Configuring Windows NT Satellite Networking at Coho Winery
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
By Jim Gowler, MCS—Great Lakes
Editor's Note This article is excerpted from "Optimizing Network Traffic," which is part of the Microsoft Press Notes From the Field series that outlines the best system management practices and procedures. For more information on this and other Microsoft Press books, go to https://www.microsoft.com/mspress/.
Enterprise network infrastructure often includes a variety of communication media and links: Ethernet, integrated services digital network (ISDN), frame relay, dial-up lines, and satellite connections. This chapter focuses on using Microsoft Transmission Control Protocol/Internet Protocol (TCP/IP) with Microsoft Windows for Workgroups 3.11, Windows 9x, Windows NT Workstation and Server, and Windows 2000 in an Ethernet local area network (LAN) environment communicating to remote sites over satellite connections. The configuration recommendations also apply to wide area networks (WANs) and dial-up connections.
On This Page
In Focus
Enterprise Requirements
Overview of Satellite Communications
Services and Application Transactions
NETLOGON.BAT (Batch File Execution)
Copy Command (CMD, WINFILE, Explorer)
Microsoft Word 97
Microsoft Excel 97
Microsoft PowerPoint 97
Microsoft Outlook 98
SMTP Transport
IMAP4 Transport
Microsoft Outlook Web Access (OWA)
Microsoft Exchange Server
Microsoft SQL 6.5/7.0
TCP Sockets
Performance Results
In Focus
Enterprise
Coho Winery, a growing company with vineyards throughout North America and Australia, and international distributorships.
Network
Over 8000 remote offices and distributorships linked to the corporate headquarters based in Napa Valley over satellite connections.
Challenge
Systems administrators must optimize the network for satellite communications, configuring packet transmission latency (lag time), the Server Message Block (SMB) size on Windows NT Server, and the Maximum Transmit Unit (MTU) size of the LAN.
Solution
Satellite links typically impose the highest latency of any media, and they require more complex parameter adjustment to optimize network communications.
What You'll Find In This Chapter
How to test, assess, and deal with latency in your network.
How to configure networks effectively for the varying speeds found in networks incorporating satellite links.
How to adjust parameters for replication in large networks and those with multiple-processor PDCs and BDCs. (This discussion also explains which parameters do not require adjustment and why.)
How to incorporate configuration ideas on most Microsoft operating systems (Windows NT Server/Workstation, Windows 2000 Server/Professional, Windows for Workgroups, Windows 9x) and Microsoft server applications such as Microsoft SQL Server and Microsoft Exchange Server.
Warning: This chapter makes recommendations for modifying or adding Windows registry parameters with REGEDIT.EXE or REGEDT32.EXE. Using Registry Editor incorrectly can cause serious, system-wide problems that require you to reinstall Windows NT. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.
Windows NT setup installs two versions of Registry Editor: REGEDT32.EXE (the Windows NT version) and REGEDIT.EXE (the Windows 9x version). Although you can use REGEDIT.EXE to search for keys and values in Windows NT 4.0, use REGEDT32.EXE to edit the Windows NT registry.
Enterprise Requirements
The recommendations and best practices in this chapter address some basic networking requirements.
For Windows for Workgroups, Windows 9x, Windows NT Workstation, and Windows 2000 Professional, each desktop:
Uses TCP/IP for network communications.
Can browse every corporate-supported resource server in the LAN.
Can browse every corporate-supported resource server in the WAN.
Communicates over satellite links.
For Windows NT Server, Windows 2000 Server, Microsoft SQL Server, and Microsoft Exchange, each server and service:
Uses TCP/IP for network communications.
Has access to every corporate-supported resource server in the LAN.
Has access to every corporate-supported resource server in the WAN.
Communicates over satellite links.
Overview of Satellite Communications
A typical network with satellite links includes earth stations (remote sites) that communicate to a hub site (also an earth station) that serves as the main data center in the enterprise. The hub site does not have to be at the same physical location of the main data repository; it can be a remote site with a secure connection to a LAN or a WAN.
An earth station consists of a satellite dish (with a central head) and a digital interface unit (DIU) connected to the local network through a turbo port card. The dish transmits and receives data to the satellite (bird). Dish bandwidths vary from 128 Kbs to 1 Mbs. The available bandwidth to each earth station can be divided (the term is carved) into separate channels varying from 9600 baud to 1 Mb.
You can configure the maximum transmit unit (MTU) size of data sent through software and hardware and over satellite links to a maximum of 1500 bytes to match the default size of the DIU. You can also drop the MTU below this figure to match available bandwidth for performance reasons. The circled numbers in the figure apply to the explanation that follows.
.gif "Figure 6.1: Communications between earth stations and the hub site.")
Figure 6.1: Communications between earth stations and the hub site.
The terminology that describes satellite communications is similar to other telecommunications terminology. All communications from the hub site are outbound transmissions (1), and all communications to the hub site are inbound transmissions (2). Communications from the satellite to the remote earth stations are outroute (3), and communications to the satellite from the remote earth station are inroute (4).
Network administrators must tune three areas to optimize satellite links for networking communications: packet transmission latency (lag time), the Server Message Block (SMB) size of Windows NT Servers, and the LAN's maximum transmit unit (MTU) size. These areas are discussed in the next three sections.
Latency
The following illustrations show the results of using PING.EXE to test latency across network segments. These use baseline measurements set in a test lab; individual measurements and results vary with network design.
.gif "Figure 6.2: Checking latency period on a LAN using PING.")
Figure 6.2: Checking latency period on a LAN using PING.
Figure 6.2 uses the PING utility to set a reference point for latency in milliseconds (ms). In this example, a local PING reports a latency less than 10 ms.
.gif "Figure 6.3: Checking latency across a local router.")
Figure 6.3: Checking latency across a local router.
This shows a local router with a latency of 10 ms or less. Latency increases as router load and the number of routers increase.
.gif "Figure 6.4: Checking latency across a remote router or bridge.")
Figure 6.4: Checking latency across a remote router or bridge.
Figure 6.4 shows PING results in a WAN environment. Here response time increases substantially from less than 10 ms to more than 110 ms. By default Microsoft's implementation of TCP/IP addresses potential LAN and WAN latency by setting the wait time to 750 ms. This is important, because when latency starts approaching wait time, as it often does over WANs, timeouts (and communications failures) increase.
When sending a PING from the hub site to the satellite (outbound) and from there to a remote earth station (outroute) the test returns these results (the path is from 1 to 3 in Figure 6.1):
Pinging 123.456.789.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
When using the commands below, the NetBIOS TCP (NetBT) stack also fails when communications travel outbound from the hub site, over the satellite, and outroute to a remote earth station. Both the PING utility and the NET USE DOS command use a Broadcast Query Time-out value to locate the destination host:
NET VIEW \\SATURN
System error 53 has occurred.
NET USE Z: \\SATURN\NETLOGON
System error 53 has occurred.
To troubleshoot, use the PING utility with the -w option to increase the ms time-out value and determine the network latency. The results in this example are:
PING 123.123.123.10 -w 1600
Pinging 197.127.135.10 with 32 bytes of data:
Reply from 123.123.123.10: bytes=32 time=1382ms TTL=32
Reply from 123.123.123.10: bytes=32 time=1331ms TTL=32
Reply from 123.123.123.10: bytes=32 time=1342ms TTL=32
Reply from 123.123.123.10: bytes=32 time=1342ms TTL=32
After you have determined the proper ms time-out value, you can modify the Broadcast Query Time-out values for workstations to accommodate the latency across satellite links.
Configuring BcastQueryTimeout Values
The default value for BcastQueryTimeout is 750 ms (hexadecimal value 2ee). In the previous example, the satellite (123.123.123.10) has a latency period greater than 1300 ms. You can increase this value to 1600 ms, allowing NBT name query to resolve machine names submitted via the NET USE command.
Note: The PING.EXE utility only creates its packets: it does not resolve a hostname to an IP address, nor does it use the NBT to do so. Increasing the BcastQueryTimeout parameter does not apply to PING, but does work for all other WINSOCK and NBT programs.
For Windows for Workgroups 3.11, modify the SYSTEM.INI file:
[NBT]
BcastQueryTimeout =
Default: 750
For Windows 9x, edit the BcastQueryTimeout registry subkey:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \VxD \MSTCP
For Windows NT versions through 4.0, and Windows 2000, modify the BcastQueryTimeout parameter:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \NetBT \Parameters \BcastQueryTimeout
.gif "Cc767910.opt6_5(en-us,TechNet.10).gif")
Figure 6.5: Using Registry Editor (REGEDIT.EXE) to configure BcastQueryTimeout in Windows NT.
To modify this setting, double-click on the parameter in the right pane of the Registry Editor window, bringing up the Edit DWORD Value window:
.gif "Figure 6.6: Edit DWORD Value window to modify BcastQueryTimeout.")
Figure 6.6: Edit DWORD Value window to modify BcastQueryTimeout.
Server Message Block (SMB)
Configuring SizReqBuf for Windows NT Server versions 3.5x
Windows NT Server manages input/output by carving data into blocks. When enough memory is available, it operates in raw mode, allocating large blocks of data (64 KB). When there is not enough memory, the server uses a request buffer for large- and small-block reads/writes. You can configure these sizes in the SizReqBuf parameter (default 4356 bytes, range 512 to 65536).
By increasing the SizReqBuf to match the TCP/IP window for RawIoTimeLimit, EnableRaw, and MaxLinkDelay (discussed in the next section), you can load-balance the system for buffering when there is not enough memory available to run in raw mode. Two common increases are:
12288 to match the default transmission size of Windows 95 and Windows for Workgroups 3.11's internal reads/writes buffering of the 32-bit redirector.
12548 to create best throughput and support for Windows NT Server, Windows for Workgroups 3.11, Windows 9x.
The redirector in Windows NT Server and Workstation can dynamically adjust to operate in raw state or to use the request buffer (SizReqBuf), which does not affect raw requests from a remote Windows NT Workstation/Server, Windows for Workgroups 3.11, or Windows 9x nodes. It controls the data flow only to nodes with other operating systems.
Windows NT Server and Workstation by default invoke raw mode when requested by other Windows NT computers. When the connection is established, the redirector determines if it is over a slow link and uses SizReqBuf if it is.
To modify the SizReqBuf registry subkey:
Start Registry Editor (REGEDT32.EXE).
Go to this subkey:
HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters \SizReqBuf
To add the SizReqBuf registry subkey:
Create the SizReqBuf value using this information:
Value name: SizReqBuf
Data type: REG_DWORD (DWORD)
Data: 512 to 65536 (bytes in decimal)
Close Registry Editor and restart the computer.
For more information on this registry subkey, see Microsoft Knowledge Base article 177266, Title: Remote Directory Lists Are Slower Than Local Directory Listings.
In a Windows NT 3.5x environment, the redirector counts the amount of data in a specified time frame to decide if the connection a slow link. If it is, the operating system switches to request buffer input/output.
Configuring RawIoTimeLimit for Windows NT 3.5x (and 4.0)
This Windows NT registry parameter (default 5 seconds) allows you to set the redirector to send data in 64-KB blocks (raw mode) if you are not using Remote Access Service (RAS). Increasing the timing interval "tricks" the operating system into thinking a higher speed connection exists, causing it to shift into raw mode. For example, if you increase the RawIoTimeLimit parameter to 20, the redirector switches into raw mode, without having to make special calculations to find a boundary for SizReqBuf.
Start Registry Editor (REGEDT32.EXE).
Go to this subkey:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Rdr \Paramaters \RawIoTimeLimit
If this value does not exist, add it using these parameters:
Value name: RawIoTimeLimit
Data type: REG_DWORD (DWORD)
Data range: 0 to 65535 seconds
To stop and restart the redirector use the commands net stop rdr and net start rdr from a command prompt. This puts the new setting into effect.
.gif "Cc767910.opt6_7(en-us,TechNet.10).gif")
Figure 6.7: Using Registry Editor (REGEDIT.EXE) to search for RawIoTimeLimit in Windows NT.
Warning: Although you can use the RawIoTimeLimit parameter to speed up copying from a network server down to the desktop, you cannot use it with RAS because copying data from the desktop up to a RAS server overrides that server's serial line, truncates the copy, and exits. The only error seen on the workstation is copy failure. On the server side, the modem reports CRC errors and disconnects the network session.
Configuring Windows NT 4.0 and Windows 2000 (EnableRaw and MaxLinkDelay)
The previous parameter modifications enable raw detection over the WAN with satellite connections. You do not need to implement them on Windows NT 4.0 because processing raw SMBs can impede performance on some networks. You can disable the raw mode by adding the parameter EnableRaw and setting it to 0:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters \EnableRaw
.gif "Cc767910.opt6_8(en-us,TechNet.10).gif")
Figure 6.8: Using Registry Editor (REGEDIT.EXE) to search for EnableRaw.
For more information, see Knowledge Base article 127023, Title: Raw SMB Requests Across Router Results in Session Termination.
MaxLinkDelay specifies the maximum time allowed for a link delay (default 60 seconds) before a server automatically disables raw mode input/output for a connection. Increase the MaxLinkDelay registry subkey to override this feature:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters \MaxLinkDelay
.gif "Cc767910.opt6_9(en-us,TechNet.10).gif")
Figure 6.9: Using Registry Editor (REGEDIT.EXE) to search for MaxLinkDelay.
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \rdr \Parameters \RawIoTimeLimit
You can modify or add the parameter RawIoTimeLimit to Windows NT 4.0 and Windows 2000 (see the above section "Configuring RawIoTimeLimit for Windows NT 3.5x (and 4.0)") in network configurations using the NetBIOS gateway. When turned on, this setting can increase throughput by 10-15 percent, blocking all other data transfers. By default, RawIoTimeLimit is disabled over slow links speeds of 14,400 BPS (or slower) and enabled (default 5 seconds) over faster links, such as ISDN lines.
For more information, see the Windows NT Server Networking Supplement Manual, "Appendix A—RAS Registry Values."
TCP Window Size
Configuring DefaultRcvWindow
The transmission control protocol (TCP) receive window specifies the maximum number of bytes a sender can transmit without receiving an acknowledgment (ACK). Increasing this value improves performance on networks with high latency. Both sides of a network connection control the TCP receive window size. You can configure receive window size for Windows for Workgroups in the SYSTEM.INI file, and for Windows 9x with the DefaultRcvWindow registry entry.
For Windows for Workgroups 3.11, modify the SYSTEM.INI file:
[MSTCP]
DefaultRcvWindow =
Default: 8192
For Windows 9x, modify the DefaultRcvWindow registry subkey in:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \VXD \MSTCP
Windows NT TCPWindowSize
When data blocks greater than the MTU or segment size travel across the network, the TCP Window Size buffers them, returning acknowledgments to notify the sending computer when one block has been received and it is time to send the next one. Larger buffers can accommodate larger blocks of data, allowing more data to flow before reversing direction and sending an acknowledgment. This reduces traffic by generating fewer ACK packets.
Windows NT default TCPWindowSize values.
Registry Parameters |
Windows NT 3.1 |
Windows NT 3.5 x |
Windows NT 4.0 |
Windows 2000 |
|---|---|---|---|---|
TCPWindowSize |
8192 (1) |
8760 |
8760 |
16504 |
|
8K |
8K |
8K |
16K |
To adjust the TCP Window size, modify or add this registry subkey:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters \TCPWindowSize
.gif "Cc767910.opt6_10(en-us,TechNet.10).gif")
Figure 6.10: Using Registry Editor (REGEDT32.EXE) to modify TCPWindowSize.
Note: When a TCP/IP client communicates over a router that imposes a hop-count—which limits the number of subsequent routers a message can pass through—a forced ACK is issued for every two packets. This avoids the silly window syndrome, which occurs when the window is so large that it causes a high retransmission rate and system thrashing. This is rare in test labs, but common in production environments. Microsoft TCP/IP does not allow you to disable the forced ACK setting (every two packets over a router).
TCP Window Size in Windows 2000
Windows 2000 addressing performance is optimized for all types of media and WAN connectivity, effectively avoiding silly window syndrome. The protocol stack maintains the two-packet recommendation over routers, but it waits for a response rather than reversing the data flow and issuing an ACK. This improves performance over satellite links. Here's a representation:
Windows 2000:
DATA==> DATA==> DATA==> DATA==> DATA==> DATA==> <==ACK <==ACK <==ACK
Windows NT:
DATA==> DATA==> <==ACK DATA==> DATA==> <==ACK DATA==> DATA==> <==ACK
Maximum Transmit Unit (MTU) Registry Parameters
Windows NT TCP transport entries govern the segment size of data traveling over the network. TCPRecvSegmentSize specifies the maximum receive segment size, and TCPSendSegmentSize specifies the maximum send segment size. You can modify or add these parameters (REG_DWORD or DWORD) in:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \TCPIP \Parameters
Windows NT registry parameters for MTU.
