This invention relates generally to local area network test instruments and in particular to a method for identifying the types of devices present on a local area network by passively monitoring network traffic.
Increasingly complex LANs, or simply "networks", now connect more and more types of devices including personal computers, work stations, file servers, and printers. Network hubs are often the central devices in a network through which information flows. Each client device connects to the LAN via adapters called network interface cards (NICs) to form nodes. Connecting the nodes to the hubs are network links which may consist of unshielded twisted pair (UTP) wire, coaxial cable, or fiber optic cable.
The physical layer of the network protocol is the hardware that connects the network devices and includes Ethernet which is defined according to the EEE 802.3 standard, FDDI (Fiber Distribution Data Interface), Token Ring which is defined according to the IEEE 802.5 standard, and ATM (Asynchronous Transfer Mode). Ethernet is most commonly implemented in the physical layer as twisted-wire pairs according to the 10BASE-T standard which has a speed of 10 megabits per second and uses a media access protocol called carrier-sensing multiple access with collision detection (CSMA/CD) to control information traffic flow and resolve collisions between nodes. A node can send information on the network only if no other node is currently sending information. If a node tries to send information at the same time as another node, a collision occurs and each node operates according to a well-defined "back off" procedure to resolve the collision. Each node will wait a random period of time to attempt to send the information again.
Because Ethernet is typically implemented in a baseband, broadcast network, every node receives the information sent by every other node within the collision domain. In order to minimize the burden on the software operating in host personal computers (PC's) connected to the network, a hardware layer with a hardware or media access control (MAC) address passes along to the software layer only the information appropriate for that node. Such information may be in the form of a "broadcast" message intended for all nodes in the network or as a message only for the intended node with the MAC address.
Information sent over an Ethernet network is in the form of discrete packets defined according to the seven layer Open Systems Interconnection (OSI) standard maintained by the American National Standards Institute (ANSI). OSI is a layered structure in which the highest layers take advantage of the capabilities of the lower layers to send information between nodes. Information is passed between nodes in the form of discrete packets or frames containing data or control information supplied by the various OSI layers. The highest layers are the Application layer, the Presentation layer, and the Session layer which may include Telnet, File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SNMP), and Domain Name System (DNS).
The Transport layer typically includes the Transmission Control Protocol (TCP) along with the User Datagram Protocol (UDP), among others, which provide for the delivery of the data to a desired device and the division of the information into discrete packets for sending. Received packets are reassembled in a like manner. The Network layer routes messages back and forth between a source node and a destination node according to Internet Protocol (IP) addresses by adding an IP header to each packet indicating the source and destination IP addresses. The lowest layer is the physical link layer in which the hardware MAC addresses are used. The majority of networks operate according to a combination of TCP at the transport layer and IP at the network layer which is commonly referred to as a TCP/IP network. A more complete explanation of the operation of LANs according to the TCP/IP protocol suite may be found in COMER, DOUGLAS E., Internetworking With TCP/IP Volume 1: Principles, Protocols, and Architecture, Third Edition, 1995, Prentice-Hall, Englewood Cliffs, N.J.
Networks may implement more than one protocol at the same time. IP packets, also called IP datagrams, may be mixed with IPX packets, which are created by network devices running the IPX network protocol which is part of Novell NetWare from Novell, Inc. Novell IPX provides the network layer functions of addressing routing to facilitate communications between a network client and a NetWare server.
Test instruments for LANs are often utilized to determine the number and types of devices that are present in the LAN for purposes of maintenance and troubleshooting. Prior art test instruments have accomplished this task by communicating with devices on the LAN in an active IP mode, typically by issuing a series of network broadcasts. Active IP mode, in which the test instrument actively communicates with other devices on the LAN, requires that the test instrument have its own unique MAC and IP addresses in the manner of any other network device in order to properly establish communications. The IP address for the test instrument must be chosen to conform to the IP address of the LAN in order to communicate properly as a local device. At the same time, the IP address chosen must be one not used by other devices on the LAN to avioid problems induced by duplicate IP addresses.
The Fluke 67x/68x Series of LANMeters may be used to determine the various devices on the LAN according to a two step process. First, an appropriate IP address is selected for the test instrument in a test called "IP Auto Config" in which the network address and subnet address are determined and duplicate IP addresses are avoided during the address selection process. Second, MAC and IP addresses of the various devices are discovered and the devices communicated with through a series of network broadcasts in active IP mode in order to determine their device types in a test called "Segment Discovery."
The test instrument, like other network devices, is normally assigned a unique MAC address in the manner of a serial number when the test instrument is manufactured. The IP address of the test instrument, on the other hand, must be carefully selected by the user of the test instrument for each test situation in order to be appropriate for the particular LAN being tested using active IP mode. If the IP address duplicates the IP address of a device already connected to the LAN, the operation of the LAN may be disrupted. Selecting a proper IP address that operates to establish communications with the devices on the LAN without disrupting operation of the LAN is thus a critical step which may be time consuming and prone to errors. Therefore, it would be desirable to provide a method for determining types of devices on a LAN using passive monitoring with no need to select an IP address for the test instrument.