Dynatrace Network Analyzer Documentation

Skip to end of metadata
Go to start of metadata

DNA provides five levels of protocol decode.

  • Enhanced SQL decode

    Identifies the protocol, decodes the relevant data, SQL command and cursor in the frame, and identifies threads based on the SQL command and cursor.

  • Enhanced file-based decode

    Identifies the protocol, decodes the relevant data and file accessed in the frame, and identifies threads based on that file.

  • Thread identification and partial frame decode

    Identifies the protocol, decodes the relevant data in the frame, and identifies threads.

  • Partial frame decode

    Identifies the protocol and decodes the relevant data in the frame.

  • Protocol identification

    Only identifies the protocol.

Seven of the protocols described in this documentation are available as individual protocol pack options and only appear if you have purchased the specific protocol packs separately. Contact your sales representative or call Dynatrace for more information about these protocol packs. The seven protocols are:

  • Oracle SQL

  • Sybase SQL

  • Informix SQL

  • Microsoft SQL

  • IBM DB2/400

  • IBM Websphere MQ

  • IBM DRDA

The decodes are listed by level, reading left to right, with their protocol-hierarchies and version numbers.

The term TCPUDP refers to either TCP or UDP, and IPXSPX refers to either IPX or SPX. For example, this row:

LLC: IP: TCPUDP: RPCv2: NFSv2

means that the decode handles the NFS version 2 protocol, over RPC version 2, over TCP or UDP, over IP, carried in an LLC frame.

Adding additional application ports for decodes

DNA provides a variety of methods, in addition to the Decode As option in the Thread analysis view, to apply protocol decodes and thread identification methods to both captured and imported traffic.

With the default installations, the ports.lib file contains a mapping of TCP port numbers and IPX sockets to application and transport layer decodes. This file is examined when DNA starts up to determine how threads will be identified and decoded.

In the Thread analysis view, check that appropriate application decodes were automatically applied. Look for undecoded TCP and IP threads—those that are identified only by their port numbers.

If an application uses a consistent custom server port number, you can edit the ports.lib configuration file in your DNA program directory to specify the port and protocol. To edit ports.lib, select Tools ► Options, click the Misc tab, and click the Edit Ports Mapping button. Then export the trace and re-import it. For more information, see Ports Lib..

DCOM is supported in thread analysis. To improve the identification of applications based on TCP, applications can also optionally be identified using a copy of the IANA TCP Port Definitions file, or Network Monitoring's appuser.def file of custom definitions. The appscan.def file is not supported.

These two additional files may be added through a standard copy and paste routine to the root application directory for supplemental identification of application data in the thread analysis view. These files should be copied before DNA is started.

The first file is for users who have identified applications using the appuser.def file. The file contains custom port/application associations. The definitions supported are:

  • TCP port

  • UDP port

  • Ether type

  • IPX socket

The file must be converted to a Unicode file:

  1. Open the file in Wordpad.

  2. Select File ► Save As. For the type of file choose Unicode Text Document and click Save.

  3. Copy the file into the DNA home directory.

The second file is available at the Internet Assigned Numbers Authority (IANA) website http://www.iana.org/assignments/port-numbers. This includes a current list of well-known, registered, and dynamic port assignments. To use this file, you must copy the contents of the file and paste into a text editor. Rename and save the file as port-numbers.txt and choose Unicode for encoding. Copy the file into the DNA home directory.

SOAP decoding running over HTTP is supported in this release. In the ports.lib file, set the SOAP ports as if they were HTTP.

Enhanced SQL decode

DNA identifies the protocol, decodes the relevant data and SQL command in the frame, and identifies threads of the following.