Registry Parameters |
Windows NT 3.1 |
Windows NT 3.5 x |
Windows NT 4.0 |
Windows 2000 |
|---|---|---|---|---|
TCPRecvSegmentSize |
1460 |
0 (1) |
0 (1) |
0 (1) |
TCPSendSegmentSize |
1460 |
0 (1) |
0 (1) |
0 (1) |
MTU |
1500 |
0 (2) |
0 (2) |
0 (2) |
Notes on Windows NT MTU parameters:
(1) MTU size - 40 = segment size.
(2) Windows NT 3.5 uses the default MTU size of the MAC interface: Ethernet = 1500.
In token ring networks, this value depends on the MAXFRAME size of the token ring card. Because the desktop cannot process transactions larger than 4096 bytes, avoid token ring net cards with hard coded MTU MAXFRAME sizes greater than 4096.
Cautionary Notes
MTU settings can create problems when:
Sending packets (that require a response) from one token ring site over a satellite to another token ring site with a smaller MTU size.
Sending packets from one token ring site over frame relay to another token ring site.
Communicating from one token ring site over Asynchronous Transfer Mode (ATM) to another token ring site.
Using different media types in any combination.
Use the Ethernet default size of 1500 to avoid these problems.
Configuring MTU Size for Windows NT
For Windows for Workgroups 3.11, you can set the MaxMTU parameter in the SYSTEM.INI file.
[network_card]
MaxMTU =
Default: 0 (use the value supplied by the network adapter manufacturer)For Windows 95 and Windows 98, you can configure MaxMTU in the registry subkey:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Class \NetTrans \000n
For Windows NT modify or add the MTU subkey:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \CENDIS31 \Parameters \Tcpip \MTU
.gif "Cc767910.opt6_11(en-us,TechNet.10).gif")
Figure 6.11: Looking for MTU with Registry Editor (REGEDIT.EXE).
Configuring MTU Size for Windows 2000
The redesigned Windows 2000 registry parameters for network services use a component object model (COM) component interface design. COM uses a global unique identifier (GUID) for each component, including network adapter cards. The registry subkey example below is for a Compaq NetFlex network adapter card:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \tcpip \Parameters \interface \F8B40F3E-6F17-11D2-90E1-D0086EA127CB\MTU
The COM component design allows you to disconnect the network interface, change parameters such as the MTU size, and connect the TCP/IP stack to the network interface without rebooting.
Services and Application Transactions
Trust Relationships
Once a trust has been established, primary domain controllers (PDCs) and backup domain controllers (BDCs) locate trusted domains while booting up, establishing a password-protected communications "pipe." The PDC generates a pulse (approximately every day) and changes the internal password on the secure pipe. If domain controllers do not receive this pulse at boot time for internal password changes or initiations of pass-through authentication, then the trust goes dormant for 15 minutes.
Note: If a user tries to log on when the trust is inactive, the system uses cached logon accounts. The maximum for the cache is 10 accounts, so if the user is not one of the last 10 accounts to log on, the attempt fails.
Every 15 minutes the domain controller tries to locate the trusted domain. Because of this, a trust may work initially then stop working after 15-30 minutes. In general, using Windows Internet Naming Service (WINS) keeps the trust relationship intact, but WINS server location and link speed (below 128 Kbs) can introduce a resolution latency that causes a trust to fail, rendering the domain dormant until contact is reestablished. You can avoid this by adding the entries described below to the LMHOSTS file on all domain controllers that are connected by slow links:
197.127.137.10 ACCOUNTS1 #DOM:NORTHAMERICA #PRE
197.127.136.11 RESOURCE1 #DOM:RESOURCE_DOMAIN #PRE
Performance Hints and Tips
The trust tries to change its internal secure pipe password, and if it cannot communicate the new password to both sides within a week, the trust breaks and you must delete and re-add it. To disable the password change so that the trust is not automatically broken, you can change the DisablePasswordChange from 0 (default) to 1 in the registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetLogon\Parameters\DisablePasswordChange
.gif "Cc767910.opt6_12(en-us,TechNet.10).gif")
Figure 6.12: Searching for DisablePasswordChange with Registry Editor (REGEDIT.EXE).
Primary Domain Controller (PDC)
Even when using large (5,000 +) account domains, daily change replication from the PDC to the BDCs is small. The NETLOGON service tracks changes in a log which is by default 64 KB (roughly 2,000 changes). In most cases 64 KB is large enough to queue the daily changes, but if it isn't you can increase the log size by changing the ChangeLogSize registry subkey:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \NetLogon \Parameters \ChangeLogSize
.gif "Cc767910.opt6_13(en-us,TechNet.10).gif")
Figure 6.13: Looking for ChangeLogSize with Registry Editor (REGEDIT.EXE).
Replication Issues In Large Networks
Before the replication process starts, the PDC freezes time inside the box, grabs 98% of the CPU processing, and starts calculating what changes go where. In a perfect world this happens without a hitch, but in the real world the Change Log sometimes is overrun before all BDCs are synchronized. This forces a full synchronization, which can be a cascading event if all BDCs need a full synchronization instead of just the deltas.
You could increase the Change Log size as stated above but it is not really necessary, not even when dealing with large numbers in a single-processor environment. When the PDC freezes time and starts calculating what changes go where, it collects the deltas (changes) into groups of up to 255 deltas for each remote procedure call (RPC) transmission. If the PDC is interrupted during the calculation process (such as to service a bad password check request), the PDC stops all calculations, sends any deltas that have been calculated, services the request, and then resumes calculating what changes go where. This starting and stopping calculation (and thus replication) does not flood the network with RCP transmissions because the network segment with the highest bandwidth is the segment where the PDC is located—and the PDC never floods this segment.
When there is more than one processor, the lowest-order processor works as stated above, exclusively handling all exceptions (service requests) when required. The other processors do not halt—they continue replicating. The lowest-order processor has to start over when the exceptions have been completed but if another processor has meanwhile completed the synchronization, the lowest-order processor backs off rather than duplicate network traffic unnecessarily.
Multiple-Processor Replication Issues in Large Systems
Multiple processors are used only on PDCs, not on BDCs, which simply request data from the PDC. But does a multiple-processor PDC require a multiple-processor BDC for a back up? After all, a backup controller should be able to step in as a new PDC (if needed) and preserve the network topology. Nevertheless, the backup in these cases does not require multiple processors.
Loss of the PDC deprives the system of functions (Enable and Disable Logon Account—Create, and Delete Logon Account—Change Password) that should not break the system over the 15 minutes or so that it takes to promote the backup to PDC (not even if all passwords expire or all accounts are disabled). Users are not even affected, although it may take longer to fully synchronize the entire domain. If you have been diligent with upgrades and maintenance you can promote the backup controller without affecting administrators, telecommunications, support, or users.
With a large number of BDCs (more than 50) the time during which the PDC uses resources increases exponentially with the number of accounts, BDCs, and changes. PDCs are designed to handle this stress and instead of flooding the network with changes they distribute updated information in an orderly fashion.
Although the PDC is designed to calculate replication changes simultaneously for 10 BDCs in Windows NT 3.51 and 20 BDCs in Windows NT 4.0, these figures may be too low to keep large numbers of BDCs updated evenly. In this case, a multiple-processor PDC issues round-robin updates from processor to processor until it reaches the Pulse Concurrency limit (the maximum number of simultaneous pulses a PDC sends to BDCs).
High-Latency Connections
Overall you should not have to change this parameter. Only changes get forwarded through the network so on the last days of a required 90-day password change only passwords are replicated, not the complete user account databases. For slow links, monitor the network traffic and if this traffic causes problems on lines slower than 64 Kbps, use the ReplicationGovernor.
Performance Hints and Tips
- You can configure different replication rates at different times of the day. With the AT command, use a script file containing the path to the ReplicationGovernor parameter and the new Registry entries. (For example: net stop netlogon, regini script file, net start netlogon). REGINI.EXE is part of the Windows NT Resource Kit.
Dial-up Links
In a dial-up environment you may exercise all of these suggested options but still fail to get the BDC to synchronize with the PDC in a controlled process rather than having it connect all day long across expensive dial-up lines. To make the connection when you want and automate on-demand synchronization, use the command line utility NLTEST.EXE. Combining this utility with RASDIAL you can "batch dial" and synchronize the BDC. Here is an example:
:RASDIALOUT RASDIAL PDCSERVER IF ERRORLEVEL == 1 GOTO BADRASDIAL NLTEST /TRANSPORT_NOTIFY NLTEST /SERVER:BDCLOCAL /REPL GOTO END :BADRASDIAL WAIT 5 GOTO RASDIALOUT :END
The example above is only a sample; below is a complete list of parameters and options. (Refer to the Microsoft Windows NT 4.0 Resource Kit, Supplement Two for complete information and examples.)
Usage: nltest [/OPTIONS] /SERVER:<ServerName> - Specify <ServerName> /QUERY - Query <ServerName> netlogon service /REPL - Force replication on <ServerName> BDC /SYNC - Force SYNC on <ServerName> BDC /PDC_REPL - Force UAS change message from <ServerName> PDC /SC_QUERY:<DomainName> - Query secure channel for <Domain> on <ServerName> /SC_RESET:<DomainName> - Reset secure channel for <Domain> on <ServerName> /DCLIST:<DomainName> - Get list of DC's for <DomainName> /DCNAME:<DomainName> - Get the PDC name for <DomainName> /DCTRUST:<DomainName> - Get name of DC is used for trust of <DomainName> /WHOWILL:<Domain>* <User> [<Iteration>] - See if <Domain> will log on <User> /FINDUSER:<User> - See which trusted <Domain> will log on <User> /TRANSPORT_NOTIFY - Notify of netlogon of new transport /RID:<HexRid> - RID to encrypt Password with /USER:<UserName> - Query User info on <ServerName> /TIME:<Hex LSL> <Hex MSL> - Convert NT GMT time to ascii /LOGON_QUERY - Query number of cumulative logon attempts /TRUSTED_DOMAINS - Query names of domains trusted by workstation /BDC_QUERY:<DomainName> - Query replication status of BDCs for <DomainName> /SIM_SYNC:<DomainName> <MachineName> - Simulate full sync replication /LIST_DELTAS:<FileName> - display the content of given change log file /LIST_REDO:<FileName> - display the content of given redo log file
Performance Hints and Tips
On the PDC increase the change log so that the transaction log can hold the worst-case number of changes for the time the BDC is off line.
Use a script file with the AT command to configure different replication rates at different times of the day. See above.
Use a batch file to dial, connect, and execute NLTEST.EXE.
NETLOGON.BAT (Batch File Execution)
Windows NT provides logon scripts that enforce standards on the desktop. The following example performs a virus check, and links a home directory, a mail drive, a common applications drive, and common printers.
@echo off rem echo netlogon.bat version 01.00.00 echo. msav /c /r /a net use h: /HOME net use m: \\MYSERVER\MAIL net use s: \\MYSERVER\APPS net use lpt1: \\MYSERVER\printer1 net use lpt2: \\MYSERVER\printer2
You can use the NetLogon feature to impose and enforce standards, but it can create performance issues when executed over slower links. This batch file was created and executed from Windows NT Workstation and a Windows 95 workstation.
NETLOGON @Echo off Echo netlogon.bat version 01.00.00 Echo. NET VIEW
Network Trace—Windows NT NETLOGON (Remote)
The trace below shows the network traffic generated by NETLOGON.BAT from a remote Windows NT workstation. At the command line the batch file NETLOGON <enter> was used.
When executed from a Windows NT workstation, 26 packets were generated to "find" the file to execute. The logic used at the command line is to find NETLOGON, then NETLOGON.COM, then NETLOGON.EXE, and finally NETLOGON.BAT. Typing NETLOGON.BAT at the command line avoids the execution of 26 packets of data.
Echo is used to insert a CR/LF on the screen during execution of a batch file. It makes reading the output more manageable, but generates 4 packets, which really are not required for the execution.
The net command goes through the same search for the program net, generating extra 14 packets.
Note that the system is now trying to load the NET.EXE and the DLLs that support the call, even though all the files are in the local search path and the program executes it. The drive off of which NETLOGON was executed is always searched before the search path. Note that this generated over 133 packets.
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote).
