Escolar Documentos
Profissional Documentos
Cultura Documentos
Version 1.0
August 8, 2000
Contents
1. Acknowledgments 6
2. Document Vision / Scope 7
3. Test Lab Configuration 8
3.1. Lab design 8
3.2. LAN design 9
3.3. Servers Characteristics 10
3.4. Client Characteristics 11
3.5. Exchange 2000 Configuration 11
3.6. Terminal Services Configuration 13
3.7. Client Configuration 13
3.7.1. Outlook 2000 Client Configuration 14
3.7.2. Outlook 97 Client Configuration 14
3.7.3. Outlook Express Client Configuration 14
3.7.3.1. POP3 Account Settings 15
3.7.3.2. IMAP4 Account Settings 15
3.7.3.3. Lightweight Directory Access Protocol
(LDAP) Account Settings 15
3.7.3.4. Network News Transfer Protocol (NNTP)
Account Settings 15
3.7.4. Netscape Messenger Client Configuration 16
3.7.4.1. POP3 account settings 16
3.7.4.2. IMAP4 account settings 16
3.7.4.3. NNTP account settings 16
3.7.5. Outlook Web Access Client Configuration 17
3.7.6. Terminal Services Client Configuration 17
3.8. Measurement Methodology 18
4. Log On and Log Off 20
4.1. Tests Performed 20
4.2. MAPI Clients: Microsoft Outlook 2000, Outlook 97 20
4.2.1. Test Details 21
4.2.2. Outlook 2000 results 24
4.2.3. Outlook 97 results 25
4.2.4. Outlook 2000 and Outlook 97 measurements
Analysis 25
4.3. Microsoft Outlook Express: POP3 and IMAP4 Modes 26
4.3.1. Test details 26
4.3.2. Outlook Express IMAP4 Results 27
4.3.3. Outlook Express POP3 results 28
Client Network Traffic with Exchange 2000 3
1. Acknowledgments
Many thanks to the following people for their time and enthusiasm. No white paper
is produced without many people going out of their way to assist.
Other
Marie-Laure Leroux-Angibaud
Client Network Traffic with Exchange 2000 7
Test data appears in Microsoft Excel workbooks and on the Exchange 2000 Server
Resource Kit companion compact disc (CD). In some cases, the data from these
tests do not represent all information required by the clients. Network bandwidth is
not consumed for graphics caching, session lifetimes, resolved names caches, and
message formats. However, message content and form significantly impacts
network traffic, especially an HTML message. These tests allow you to compare
clients and mail message format Rich Text Format (RTF), HTML, Plain Text. You
can also use the data to estimate the network traffic generated by many user
profiles when their messaging habits are well known.
Microsoft Outlook 98 was not tested because its performance is similar to the
performance of Outlook 2000. For more information about testing Outlook 98, see
"Directory Access" in this section.
8 Client
Network Traffic with Exchange 2000
The test lab was built with four computers running Windows 2000 Server. One
server ran Exchange 2000 Server RC2 (build 4368) and the others ran
Windows 2000 services like domain controller, global catalog, and Domain Name
System (DNS).
The three client computers had the following products installed:
• Outlook 2000 (version 9.0.0.2711)
• Outlook 97 (version 8.04.5619)
• Outlook Web Access (with Microsoft Internet Explorer 5
• Outlook Express 5.0 (version 5.00.2919.67.00)
• Netscape Messenger 4.7
• Exchange Instant Messaging 2.0 (version 2.0.1002)
• Terminal Services client (32-bit version)
Client Network Traffic with Exchange 2000 9
The DNS root domain is called microsoft.com. The server, LONDON-03, manages
the DNS primary zone and allows dynamic updates. Every server has a static
Internet Protocol (IP) address and refers to the DNS to resolve names.
To avoid disturbing the tests and experiencing caching phenomena, the media
access control (MAC) and IP addresses are preloaded on the client computers. This
prevents Address Resolution Protocol (ARP) or DNS queries from being included
in the test results.
The network is an Ethernet 100–megabyte (MB) dedicated network.