LLC: IP: TCPUDP: Oracle SQL

LLC: IP: TCPUDP: Microsoft SQL

LLC: IP: TCPUDP: Sybase SQL

LLC: IP: TCPUDP: DB2 SQL

LLC: IP: TCPUDP: Informix SQL

LLC: IP: TCPUDP: Generic SQL

LLC: IPXSPX: Oracle SQL

LLC: IPXSPX: Microsoft SQL

LLC: IPXSPX: Sybase SQL

LLC: IPXSPX: DB2 SQL

LLC: IPXSPX: Informix SQL

LLC: IPXSPX: Generic SQL

…: SMB/SMB2: Microsoft SQL

…: SMB/SMB2: Generic SQL

Enhanced file-based decode

DNA identifies the protocol, decodes the relevant data and SQL command in the frame, and identifies threads of the following.

LLC: IP: TCPUDP: NetBIOS: SMB/SMB2

LLC: IP: TCPUDP: RPCv2: NFSv2

LLC: IPXSPX: NCP

LLC: IPXSPX: NetBIOS: SMB/SMB2

LLC: IPXSPX: NMPI: SMB/SMB2

LLC: NetBIOS: SMB/SMB2

Enhanced RPC-based decode

DNA identifies the protocol, decodes the relevant data and function calls in the frame, and identifies threads of the following.

LLC: IP: TCPUDP: DCERPC

LLC: IP: TCPUDP: SMB/SMB2: DCERPC

LLC: IP: TCPUDP: HTTP: SOAP

LLC: IP: TCPUDP: RMI:

LLC: IP: TCPUDP: IIOP: RMI

LLC: IP: TCPUDP: HTTP: RMI

LLC: IP: TCPUDP: IIOP

Thread identification and partial frame decode

DNA identifies the protocol, decodes the relevant data in the frame, and identifies threads of the following.

LLC: IP: TCPUDP: HTTP

LLC: IP: TCPUDP: POPv3

LLC: IP: TCPUDP: SMB/SMB2: DCOM

LLC: IP: TCPUDP: SMTP

LLC: IP: TCPUDP: NNTP

LLC: NetBios: SMB/SMB2: DCOM

Partial frame decode

DNA identifies the protocol and decodes the relevant data in the frame of the following.

LLC: ARPLLC: NetBIOS

LLC: IP: ICMP

LLC: IP: OSPFIGP

LLC: IP: TCP

LLC: IP: TCPUDP: BOOTP

LLC: IP: TCPUDP: RPCv2

LLC: IP: TCPUDP: RPCv2: Portmapper

LLC: IP: TCPUDP: RPCv2: NFSv3

LLC: IP: TCPUDP: Telnet

LLC: IP: TCPUDP: Citrix ICP

LLC: IP: TCPUDP: FTP

LLC: IP: TCPUDP: DNS

LLC: IP: TCPUDP: DHCP

LLC: IP: TCPUDP: NetBIOS

LLC: IP: UDP: NetBIOS

LLC: IPXSPX: UDP: NCP: NDS

LLC: IPXSPX: UDP: NCPBurst

LLC: IPXSPX: UDP: NetBIOS

LLC: IPXSPX: UDP: NLSP

LLC: IPXSPX: UDP: NMPI

LLC: IPXSPX: UDP: RIP

LLC: IPXSPX: UDP: SAP

MAC

WAN: Frame Relay; Cisco-HDLC; generic (standard) HDLC

Protocol stacks identified by DNA

DNA identifies the following protocols.