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
5 4.344 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
6 4.347 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x8003
7 4.351 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \netlogon"*
8 4.356 ANDROMEDAII 3COM 4CEC95 SMB R transact2
9 4.359 3COM 4CEC95 ANDROMEDAII SMB C find close, FID = 0x5
10 4.362 ANDROMEDAII 3COM 4CEC95 SMB R find close
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
11 4.363 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x8003
12 4.366 ANDROMEDAII 3COM 4CEC95 SMB R close file
13 4.369 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
14 4.373 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x7804
15 4.377 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NETLOGON.COM
16 4.382 ANDROMEDAII 3COM 4CEC95 SMB R transact2 (Error)
17 4.385 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x7804
18 4.387 ANDROMEDAII 3COM 4CEC95 SMB R close file
19 4.391 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
20 4.394 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x7006
21 4.397 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NETLOGON.EXE
22 4.403 ANDROMEDAII 3COM 4CEC95 SMB R transact2 (Error)
23 4.406 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x7006
24 4.408 ANDROMEDAII 3COM 4CEC95 SMB R close file
25 4.412 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
26 4.415 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x8002
27 4.421 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NETLOGON.BAT
28 4.428 ANDROMEDAII 3COM 4CEC95 SMB R transact2 FindFirst (response to frame 27)
29 4.431 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x8002
30 4.433 ANDROMEDAII 3COM 4CEC95 SMB R close file
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
31 4.440 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \NETLOGON.BAT
32 4.444 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x780d
33 4.448 3COM 4CEC95 ANDROMEDAII SMB C read & X, FID = 0x780d, Read 0xa4 at 0x0
34 4.450 ANDROMEDAII 3COM 4CEC95 SMB R read & X, Read 0xa4
35 4.497 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
36 4.500 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x8005
37 4.503 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x780d
38 4.505 ANDROMEDAII 3COM 4CEC95 SMB R close file
39 4.507 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \Echo."*
40 4.513 ANDROMEDAII 3COM 4CEC95 SMB R transact2 (Error)
41 4.516 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x8005
42 4.519 ANDROMEDAII 3COM 4CEC95 SMB R close file
43 4.548 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \NETLOGON.BAT
44 4.550 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x780d
45 4.554 3COM 4CEC95 ANDROMEDAII SMB C read & X, FID = 0x780d, Read 0xa4 at 0x0
46 4.555 ANDROMEDAII 3COM 4CEC95 SMB R read & X, Read 0xa4
47 4.572 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
48 4.575 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x780a
49 4.578 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x780d
50 4.580 ANDROMEDAII 3COM 4CEC95 SMB R close file
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
51 4.583 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NET"*
52 4.589 ANDROMEDAII 3COM 4CEC95 SMB R transact2 FindFirst (response to frame 51)
53 4.592 3COM 4CEC95 ANDROMEDAII SMB C find close, FID = 0x802
54 4.594 ANDROMEDAII 3COM 4CEC95 SMB R find close
55 4.596 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x780a
56 4.598 ANDROMEDAII 3COM 4CEC95 SMB R close file
57 4.602 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
58 4.605 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x3801
59 4.608 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NET.COM
60 4.614 ANDROMEDAII 3COM 4CEC95 SMB R transact2 (Error)
61 4.616 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x3801
62 4.619 ANDROMEDAII 3COM 4CEC95 SMB R close file
63 4.622 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
64 4.626 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x4000
65 4.629 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NET.EXE
66 4.635 ANDROMEDAII 3COM 4CEC95 SMB R transact2 FindFirst (response to frame 65)
67 4.638 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x4000
68 4.641 ANDROMEDAII 3COM 4CEC95 SMB R close file
69 4.644 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
70 4.648 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x6807
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
71 4.650 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetFileInfo, FID = 0x6807
72 4.652 ANDROMEDAII 3COM 4CEC95 SMB R transact2 GetFileInfo (response to frame 71)
73 4.655 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetFsInfo
74 4.657 ANDROMEDAII 3COM 4CEC95 SMB R transact2 GetFsInfo (response to frame 73)
75 4.660 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x6807
76 4.663 ANDROMEDAII 3COM 4CEC95 SMB R close file
77 4.669 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
78 4.673 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x800e
79 4.677 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NET"*
80 4.683 ANDROMEDAII 3COM 4CEC95 SMB R transact2 FindFirst (response to frame 79)
81 4.687 3COM 4CEC95 ANDROMEDAII SMB C find close, FID = 0x805
82 4.689 ANDROMEDAII 3COM 4CEC95 SMB R find close
83 4.690 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x800e
84 4.693 ANDROMEDAII 3COM 4CEC95 SMB R close file
85 4.696 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
86 4.700 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x800b
87 4.703 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NET.COM
88 4.709 ANDROMEDAII 3COM 4CEC95 SMB R transact2 (Error)
89 4.711 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x800b
90 4.714 ANDROMEDAII 3COM 4CEC95 SMB R close file
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
91 4.717 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
92 4.721 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x780f
93 4.724 3COM 4CEC95 ANDROMEDAII SMB C transact2 FindFirst, File = \NET.EXE
94 4.731 ANDROMEDAII 3COM 4CEC95 SMB R transact2 FindFirst (response to frame 93)
95 4.734 3COM 4CEC95 ANDROMEDAII SMB C close file, FID = 0x780f
96 4.736 ANDROMEDAII 3COM 4CEC95 SMB R close file
97 4.742 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \NET.EXE
98 4.744 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x6808
99 4.747 3COM 4CEC95 ANDROMEDAII SMB C read & X, FID = 0x6808, Read 0x1000 at 0x0
100 4.750 ANDROMEDAII 3COM 4CEC95 SMB R read & X, Read 0x1000
101 4.751 ANDROMEDAII 3COM 4CEC95 NBT SS: Session Message Cont., 1460 Bytes
102 4.752 ANDROMEDAII 3COM 4CEC95 NBT SS: Session Message Cont., 1240 Bytes
103 4.753 3COM 4CEC95 ANDROMEDAII TCP .A...., len: 0, seq: 506612, ack: 1100064, win: 8760
104 4.763 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \
105 4.767 ANDROMEDAII 3COM 4CEC95 SMB R transact2 GetPathInfo (response to frame 104)
106 4.791 3COM 4CEC95 ANDROMEDAII SMB C NT create & X, File = \
107 4.794 ANDROMEDAII 3COM 4CEC95 SMB R NT create & X, FID = 0x8803
108 4.797 3COM 4CEC95 ANDROMEDAII SMB C read & X, FID = 0x6808, Read 0xa00 at 0xae00
109 4.800 ANDROMEDAII 3COM 4CEC95 SMB R read & X, Read 0xa00
110 4.801 ANDROMEDAII 3COM 4CEC95 NBT SS: Session Message Cont., 1164 Bytes
Network Monitor trace Sat 04/15/98 15:48:18 NT Netlogon (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
111 4.802 3COM 4CEC95 ANDROMEDAII TCP .A...., len: 0, seq: 506850, ack: 1104139, win: 8760
112 4.807 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \NETAPI32.dll
113 4.810 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
114 4.814 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \NETAPI32.dll
115 4.817 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
116 4.841 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \NETRAP.dll
117 4.845 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
118 4.849 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \NETRAP.dll
119 4.852 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
120 4.866 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \SAMLIB.dll
121 4.869 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
122 4.873 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \SAMLIB.dll
123 4.877 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
124 4.889 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \MPR.dll
125 4.893 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
126 4.897 3COM 4CEC95 ANDROMEDAII SMB C transact2 GetPathInfo, File = \MPR.dll
127 4.901 ANDROMEDAII 3COM 4CEC95 SMB C transact2 (Error)
128 4.914 3COM 4CEC95 ANDROMEDAII SMB C read & X, FID = 0x6808, Read 0x400 at 0xb800
129 4.916 ANDROMEDAII 3COM 4CEC95 SMB R read & X, Read 0x400
130 4.969 3COM 4CEC95 ANDROMEDAII SMB C read block raw, FID = 0x6808, Read 0x6600 at 0x400
131 4.972 ANDROMEDAII 3COM 4CEC95 NBT SS: Session Message, Len: 26112
132 4.973 ANDROMEDAII 3COM 4CEC95 NBT SS: Session Message Cont., 1460 Bytes
133 4.974 ANDROMEDAII 3COM 4CEC95 NBT SS: Session Message Cont., 1460 Bytes
134 4.975 3COM 4CEC95 ANDROMEDAII TCP .A...., len: 0, seq: 507785, ack: 1108459, win: 876
Network Trace—Windows 95 NETLOGON.BAT (Remote)
The next trace shows the network traffic generated by executing NETLOGON.BAT from a remote Windows 95 workstation. At the command line the batch file NETLOGON <enter> was used.
When executed from a Windows 95 workstation, it takes fewer packets; the search order is netlogon, NETLOGON.BAT.
Echo does not generate any network traffic.
Note that loading the NET.EXE off the network generated 207 packets.
Network Monitor trace Thu 04/13/98 19:52:48 Windows 95 Netlogon.bat (Remote).
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 1.956 WORK1 TXI320 SMB C search directory, File = \NETLOGON">>>
2 1.959 TXI320 WORK1 SMB R search directory, Files = 1
3 1.961 WORK1 TXI320 SMB C search directory, File =
4 1.962 TXI320 WORK1 SMB R search directory (Error)
5 1.963 WORK1 TXI320 SMB C search directory, File = \NETLOGON"BAT
6 1.966 TXI320 WORK1 SMB R search directory, Files = 1
7 2.017 WORK1 TXI320 SMB C search directory, File = \NET">>>
8 2.021 TXI320 WORK1 SMB R search directory, Files = 1
9 2.022 WORK1 TXI320 SMB C search directory, File =
10 2.023 TXI320 WORK1 SMB R search directory (Error)
11 2.024 WORK1 TXI320 SMB C open & X, File = \NET.EXE (R -Share Deny None)
12 2.027 TXI320 WORK1 SMB R open & X, FID = 0x1004, File Size = 0x5b40a
Network Monitor trace Thu 04/13/98 19:52:48 Windows 95 Netlogon.bat (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
13 2.028 WORK1 TXI320 SMB C read block raw, FID = 0x1004, Read 0x1000 at 0x0
14 2.032 TXI320 WORK1 NBT SS: Session Message, Len: 4096
15 2.033 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
16 2.034 TXI320 WORK1 NBT SS: Session Message Cont., 1180 Bytes
17 2.036 WORK1 TXI320 TCP .A...., len: 0, seq: 6174814, ack: 1323028, win: 8760
18 2.039 WORK1 TXI320 SMB C open & X, File = \NET.EXE (X -Share Deny W)
19 2.041 TXI320 WORK1 SMB C lock & X, FID = 0x1004
20 2.042 WORK1 TXI320 SMB C close file, FID = 0x1004
21 2.044 TXI320 WORK1 SMB R close file
22 2.045 TXI320 WORK1 SMB R open & X, FID = 0x1006, File Size = 0x5b40a
23 2.045 WORK1 TXI320 TCP .A...., len: 0, seq: 6174947, ack: 1324371, win: 7417
24 2.047 WORK1 TXI320 SMB C read block raw, FID = 0x1006, Read 0xfe00 at 0x2a00
25 2.054 TXI320 WORK1 NBT SS: Session Message, Len: 65024
26 2.055 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
27 2.057 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
28 2.058 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
29 2.059 WORK1 TXI320 TCP .A...., len: 0, seq: 6175002, ack: 1327291, win: 8760
30 2.060 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
31 2.062 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
32 2.063 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Thu 04/13/98 19:52:48 Windows 95 Netlogon.bat (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
33 2.064 WORK1 TXI320 TCP .A...., len: 0, seq: 6175002, ack: 1330211, win: 8760
34 2.064 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
35 2.066 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
36 2.067 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
37 2.068 WORK1 TXI320 TCP .A...., len: 0, seq: 6175002, ack: 1333131, win: 8760
38 2.070 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
39 2.073 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
40 2.074 WORK1 TXI320 TCP .A...., len: 0, seq: 6175002, ack: 1337511, win: 8760
41 2.076 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
42 2.077 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
43 2.078 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
44 2.079 WORK1 TXI320 TCP .A...., len: 0, seq: 6175002, ack: 1341891, win: 8760
45 2.082 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
46 2.083 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
47 2.084 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
48 2.087 WORK1 TXI320 TCP .A...., len: 0, seq: 6175002, ack: 1346271, win: 8760
49 2.089 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
50 2.091 TXI320 WORK1 NBT SS: Session Message Cont., 1460 Bytes
...
216 2.367 WORK1 TXI320 SMB C read block raw, FID = 0x1006, Read 0xa00 at 0x2000
Network Monitor trace Thu 04/13/98 19:52:48 Windows 95 Netlogon.bat (Remote). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
217 2.371 TXI320 WORK1 NBT SS: Session Message, Len: 2560
218 2.372 TXI320 WORK1 NBT SS: Session Message Cont., 1104 Bytes
219 2.375 WORK1 TXI320 TCP .A...., len: 0, seq: 6175222, ack: 1525095, win: 8760
220 2.383 WORK1 TXI320 SMB C tree connect & X, Share = \\TXI320\IPC$
221 2.384 TXI320 WORK1 SMB R tree connect & X, Type = IPC
222 2.386 WORK1 TXI320 SMB C transact, Remote API
223 2.399 TXI320 WORK1 SMB R transact, Remote API (response to frame 222)
224 2.551 WORK1 TXI320 TCP .A...., len: 0, seq: 6175401, ack: 1525579, win: 8276
225 3.851 WORK1 TXI320 SMB C tree disconnect
226 3.852 TXI320 WORK1 SMB R tree disconnect
227 4.056 WORK1 TXI320 TCP .A...., len: 0, seq: 6175440, ack: 1525618, win: 8237
Network Trace—Windows 95 NETLOGON.BAT (Local)
The next trace shows the network traffic generated by executing NETLOGON.BAT from a local Windows 95 workstation. At the command line the batch file NETLOGON <enter> was used. At the command line the batch file NETLOGON <enter> was used.
- This was executed with the NET.EXE local to the machine. The total number of packets generated during the execution was only 21.
Network Monitor trace Thu 04/13/95 20:19:03 Windows 95 NETLOGON.BAT (Local).
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
2 4.955 WORK1 TXI320 SMB C search directory, File = \NETLOGON">>>
3 4.959 TXI320 WORK1 SMB R search directory, Files = 1
4 4.960 WORK1 TXI320 SMB C search directory, File =
5 4.961 TXI320 WORK1 SMB R search directory (Error)
Network Monitor trace Thu 04/13/95 20:19:03 Windows 95 NETLOGON.BAT (Local). (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
6 4.963 WORK1 TXI320 SMB C search directory, File = \NETLOGON"BAT
7 4.966 TXI320 WORK1 SMB R search directory, Files = 1
8 4.968 WORK1 TXI320 SMB C open & X, File = \NETLOGON.BAT (R -Share Deny W)
9 4.972 TXI320 WORK1 SMB R open & X, FID = 0x1001, File Size = 0x4c
10 4.973 WORK1 TXI320 SMB C read block raw, FID = 0x1001, Read 0x1000 at 0x0
11 4.974 TXI320 WORK1 NBT SS: Session Message, Len: 76
12 5.005 WORK1 TXI320 SMB C search directory, File = \NET">>>
13 5.007 TXI320 WORK1 SMB R search directory (Error)
14 5.040 WORK1 TXI320 SMB C tree connect & X, Share = \\TXI320\IPC$
15 5.042 TXI320 WORK1 SMB R tree connect & X, Type = IPC
16 5.043 WORK1 TXI320 SMB C transact, Remote API
17 5.056 TXI320 WORK1 SMB R transact, Remote API (response to frame 16)
18 5.216 WORK1 TXI320 TCP .A...., len: 0, seq: 5799747, ack: 1319143, win: 8237
19 7.468 WORK1 TXI320 SMB C tree disconnect
20 7.469 TXI320 WORK1 SMB R tree disconnect
21 7.591 WORK1 TXI320 TCP .A...., len: 0, seq: 5799786, ack: 1319182, win: 8198
Performance Hints and Tips
Try to avoid executing EXE, COM, DLL files over a slow link.
If you need to execute files, first copy them down to a local drive of the client and then execute them
When you do execute files over a slow link make sure you include the extensions, TEST.BAT, TEST.EXE, TEST.COM so that the redirector does not have to discover which extension to use.
Do not use the ECHO. The information it provides can enhance your understanding of batch file execution, but it generates unwanted network traffic.
Copy Command (CMD, WINFILE, Explorer)
Network Trace—Copy Command: Windows 95 Workstation Redirector Requests
Using COMMAND.COM, CMD.EXE, or WINFILE.EXE interfaces to copy files across the network requests the redirector to use large read or writes blocks. By default the Windows 95 workstation redirector requests large read or write blocks (64-K—raw state). The trace below shows that when the system invokes the raw state there is only a single 2-SMB packet for every 64 K of data.
Network Monitor trace Mon 03/13/98 13:36:17 Small / Medium / Large Reads & Writes.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
4 2.597 VOYAGERIX WANTEST2 SMB C get attributes, File = \temp\002
5 2.685 WANTEST2 VOYAGERIX SMB R get attributes
6 2.689 VOYAGERIX WANTEST2 SMB C NT create & X, File = \temp
8 4.065 WANTEST2 VOYAGERIX SMB R NT create & X, FID = 0x806
9 4.068 VOYAGERIX WANTEST2 SMB C transact2 FindFirst, File = \temp\002
Network Monitor trace Mon 03/13/98 13:36:17 Small / Medium / Large Reads & Writes. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
11 6.075 WANTEST2 VOYAGERIX SMB R transact2
12 6.079 VOYAGERIX WANTEST2 SMB C NT create & X, File = \temp\002
13 7.418 WANTEST2 VOYAGERIX SMB R NT create & X, FID = 0x807
14 7.422 VOYAGERIX WANTEST2 SMB C read & X, FID = 0x807, Read 0x1000 at 0x0
15 8.885 WANTEST2 VOYAGERIX SMB R read & X, Read 0x1000
16 9.006 VOYAGERIX WANTEST2 TCP .A...., len: 0, seq: 2259110, ack: 239873, win:12288
17 9.014 WANTEST2 VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
18 9.115 WANTEST2 VOYAGERIX SS: Session Message Cont., 1240 Bytes
19 9.117 VOYAGERIX WANTEST2 TCP .A...., len: 0, seq: 2259110, ack: 242573, win:12288
Network Trace—Copy Command: Windows NT Clients
By default Windows NT 3.5x disables raw mode over slow links from Windows NT client to Windows NT server. But Windows NT Server will service (raw state) over slow links, so you see great performance of Windows 95 connected to a Windows NT server even over a slow link. The Windows NT clients use the default size of SizReqBuf of 4292, as shown in this trace. Note that there are 2-SMB packets for every 4292 bytes of data.
Network Monitor trace Sun 03/05/98 12:57:59 Copy Command -COMMAND.COM, CMD.EXE, WINFILE.EXE.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
19 15.191 VOYAGERIX 3COM 8DFB25 SMB C write & X, FID = 0x801, Write 0x10c4 at 0x0
20 15.194 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1460 Bytes
21 15.196 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1439 Bytes
22 16.659 3COM 8DFB25 VOYAGERIX TCP .A...., len: 0, seq: 205717, ack: 2468724, win: 8760, src
Network Monitor trace Sun 03/05/98 12:57:59 Copy Command -COMMAND.COM, CMD.EXE, WINFILE.EXE. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
23 17.337 3COM 8DFB25 VOYAGERIX SMB R write & X, Wrote 0x10c4
24 17.341 VOYAGERIX 3COM 8DFB25 SMB C write & X, FID = 0x801, Write 0x10c4 at 0x10c4
25 17.343 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1460 Bytes
26 17.345 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1439 Bytes
27 18.864 3COM 8DFB25 VOYAGERIX TCP .A...., len: 0, seq: 205768, ack: 2473083, win: 8760, src
28 19.545 3COM 8DFB25 VOYAGERIX SMB R write & X, Wrote 0x10c4
29 19.548 VOYAGERIX 3COM 8DFB25 SMB C write & X, FID = 0x801, Write 0x10c4 at 0x2188
30 19.551 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1460 Bytes
31 19.553 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1439 Bytes
32 21.024 3COM 8DFB25 VOYAGERIX TCP .A...., len: 0, seq: 205819, ack: 2477442, win: 8760, src
33 21.704 3COM 8DFB25 VOYAGERIX SMB R write & X, Wrote 0x10c4
34 21.708 VOYAGERIX 3COM 8DFB25 SMB C write & X, FID = 0x801, Write 0x10c4 at 0x324c
35 21.710 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1460 Bytes
36 21.712 VOYAGERIX 3COM 8DFB25 NBT SS: Session Message Cont., 1439 Bytes
37 23.237 3COM 8DFB25 VOYAGERIX TCP .A...., len: 0, seq: 205870, ack: 2481801, win: 8760, src
38 23.254 3COM 8DFB25 VOYAGERIX SMB R write & X, Wrote 0x10c4
Network Trace—Increasing SizReqBuf for Windows NT
This trace shows that increasing the SizReqBuf from 11504 to 12548 for the Windows NT client and server increases performance. This increase is shown in Figure 6-15 in the Performance Results section at the end of this chapter.
