Nodes coupled to a communications channel, such as a local area network, communicate with each other by transmitting packets of information over the network. A node transmitting a packet is generally referred to as the source node, and a node receiving the packet is generally referred to as the destination node. A packet includes one or more header portions and a data portion. The header portion includes information such as the source (origination) node of the packet and the destination node of the packet, and the data portion includes whatever data the source node wishes to communicate to the destination node. Certain fields within a packet are used for routing and other packet transmission information by the hardware and various layers of software responsible for transferring the packet from the source node to the destination node. Other fields are used by the destination node to determine what action should be taken.
If a source node either improperly generates a packet structure, or inserts an erroneous value into a properly formatted packet, the resulting packet may not be properly processed by the destination node. When a packet is not processed properly, the developer of the software or hardware responsible for creating the packet must determine what caused the problem. On an active network, the various nodes coupled to the network may be communicating tens of thousands of packets each minute. Thus, determining the cause of the problem can be quite difficult because only one of a large number of packets transmitted over the network may shed light on the nature of the problem.
Software and/or apparatus exist which monitor a communications channel and capture packets transmitted over the channel for statistical and data analysis of the packets. Such programs and apparatus, referred to in general as network analyzers, typically allow for the capture of all packets communicated over a network during a certain time frame, or permit rudimentary selection criteria for selection of only certain packets based upon values of data within the header portion or the data portion of the packets. A network analyzer can interpret the fields of a packet and display the interpreted packet information on a screen, or store the packets in a file for subsequent analysis. Network analyzers are frequently used to determine the source of packet transmission problems occurring on a network. While selecting only those packets meeting certain criteria can greatly reduce the number of packets captured by the network analyzer, and thus eliminate irrelevant packets, determination of the appropriate selection criteria generally requires some knowledge as to the source of the problem. In some instances, the developer knows only that a node communicating packets over the network is either generating packets with an invalid structure, or generating packets with invalid values, but does not know what fields or values are improper. The developer must therefore capture all packets communicated over the network over a predetermined period of time and then painstakingly analyze all the captured packets in an attempt to locate what may be a single improperly generated packet.
Certain types of traffic communicated over a network can be categorized as command and response traffic. A command and response protocol is typically utilized in an environment in which a source node coupled to a network issues a command packet over the network requesting a service of a destination node coupled to the network. The service requested can be data, or the storage of data, or an acknowledgment, or the initiation of a certain activity, for example. The destination node analyzes the command and either provides the service and communicates a response packet indicating such, or communicates a response packet indicating an error. The error could be due to an improperly formatted command packet, or because a value within a properly formatted command packet is erroneous, or because the command cannot be carried out for a particular reason. The source and destination nodes must comply with the predetermined protocol for sending command and response packets, or communication problems will occur. Command and response protocols are utilized at various levels with the Open Systems Interconnect (OSI) model. Relatively well-known command and response protocols which execute at various OSI levels include the Simple Network Management Protocol (SNMP), Netware Core Protocol (NCP), Sequence Packet Exchange (SPX), Transmission Control Protocol (TCP), and High-Level Data Link Control (HDLC).
Developers of software which utilize a command and response protocol frequently must determine why error response packets are being generated in response to certain command packets. One way to determine this is to capture the command packet and the corresponding response packet as they are transmitted over the network. The developer can then analyze the packets and determine how the command and response packets were formatted, and why an error occurred. However, this can be difficult because only two of the thousands of packets that may be communicated over a network in a short period of time may be relevant to the problem. The developer may have to analyze many unrelated packets before the relevant command and response packets are located. Although network analyzer tools such as the Novell LANalyzer.RTM. product and the Network General Sniffer.TM. product can allow for capturing packets which contain a certain value, it is believed that none of the existing network analyzer tools have the capability to selectively extract from a communication stream of packets only command and corresponding response packets. A tool which can extract only command and corresponding response packets would greatly ease the development of software and hardware which utilizes a command and response protocol.