Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SAP General Response Packets

Posted on 1998-12-15
3
Medium Priority
?
332 Views
Last Modified: 2006-11-17
I am seeing SAP General Response packets from machines all over the network.  This is not typical of our network.  Can anyone tell me what may be causing this?
0
Comment
Question by:jerryross
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
brosenb0 earned 400 total points
ID: 1594455
Jerryross,

Without seeing your Sniffer, Lanalyzer or other analyser traces, one may only speculate, however, SAP General Service Response packets or SAP_GSRs are complementary to SAP General Service Query packets or SAP_GSQs.  Thus, SAP_GSRs are responses to SAP_GSQs with SAP_GSQs being a broadcast request.  SAP_GSRs may originate from servers or routers (basically any device that maintains a SAP table), with SAP_GSQs typically originating from workstations.  Because SAP_GSQs are a broadcast request, all devices that can respond that receive the request will attempt to respond, effectively causing a one-way broadcast response storm.  This is one reason why effective SAP filtering MUST be in place.

The best way to filter this is put an access list on each router port that filters the request, thus only allowing the local router port to service the request.

Q.  What causes the transmission of SAP_GSQ and hence SAP_GSR packets?

A.  One common cause of the transmission of SAP_GSQ packets is due to a workstation that does not receive a response to a SAP_GNS or Get Nearest Server request when the NetWare client first connects to the network.  When a workstation does not receive a request to a SAP_GNS request (also a broadcast) it sends a SAP_GSQ in an attempt to find a file server.

Q.  Why would SAP_GNS requests suddenly be receiving no response?

A.  Two main reasons,

1.  A file server that did reside  on the workstation's local segment has since been disabled or moved and SAP_GNS ACLs were already in place on the local router port, effectively prohibiting other servers on other segments from responding.

2.  A SAP_GNS ACL has recently been installed on the local router port and no server did reside on the workstation's local segment.
 
Q.  What other reasons are there for a device to send a SAP_GSQ?

A.  There are many applications that rely on SAP_GSQs to locate their services on the network.  RPrinter, NPrinter (non logged into NDS mode), ARCserve Manager, RConsole, Gupta SQLBase, Pervasive SQL, Oracle for NetWare.......   Thus, the addition of a new application may be the cause of the sudden increase.

Q.  How can you determine which device is sending the SAP_GSQs?

A.  You can filter for the SAP_GSQs with your analyser to see if any particular device is sending all the requests and you can look at the SAP_GSRs and examine the destination network, destination node to determine if all responses are being sent to a particular node.   Make sure you use an analyser such as the Sniffer or Lanalyser that can understand and decode from NCP to IPX to MAC level.  Offerings such as NetXRay do not truly understand the NetWare protocols and won't be much help.

I suggest you obtain a copy of the SAPMON utility which will allow you to monitor and analyse SAP traffic on your network.  http://www.net-utils.com/utils/sapmn12.exe
 
0
 

Author Comment

by:jerryross
ID: 1594456
Thank you!  Our sniffer is LANWatch.  I had been using that to look at the SAP packets.  We had also been guessing that the GSQ was causing the GSR packets.  We traced one of the machines that was generating the GNS packets.  It was waiting at the windows login prompt.  According to the information you have given us, this makes sense.  Thank you very much for the detailed response.  With this new information we should be able to solve our problems :)
0
 

Author Comment

by:jerryross
ID: 1594457
Thank you!  Our sniffer is LANWatch.  I had been using that to look at the SAP packets.  We had also been guessing that the GSQ was causing the GSR packets.  We traced one of the machines that was generating the GNS packets.  It was waiting at the windows login prompt.  According to the information you have given us, this makes sense.  Thank you very much for the detailed response.  With this new information we should be able to solve our problems :)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This week I attended a Startup Week Chattanooga talk on Gender Diversity in Technology. Check out what I learned.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question