Network Monitor trace Sun 03/05/98 13:49:39 SizReqBuf of 12548.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
66 24.840 VOYAGERIX WANTEST2 SMB C write & X, FID = 0x804, Write 0x30c4 at 0x924c
67 24.842 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
68 24.844 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
69 24.846 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
70 24.848 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
71 24.850 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
72 24.852 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
73 26.386 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233563, ack: 1293253, win:12288
74 26.389 VOYAGERIX WANTST2 NB SS: Session Message Cont., 1460 Bytes
75 26.390 VOYAGERIX WANTST2 NB SS: Session Message Cont., 871 Bytes
76 27.072 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233563, ack: 1296173, win:12288
77 27.098 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233563, ack: 1299093, win:12288
78 27.098 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233563, ack: 1300553, win:12288
79 28.421 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233563, ack: 1302884, win:12288
80 28.437 WANTEST2 VOYAGERIX SMB R write & X, Wrote 0x30c4
81 28.440 VOYAGERIX WANTEST2 SMB C write & X, FID = 0x804, Write 0x2cf0 at 0xc310
82 28.442 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
83 28.445 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
84 28.447 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Sun 03/05/98 13:49:39 SizReqBuf of 12548. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
85 28.449 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
86 28.451 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
87 28.453 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
88 28.455 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1351 Bytes
89 29.986 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233614, ack: 1305804, win:12288
90 30.675 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233614, ack: 1308724, win:12288
91 30.711 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233614, ack: 1311644, win:12288
92 30.711 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233614, ack: 1314455, win:12288
93 30.711 WANTEST2 VOYAGERIX SMB R write & X, Wrote 0x2cf0
94 30.721 VOYAGERIX WANTEST2 SMB C write & X, FID = 0x804, Write 0x30c4 at 0xf000
95 30.723 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
96 30.725 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
97 30.727 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
98 30.729 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
99 30.731 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
100 30.733 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
101 30.735 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 1460 Bytes
102 32.193 WANTEST2 VOYAGERIX TC .A...., len: 0, seq: 233665, ack: 1315915, win:12288
103 32.194 VOYAGERIX WANTEST2 NBT SS: Session Message Cont., 871 Bytes
104 32.880 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233665, ack: 1318835, win:12288
105 32.917 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233665, ack: 1321755, win:12288
106 32.917 WANTEST2 VOYAGERIX TC .A...., len: 0, seq: 233665, ack: 1324675, win:12288
107 32.917 WANTEST2 VOYAGERIX TCP .A...., len: 0, seq: 233665, ack: 1326135, win:12288
108 33.543 WANTEST2 VOYAGERIX SMB R write & X, Wrote 0x30c4
Windows NT 4.0/Windows 2000
When using NT 4.0 and Windows 2000 there is no requirement for modifying the SizReqBuf parameter. These operating systems have been designed to address the raw mode over high-latency, dial-up, and slow-link connections.
With the introduction of EXPLORER.EXE with Windows NT 4.0 more data is brought across the network while viewing a network drive's resources. Each version of the EXPLORER.EXE has introduced networking savings transactions for attributes, icons, and directories. In order of most-to-least traffic for network drive access, these services are:
EXPLORER.EXE
WINFILE.EXE
FTP command
CMD.EXE
Performance Hints and Tips
See the Performance Results section (at the end of this chapter) for your operating system version.
Compress the files that you want to move as in WinZip (by Niko Mak Computing, Inc.)
Using the operating compression bit does not retain compression over the network.
Microsoft Word 97
This network trace is typical network activity running Microsoft Word 97 over the network. Starting at packet 16 you will note that the file TECH01.DOC was accessed multiple times. This is a combination of Windows Explorer and Word. Attributes are being read. If Word is configured to pre-view in the Open pane, even more traffic is generated.
You can see at packet 213 that a file is being generated (~TEXCH01.DOC). Looking closely you will see that there is a lot of write activity to the destination drive. Not shown is read-only of the drive or document. If the share is read-only, attribute read-only, or the document is password protected (so you are prompted for read-only), Word generates a lot of overhead is as it determines how to proceed, where to generate temporary files, and so on. This can be an additional 100 packets or so.
Performance Hints and Tips
Make sure you do not attempt to load WORD.EXE program over a slow link WORD.EXE program should be loaded locally or off a local network server.
Make sure to configure Word to generate TEMP files locally and not to generate them on the default drive off of which the document is retrieved.
Always try to copy the document to a local drive—remember: a copy command is the most efficient method for moving data over slow links.
Network Trace—Typical Network Activity Running Microsoft Word 97 Over the Network
Network Monitor trace Tue 04/11/98 00:20:15 Word.DOC.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
16 24.364 TIGERII VOYAGERIX SMB R session setup & X, and R tree connect & X, Type = A:
17 24.367 VOYAGERIX TIGERII SMB C NT create & X, File = \source\teched
18 24.668 TIGERII VOYAGERIX NBT SS: Session Keep Alive, Len: 0
19 24.801 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5707630, ack:1893659553, win: 8496
20 25.077 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x3008
21 25.201 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5707630, ack:1893659660, win: 8389
Network Monitor trace Tue 04/11/98 00:20:15 Word.DOC. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
22 25.459 VOYAGERIX TIGERII SMB C close file, FID = 0x3008
23 25.741 TIGERII VOYAGERIX SMB R close file
24 25.902 VOYAGERIX TIGERII TCP A...., len: 0, seq: 5707676, ack:1893659699, win: 8350
25 45.989 VOYAGERIX TIGERII C NT create & X, File = \SOURCE\TECHED\TECH01.DOC
26 46.353 TIGERII VOYAGERIX SMB R NTcreate & X (Error)
27 46.358 VOYAGERIX TIGERII SMB C NTcreate & X, File = \source\teched
28 46.645 TIGERII VOYAGERIX SMB R NTcreate & X, FID = 0x3006
29 46.685 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.DOC
30 47.054 TIGERII VOYAGERIX SMB R transact2 GetPathInfo (response to frame 29)
31 47.236 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5708060, ack:1893659949, win: 8100
32 47.412 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.DOC
33 47.756 TIGERII VOYAGERIX SMB R transact2 GetPathInfo (response to frame 32)
34 47.764 VOYAGERIX TIGERII SMB C close file, FID = 0x3006
35 48.010 TIGERII VOYAGERIX SMB R close file
36 48.138 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5708234, ack:1893660092, win: 7957
37 48.160 VOYAGERIX TIGERII SMB C NT create & X, File = \SOURCE\TECHED\TECH01.DOC
38 48.494 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x3004
39 48.495 VOYAGERIX TIGERII SMB C transact2 GetFsInfo
40 48.798 TIGERII VOYAGERIX SMB R transact2 GetFsInfo (response to frame 39)
41 48.803 VOYAGERIX TIGERII SMB C read & X, FID = 0x3004, Read 0x1000 at 0x0
Network Monitor trace Tue 04/11/98 00:20:15 Word.DOC. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
42 49.513 TIGERII VOYAGERIX SMB R read & X, Read 0x1000
43 49.640 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5708510, ack:1893661743, win: 8760
44 50.051 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
45 50.241 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5708510, ack:1893663203, win: 8760
46 50.353 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1240 Bytes
47 50.357 VOYAGERIX TIGERII SMB C read & X, FID = 0x3004, Read 0x10c5 at 0x1000
48 50.963 TIGERII VOYAGERIX SMB R read & X, Read 0x10c5
108 77.440 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5709022, ack:1893697723, win: 8760
109 77.453 VOYAGERIX TIGERII SMB C close file, FID = 0x3004
110 77.932 TIGERII VOYAGERIX SMB R close file
111 77.936 VOYAGERIX TIGERII SMB R NT create & X, FID = 0x300a
113 78.393 VOYAGERIX TIGERII SMB C read & X, FID = 0x300a, Read 0x1000 at 0x0
114 79.883 TIGERII VOYAGERIX SMB R read & X, Read 0x1000
115 79.989 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5709270, ack:1893699329, win: 8760
116 80.405 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
117 80.590 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5709270, ack:1893700789, win: 8760
118 80.664 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1240 Bytes
213 118.049 VOYAGERIX TIGERII SMB C NT create & X, File = \SOURCE\TECHED\~$TECH01.DOC
214 118.408 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x3009
Network Monitor trace Tue 04/11/98 00:20:15 Word.DOC. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
215 118.413 VOYAGERIX TIGERII SMB C write, FID = 0x3009, Write 0x0 at 0x36
216 118.493 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1893764536, ack: 5710372, win: 7794
217 118.665 TIGERII VOYAGERIX SMB R write, Wrote 0x0
218 118.721 VOYAGERIX TIGERII SMB C read & X, FID = 0x300a, Read 0xa00 at 0xb6000
219 119.939 TIGERII VOYAGERIX SMB R read & X, Read 0xa00
220 119.940 VOYAGERIX TIGERI SMB C write & X, FID = 0x3009, Write 0x36 at 0x0
222 120.639 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1893767201, ack: 5710609, win: 7557
223 120.753 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5710609, ack:1893767201, win: 7596
224 120.978 TIGERII VOYAGERIX SMB R write & X, Wrote 0x36
225 121.010 VOYAGERIX TIGERII SMB C read & X, FID = 0x300a, Read 0x1000 at 0xb5000
226 121.318 TIGERII VOYAGERIX SMB R read & X, Read 0x1000
227 121.454 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5710673, ack:1893768712, win: 8760
228 121.627 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
Microsoft Excel 97
This network trace shows typical network activity running Microsoft Excel 5.0 over the network. Note that the Excel application is read in a header of the file first—a 4096-byte read. Next it reads a block of data that is defined in the first header, then the next header of 4096 bytes, then the next block of data referenced by the second header. This goes on throughout the trace. This technique is used so the system can recover at any time. This does cause overhead on the network, but helps in any error recovery that may be needed. Towards the end of the action of opening the document, the File TECH01.XLS is opened again to update the workbook and statistics of the file.
Performance Hints and Tips
Make sure you do not attempt to load EXCEL.EXE program over a slow link. Load EXCEL.EXE locally or off a local network server
Make sure to configure Excel to generate TEMP files locally and not on the default drive from which the document is retrieved.
Try to always copy the spreadsheet to a local drive—remember: a copy command is the most efficient method of moving data over slow links.
Network Trace—Typical Network Activity Running Microsoft Excel 5.0 Over the Network
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 2.442 TIGERII VOYAGERIX NBT SS: Session Keep Alive, Len: 0
2 2.607 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5996073, ack: 722263424, win: 8097
3 7.042 VOYAGERIX TIGERII SMB C NT create & X, File = \SOURCE\TECHED\TECH01.XLS
4 7.323 TIGERII VOYAGERIX SMB R NT create & X (Error)
5 7.331 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.XLS
6 8.015 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.XLS
7 8.448 TIGERII VOYAGERIX SMB R transact2
8 8.521 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894305079, ack: 5836658, win: 7410
9 8.564 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.XLS
10 9.919 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.XLS
11 10.130 TIGERII VOYAGERIX SMB R transact2
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
12 10.130 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5836786, ack:1894305079, win: 8539
13 10.158 TIGERII VOYAGERIX SMB R transact2
14 10.180 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.XLS
15 10.345 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894305183, ack: 5836786, win: 7282
16 10.480 TIGERII VOYAGERIX SMB R transact2
17 10.619 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5836914, ack:1894305287, win: 8331
18 10.757 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4000, Unlocks = 1 (0x2d for
0xff930000)
19 11.016 TIGERII VOYAGERIX SMB R lock & X
20 11.017 VOYAGERIX TIGERII NBT SS: Session Message Cont., 150 Bytes
21 11.521 VOYAGERIX TIGERII NBT SS: Session Message Cont., 150 Bytes
22 11.852 TIGERII VOYAGERIX SMB R lock & X
23 11.946 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894305373, ack: 5837139, win: 6929
24 12.022 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5837139, ack:1894305373, win: 8245
25 12.250 TIGERII VOYAGERIX SMB R lock & X
26 12.257 VOYAGERIX TIGERII SMB C close file, FID = 0x4000
27 12.488 TIGERII VOYAGERIX SMB R close file
28 12.595 VOYAGERIX TIGERII SMB C NT create & X, File = \SOURCE\TECHED\TECH01.XLS
29 12.918 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x400f
30 12.928 VOYAGERIX TIGERII SMB C read & X, FID = 0x400f, Read 0x1000 at 0x0
34 20.615 TIGERII VOYAGERIX SMB R read & X, Read 0x1000
35 20.735 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5837387, ack:1894307022, win: 8760
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
36 21.131 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
37 21.236 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5837387, ack:1894308482, win: 8760
38 21.416 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1240 Bytes
39 21.420 VOYAGERIX TIGERII SMB C read & X, FID = 0x400f, Read 0x10c5 at 0x1000
69 28.401 VOYAGERIX TIGERII SMB C transact2 FindFirst, File = \SOURCE
71 29.684 TIGERII VOYAGERIX SMB R transact2 FindFirst (response to frame 70)
72 29.690 VOYAGERIX TIGERII SMB C NT create & X, File = \SOURCE
73 29.776 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894319310, ack: 5837679, win: 7900
74 29.957 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x4801
75 29.961 VOYAGERIX TIGERII SMB C transact2 FindFirst, File = \SOURCE\TECHED
76 30.952 VOYAGERIX TIGERII SMB C transact2 FindFirst, File = \SOURCE\TECHED
77 32.386 TIGERII VOYAGERIX SMB R transact2 FindFirst (response to frame 76)
78 32.390 VOYAGERIX TIGERII SMB C close file, FID = 0x4801
79 32.470 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894319597, ack: 5837897, win: 7682
80 32.612 TIGERII VOYAGERIX SMB R transact2 FindFirst (response to frame 76)
81 32.612 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5837943, ack:1894319597, win: 8293
82 32.648 TIGERII VOYAGERIX SMB R close file
83 32.652 VOYAGERIX TIGERII SMB C NT create & X, File = \source\teched
84 32.907 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x4803
85 32.910 VOYAGERIX TIGERII SMB C transact2 FindFirst, File = \source\teched\TECH01.XLS
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
86 33.243 TIGERII VOYAGERIX SMB R transact2 FindFirst (response to frame 85)
87 33.248 VOYAGERIX TIGERII SMB C close file, FID = 0x4803
88 33.459 TIGERII VOYAGERIX SMB R close file
89 33.475 VOYAGERIX TIGERII SMB C NT create & X, File = \SOURCE\TECHED\TECH01.XLS
90 33.718 TIGERII VOYAGERIX SMB C lock & X, FID = 0x400f
91 33.720 VOYAGERIX TIGERII SMB C lock & X, FID = 0x400f, Locks = 3 (0x0 for 0xff930000)
92 33.963 TIGERII VOYAGERIX SMB R lock & X
93 33.965 VOYAGERIX TIGERII SMB C lock & X, FID = 0x400f
94 34.209 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x4802
95 34.212 VOYAGERIX TIGERII SMB C read & X, FID = 0x4802, Read 0x200 at 0x0
96 34.517 TIGERII VOYAGERIX SMB R read & X, Read 0x200
97 34.521 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xff920000)
98 34.750 TIGERII VOYAGERIX SMB C lock & X, FID = 0x400f
99 34.858 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5838688, ack:1894320809, win: 8705
100 35.060 TIGERII VOYAGERIX SMB R lock & X
101 35.062 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xffbb0000)
102 35.297 TIGERII VOYAGERIX SMB R lock & X
103 35.300 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Unlocks = 1 (0x0 for 0xffbb0000)
104 35.524 TIGERII VOYAGERIX SMB R lock & X
105 35.525 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xff940000)
106 35.741 TIGERII VOYAGERIX SMB R lock & X
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
107 35.743 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xffa80000)
108 35.959 TIGERII VOYAGERIX SMB R lock & X
109 35.964 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xffbc0000)
110 36.173 TIGERII VOYAGERIX SMB R lock & X
111 36.175 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xffd00000)
112 36.379 TIGERII VOYAGERIX SMB R lock & X
113 36.381 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Unlocks = 1 (0x0 for 0xffa80000)
114 36.566 TIGERII VOYAGERIX SMB R lock & X
115 36.567 VOYAGERIX TIGERII NBT SS: Session Message Cont., 300 Bytes
116 36.837 TIGERII VOYAGERIX SMB R lock & X
