From Florian:
Regarding information for troubleshooting multi-cast
http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a0080093f21.shtml
This is exactly what I mentioned in an earlier mail. The tools and commands which you see there are part of the router operating system.
With them you can dump the multicast group tables and more.
But to use them you need to login at the router per command line. Often you even have to use a specific debugging port on the router.
This should be done only by a network administrator, imho.
Normally I could imagine of 3 things why its not working.
1) It is blocked in the operating system where Spycer is running (firewall/antivirus/etc)
2) One or more switches and routers are too old and are buggy when using multicast. This can only be fixed by replacing them.
3) One or more switches and routers are too smart and the settings are too restricted.
So, which settings could that be?
One could be that all UDP messages are blocked by default, not distinguish if it is a multicast, a broadcast or a unicast address. This setting should be changed to allow UDP messages from multicast addresses.
Another one could be that the multicast address range is blocked by default. This should be changed also.
A third one could be that the IGMP protocol is not allowed / disabled. This should be enabled then.
Last but not least 2 points from my colleague Henrik: one for running a simple test, a second for provide us with network traffic records for analysis.
1) Multicast sending test with mcast
[follow-up notes]
[RL]
Requires Windows 7 Enterprise (or higher?) to work, Windows 7 Pro gives "WSASocket Failed - 10013"
[\RL]
- use two Windows Sytems.
- install this on both machines: http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
- open the command line on both machines
- cd to C:\Program Files (x86)\Windows Resource Kits\Tools
- on machine a type:
mcast /intf:[ip of the local nic that spycer uses] /recv /grps:239.255.0.1
- on machine b type:
mcast /intf:[ip of the local nic that spycer uses] /send /grps:239.255.0.1
- on machine a you should now see that 100 packets were recieved. the output should look like this:
Received [1]: [GOOD] SRC- 172.23.69.62 GRP- 239.255.0.1 TTL- 5 Len- 256
Received [2]: [GOOD] SRC- 172.23.69.62 GRP- 239.255.0.1 TTL- 5 Len- 256
Received [...]: [GOOD] SRC- 172.23.69.62 GRP- 239.255.0.1 TTL- 5 Len- 256
- if nothing happens multicast as Spycer needs it does not work in the local network environement
2) Wireshark:
- use at least two Sytems.
- shutdown Spycer Gui on both.
- start Wireshark on both machines and start to capture traffic on the network device used by Spycer for general communication
- start the Spycer Gui on both Sytems
- wait a short moment.
- quit both Spycer Guis
- stop both Wireshark capturings
- save both captures as .cap file
- send the captures and the corresponding Spycer Gui logs to DVS HQ
0 Comments