10 Client
Network Traffic with Exchange 2000
The following table details the processor speed, memory, and software that runs on
each server.
The following table details the processor speed, memory, and software that runs on
each client computer.
These tests capture network traffic between a client and a server. Use only one
Exchange 2000 server for this set of tests.
Install the server in the default routing group as a custom setup, because Instant
Messaging Service is also installed.
The following screen shot summarizes the installed components on this server.
12 Client
Network Traffic with Exchange 2000
The messaging organization is Litware, Inc. (a fictional company), and the server
is in the default administration group, First Administrative Group. The mailbox
and public folder stores appear in the only storage group, First Storage Group. No
server options, mailbox store, or public folder store options have been changed; all
of the settings are defaults.
Create users in the default Windows 2000 organization unit as Users. The test
users have a mailbox, an e-mail address, and no password. Because Exchange
Instant Messaging demands a password, only Instant Messaging users have a
password.
For the tests, use the default client configuration defined by Setup. However, you
can alter some settings to reduce disruption in captures or to make the client
comparisons easier.
14 Client
Network Traffic with Exchange 2000
The folder list is enabled only for the tests on public folders.
The settings Send and receive messages at startup and When starting, go
directly to My Inbox folder will be described in each test.
The HTML format is embedded in Multipurpose Internet Mail Extensions
(MIME) format and encoded with Quoted Printable.
The Plain Text format is encoded as MIME with Quoted Printable.
The Post Office Protocol version 3 (POP3) and Internet Message Access
Protocol version 4 (IMAP4) accounts are created alternatively, so that the
client never supports more than one mailbox.
Client Network Traffic with Exchange 2000 15
• The POP3 and Simple Mail Transfer Protocol (SMTP) servers are LONDON-
04.
• The setting Log on using Secure Password Authentication is cleared.
• The setting Leave a copy of message on server is cleared.
Note Create the NNTP account only with the POP3 account.
IMAP4 allows native connection to public folders; POP3 does not
support native connection.
16 Client
Network Traffic with Exchange 2000
Create the POP3 and IMAP4 accounts alternatively so the client never
supports more than one mailbox. Netscape Messenger does not allow a POP3
account while there is an IMAP4 account; it does, however, allow multiple
IMAP4 accounts.
The default Terminal Services client parameters are illustrated in Figure 5. The
screen area is set to 800 x 600 pixels and the Enable data compression check
box is selected.
18 Client
Network Traffic with Exchange 2000
The network traffic captures were done with Microsoft Network Monitor 2.0
version 5.00.943, found in Microsoft System Management Server 2.0 Service
Pack 2.
Figure 6 : Network Monitor Capture Filter
A host file that contained all computer names and their IP address was also created
on each computer.
Each data capture was performed according to the following steps:
1. Start capture.
2. Perform the action to measure.
3. Wait until there is no more traffic.
4. Stop capture.
5. Save the capture.
6. Report results.
Client Network Traffic with Exchange 2000 19
Each capture was performed two or three times for results comparison and
consistency checks.
The test messages had the following characteristics.
• For all the tests, except the public folders tests:
• Messages of 1 kilobyte (KB), 2 KB, and 4 KB were created, their sizes
determined by the size appearing on Outlook 2000 when the messages were
sent using RTF. These messages were saved as .msg files and their size on
the hard drive was greater than when they were stored in the mailbox. On
the hard drive, sizes were 5 KB, 10 KB, and 20 KB, respectively. These
messages contained a few characters per row and many carriage returns
(message content impacts network traffic when the messages are converted
into HTML format). The font in each message was Arial. The font style was
regular, and the font size was 10 points.
These tests measure the network traffic generated by initial client connection and
validation on the Microsoft Exchange 2000 Server when users access their
mailboxes. Because each client is unique, the tests are partitioned to the following
four groups.