117 36.962 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5839513, ack:1894321199, win: 8315
118 37.176 TIGERII VOYAGERIX NBT SS: Session Message Cont., 129 Bytes
119 37.180 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Locks = 1 (0x0 for 0xff810000)
120 37.380 TIGERII VOYAGERIX SMB R lock & X
121 37.383 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Unlocks = 1 (0x0 for 0xff800000)
122 37.596 TIGERII VOYAGERIX SMB R lock & X
123 37.599 VOYAGERIX TIGERII SMB C read & X, FID = 0x4802, Read 0x80 at 0x400
124 37.920 TIGERII VOYAGERIX SMB R read & X, Read 0x80
125 37.923 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Unlocks = 1 (0x0 for 0xff810000)
126 38.120 TIGERII VOYAGERIX SMB R lock & X
127 38.121 VOYAGERIX TIGERII SMB C lock & X, FID = 0x4802, Unlocks = 1 (0x0 for 0xff940000)
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
128 38.318 TIGERII OYAGERIX SMB R lock & X
129 38.320 VOYAGERIX TIGERII SMB C close file, FID = 0x4802
130 38.528 TIGERII VOYAGERIX SMB R close file
131 38.536 VOYAGERIX TIGERII SMB C NT create & X, File = \source\teched
132 38.789 TIGERII VOYAGERIX SMB R NT create & X, FID = 0x400b
133 38.793 VOYAGERIX TIGERII SMB C transact2 FindFirst, File = \source\teched\TECH01.XLS
134 39.027 TIGERII VOYAGERIX SMB R transact2 FindFirst (response to frame 133)
135 39.031 VOYAGERIX TIGERII SMB C close file, FID = 0x400b
136 39.243 TIGERII VOYAGERIX SMB R close file
137 39.346 VOYAGERIX TIGERII SMB C transact2 GetFileInfo, FID = 0x400f
138 39.626 TIGERII VOYAGERIX SMB R transact2 GetFileInfo (response to frame 137)
139 39.629 VOYAGERIX TIGERII SMB C transact2 GetFileInfo, FID = 0x400f
140 39.913 TIGERII VOYAGERIX SMB R transact2 GetFileInfo (response to frame 139)
141 39.921 VOYAGERIX TIGERII SMB C transact2 GetPathInfo, File =
\SOURCE\TECHED\TECH01.XLS
142 40.121 TIGERII VOYAGERIX SMB R transact2 GetPathInfo (response to frame 141)
143 40.158 VOYAGERIX TIGERII SMB C read & X, FID = 0x400f, Read 0x1000 at 0x1400
144 40.667 VOYAGERIX TIGERII SMB C read & X, FID = 0x400f, Read 0x1000 at 0x1400
145 41.224 TIGERII VOYAGERIX SMB R read & X, Read 0x1000
146 41.368 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5840565, ack:1894323821, win: 8760
147 45.040 TIGERII VOYAGERIX NBT SS: Session Message, Len: 57344
148 45.136 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1240 Bytes
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
149 45.137 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5840565, ack:1894326521, win: 8760
150 45.154 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894326521, ack: 5840565, win: 8000
151 45.157 VOYAGERIX TIGERII SMB C transact2 GetFileInfo, FID = 0x400f
152 45.177 TIGERII VOYAGERIX SMB R read & X, Read 0x1000
153 45.178 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5840641, ack:1894326521, win: 8760
154 45.189 TIGERII VOYAGERIX NBT SS: Session Message, Len: 57344
155 45.190 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5840641, ack:1894326521, win: 8760
156 45.194 TIGERII VOYAGERIX NBT SS: Session Message Cont., 1240 Bytes
157 45.195 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5840641, ack:1894326521, win: 8760,
158 45.683 TIGERII VOYAGERIX NBT SS: Session Message, Len: 57344
159 45.684 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5840641, ack:1894326521, win: 8760
160 45.761 TIGERII VOYAGERIX SMB R transact2 GetFileInfo (response to frame 151)
161 45.764 VOYAGERIX TIGERII SMB C transact2 GetFileInfo, FID = 0x400f
162 46.044 TIGERII VOYAGERIX SMB R transact2 GetFileInfo (response to frame 161)
163 46.047 VOYAGERIX TIGERII SMB C transact2 GetFileInfo, FID = 0x400f
164 46.275 TIGERII VOYAGERIX SMB R transact2 GetFileInfo (response to frame 163)
165 46.279 VOYAGERIX TIGERII SMB C transact2 GetFileInfo, FID = 0x400f
166 46.493 TIGERII VOYAGERIX SMB R transact2 GetFileInfo (response to frame 165)
167 46.495 VOYAGERIX TIGERII SMB C write, FID = 0x400f, Write 0x0 at 0x3400
168 46.747 TIGERII VOYAGERIX SMB R write, Wrote 0x0
169 46.750 VOYAGERIX TIGERII SMB C transact2 SetFileInfo, FID = 0x400f
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
170 47.039 TIGERII VOYAGERIX SMB R transact2 SetFileInfo (response to frame 169)
171 47.042 VOYAGERIX TIGERII SMB C lock & X, FID = 0x400f, Locks = 1 (0x5 for 0xff800000)
172 47.300 TIGERII VOYAGERIX SMB R lock & X
173 47.306 VOYAGERIX TIGERII SMB C write & X, FID = 0x400f, Write 0x1000 at 0x1400
174 47.310 VOYAGERIX TIGERII NBT SS: Session Message Cont., 1460 Bytes
175 47.671 VOYAGERIX TIGERII NBT SS: Session Message Cont., 1243 Bytes
176 47.991 TIGERII VOYAGERIX SMB R lock & X
177 48.112 VOYAGERIX TIGERII SMB C write & X, FID = 0x400f, Write 0x1000 at 0x1400
178 48.184 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894327053, ack: 5842544, win: 8192
179 48.201 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5842544, ack:1894327053, win: 8228
180 48.230 VOYAGERIX TIGERII NBT SS: Session Message Cont., 1460 Bytes
181 48.240 VOYAGERIX TIGERII NBT SS: Session Message Cont., 1243 Bytes
182 48.591 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894327053, ack: 5845247, win: 8192
183 48.639 TIGERII VOYAGERIX SMB R write & X, Wrote 0x1000
184 48.642 VOYAGERIX TIGERII SMB C write & X, FID = 0x400f, Write 0x200 at 0x400
188 48.690 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894327104, ack: 5845247, win: 8192
189 49.043 TIGERII VOYAGERIX SMB R write & X, Wrote 0x200
190 49.046 VOYAGERIX TIGERII SMB C write, FID = 0x400f, Write 0x0 at 0x3400
191 49.502 TIGERII VOYAGERIX SMB R write, Wrote 0x0
192 49.507 VOYAGERIX TIGERII SMB C transact2 SetFileInfo, FID = 0x400f
193 49.801 TIGERII VOYAGERIX SMB R transact2 SetFileInfo (response to frame 192)
Network Monitor trace Tue 04/11/98 00:18:09 Excel.XLS. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
194 49.805 VOYAGERIX TIGERII SMB C lock & X, FID = 0x400f, Unlocks = 1 (0x5 for 0xff800000)
195 50.080 TIGERII VOYAGERIX SMB R lock & X
196 50.182 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5846041, ack:1894327303, win: 7978
197 50.367 VOYAGERIX TIGERII SMB C read & X, FID = 0x400f, Read 0x800 at 0x1400
198 50.984 VOYAGERIX TIGERII SMB C read & X, FID = 0x400f, Read 0x800 at 0x1400
199 51.064 TIGERII VOYAGERIX SMB R read & X, Read 0x800
200 51.184 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5846105, ack:1894328763, win: 8760
201 51.271 TIGERII VOYAGERIX NBT SS: Session Message, Len: 57344
202 51.305 TIGERII VOYAGERIX SMB R read & X, Read 0x800
203 51.306 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5846105, ack:1894329415, win: 8108
204 51.312 TIGERII VOYAGERIX TCP .A...., len: 0, seq:1894328763, ack: 5846105, win: 7334
205 51.313 VOYAGERIX TIGERII TCP .A...., len: 0, seq: 5846105, ack:1894329415, win: 8108
Microsoft PowerPoint 97
This network trace shows typical network activity running Microsoft PowerPoint 97 over the network. Note that the PowerPoint application reads in larger blocks of data than do other Office applications. Note that PowerPoint opens and closes the TECH01.PPT presentation in large-block increments—a technique that allows the system to recover at any time. This causes overhead on the network, but helps error recovery. In this example the presentation had embedded sounds and special effects that were not installed on the default machine that was reading the file. Notice the extra overhead that was caused over the network looking for "missing DLL support."
Performance Hints and Tips
Make sure you do not attempt to load PPOINT.EXE program over a slow link. It should be loaded locally or off a local network server.
Make sure to configure Excel to generate TEMP files locally and not on the default drive from which the document is retrieved.
Always try to copy the PowerPoint presentation to a local drive—remember: a copy command is the most efficient method for moving data over slow links.
Network Trace—Typical Network Activity Running Microsoft PowerPoint 97 Over the Network
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
29 3.840 BLACKHOLES PIONEERV SMB R NT transact
30 3.841 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
31 3.843 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x7807
32 3.843 PIONEERV BLACKHOLES SMB C NT create & X, File = \Tech01.ppt
33 3.844 BLACKHOLES PIONEERV SMB R NT transact
34 3.844 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
35 3.849 PIONEERV BLACKHOLES SMB C read & X, FID = 0x7807, Read 0x8000 at 0x00000000
36 3.850 BLACKHOLES PIONEERV SMB R read & X, Read 0x8000
37 3.851 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
38 3.851 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13104926-13104926, ack: 31472886,
win:1
39 3.852 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
40 3.854 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
41 3.854 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13104926-13104926, ack: 31475806
win:1
42 3.855 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
43 3.856 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
44 3.857 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13104926-13104926, ack: 31478726,
win:1
45 3.857 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
46 3.859 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
47 3.859 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13104926-13104926, ack: 31481646,
win:1
48 3.860 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
49 3.861 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
50 3.862 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13104926-13104926, ack: 31484566,
win:1
51 3.863 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
52 3.864 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
...
103 3.907 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
104 3.908 BLACKHOLES PIONEERV SMB R close file
105 3.909 PIONEERV BLACKHOLES SMB C close file, FID = 0x7807
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
106 3.910 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x600a
107 3.910 PIONEERV BLACKHOLES SMB C NT create & X, File = \Tech01.ppt
108 3.911 PIONEERV BLACKHOLES SMB C read & X, FID = 0x600a, Read 0x1000 at 0x00000000
109 3.912 BLACKHOLES PIONEERV SMB R read & X, Read 0x1000
110 3.913 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
111 3.914 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13105300-13105300, ack: 31536214,
win:1
112 3.914 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1240 Bytes
113 3.979 BLACKHOLES PIONEERV SMB R NT transact
114 3.979 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
115 3.980 BLACKHOLES PIONEERV SMB R NT transact
116 3.981 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
117 3.983 BLACKHOLES PIONEERV SMB R transact2 Open (response)
118 3.983 PIONEERV BLACKHOLES SMB C transact2 Findfirst, File = \Tech01.ppt
119 3.984 BLACKHOLES PIONEERV SMB R NT transact
120 3.984 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
121 3.985 BLACKHOLES PIONEERV SMB R close file
122 3.985 PIONEERV BLACKHOLES SMB C close file, FID = 0x600a
123 3.986 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x7805
124 3.986 PIONEERV BLACKHOLES SMB C NT create & X, File = \Tech01.ppt
125 3.987 BLACKHOLES PIONEERV SMB R NT transact
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
126 3.987 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
127 3.990 PIONEERV BLACKHOLES SMB C read & X, FID = 0x7805, Read 0x1000 at 0x00000000
128 3.991 BLACKHOLES PIONEERV SMB R read & X, Read 0x1000
129 3.992 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
130 3.993 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13105982-13105982, ack: 31541032,
win:1
131 3.993 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1240 Bytes
132 3.995 PIONEERV BLACKHOLES SMB C read & X, FID = 0x7805, Read 0x600 at 0x0008F000
133 3.996 BLACKHOLES PIONEERV SMB R read & X, Read 0x600
134 3.996 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 140 Bytes
135 3.996 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13106046-13106046, ack: 31543872,
win:1
136 3.998 PIONEERV BLACKHOLES SMB C read & X, FID = 0x7805, Read 0x1000 at 0x0008D000
137 3.999 BLACKHOLES PIONEERV SMB R read & X, Read 0x1000
138 4.001 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
139 4.001 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13106110-13106110, ack: 31546792,
win:1
140 4.002 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1240 Bytes
141 4.006 BLACKHOLES PIONEERV SMB R write, Wrote 0x0
142 4.006 PIONEERV BLACKHOLES SMB C write, FID = 0x7805, Write 0x0 at 0x0008F600
143 4.007 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 216 Bytes
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
144 4.007 PIONEERV BLACKHOLES SMB C transact2 Set file info, FID = 0x7805
145 4.008 BLACKHOLES PIONEERV SMB R transact2 Set file info (response to frame 144)
146 4.008 PIONEERV BLACKHOLES SMB C NT transact - Notify Change
147 4.011 PIONEERV BLACKHOLES SMB C write & X, FID = 0x7805, Write 0x1000 at 0x0008D000
148 4.011 PIONEERV BLACKHOLES NBT SS: Session Message Cont., 1460 Bytes
149 4.011 PIONEERV BLACKHOLES NBT SS: Session Message Cont., 1243 Bytes
150 4.012 BLACKHOLES PIONEERV SMB R NT transact
151 4.013 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 31548461-31548461, ack: 13110498,
win:
152 4.014 BLACKHOLES PIONEERV SMB R write & X, Wrote 0x1000
153 4.014 PIONEERV BLACKHOLES SMB C NT transact - Notify Change
154 4.018 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 31548512-31548512, ack: 13112186,
win:
155 4.018 BLACKHOLES PIONEERV SMB R write & X, Wrote 0x600
156 4.018 PIONEERV BLACKHOLES SMB C write & X, FID = 0x7805, Write 0x600 at 0x0008F000
157 4.018 PIONEERV BLACKHOLES NBT SS: Session Message Cont., 143 Bytes
158 4.030 PIONEERV BLACKHOLES SMB C flush file, FID = 0x7805
159 4.091 BLACKHOLES PIONEERV SMB R NT transact
160 4.093 BLACKHOLES PIONEERV SMB R flush file
161 4.093 PIONEERV BLACKHOLES SMB C NT transact - Notify Change
162 4.095 BLACKHOLES PIONEERV SMB R NT transact
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
163 4.095 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
164 4.098 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 31548790-31548790, ack: 13114003,
win:
165 4.098 BLACKHOLES PIONEERV SMB R write & X, Wrote 0x600
166 4.098 PIONEERV BLACKHOLES SMB C write & X, FID = 0x7805, Write 0x600 at 0x0008F000
167 4.098 PIONEERV BLACKHOLES NBT SS: Session Message Cont., 143 Bytes
168 4.099 BLACKHOLES PIONEERV SMB R close file
169 4.099 PIONEERV BLACKHOLES SMB C close file, FID = 0x7805
170 4.100 BLACKHOLES PIONEERV SMB R NT transact
171 4.100 PIONEERV BLACKHOLES SMB C NT create & X, File = \Tech01.ppt
172 4.102 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x780e
173 4.102 PIONEERV BLACKHOLES SMB C NT transact - Notify Change
174 4.103 BLACKHOLES PIONEERV SMB R transact2 NT Get DFS Referral (response)
175 4.104 PIONEERV BLACKHOLES SMB C transact2 Set file info, FID = 0x780e
176 4.104 BLACKHOLES PIONEERV SMB R NT transact - Notify Change (response to frame 173)
177 4.104 PIONEERV BLACKHOLES SMB C close file, FID = 0x780e
178 4.106 BLACKHOLES PIONEERV SMB R close file
179 4.106 PIONEERV BLACKHOLES SMB C NT transact - Notify Change
180 4.107 BLACKHOLES PIONEERV SMB R NT transact
181 4.107 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
182 4.108 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x5809
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
183 4.108 PIONEERV BLACKHOLES SMB C NT create & X, File = \Tech01.ppt
184 4.109 BLACKHOLES PIONEERV SMB R transact2 NT Get DFS Referral (response)
185 4.110 PIONEERV BLACKHOLES SMB C transact2 Set file info, FID = 0x5809
186 4.110 BLACKHOLES PIONEERV SMB R NT transact - Notify Change (response to frame 179)
187 4.110 PIONEERV BLACKHOLES SMB C close file, FID = 0x5809
188 4.113 BLACKHOLES PIONEERV SMB R close file
189 4.113 PIONEERV BLACKHOLES SMB C NT transact - Notify Change
190 4.115 BLACKHOLES PIONEERV SMB R NT transact
191 4.115 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
192 4.116 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x680f
193 4.116 PIONEERV BLACKHOLES SMB C NT create & X, File = \Tech01.ppt
194 4.117 BLACKHOLES PIONEERV SMB R NT transact
195 4.117 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
196 4.120 PIONEERV BLACKHOLES SMB C read & X, FID = 0x680f, Read 0x8000 at 0x00000000
197 4.121 BLACKHOLES PIONEERV SMB R read & X, Read 0x8000
198 4.122 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
199 4.123 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13115300-13115300, ack: 31552891,
win:1
200 4.124 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
201 4.125 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
202 4.125 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13115300-13115300, ack: 31555811,
win:1
203 4.126 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
204 4.128 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
205 4.128 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13115300-13115300, ack: 31558731,
win:1
206 4.129 BLACKHOLES PIONEERV NBT SS: Session Message Cont., 1460 Bytes
…
353 4.494 PIONEERV BLACKHOLES SMB C transact2 Query path info, File = \#96.mci
354 4.711 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13116436-13116436, ack: 31679330,
win:1
355 6.122 BLACKHOLES PIONEERV SMB R transact2 Open (response)
356 6.122 PIONEERV BLACKHOLES SMB C transact2 Findfirst, File = \*
357 6.127 BLACKHOLES PIONEERV SMB R transact2 Open (response)
358 6.128 PIONEERV BLACKHOLES SMB C transact2 Query file system info
359 6.131 BLACKHOLES PIONEERV SMB R find close
360 6.131 PIONEERV BLACKHOLES SMB C find close, FID = 0x1807
...
