I stated none of the PCs update any more (they were last week until Friday), then they all just stopped. The reason for the 60 minutes is that when I did the first troubleshoot exercise I manually triggered off the updates and that seemed to work. What I want to see is does the server or workstation actually fires off a trigger to check for updates and what happens after that.
>>> hbae@xxxxxxxxxx 12:19:49 pm 27/11/2005 >>>
On 09:49 PM 11/26/2005, Jon Miller wrote:
>New to using ethereal, but I'm trying to find out why Sophos Anti-Virus isn't updating the workstations from a NetWare server to Windows 2000 workstations. I've done all the checking such as account access from server user id to each workstation and all credentials are correct and none of the workstations reports any NDS error(s). Has anyone in the groups done or have a setup such as this?
>What I'm mostly interested in looking at is the communication between the NetWare server and the workstations.
>I'm thinking I should create a filter for NDS and sophos only or should this be filtered later and capture all traffic? The problem is I have to run this for at least an 60 minutes and I do not want the file to grow to an unmanageable size.
Very rarely do you need to capture for the entire duration of a transaction (for troubleshooting these types of problems)
Here's what I would do. Capture the trace to and from the PCs IP w/o any filters. But don't open any unnecessary programs like email, browsers etc. Capture the file with just 256 bytes so you can get the file handles/descriptions etc.
Then start looking for the obvious things like "access denied", "wrong permission" etc. If you have a working PC, use that as a baseline to see what's different.
You can stop the capture the minute it fails, why bother with the full 60 minutes? Also, can't you kick off the update process manually and catch the failures?
Have you tried putting the files on another Windows machine to see if that works?
Ethereal-users mailing list