMI the user should check that the following service(s) are started:
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Step 1: Go to the Control Panel and double click ‘Administrative Tools’.
Step 2: Inside ‘Administrative Tools’ double click ‘Computer Management’.
Step 3: Expand Services and Applications, right click on WMI Control and follow the Windows menus.
Additional Resources
Windows XP: http://support.microsoft.com/kb/875605
Vista: http://msdn2.microsoft.com/en-us/library/aa822854.asx

What are the system requirements for PacketTrap IT products?
The PacketTrap IT Studio is a light weight application that can run on almost any moderate Windows-based machine. As a general guideline, the minimum specifications are:
Software / Hardware Requirement
Operating System One of the following 32-bit or 64-bit operating system is required:
Windows 2003 SP1 or later
Windows XP SP2 or later
Windows Vista SP1 (all versions)
CPU 2.0 GHz
Memory - 2GB or more
Hard Drive Space - 1GB or more
.Net Framework - 2.0 or higher
Firewall Exceptions (Allowed Programs) Automatically configured during PacketTrap IT installation: ptserverservice, ptserverconfig, ptagentservice, ptagentconfig, ptstudio

 

Ports:
5054 (TCP) = (PacketTrap IT Server port)
69 (UDP) - TFTP Server
514 (UDP) - Syslog Server
2055 (UDP) - Netflow
6343 (UDP) - SFLOW
9555 (UDP) - Netflow Alternative port #2
9995 (UDP) - Netflow Alternative port #3

Does NetFlow Listener support Juniper devices?
NetFlow Listener supports any device that supports j-flow. This is all Juniper routers and switches http://www.juniper.net/products_and_services/

Why do DNS names appear even when the device is offline?
This can occur when the Reverse DNS (rDNS) cache is stale and inaccurate. For example, this can occur on a Top 10 Average CPU gadget (if you choose 'Display DNS'), Network Discovery results, and Ping Scan results.
To correct this, simply clear your rDNS cache and re-run the gadget or tool.

Why do I receive "MIB Not Supported" on my Extreme Switches?
The Bridge MIB needs to be enabled. The command is "enable snmp dot1dTpFdbTable".

How can I set up net-snmp?
Here are some very easy to follow instructions to quickly set up net-snmp on your linux / unix server: http://net-snmp.sourceforge.net/docs/man/snmpconf.html.
You can install net-snmp on Win32 platforms as well by downloading from here: http://downloads.sourceforge.net/....

Right Click to connect on RDP or run any tool.
One of the most powerful aspects of PacketTrap IT Studio is leveraging the right click context menu on any device in that appears Devices.
Right click on a desired device and initiate a RDP connection. You may also add to Device Group, edit Policy, edit Credentials, Run pt360 Tool, Run Report, Telnet or Web Browse from the context menu.
You are just one right click away from most functions and features.

 

How is PacketTrap IT licensed?
PacketTrap IT Professional is a single site solution licensed per device being monitored.

PacketTrap IT Distributed is a multi site solution licensed per device being monitored.

Network Traffic Analysis module is licensed per device traffic flows are being collected from.

Wireless Infrastructure Monitoring and VoIP Monitoring modules are licensed per PacketTrap IT version

What license quantities are available?
With every edition of PacketTrap IT, you can purchase device bands ranging for 50 devices to 5000+ devices.

Is an evaluation license available? What restrictions does it have?
Yes a 21 day evaluation license is available that is fully functional with all modules and is limited to monitoring 20 devices.

How are licenses delivered?
Once your order has been processed you will receive your license code or file by e-mail.

How can I add more licenses?
The process is the same for all products, contact sales@dbl.co.uk.  When your order has been processed you will be provided with a new electronic license for the total quantity of licenses you purchased.

Do you offer any types of discounts?
Discounts are available for customers buying larger quantities of each product. See below for more details. Special pricing may be available, contact sales@dbl.co.uk.

What about shrink-wrap product?
 ScriptLogic does not sell any of its products with shrink-wrap packaging. All delivery of software and licenses is electronic.