512 9.255 PIONEERV BLACKHOLES SMB C transact2 Query path info, File = \mciwave.dll
513 9.259 BLACKHOLES PIONEERV SMB R NT transact
Network Monitor trace Sun 03/05/98 12:57:59 PowerPoint 97. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
514 9.259 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
...
895 12.702 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
896 12.703 BLACKHOLES PIONEERV SMB R transact2 - NT error, System, Error, Code = (52)
897 12.703 PIONEERV BLACKHOLES SMB C transact2 Query path info, File = \OLEAUT32.dll
898 12.755 BLACKHOLES PIONEERV SMB R NT transact
899 12.756 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
900 12.924 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13126675-13126675, ack: 31993906,
win:1
901 13.343 BLACKHOLES PIONEERV SMB R NT transact
902 13.343 PIONEERV BLACKHOLES SMB C NT transact - NT IOCTL
903 13.345 BLACKHOLES PIONEERV SMB R transact2 Open (response)
904 13.345 PIONEERV BLACKHOLES SMB C transact2 Findfirst, File = \Tech01.ppt
905 13.456 BLACKHOLES PIONEERV SMB R NT create & X, FID = 0x7006
906 13.456 PIONEERV BLACKHOLES SMB C NT create & X, File = \srvsvc
907 13.458 BLACKHOLES PIONEERV SMB R transact
...
913 13.465 BLACKHOLES PIONEERV SMB R close file
914 13.465 PIONEERV BLACKHOLES SMB C close file, FID = 0x7006
915 13.625 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 13127429-13127429, ack: 31996636,
win:1
916 13.736 PIONEERV BLACKHOLES SMB C read & X, FID = 0x680f, Read 0x8000 at 0x00018000
917 13.737 BLACKHOLES PIONEERV SMB R read & X, Read 0x8000
Microsoft Outlook 98
Exchange RPC Transport
The Exchange Server provider is based on RPCs. By using RPCs the Exchange client benefits from single-logon authentication, single bit reorder for encryption of mail traffic over the LAN, and protocol independence. The RPC interface includes full functionality for the Exchange client. In addition to the three features above, the client provides a full Messaging Application Interface (MAPI) that provides an automated access for offline and on-line address book. As part of the negotiation, the RPC interface determines if the mailbox has moved and if it has the software automatically reconfigures the client to use the correct Exchange Server. This interface increases performance by compressing e-mail to and from the desktop. RPC connections are session-based: the system logs on only once, which also reduces network traffic.
Message Storage Options
On the Exchange Server. This generates a lot of traffic because all titles must come down the pipe and most users prefer opening mail in auto view, reading the first 20 lines or so, then opening each message as they work through the inbox.
Locally in a Personal Store (PST). Messages are delivered to the local PST in the background, using Outlook 98's multi-threaded capability.
In an Offline Store (OST). One copy of the message is stored on the network and one locally. The user can make changes off line and the system synchronizes both stores when the user reconnects to the network.
Using the Remote Mail (Dial-up Networking). Even without a local modem you can select "use existing connection," connect to the server store, and pick which messages to download rather than downloading them all. This differs from the first option in that only titles are displayed and the tools are optimized for high-latency and lower-speed links.
Short Cuts
The Outlook client's desktop design allows you to create Short Cuts to folders on the Exchange Server. The default configuration has all the mail short cuts referenced over the network. The trace below (Outlook RPC Default) shows Outlook booting up and logging in. While Outlook is loading it must enumerate all the short cuts. To see if Outlook is completely initialized, use the Tools option on the pull-down menu. The Outlook client may take a while to respond while initializing all the default short cuts—Inbox, Calendar, Notes, Contacts, Tasks and Public folders.
The second trace below (Outlook RPC Local PST without Short Cuts) shows that only 41 packets were generated (the default configuration generated 176 packets). In a high-latency network, 135 packets can make quite a difference in response times.
Performance Hints and Tips
For best performance the client should have a local Exchange Server. This shields the user from any high-latency and dial-up issues. (See the Microsoft Exchange Server section below.)
For best performance over high-latency or slow links, use a local PST to store mail.
Make sure to remove any toolbar short cut references for use over high-latency or slow links; reference only local folders.
Frequent connecting and disconnecting create traffic; it is more efficient to connect and stay connected. Users who have to connect frequently can also use the dial-up feature.
Exchange Service Provider
The Exchange Service provider controls the connection order of protocols used by the Exchange RPC Provider. This registry entry lists the current protocols available for RPC connection. Each is tried in the RPC_Bindings_Order until a connection is made.
HKEY_LOCAL_MACHINE\Software\Microsoft\Exhange\Exchange Provider
.gif "Cc767910.opt6_14(en-us,TechNet.10).gif")
Figure 6.14: Looking for the RPC_Binding_Order with Registry Editor (REGEDIT.EXE).
NCALRPC—Local RPC is the first in the binding order. This is a local RPC internal to the machine; it does not pass over the network.
NCACN_IP_TCP—This binding creates an RPC connection using the TCP transport (a connection state instead of a connectionless state).
NCACN_SPX—This binding creates an RPC connection using the Sequenced Package Exchange (SPX) protocol.
NCACN_NP—This binding creates an RPC connection using a NamePipe interface. When more than one NetBIOS is loaded, the provider tries each in the NetBIOS binding order.
NETBIOS—This binding creates an RPC connection using the NetBEUI protocol.
NCACN_VNS_SPP—This binding creates an RPC connection using the Banyan Vines scalable parallel processing (SPP) protocol (a connection state instead of a connectionless state).
Outlook 98 binding order has been changed from previous versions to optimize performance order, trying first for TCP, the most efficient. If connection cannot be established, the provider tries the next binding. This can have inconvenient consequences. For instance, if you mistype a server name you have to wait for all six bindings to fail or for a security credential mismatch to prompt for a password six times, once for each binding. So while this is a good default configuration for an unknown network, you should consider deleting unsupported protocols from the list when you deploy: it makes for faster error message response and higher user satisfaction.
Performance Hints and Tips
When using TCP provider for fastest response in a high-latency or dial-up network, use HOSTS file for the Exchange Server.
When using TCP provider make sure the DNS is configured properly and the Exchange Server is listed in DNS, or you will have to wait up to 3 x 750 ms before an error message is issued or the next bindings are tried.
When using Name-Pipe over TCP/IP for fastest response in a high-latency or dial-up network, include an LMHOSTS #PRE entry for the Exchange Server.
When using Name-Pipe over TCP/IP, make sure the WINS is configured properly and the Exchange Server is listed in the WINS database, or you will have to wait up to 3 x 750 ms before an error message is issued or the next bindings are tried.
Delete unsupported protocols for better performance at connect time.
Network Trace—Outlook RPC Default
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 2.774 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116498-116501, ack: 120353, win: 87
2 2.775 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120352-120355, ack: 0, win:163
3 2.775 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120353-120353, ack: 116499, win:163
4 2.777 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x0 assoc grp 0x187C5 xmit
5 2.777 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID E1AF8308-5D1F-11C9-91A4-
6 2.779 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x80
cancels 0
7 2.779 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x3 context 0x0 hint
8 2.780 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116711-116711, ack: 120582, win: 85
9 2.780 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120581-120581, ack: 116711, win:161
10 2.780 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116711-116711, ack: 120582, win: 85
11 2.780 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120582-120582, ack: 116712, win:161
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
12 2.790 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116509-116512, ack: 120367, win: 87
13 2.790 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120366-120369, ack: 0, win:163
14 2.791 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120367-120367, ack: 116510, win:163
15 2.792 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x1 assoc grp 0x1D69C xmit
16 2.793 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID F5CC5A18-4264-101A-8C59-
17 2.794 BLACKHOLES PIONEERV R_NSPI Error: Bad Opcode (Function does not exist)
18 2.794 PIONEERV BLACKHOLES R_NSPI RPC Client call nspi:NspiBind(..)
19 2.858 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116524-116527, ack: 120368, win: 87
20 2.858 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120367-120370, ack: 0, win:163
21 2.858 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120368-120368, ack: 116525, win:163
22 2.861 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x44 assoc grp 0x1D69C xmit
23 2.861 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID F5CC5A18-4264-101A-8C59-
24 2.867 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116657-116657, ack: 120806, win: 83
25 2.868 PIONEERV BLACKHOLES TCP .AP..., len: 198, seq: 120496-120693, ack: 116657,
win:162
26 2.868 PIONEERV BLACKHOLES R_NSPI RPC Client call nspi:NspiBind(..)
27 2.874 BLACKHOLES PIONEERV R_NSPI RPC Server response nspi:NspiBind(..)
28 2.931 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120523-120523, ack: 116638, win:162
29 2.975 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116529-116532, ack: 120381, win: 87
30 2.975 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120380-120383, ack: 0, win:163
31 2.975 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120381-120381, ack: 116530, win:163
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
32 2.977 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x0 assoc grp 0x187C6 xmit
33 2.977 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID E1AF8308-5D1F-11C9-91A4-
34 2.978 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x80 cancels
35 2.978 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x3 context 0x0 hint
36 2.979 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116742-116742, ack: 120610, win: 85
37 2.979 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120609-120609, ack: 116742, win:161
38 2.979 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116742-116742, ack: 120610, win: 85
39 2.979 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120610-120610, ack: 116743, win:161
40 2.990 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116532-116535, ack: 120383, win: 87
41 2.990 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120382-120385, ack: 0, win:163
42 2.990 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120383-120383, ack: 116533, win:163
43 2.993 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x0 assoc grp 0x1F85A xmit
44 2.993 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID A4F1DB00-CA47-1067-B31F-
45 3.001 PIONEERV BLACKHOLES TCP .AP..., len: 198, seq: 120511-120708, ack: 116665,
win:162
46 3.004 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116665-116665, ack: 120885, win: 82
47 3.004 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x0 context 0x0 hint
48 3.016 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x9C cancels
49 3.016 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120806-120806, ack: 116753, win:161
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
50 3.031 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x2 opnum 0x2 context 0x0 hint
51 3.047 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x2 context 0x0 hint 0xD4
cancels
52 3.064 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x3 context 0x0 hint 0x58 cancels
53 3.064 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x3 opnum 0x2 context 0x0 hint
54 3.212 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x4 opnum 0x2 context 0x0 hint
55 3.214 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x4 context 0x0 hint 0x34 cancels
56 3.219 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x5 context 0x0 hint 0x108
cancels
57 3.219 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x5 opnum 0x2 context 0x0 hint
58 3.225 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x6 context 0x0 hint 0x238
cancels
59 3.225 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x6 opnum 0x2 context 0x0 hint
60 3.230 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x7 context 0x0 hint 0x1C cancels
61 3.231 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x7 opnum 0x4 context 0x0 hint
62 3.305 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x8 context 0x0 hint 0xA0
cancels
63 3.305 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x8 opnum 0x2 context 0x0 hint
64 3.310 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x9 context 0x0 hint 0x1D0
65 3.310 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x9 opnum 0x2 context 0x0 hint
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
66 3.398 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xA context 0x0 hint 0x44
cancels
67 3.398 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xA opnum 0x2 context 0x0 hint
68 3.401 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xB context 0x0 hint 0x58 cancels
69 3.402 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xB opnum 0x2 context 0x0 hint
70 3.463 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xC context 0x0 hint 0x5C
cancels
71 3.463 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xC opnum 0x2 context 0x0 hint
72 3.592 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xD context 0x0 hint 0x58
cancels
73 3.592 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xD opnum 0x2 context 0x0 hint
74 3.732 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 123029-123029, ack: 119705, win:150
75 3.929 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116546-116549, ack: 120385, win: 87
76 3.929 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120384-120387, ack: 0, win:163
77 3.929 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120385-120385, ack: 116547, win:163
78 3.931 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0xA assoc grp 0x187C7 xmit
79 3.931 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID E1AF8308-5D1F-11C9-91A4-
80 3.933 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x80 cancels
81 3.933 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x3 context 0x0 hint
82 3.934 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116759-116759, ack: 120614, win: 85
83 3.934 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120613-120613, ack: 116759, win:161
84 3.934 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116759-116759, ack: 120614, win: 85
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
85 3.934 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120614-120614, ack: 116760, win:161
86 3.945 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116558-116561, ack: 120400, win: 87
87 3.945 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120399-120402, ack: 0, win:163
88 3.945 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120400-120400, ack: 116559, win:163
89 3.947 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x0 assoc grp 0x1D69D xmit
90 3.947 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID F5CC5A18-4264-101A-8C59-
91 3.948 BLACKHOLES PIONEERV R_NSPI Error: Bad Opcode (Function does not exist)
92 3.948 PIONEERV BLACKHOLES R_NSPI RPC Client call nspi:NspiBind(..)
93 3.959 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116566-116569, ack: 120402, win: 87
94 3.959 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120401-120404, ack: 0, win:163
95 3.959 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120402-120402, ack: 116567, win:163
96 3.962 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x44 assoc grp 0x1D69D xmit
97 3.962 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID F5CC5A18-4264-101A-8C59-
98 3.965 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116699-116699, ack: 120840, win: 83
99 3.965 PIONEERV BLACKHOLES TCP .AP..., len: 198, seq: 120530-120727, ack: 116699, win:162
100 3.965 PIONEERV BLACKHOLES R_NSPI RPC Client call nspi:NspiBind(..)
101 3.973 BLACKHOLES PIONEERV R_NSPI RPC Server response nspi:NspiBind(..)
