*****************************************************************
*********  Bloodhound Beta  *********  Bloodhound Beta  *********
*****************************************************************

	  *******************************************

		  Installation and Debug Guide:
			  INSTALL.TXT

	  *******************************************


This readme provides information on installing the Microsoft 
Network Analyzer for Windows, codenamed Bloodhound.  For an 
overview of the information on Bloodhound, please see the 
README.TXT in this directory.

To install Bloodhound on your computer, please use the hard copy
Installation Guide which comes with this beta.  Before 
installing, please read the 'Must Read' and 'Network Adapter 
Cards' sections below.  The information in this readme overlaps 
with the Installation Guide.


Must Read:
----------

*  Bloodhound is not supported on WFW311 if you are using a 
   NDIS2.0 Mac or any real mode protocol stacks.  There are 
   known problems with the interaction of Bloodhound and the 
   WfW mapper functionality that may cause erratic behavior of 
   Bloodhound.

*  If you are running WfW 3.11, be sure to back up your CONFIG.SYS, 
   AUTOEXEC.BAT, SYSTEM.INI, and PROTOCOL.INI files before running 
   Setup.

*  For MS-DOS-based machines, make sure your memory manager 
   excludes all memory associated with network card drivers, and 
   other drivers for other peripherals. 

*  If you are installing on Windows for Workgroups, you must be 
   booted from your C: drive.  If you are booted from a different 
   drive (a floppy drive, for example), Bloodhound will try to 
   install into the CONFIG.SYS which is on drive C:.

*  To capture RAS traffic, you must use either WfW 311 or the
   Daytona Beta.

*  Make sure you close all Bloodhound applications before 
   reinstalling Bloodhound.

*  If you use capture/display password protection, choose 
   passwords with 15 characters or less.  With more than 15 
   characters as a password, Bloodhound won't allow you to use 
   the password.

*  Due to installation limitations, the directory you install 
   Bloodhound to must be of the format ########.### (8.3).

*  If your machine is dual-boot NT and Windows, and you have 
   both in the same directory, then when Bloodhound installs
   it will pick up your computer name from the win.ini and not
   from the registry.

*  If your network card is
   - Intel EtherExpress16 on Windows for Workgroups
   - Netflex I or II, TokenRing or Ethernet, on Windows NT x86
   Please upgrade your drivers so they work properly with 
   Bloodhound.  Find the driver (ee16.386 for EtherExpress, and
   netflx.sys for Netflex) in your system, and replace it with 
   the drivers on \\hank\bhbeta\drivers (or \\hank\bhdist
   \bhbeta\drivers).  These drivers are unsupported, and there
   may be a reduction in performance, but at least they will
   work with Bloodhound.

Upgrading from Beta 2
---------------------
If you installed the Beta 2 version of Bloodhound, you will have 
to manually remove the registry key before installing the Beta 3 
version of the Bloodhound driver, now called the "Network 
Monitoring" service.  Start the REGEDT32 exe, included with your 
NT system.  You will see four windows.  From the menu bar, pick 
Window (alt-W) and choose the item that says HKEY_LOCAL_MACHINE.  
Double click on the folder that says SYSTEM.  Then double click on 
CurrentControlSet andServices.  Choose the "bh" entry, and press 
the Delete key.  Answer affirmative to the query.  Close down 
regedt32 and reboot.  You are now ready to upgrade to the next 
version.


Network Adapter Cards
---------------------
Right now, because many drivers do not comply perfectly with the 
NDIS 3.0 standard, Bloodhound works better with some network 
adapter cards than others.  Those that we have tried and have 
been shown to work include:
	Elnk II
	Elnk III EISA
	Intel EtherExpress 16:  USE NEW DRIVER (see above)
	NE2000
	NE3200
	SMC Etherplus
	DEC DEPCA
	XIRCOM PE3 parallel port (Windows NT only)
	Netflex:  USE NEW DRIVER (see above)

IBM cards do not support promiscuous mode because they consider it
to be a security breach.
Olicom TR cards do not work well in promiscuous mode.  If your ring 
goes down while you are capturing then you will blue screen.
Some cards need updated drivers from \\hank\bhbeta\drivers to 
work with Bloodhound.
If you have a Compaq NetFlex, be sure to have the new driver from 
\\mcl\labs\ndis30\drivers\x86\netflx.
A 32 bit card is not as important as the speed of the machine and 
the quality of the driver.  For instance, an NE2000, a 16 bit 
card, works great on NDIS 2.0, and several 16bit cards also work 
well under NDIS 3.0.

If you are not using one of the network adapter cards that are 
known to work with Bloodhound, you may get mysterious crashing or 
looping behavior.  If you have information on any other network 
adapter cards and how they work with Bloodhound, please send it 
to BHBETA@microsoft.com.  We will take your bug reports, but they 
may not be fixable.