• MAPI clients: Microsoft Outlook 2000, Outlook 97
• Microsoft Outlook Express: POP3 and IMAP4 modes
• Netscape Messenger: POP3 and IMAP4 modes
• Web client: Microsoft Outlook Web Access
Log On
This test captured the traffic generated by initial client connection and validation
and that of Microsoft Exchange Server to the global catalog server and domain
controller. For MAPI clients (Outlook 2000 and Outlook 97), the traffic was
captured from when Outlook was launched until the traffic dissipated.
Log Off
This test captured the traffic resulting from a disconnection from the server.
• Whether the mailbox is new. Mailboxes created on a server are not formatted
for Outlook. When you connect with Outlook to a new mailbox, extra traffic is
generated to initialize the mailbox on the server-that is, to create system folders
(Calendar, Contacts, Drafts, Journal, Notes, Tasks) and system views. Only
Outlook 2000 creates a Drafts folder.
• Whether the MAPI profile is new. When a MAPI profile is new, extra traffic is
generated to initialize it with settings stored in the registry for domain names of
the resolved name, the mailbox servers, and public folder servers.
• Whether the preview pane view is on. Only Outlook 2000 has this feature. The
preview pane is activated by default. Although the preview pane view can be
added to Outlook 97, the tests described in this appendix did not include
Outlook 97 with the preview pane view.
• Whether default folder contains items. The item count in the default folder has
an impact on traffic. Captures were done with inboxes that contained 50 and then
100 unread items.
LOGOFF: Logoff
1. Close all Outlook windows except the main one.
2. Close Outlook by clicking File, and then click Exit and Log Off.
24 Client Network Traffic with Exchange 2000
Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Frames
LOGON1 164784 550 85546 289 79238 261 1904 19 83642 270 1472 14 77766 270
LOGON2 161218 529 83764 280 77454 249 1904 19 81860 261 1472 14 75982 261
LOGON3 56852 329 27068 177 29784 152 1904 19 25164 158 1472 14 28312 158
LOGON4 53576 311 25404 169 28172 142 1904 19 23500 150 1472 14 26700 150
LOGON5 24618 163 12246 93 12372 70 4034 40 8212 53 5036 30 7336 40
LOGON6 26314 163 12182 93 14132 70 4034 40 8148 53 5036 30 9096 40
LOGON7 27136 164 12182 93 14954 71 4034 40 8148 53 5036 30 9818 41
LOGON8 146482 522 73876 228 72606 294 1904 19 77608 209 1472 14 71134 180
LOGOFF 3460 33 1804 17 1656 16 508 6 1296 11 508 6 1148 10
183 Client Network Traffic with Exchange 2000
180 000
160 000
140 000
120 000
100 000
Bytes
80 000
60 000
40 000
20 000
0 Logon 1 Logon 2 Logon 3 Logon 4 Logon 5 Logon 6 Logon 7
Outlook 2000 164 784 161 218 56 852 53 576 24 618 26 314 27 136
Outlook 97 50 130 47 838 50 276 47 248 23 546 25 830 27 964
The measurements captured when running Outlook 2000 and Outlook 97 for the
first time are not comparable. The number and size of welcome messages and the
preview pane (only present in Outlook 2000) explains the difference.
The creation of a new profiles or new mailboxes generates more traffic. A new
profile generates 30 KB more traffic. The initialization of a new mailbox generates
3 KB more traffic. In daily use (where there is an existing mailbox and profile),
Outlook 2000 generates as much traffic (in bytes) as Outlook 97.
As more fields appear, such as previews of unread messages, network traffic
increases. The size of the message does not affect the traffic.
A close analysis of the data shows that Outlook 2000 contacts the closest global
catalog server, whereas Outlook 97 does not. Outlook 97 contacts the Exchange
server, which then sends the directory look-up requests to the global catalog server.
The global catalog server is contacted only during the logon process and during
address book-related queries.
Both versions of the Outlook clients generate equal network traffic when closing.
Outlook 2000 and Outlook 97 consume the same bandwidth during logon and
logoff.