102 4.094 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116579-116582, ack: 120416, win: 87
103 4.094 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120415-120418, ack: 0, win:163
104 4.094 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120416-120416, ack: 116580, win:163
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
105 4.095 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x1 assoc grp 0x187C8 xmit
106 4.095 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID E1AF8308-5D1F-11C9-91A4-
107 4.096 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x80 cancels
108 4.097 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x3 context 0x0 hint
109 4.097 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116792-116792, ack: 120645, win: 85
110 4.097 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120644-120644, ack: 116792, win:161
111 4.098 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116792-116792, ack: 120645, win: 85
112 4.098 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120645-120645, ack: 116793, win:161
113 4.108 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116590-116593, ack: 120427, win: 87
114 4.108 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120426-120429, ack: 0, win:163
115 4.108 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120427-120427, ack: 116591, win:163
116 4.111 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x0 assoc grp 0x1F85B xmit
117 4.111 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID A4F1DB00-CA47-1067-B31F-
118 4.114 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116723-116723, ack: 120929, win: 82
119 4.114 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120556-120556, ack: 116687, win:162
120 4.114 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120840-120840, ack: 116795, win:161
121 4.114 PIONEERV BLACKHOLES TCP AP..., len: 198, seq: 120555-120752, ack: 116723, win:162
122 4.114 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x0 context 0x0 hint
123 4.128 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x9C cancels
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
124 4.131 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x2 context 0x0 hint 0xD4 cancels
125 4.131 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x2 opnum 0x2 context 0x0 hint
126 4.333 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 121105-121105, ack: 117203, win:157
127 5.153 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 116594-116597, ack: 120435, win: 87
128 5.153 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120434-120437, ack: 0, win:163
129 5.153 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120435-120435, ack: 116595, win:163
130 5.155 BLACKHOLES PIONEERV MSRPC c/o RPC Bind Ack: call 0x44 assoc grp 0x187C9 xmit
131 5.155 PIONEERV BLACKHOLES MSRPC c/o RPC Bind: UUID E1AF8308-5D1F-11C9-91A4-
132 5.157 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1 context 0x0 hint 0x80 cancels
133 5.157 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1 opnum 0x3 context 0x0 hint
134 5.158 BLACKHOLES PIONEERV TCP A...., len: 0, seq: 116807-116807, ack: 120664, win: 85
135 5.158 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120663-120663, ack: 116807, win:161
136 5.158 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116807-116807, ack: 120664, win: 85
137 5.158 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120664-120664, ack: 116808, win:161
138 5.170 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x3 context 0x0 hint 0x9C cancels
139 5.170 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x3 opnum 0x0 context 0x0 hint
140 5.173 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x4 context 0x0 hint 0xD4 cancels
141 5.173 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x4 opnum 0x2 context 0x0 hint
142 5.189 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x5 context 0x0 hint 0x1C cancels
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
143 5.189 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x5 opnum 0x4 context 0x0 hint
144 5.296 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x6 context 0x0 hint 0x5C cancels
145 5.296 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x6 opnum 0x2 context 0x0 hint
146 5.435 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 121745-121745, ack: 117907, win:150
147 8.620 PIONEERV BLACKHOLES R_NSPI RPC Client call nspi:NspiGetHierarchyInfo(..)
148 8.620 BLACKHOLES PIONEERV R_NSPI RPC Server response nspi:NspiGetHierarchyInfo(..)
149 8.668 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xE context 0x0 hint 0xB8 cancels
150 8.668 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xE opnum 0x2 context 0x0 hint
151 8.717 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xF context 0x0 hint 0xA8 cancels
152 8.717 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xF opnum 0x2 context 0x0 hint
153 8.729 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x10 context 0x0 hint 0x84
154 8.729 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x10 opnum 0x2 context 0x0 hint
155 8.740 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x11 context 0x0 hint 0x44
156 8.740 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x11 opnum 0x2 context 0x0 hint
157 8.744 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x12 context 0x0 hint 0x78
158 8.744 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x12 opnum 0x2 context 0x0 hint
159 8.748 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x13 context 0x0 hint 0x1B8
160 8.748 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x13 opnum 0x2 context 0x0 hint
161 8.751 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x14 context 0x0 hint 0xBC
Network Monitor trace Fri 11/13/98 23:09:22 \OutlookRPCDefault. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
162 8.751 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x14 opnum 0x2 context 0x0 hint
163 8.770 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x15 context 0x0 hint 0x70
164 8.770 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x15 opnum 0x2 context 0x0 hint
165 8.840 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120918-120918, ack: 117761, win:151
166 8.941 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 124501-124501, ack: 121561, win:163
167 23.034 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116638-116638, ack: 120524, win: 86
168 23.034 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120523-120523, ack: 116638, win:162
169 23.035 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116638-116638, ack: 120524, win: 86
170 23.035 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120524-120524, ack: 116639, win:162
171 23.404 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 116687-116687, ack: 120557, win: 86
172 23.405 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 120556-120556, ack: 116687, win:162
173 23.405 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 116687-116687, ack: 120557, win: 86
174 23.405 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120557-120557, ack: 116688, win:162
175 57.849 BLACKHOLES PIONEERV NBT NS: Query (Node Status) resp. for JSPNRMPTGSBSSDIR,
176 57.849 PIONEERV BLACKHOLES NBT NS: Query req. for JSPNRMPTGSBSSDIR
177 0.000 000000000000 000000000000 STATS Number of Frames Captured = 176
Network Trace—Outlook RPC Local PST Without Shortcuts
Network Monitor trace Fri 11/13/98 23:12:44 \OutlookRPC Local PST without Shortcuts.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 3.391 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x5 context 0x0 hint 0x1C cancels
Network Monitor trace Fri 11/13/98 23:12:44 \OutlookRPC Local PST without Shortcuts. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
2 3.391 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x5 opnum 0x7 context 0x0 hint
3 3.394 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x6 opnum 0x3 context 0x0 hint
4 3.394 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x6 context 0x0 hint 0x254 cancels
5 3.542 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 121799-121799, ack: 119530, win:156
6 4.413 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x7 context 0x0 hint 0x1C cancels
7 4.413 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x7 opnum 0x7 context 0x0 hint
8 4.418 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x8 context 0x0 hint 0x190 cancels
9 4.418 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x8 opnum 0x9 context 0x0 hint
10 4.430 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x9 context 0x0 hint 0x1C cancels
11 4.430 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x9 opnum 0x7 context 0x0 hint
12 4.433 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0xA context 0x0 hint 0x244
13 4.433 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0xA opnum 0x3 context 0x0 hint
14 4.436 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 123895-123895, ack: 127056, win: 87
15 4.437 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x15 opnum 0x2 context 0x0 hint
16 4.437 PIONEERV BLACKHOLES TCP .AP..., len: 156, seq: 126900-127055, ack: 123895, win:161
17 4.643 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 122519-122519, ack: 119675, win:151
18 4.751 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x15 context 0x0 hint 0x218
Network Monitor trace Fri 11/13/98 23:12:44 \OutlookRPC Local PST without Shortcuts. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
19 4.796 BLACKHOLES PIONEERV UDP Src Port: Unknown, (1088); Dst Port: Unknown (1272); Length =
20 4.796 BLACKHOLES PIONEERV UDP Src Port: Unknown, (1089); Dst Port: Unknown (1279); Length =
21 4.800 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x16 context 0x0 hint 0x6C
22 4.800 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x16 opnum 0x2 context 0x0 hint
23 4.800 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x16 opnum 0x2 context 0x0 hint
24 4.800 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x16 context 0x0 hint 0x84 cancels
25 4.944 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 127152-127152, ack: 124679, win:153
26 4.944 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 125228-125228, ack: 121763, win:163
27 6.768 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x17 context 0x0 hint 0x3C
28 6.768 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x17 opnum 0x2 context 0x0 hint
29 6.947 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 127248-127248, ack: 124791, win:152
30 8.775 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x18 context 0x0 hint 0x64 cancels
31 8.775 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x18 opnum 0x2 context 0x0 hint
32 8.784 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x19 opnum 0x2 context 0x0 hint
33 8.785 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x19 context 0x0 hint 0xEA8
34 8.786 BLACKHOLES PIONEERV TCP .A...., len: 1460, seq: 126411-127870, ack: 127504, win: 83
35 8.786 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 127504-127504, ack: 127871, win:163
Network Monitor trace Fri 11/13/98 23:12:44 \OutlookRPC Local PST without Shortcuts. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
36 8.786 BLACKHOLES PIONEERV TCP .AP..., len: 888, seq: 127871-128758, ack: 127504, win: 83
37 8.811 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1A context 0x0 hint 0x2C
38 8.811 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1A opnum 0x2 context 0x0 hint
39 8.950 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 127600-127600, ack: 128855, win:154
40 8.980 PIONEERV BLACKHOLES MSRPC c/o RPC Request: call 0x1B opnum 0x2 context 0x0 hint
41 9.026 BLACKHOLES PIONEERV MSRPC c/o RPC Response: call 0x1B context 0x0 hint 0x58
42 0.000 000000000000 000000000000 STATS Number of Frames Captured = 41
SMTP Transport
The Simple Mail Transport Protocol (SMTP) is a lightweight mail transport and an unsecured environment. In SMTP, anyone can send e-mail as (or otherwise impersonate) another mail user. SMTP passes the user name and password over the network in clear text.
You can configure the client to use a Secure Socket Layer (SSL) for more secure communication, but then you must manage the certificates required on both sides of the communication pipe. Each time you send or receive e-mail you must log onto the SMTP server. The more messages you send and receive, the more traffic is generated—for text and for the overhead of making and breaking connections.
SMTP does not offer online or offline address book. The mail server name must be maintained at the client; if you move the mailbox for load balancing or performance reasons you must reconfigure the client. These features (address book and name change) must be created and maintained outside of the mail client by the user. The trace below shows that an SMTP e-mail send generates only 24 packets. It also shows that SMTP has to negotiate and logon for every block of e-mail, and this can be frequent, causing significant traffic. The trace for Outlook RPC with a PST (above) shows that it requires 41 packets to log on and initialize once, after which only e-mail traffic passes up and down. As a rule, this should generate fewer than 24 packets for each e-mail message.
Performance Hints and Tips
- When using SMTP make sure to batch your mail as much as possible. When sending in a batch mode, SMTP tries to logon and logoff as infrequently as it can.
Network Trace—SMTP Send
Network Monitor trace Fri 11/13/98 23:10:45 \SMTP SEND.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 12.025 BLACKHOLES PIONEERV TCP .A..S., len: 4, seq: 117045-117048, ack: 120798, win: 87
2 12.025 PIONEERV BLACKHOLES TCP ....S., len: 4, seq: 120797-120800, ack: 0, win:163
3 12.025 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 120798-120798, ack: 117046, win:163
4 27.043 BLACKHOLES PIONEERV NBT NS: Query req. for *<00...(15)>
5 27.043 PIONEERV BLACKHOLES NBT NS: Query (Node Status) resp. for *<00...(15)>, Success
6 27.045 BLACKHOLES PIONEERV SMTP Rsp: Service ready, 106 bytes
7 27.046 BLACKHOLES PIONEERV SMTP Rsp: Requested mail action okay, completed, 8 bytes
8 27.047 PIONEERV BLACKHOLES SMTP Cmd: Hello, host identifier, 15 bytes
9 27.048 BLACKHOLES PIONEERV SMTP Rsp: Requested mail action okay, completed, 53 bytes
10 27.048 PIONEERV BLACKHOLES SMTP Cmd: Mail from <administrator@myowncompany.com>, 45
11 27.049 BLACKHOLES PIONEERV SMTP Rsp: Requested mail action okay, completed, 53 bytes
12 27.049 PIONEERV BLACKHOLES SMTP Cmd: Recipient <administrator@myowncompany.com>, 43
13 27.052 BLACKHOLES PIONEERV SMTP Rsp: Enter mail ..., 36 bytes
14 27.052 PIONEERV BLACKHOLES SMTP Cmd: Data: Mail data to follow, 6 bytes
Network Monitor trace Fri 11/13/98 23:10:45 \SMTP SEND. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
15 27.071 PIONEERV BLACKHOLES SMTP Data - continued from frame 14, 558 bytes
16 27.182 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 117302-117302, ack: 121465, win: 80
17 27.183 PIONEERV BLACKHOLES SMTP Data - continued from frame 15, 5 bytes
18 27.216 BLACKHOLES PIONEERV SMTP Rsp: Requested mail action okay, completed, 8 bytes
19 27.221 BLACKHOLES PIONEERV SMTP Rsp: Service closing transmission channel, 24 bytes
20 27.221 PIONEERV BLACKHOLES SMTP Cmd: Quit, losing connection, 6 bytes
21 27.222 BLACKHOLES PIONEERV TCP .A...., len: 0, seq: 117334-117334, ack: 121477, win: 80
22 27.222 PIONEERV BLACKHOLES TCP .A...F, len: 0, seq: 121476-121476, ack: 117334, win:160
23 27.222 BLACKHOLES PIONEERV TCP .A...F, len: 0, seq: 117334-117334, ack: 121477, win: 80
24 27.222 PIONEERV BLACKHOLES TCP .A...., len: 0, seq: 121477-121477, ack: 117335, win:160
25 0.000 000000000000 000000000000 STATS Number of Frames Captured = 24
IMAP4 Transport
The transport (IMAP4) is a more efficient version of SMTP. The security model is better but still lacks an online or offline address book. The mail server name must be maintained at the client, so if you move the mailbox for load balancing or performance you must reconfigure the client.
Performance Hints and Tips
- When using IMAP4, make sure to batch mail as much as possible.
Microsoft Outlook Web Access (OWA)
If you must leave your e-mail up on a central Exchange Server and on the hub site, Outlook Web Access may be an option for you. Using OWA, all e-mail is left on the Exchange Server, and the Internet Information Server (IIS) renders a HyperText Markup Language (HTML) version of the e-mail message down to the client—using HTTP (an Internet communications protocol). HTTP is a lightweight protocol and does not timeout very easily. OWA offers e-mail and calendar access by using a simple browser on the remote client desktop.
Performance Hints and Tips
- Make sure to configure your BcastQueryTimeout large enough to allow time for computer name resolution, which takes longer when OWA is used.
Microsoft Exchange Server
Microsoft Exchange Server uses an RPC interface to communicate between servers. This requires high-speed connection, which usually is available within a LAN. If the connection passes across a router, a site connector can be configured to boost performance by controlling data flow.
In high-latency, dial-up, and slow-link environments, putting an Exchange Server at each remote site provides the best performance and user satisfaction. This allows clients to communicate with the Exchange Server directly at LAN speeds, and to use the servers to store and forward (in the background) e-mail and directory information. Three types of connectors manage flow control across a WAN environment: Exchange Site Connector, Exchange X.400 Site Connector, and Exchange Internet Site Connector.
Exchange Site Connector
This is an RPC interface that functions like the default communication between servers but can be configured to control the flow of data by scheduling windows. It requires high-speed connections, so in WAN applications you should use a T1 line at least. In a lot of sites the T1 does not provide enough bandwidth and has to be upgraded to an ATM network. This is why two additional connectors are provided.
Performance Hints and Tips
- Do not use this connector over any high-latency, dial-up, or slow connection: it will thrash and fill the communication pipe.
Exchange X.400 Site Connector
The X.400 Site Connector provides the most flexibility, because X.400 protocol has very granular timing options for all Microsoft site connectors. In a satellite network with peak of 28.8 baud and minimum level of 9600 baud, even an 800,000-object Exchange Directory replicates flawlessly.
Performance Hints and Tips
- This is the best connector over high-latency, dial-up, and slow links. It will not thrash, and it has timeout parameters for the different levels of the X.400 protocol.
Exchange Internet Site Connector
This is designed to connect Exchange sites through the Internet. It is a secured connection and encrypted, but it does not offer the flexibility of the X.400 Site Connector.
Performance Hints and Tips
- In the event of Exchange Internet Site Connector thrashing, the only current alternative is to use the Microsoft X.400 Site Connector, which has been designed for high-latency, dial-up, and slow links. Microsoft is working on a more resilient Internet Site Connector.
Microsoft SQL 6.5/7.0
NamePipe
The NamePipe default configuration for SQL DBLIB can be configured to support data sizes up to 64K but defaults to 512 bytes for SQL use. Below is a sample query using SQL Authors database file.