Common Installation Problems:
-----------------------------
*  Local MAC does not support loopback
	In other words, you will not see traffic going out from 
	your machine to the net but will only see traffic coming 
	in to your machine.  This problem is due to a lack of 
	functionality in the driver for your network card.
*  Can't load <file>
	You can either close other Bloodhound views or other
	Windows applications.
*  No network drivers were found 
	You can only view previously captured files
	*  If you typed the Display password but not the Capture 
	   password at startup time, Bloodhound will only give 
	   you access to previously captured files. 
	*  If you are using WfW 3.11, and you started the network 
	   with "Net Start RDR" or "Net Start FULL" before 
	   starting Windows, Bloodhound won't let you capture,
	   because both of these start NDIS20 rather than NDIS30.
	*  If you were booted from a drive other than C: when you 
	   installed Bloodhound, but your C: drive happened to 
	   have a CONFIG.SYS file with a PROTMAN.DOS in it, 
	   Bloodhound incorrectly installed its driver 
	   information into your C: drive's CONFIG.SYS.  
	   Re-install, while booted from the C: drive.
*  Bloodhound crashes to the MS-DOS prompt during capture
	Your problem may be one of memory management.  Bloodhound 
	may have a problem with SmartDrive from MS-DOS 6.0, so 
	you may want to try commenting out SmartDrive.  
	As well, be sure to exclude memory for both your network 
	card and for Bloodhound. You should have a line in your 
	CONFIG.SYS that looks like this:
		DEVICE = EMM386.EXE NOEMS X= <CARD MEM> 
			 X=<other mem to exclude>
	Look in your hardware manual to find out what memory to 
	exclude for your network card.



Removing Win32s and/or Bloodhound From Your System:
---------------------------------------------------
*  How to remove Bloodhound from a Windows for Workgroups
   installation
   1.  In your CONFIG.SYS file, remove the line with "BH.DOS".
   2.  In your WINDOWS\SYSTEM.INI file, remove the line with 
       "vbh.386" and the line with "bhsupp.386".
   3.  In your PROTOCOL.INI file, remove the Bloodhound section.
   4.  Delete the Bloodhound directory.

*  How to remove Win32s
   1.  In your WINDOWS\SYSTEM.INI file, remove the Win32s tag 
       line.
   2.  Delete the WINDOWS\SYSTEM\WIN32S tree.
   3.  Delete the WINDOWS\SYSTEM\WIN32S16.DLL file.



Troubleshooting by platform: 
----------------------------
	NDIS30 WfW, Windows NT:
	-----------------------

Bloodhound is not supported on NDIS 2.0.

How do I know whether I have NDIS20 or NDIS30?
*  If you see a BH.DOS in your CONFIG.SYS, you have NDIS20.
*  If you have Windows 3.1 or WfW 3.10, you have NDIS20.
*  If you have WfW 3.11, and you started the network with a 
   "Net Start RDR" or "Net Start FULL" before running Windows,
   you have NDIS20, otherwise you have NDIS30.
*  If you have Windows NT, you have NDIS30.

B. NDIS30 WfW
-------------
*  You do not have the VxD loaded in your PROTOCOL.INI.  At the 
   beginning of your [386Enh] section of the SYSTEM.INI, you 
   should see the following four lines:
	device=C:\BH\DRIVERS\BHSUPP.386
	device=C:\BH\DRIVERS\VBH.386
	device=C:\BH\DRIVERS\BHWIN.386
	device=C:\WINDOWS\SYSTEM\WIN32S\W32S.386
   Re-installing will take care of this.
*  You do not have a NAL= line set correctly in your BH.INI.  Go 
   to the Bloodhound directory, usually C:\BH, and edit the 
   BH.INI.  At the top, you should see a NAL= line.  The line, in 
   the NDIS30 case, should read:
	NAL = NDIS20 NDIS30
   The NDIS20 entry is there to handle the case where the network 
   is started by doing a "Net Start RDR" or a "Net Start FULL" 
   before starting Windows.


C. NDIS30 Windows NT
--------------------
*  The Bloodhound Windows NT Driver failed to bind.  Check Event 
   Viewer for the bind error message.  The Bloodhound driver is 
   set to be started manually, and may have failed.
*  The BH Driver has the wrong bindings.  You may have changed a 
   card and the BH wasn't reinstalled.  Run 
   REGEDT32,
	  HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Bh  
	Bind: REG_SZ:\Device\UB01      <<<-----
	DisplayName: REG_SZ: Bloodhound Driver
	ErrorControl: REG_DWORD: 0x1
	Imagepath: REG_EXPAND_SZ:\SystemRoot\System32\drivers\
		   bhnt.sys
	Start: REG_DWORD: 0x3
	Type: REG_DWORD: 0x1
   Check the Bind: line to make sure it is valid.  Your netcard 
   is stored in
	  HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows NT->
	  NetworkCards
	Description: REG_SZ: Ungermann-Bass Ethernet NIUpc\EOTP 
		     Adapter
	InstallDate: REG_DWORD: 0x2c6b66f0
	Manufacturer: REG_SZ: Microsoft
	ProductName: REG_SZ: UB
	ServiceName: REG_SZ: UB02      <<<-----
	Title: REG_SZ: [02] Ungermann-BassEthernet NIUpc\EOTP 
	       Adapter
   In this case, the Bloodhound bindings are to ServiceName 
   "UB01" when they should be to "UB02."  Find the ServiceName in 
   the Network Cards section and put it into the BH section Bind: 
   value.
   Note that the changes to the registry in this area are CASE 
   SENSITIVE.
*  Unable to add services key to the registry
	The NT registry must be clean before you install the 
	new key.  You have to remove the old BH key from the 
	registry and reboot.  If you are overwriting a version 
	of BH previous to build 92, then you will have to do 
	the removal manually... if you installed post 92, you 
	can go into the control panel networks and remove 
	Bloodhound from the list with the remove button and 
	reboot.
	If you have to do the manual version:
	-run REGEDT32
	-find the window labelled HKEY_LOCAL_MACHINE
	-find the key SYSTEM\CurrentControlSet\Services\bh
	-delete it
 	-find the key SYSTEM\CurrentControlSet\Services\nmagent
		(if it exists)
	-delete it


*****************************************************************
*********  Bloodhound Beta  *********  Bloodhound Beta  *********
*****************************************************************