LOGON2: Inbox, No message, “Send and receive message at startup” option enabled
1. Create a POP3 or IMAP4 account empty mailbox.
2. Select the option Send and receive messages at startup.
3. Select the option When starting, go directly to my ‘Inbox’ folder.
4. Run Outlook Express.
LOGON3, LOGON4, and LOGON5: Inbox, 1–KB, 5–KB, and 10–KB messages, “Send
and receive message at startup” option enabled
1. Create a POP3 or IMAP4 account empty mailbox.
2. Select the option Send and receive message at startup.
3. Select the option When starting, go directly to my Inbox folder.
4. Send 1–KB, 5–KB, and 10–KB messages.
5. Run Outlook Express.
LOGON6: Outlook Today, No message, “Send and receive message at startup” option
enabled
1. Create a POP3 or IMAP4 account empty mailbox.
2. Select the option Send and receive message at startup.
3. Clear the option When starting, go directly to my ‘Inbox’ folder.
4. Run Outlook Express.
LOGON7, LOGON8, LOGON9: Outlook Today, 1–KB, 5–KB, 10–KB messages, “Send
and receive message at startup” option enabled
1. Create a POP3 or IMAP4 account empty mailbox.
2. Select the option Send and receive message at startup.
3. Clear the option When starting, go directly to my ‘Inbox’ folder.
4. Send 1–KB, 5–KB, and 10–KB messages.
5. Run Outlook Express.
LOGOFF
1. Close all Outlook windows, except the main window.
2. Close Outlook by clicking File, then click Exit and Log Off.
When a POP3 account is defined, Netscape Messenger does not offer an option to
download new messages at startup. Therefore, no traffic occurs. No capture
occurred in POP3 mode.
When an IMAP4 account is defined, Netscape Messenger automatically checks for
new messages at startup.
For Netscape Messenger, the generated network traffic depends on the quantity,
size, and structure of the messages to be downloaded.
LOGOFF
1. Close all Netscape windows except the main one.
2. Close Netscape Messenger by pressing ALT+F4.
30 Client
Network Traffic with Exchange 2000
For Outlook Web Access, the traffic generated depends on the quantity, size, and
structure of the messages to be downloaded.
LOGON3, LOGON4, LOGON5: Inbox, 1–KB, 5–KB, and 10–KB new messages
1. Send 1–KB, 5–KB, and 10–KB messages.
2. Run Outlook Web Access (http://LONDON-04/exchange).
Client Network Traffic with Exchange 2000 31
LOGOFF
1. Run Outlook Web Access (http://LONDON-04/exchange).
2. Close all Outlook Web Access windows.
3. Close Explorer.
5. Directory Access
Exchange 2000 introduces a new way to resolve address names. With the Active
Directory directory service, Exchange 2000 refers address query resolution to the
closest global catalog server.
The MAPI clients supporting this direct access method to the global catalog server
are:
• Microsoft Outlook 2000 (any version).
• Microsoft Outlook 98 version 8.5.6204.0 and later. This includes the Outlook 98
Archive Patch, available for download from the Microsoft Web site at
http://www.microsoft.com.
With earlier MAPI clients, Exchange 2000 forwards queries to the global catalog
server. Exchange 2000 server communicates with the global catalog server on
behalf the MAPI client.
Earlier MAPI clients are:
• Microsoft Outlook 98 versions before 8.5.6204.0.
• Microsoft Outlook 97 (any version).
• Microsoft Exchange client (any version).
These tests measured the network traffic generated when users check addresses or
names and other kinds of access information to the address book. Because the
clients differ, the tests are adapted to the four groups:
• MAPI clients: Microsoft Outlook 2000, Outlook 97
• Microsoft Outlook Express: POP3 and IMAP4 mode
Client Network Traffic with Exchange 2000 33
The following concepts and their corresponding acronyms are referenced in this
section. The tests in this section are identified by the acronym that follows each
concept below.
Address Resolution (AR). When users check names or use automatic resolution
on a recipient.
Ambiguous Name Resolution (ANR). When a name is ambiguous, the user must
choose from a list of names. A Check Names action is performed before any ANR
tests to prevent excess traffic during initial access to the address book in the
Outlook session.