Select * from authors.
au_id |
au_lname |
au_fname |
phone |
address |
city |
state |
zip |
|---|---|---|---|---|---|---|---|
922-32-9926 |
White |
Johnson |
408 496-7223 |
90932 Bigge Rd. |
Kenlo Park |
CA |
94026 9 |
293-46-8996 |
Green |
Karjorie |
496 986-7020 |
309 63rd St. #499 |
Oakland |
CA |
94698 9 |
238-96-2266 |
Carson |
Cheryl |
496 698-7723 |
689 Darwin Ln. |
Berkeley |
CA |
94706 9 |
262-49-2394 |
O'Leary |
Kichael |
408 286-2428 |
22 Cleveland Av. #94 |
San Jose |
CA |
96928 9 |
224-80-9399 |
Straught |
Deon |
496 834-2999 |
6420 College Av. |
Oakland |
CA |
94609 9 |
349-22-9282 |
Skith |
Keander |
993 843-0462 |
90 Kississippi Dr. |
Lawrence |
KS |
66044 0 |
Select * from authors. (continued)
au_id |
au_lname |
au_fname |
phone |
address |
city |
state |
zip |
|---|---|---|---|---|---|---|---|
409-66-2008 |
Bennet |
Abrahak |
496 668-9932 |
6223 Batekan St. |
Berkeley |
RI |
94706 9 |
422-92-2399 |
Dull |
Randy |
496 896-7928 |
3490 Blande St. |
Palo Alto |
CA |
94309 9 |
422-22-2349 |
Gringlesby |
Burt |
707 938-6446 |
PO Box 792 |
Covelo |
CA |
96428 9 |
486-29-9286 |
Locksley |
Charlee |
496 686-4620 |
98 Broadway Av. |
San Francisco |
CA |
94930 9 |
622-22-3246 |
Greene |
Kong |
696 292-2223 |
22 Graybar Big House Rd. |
Nashville |
TN |
32296 0 |
648-92-9822 |
Blotchet-Halls |
Regina |
603 246-6402 |
66 Hillsdale Bl. |
Corvallis |
OR |
92330 9 |
622-29-3249 |
Yokokoto |
Akiko |
496 936-4228 |
3 Silver Ct. |
Walnut Creek |
CA |
94696 9 |
292-46-9862 |
del Castillo |
Innes |
696 996-8226 |
2286 Crak Pl. #86 |
Ann Arbor |
MI |
48906 9 |
222-69-6464 |
DeFrance |
Kichel |
299 642-9982 |
3 Balding Pl. |
Gary |
IN |
46403 9 |
224-08-9939 |
Stringer |
Dirk |
496 843-2999 |
6420 Telegraph Av. |
Oakland |
CA |
94609 0 |
224-80-9399 |
MacFeather |
Stearns |
496 364-2928 |
44 Upland Hts. |
Darkland |
CA |
94692 9 |
266-30-2399 |
Karsen |
Livia |
496 634-9299 |
6220 McAuley St. |
Oakland |
CA |
94609 9 |
Select * from authors. (continued)
au_id |
au_lname |
au_fname |
phone |
address |
city |
state |
zip |
|---|---|---|---|---|---|---|---|
266-30-2399 |
Karsen |
Livia |
496 634-9299 |
6220 McAuley St. |
Oakland |
CA |
94609 9 |
802-99-6664 |
Vandelay |
Art |
309 946-8863 |
9966 Arlington Pl. |
Rockville |
KY |
20863 9 |
846-92-2986 |
Hunter |
Sheryl |
496 836-2928 |
3490 Blonde St. |
Palo Alto |
CA |
94309 9 |
893-22-9968 |
McBadden |
Caryl |
202 448-4982 |
309 Putnak |
Vacaville |
CA |
96688 0 |
899-46-2036 |
Kramer |
Meryl |
809 826-0262 |
62 Seventh Av. |
Dent City |
CT |
44962 9 |
998-22-3662 |
Kramer |
Dustin |
809 826-0262 |
62 Seventh Av. |
Salt Lake City |
UT |
84962 9 |
(23 row(s) affected)
The trace below shows that the transactions are broken up into 512-byte blocks; this keeps the application from saturating the network with a large query, preventing other applications from functioning effectively on the network.
Network Monitor trace Sat 04/15/98 03:06:34 SQL NAMEPIPE.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 12.620 EXPLORERIV 3COM 037F17 SMB C write & X, FID = 0x803, Write 0x1b at 0x0
2 12.622 3COM 037F17 EXPLORERIV SMB R write & X, Wrote 0x1b
3 12.626 EXPLORERIV 3COM 037F17 SMB C read & X, FID = 0x803, Read 0x200 at 0x0
4 12.631 3COM 037F17 EXPLORERIV SMB R read & X, Read 0x26
Network Monitor trace Sat 04/15/98 03:06:34 SQL NAMEPIPE. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
5 12.726 EXPLORERIV 3COM 037F17 SMB C write & X, FID = 0x803, Write 0x1f at 0x0
6 12.728 3COM 037F17 EXPLORERIV SMB R write & X, Wrote 0x1f
7 12.837 EXPLORERIV 3COM 037F17 TCP .A...., len: 0, seq:1729734776, ack: 97304, win: 8556
8 12.979 EXPLORERIV 3COM 037F17 SMB C transact PeekNmPipe, FID = 0x803
9 12.981 3COM 037F17 EXPLORERIV SMB R transact (Error)
10 12.985 EXPLORERIV 3COM 037F17 SMB C read & X, FID = 0x803, Read 0x200 at 0x0
11 12.987 3COM 037F17 EXPLORERIV SMB R read & X, Read 0x200
12 13.076 EXPLORERIV 3COM 037F17 SMB C read & X, FID = 0x803, Read 0x200 at 0x0
13 13.078 3COM 037F17 EXPLORERIV SMB R read & X, Read 0x200
14 13.173 EXPLORERIV 3COM 037F17 SMB C read & X, FID = 0x803, Read 0x200 at 0x0
15 13.176 3COM 037F17 EXPLORERIV SMB R read & X, Read 0x200
16 13.212 EXPLORERIV 3COM 037F17 SMB C read & X, FID = 0x803, Read 0x200 at 0x0
17 13.215 3COM 037F17 EXPLORERIV SMB R read & X, Read 0x1a9
18 13.338 EXPLORERIV 3COM 037F17 TCP .A...., len: 0, seq:1729735120, ack: 99597, win: 8271
TCP Sockets
SQL has support for TCP Sockets interface for DBLib and the SQL Server. With this interface, the example query generates only 7 packets (see the SQL WINSOCK trace below) compared to 18 packets for NamePipes (see the SQL NAMEPIPE trace above). The Sockets interface uses the full segment size of the TCP/IP packet interface for the transaction—it is not restricted to 512-byte blocks—and this is very beneficial when using compression techniques over slow links. As voice grade lines start to approach 64Kbs, the modem delivers higher performance by compressing large blocks of data and pushing them through the 28.8 carrier. Trying to move smaller blocks of data (such as 512-byte blocks) through 28.8 voice-grade lines can decrease performance to less than 10 Kb/sec.
Performance Hints and Tips
- TCP sockets provides the best performance over high-latency, dial-up or slow links.
Network Trace—SQL WINSOCK
Network Monitor trace Sat 04/15/98 03:04:27 SQL WINSOCK.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 5.707 EXPLORERIV 3COM 037F17 TCP .AP..., len: 27, seq:1731074000, ack: 1438552, win: 8760
2 5.714 3COM 037F17 EXPLORERIV TCP .AP..., len: 38, seq: 1438552, ack:1731074027, win: 7357
3 5.806 EXPLORERIV 3COM 037F17 TCP .AP..., len: 31, seq:1731074027, ack: 1438590, win: 8722
4 5.818 3COM 037F17 EXPLORERIV TCP .AP..., len: 512, seq: 1438590, ack:1731074058, win: 7326
5 6.005 EXPLORERIV 3COM 037F17 TCP .A...., len: 0, seq:1731074058, ack: 1439102, win: 8210
6 6.008 3COM 037F17 EXPLORERIV TCP .AP..., len: 1449, seq: 1439102, ack:1731074058, win: 7326
7 6.205 EXPLORERIV 3COM 037F17 TCP .A...., len: 0, seq:1731074058, ack: 1440551, win: 8760
Performance Results
Windows NT3.x COPY Command: Windows NT Server to Windows NT Server SMB Parameters
Figure 6.15 shows some sample performance numbers gathered over a satellite link. The test was transaction-based processing with Aloha channel for ACKs. Note that the default average is 15 Kb. Detecting a slow link, Windows NT disabled raw state and used the default value of 4352 SizReqBuf. The table on page 284 shows the performance impact of increasing the SizReqBuf and TCP/IP Window sizes.
Network Trace—Copy Command Windows NT Clients (page 229) shows the packet movement reading and writing using the default SizReqBuf of 4292; the trace below shows the packet movement reading and writing using the default SizReqBuf of 4352.
Network Trace—Increasing SizReqBuf for Windows NT (pages 230 - 232) demonstrates the use of 12548 SizReqBuf; note the better spacing. The performance chart below shows the significant difference and the impact this change makes.
.gif "Figure 6.15: Performance impact over satellite link by adjusting SizReqBuf.")
Figure 6.15: Performance impact over satellite link by adjusting SizReqBuf.
Network Trace—Copy Command
Network Monitor trace Sun 03/05/98 13:10:09
Copy Command -COMMAND.COM, CMD.EXE, WINFILE.EXE.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
29 17.022 3COM 8DFB25 VOYAGERIX SMB R read & X, Read 0x10c5
30 17.191 VOYAGERIX 3COM 8DFB25 TCP .A...., len: 0, seq: 3483455, ack: 229189, win: 8760
31 17.692 3COM 8DFB25 VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
32 17.812 3COM 8DFB25 VOYAGERIX NBT SS: Session Message Cont., 1437 Bytes
33 17.813 VOYAGERIX 3COM 8DFB25 TCP .A...., len: 0, seq: 3483455, ack: 232086, win: 8760
34 17.815 VOYAGERIX 3COM 8DFB25 SMB C read & X, FID = 0x804, Read 0x10c5 at 0x318a
35 19.314 3COM 8DFB25 VOYAGERIX SMB R read & X, Read 0x10c5
36 19.494 VOYAGERIX 3COM 8DFB25 TCP .A...., len: 0, seq: 3483519, ack: 233546, win: 8760
37 19.984 3COM 8DFB25 VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
38 20.095 VOYAGERIX 3COM 8DFB25 TCP .A...., len: 0, seq: 3483519, ack: 235006, win: 8760
39 20.104 3COM 8DFB25 VOYAGERIX NBT SS: Session Message Cont., 1437 Bytes
40 20.107 VOYAGERIX 3COM 8DFB25 SMB C read & X, FID = 0x804, Read 0x10c5 at 0x424f
41 21.656 3COM 8DFB25 VOYAGERIX SMB R read & X, Read 0x10c5
42 21.797 VOYAGERIX 3COM 8DFB25 TCP .A...., len: 0, seq: 3483583, ack: 237903, win: 8760
43 22.325 3COM 8DFB25 VOYAGERIX NBT SS: Session Message Cont., 1460 Bytes
44 22.444 3COM 8DFB25 VOYAGERIX NBT SS: Session Message Cont., 1437 Bytes
Network Monitor trace Sun 03/05/98 13:10:09
Copy Command -COMMAND.COM, CMD.EXE, WINFILE.EXE. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
45 22.446 VOYAGERIX 3COM 8DFB25 TCP .A...., len: 0, seq: 3483583, ack: 240800, win: 8760
46 22.447 VOYAGERIX 3COM 8DFB25 SMB C read & X, FID = 0x804, Read 0x10c5 at 0x5314
Windows NT Server to Windows NT Server TCP/IP Parameters.
Data Type |
TCPWindow |
Size |
SizReqBuf |
Outbound |
Time |
Outbound |
|---|---|---|---|---|---|---|
Kb/sec |
Inbound |
Time |
Outbound |
Kb/sec |
Copy |
8192 (1) |
4352 (1) |
7:59 |
16.7 |
9:23 |
14.2 |
Copy |
8192 (1) |
8452 |
6:49 |
19.6 |
7:09 |
18.6 |
Copy |
12288 |
12548 |
4:55 |
27 |
5:30 |
24.2 |
Copy |
16644 |
16384 |
2:09 |
31.8 |
2:03 |
31.7 |
|
|
(1) Default parameters of NT 3.51.
Windows 95 to Windows NT Server SMB Parameters
When Windows 95 and Windows for Workgroups 3.11 workstations connect to a Windows NT Server, the server uses raw state (see the trace below), but it still gates the performance to the workstations. The chart below shows that the performance gains are not huge, but sufficient to warrant correcting the parameters. The chart on page 288 lists the parameters changed on the Windows NT Server and not the Windows 95/Windows for Workgroups 3.11 workstations.
.gif "Figure 6.16: Windows NT Server gates performance to Windows 95 and Windows for Workgroups workstations.")
Figure 6.16: Windows NT Server gates performance to Windows 95 and Windows for Workgroups workstations.
Network Trace—Windows 95 and Windows for Workgroups 3.11 Connect to a Windows NT Server Using Raw State
Network Monitor trace Mon 03/13/98 15:29:44
RAW State Copy Command - COMMAND.COM, CMD.EXE, WINFILE.EXE.
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
1 0.000 COMPAQC8F61A VOYAGERIX SMB C open & X, File = \TEMP\002 (R -Share Deny None)
2 0.005 VOYAGERIX COMPAQC8F61A SMB R open & X, FID = 0x801, File Size = 0xf4240
3 1.341 COMPAQC8F61A VOYAGERIX SMB C close file, FID = 0x80
4 1.343 VOYAGERIX COMPAQC8F61A SMB R close file
5 2.690 COMPAQC8F61A VOYAGERIX SMB C get attributes, File = \TEMP\002
6 2.693 VOYAGERIX COMPAQC8F61A SMB R get attributes
7 4.052 COMPAQC8F61A VOYAGERIX SMB C transact2 FindFirst, File = \TEMP\002
8 4.057 VOYAGERIX COMPAQC8F61A SMB R transact2 FindFirst (response to frame 7)
9 4230548 COMPAQC8F61A VOYAGERIX SMB C open & X, File = \TEMP\002 (R -Share Deny None)
10 4230548 VOYAGERIX COMPAQC8F61A SMB R open & X, FID = 0x801, File Size = 0xf4240
11 4230549 COMPAQC8F61A VOYAGERIX SMB C read block raw, FID = 0x801, Read 0xfe00 at 0x0
12 4230549 VOYAGERIX COMPAQC8F61A NBT SS: Session Message, Len: 65024
13 4230549 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
14 4230549 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
15 4230549 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
16 4230549 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Mon 03/13/98 15:29:44
RAW State Copy Command - COMMAND.COM, CMD.EXE, WINFILE.EXE. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
17 4230551 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2017849, win: 8760
18 4230551 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
19 4230551 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
20 4230551 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
21 4230551 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2020769, win: 8760
22 4230551 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
23 4230551 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
24 4230551 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2022229, win: 8760
25 4230551 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
26 4230553 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2025149, win: 8760
27 4230553 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
28 4230553 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
29 4230553 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2026609, win: 8760
30 4230553 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
31 4230554 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2029529, win: 8760
32 4230554 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
33 4230554 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
34 4230554 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2030989, win: 8760
35 4230554 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
36 4230555 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2033909, win: 8760
37 4230555 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Mon 03/13/98 15:29:44 RAW State Copy Command - COMMAND.COM, CMD.EXE, WINFILE.EXE. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
38 4230555 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
39 4230555 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2035369, win: 8760
40 4230555 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
41 4230556 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2038289, win: 8760
42 4230556 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
43 4230556 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
44 4230556 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2039749, win: 8760
45 4230556 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
46 4230557 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2042669, win: 8760
47 4230557 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
48 4230557 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
49 4230557 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2044129, win: 8760
50 4230557 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
51 4230558 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2047049, win: 8760
52 4230558 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
53 4230558 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
54 4230558 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2048509, win: 8760
55 4230558 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
Network Monitor trace Mon 03/13/98 15:29:44
RAW State Copy Command - COMMAND.COM, CMD.EXE, WINFILE.EXE. (continued)
Frame Time Src MAC Addr Dst MAC Addr Protocol Description |
56 4230559 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2051429, win: 8760
57 4230559 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
58 4230559 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
59 4230559 COMPAQC8F61A VOYAGERIX TCP .A...., len: 0, seq: 16140934, ack: 2052889, win: 8760
60 4230559 VOYAGERIX COMPAQC8F61A NBT SS: Session Message Cont., 1460 Bytes
61 4230560 COMPAQC8F61A VOYAGERIX TCP A...., len: 0, seq: 16140934, ack: 2055809, win: 8760
62 4230560 VOYAGERIX COMPAQC8F61A NBT S: Session Message Cont., 1460 Bytes
Windows 95 to Windows NT Server TCP/IP Parameters
TCP/IP parameters.
Data Type |
TCPWindow |
Size |
SizReqBuf |
Outbound |
Time |
Outbound |
|---|---|---|---|---|---|---|
Kb/sec |
Inbound |
Time |
Outbound |
Kb/sec |
Copy |
8192 (1) |
4352 (1) |
4.49 |
27.7 |
4.25 |
30.2 |
Copy |
8192 (1) |
8452 |
4:45 |
28 |
4.24 |
30.3 |
Copy |
12288 |
12548 |
3.56 |
33.9 |
4.25 |
30.2 |
|
|
(1) Default parameters of Windows NT 3.51.
Copy Command: Windows 2000 to Windows 2000 SMB Parameters
.gif "Figure 6.17: Windows 2000 Post BETA 2 default parameters.")
Figure 6.17: Windows 2000 Post BETA 2 default parameters.
Windows NT to Windows NT/Windows 2000 to Windows 2000 FTP Parameters
.gif "Figure 6.18: Windows 2000 Post BETA 2 default parameters.")
Figure 6.18: Windows 2000 Post BETA 2 default parameters.