LLC: 3COM

LLC: AARP

LLC: AppleTalk

LLC: BANYAN

LLC: BPDU

LLC: DEC Lanbridge

LLC: DECnet

LLC: EIA

LLC: IP: 3PC

LLC: IP: ARGUS

LLC: IP: AX.25

LLC: IP: BBN-MON

LLC: IP: BNA

LLC: IP: BRSAT-MON

LLC: IP: CFTP

LLC: IP: CHAOS

LLC: IP: CPHB

LLC: IP: CPNX

LLC: IP: DCN-MEAS

LLC: IP: DDP

LLC: IP: DGP

LLC: IP: EGP

LLC: IP: EMCON

LLC: IP: ENCAP

LLC: IP: ETHERIP

LLC: IP: GGP

LLC: IP: GMTP

LLC: IP: GRE

LLC: IP: HMP

LLC: IP: IDPR

LLC: IP: IDPR-CMTP

LLC: IP: IDRP

LLC: IP: IGMP

LLC: IP: IGP

LLC: IP: IGRP

LLC: IP: IL

LLC: IP: I-NLSP

LLC: IP: IPCV

LLC: IP: IPIP

LLC: IP: IPPC

LLC: IP: IRTP

LLC: IP: ISO-IP

LLC: IP: ISO-TP4

LLC: IP: LARP

LLC: IP: LEAF-1

LLC: IP: LEAF-2

LLC: IP: MERIT-INP

LLC: IP: MFE-NSP

LLC: IP: MHRP

LLC: IP: MICP

LLC: IP: MIT-RVD

LLC: IP: MIT-SUBN

LLC: IP: MTP

LLC: IP: MUX

LLC: IP: NETBLT

LLC: IP: NFSNET-IGP

LLC: IP: NHRP

LLC: IP: NVP-II

LLC: IP: PRM

LLC: IP: PUP

LLC: IP: PVP

LLC: IP: RDP

LLC: IP: RSVP

LLC: IP: SAT-EXPAK

LLC: IP: SAT-MON

LLC: IP: SCC-SP

LLC: IP: SDRP

LLC: IP: SECURE-VMTF

LLC: IP: SEP

LLC: IP: SIP

LLC: IP: SIP-FRAG

LLC: IP: SIPP-AH

LLC: IP: SIPP-ESP

LLC: IP: SIP-SR

LLC: IP: Sprite-RPC

LLC: IP: ST

LLC: IP: SUN-ND

LLC: IP: SWIPE

LLC: IP: TCF

LLC: IP: TCPUDP: POPv2

LLC: IP: TCPUDP: RJE

LLC: IP: TCPUDP: Echo

LLC: IP: TCPUDP: Users

LLC: IP: TCPUDP: Daytime

LLC: IP: TCPUDP: Time

LLC: IP: TCPUDP: Finger

LLC: IP: TCPUDP: Nickname

LLC: IP: TCPUDP: TFTP

LLC: IP: TCPUDP: Host name server

LLC: IP: TCPUDP: NIC

LLC: IP: TCPUDP: ISO-TSAP

LLC: IP: TCPUDP: X.400

LLC: IP: TCPUDP: Secure WWW

LLC: IP: TCPUDP: Socks

LLC: IP: TCPUDP: Lotus Notes

LLC: IP: TCPUDP: WINS

LLC: IP: TCPUDP: Netware over IP

LLC: IP: TCPUDP: CSNET mailbox name server

LLC: IP: TCPUDP: X.400 SND

LLC: IP: TCPUDP: Doom

LLC: IP: TCPUDP: Ingres

LLC: IP: TP++

LLC: IP: TRUNK-1

LLC: IP: TRUNK-2

LLC: IP: TTP

LLC: IP: UCL

LLC: IP: VINES

LLC: IP: VISA

LLC: IP: VMTF

LLC: IP: WB-EXPAK

LLC: IP: WB-MON

LLC: IP: WSN

LLC: IP: XNET

LLC: IP: XNS-IDP

LLC: IP: XTP

LLC: IP (Fragmented and non-frag.)

LLC: IPX

LLC: IPX: SPX

LLC: ISO

LLC: LANMAN

LLC: LOOPBACK

LLC: NESTAR

LLC: PROWAY

LLC: RARP

LLC: RPL

LLC: SNA

LLC: SNMP

LLC: TI

LLC: UB

LLC: X25

SMT LLC: XNS

WAN: Annex D LMI; Orig LMI; BPDU; NLPID; Q933; CLNP