Address Lookup (AL). The address book dialog box appears when users click To
(or Cc, Bcc) in the Outlook client. The To button is clicked when addressing a
message to capture traffic resulting from users running MAPI queries of addresses
in the global address list (GAL).
Address Book View Lookup (ABVL). When users scroll through the GAL in the
address book.
Address Details (AD). When users ask for a GAL entry, or a name's properties.
For MAPI clients, the traffic generated when accessing the directory depends on
various parameters:
• Whether or not the mailbox is new When a new Outlook client has connected
to a mailbox, does the first resolution generate extra traffic?
• Whether or not a profile is new When a profile has not yet been used, does the
first resolution generate extra traffic?
• How address resolution is accomplished Resolution can occur automatically or
by clicking Check Names.
• Whether an address is ambiguous. When the name is ambiguous, many results
return. How does this affect network traffic? A non-abiguous name or alias returns
only one result.
• Whether the name has been resolved prior to this instance. It is possible to
track a cache optimization.
34 Client
Network Traffic with Exchange 2000
AR5: Automatic name checking, first time in the profile (first Outlook session)
1. Create a new profile.
2. Start Outlook.
3. Create a new message.
4. Enter a non-ambiguous alias.
5. Click in Subject.
ABVL1: Scroll down one page in Address Book, first time in the profile
1. Create a new profile.
2. Start Outlook.
3. Create a new message.
4. Click To.
5. Scroll down one page in the address list.
AD1: Check Properties on a name in the Address Book, first Outlook session
1. Start Outlook.
2. Create a new message.
3. Click To.
4. Select an address.
5. Click Properties.
AD3: Check Properties on a name in the Address Book, second Outlook session
This test preparation was performed after AD1.
1. Create a new message.
2. Click To.
3. Select an address.
4. Click Properties.
Client to
Received by Exchange 2000
Total Sent by Client Client to GC Exchange 2000 GC to Client
Client Server to Client
Server
Frame
Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Bytes Frames Bytes Frames
s
AR1 1016 3 322 2 694 1 0 0 322 2 0 0 694 1
AR2 1016 3 322 2 694 1 322 2 0 0 694 1 0 0
AR3 1016 3 322 2 694 1 322 2 0 0 694 1 0 0
AR4 0 0 0 0 0 0 0 0 0 0 0 0 0 0
172
AR5 3460 11 1724 7 1736 4 0 0 7 0 0 1736 4
4
AR6 3460 11 1724 7 1736 4 856 5 866 2 1490 3 246 1
AR7 2348 8 858 5 1490 3 858 5 0 0 1490 3 0 0
AR8 1332 5 536 3 796 2 536 3 0 0 796 2 0 0
ANR1 1556 5 632 3 924 2 632 3 0 0 924 2 0 0
ANR2 2586 6 632 3 1954 3 632 3 0 0 1954 3 0 0
ANR3 1556 5 632 3 924 2 632 3 0 0 924 2 0 0
ANR4 2716 8 922 5 1794 3 922 3 0 0 1794 5 0 0
ANR5 4178 9 922 5 3256 4 922 5 0 0 3256 4 0 0
ANR6 1728 7 750 4 978 3 750 4 0 0 976 3 0 0
AL1 3844 5 306 2 3538 3 0 0 306 2 0 0 3538 3
AL2 3844 5 306 2 3538 3 306 2 0 0 3538 3 0 0
AL3 3844 5 306 2 3538 3 306 2 0 0 3538 3 0 0
ABVL1 3306 5 366 3 2940 2 0 0 366 3 0 0 2940 2
ABVL2 3246 4 306 2 2940 2 306 2 0 0 2940 2 0 0
AD1 4796 8 516 4 4280 4 516 4 0 0 4280 4 0 0
AD2 5556 12 944 6 4612 6 944 6 0 0 4612 6 0 0
AD3 1032 3 306 2 726 1 306 2 0 0 726 1 0 0
AD4 1792 7 724 4 1058 3 734 4 0 0 1058 3 0 0
183 Client Network Traffic with Exchange 2000
4 500
4 000
3 500
3 000
2 500
Bytes
2 000
1 500
1 000
500
0 AR1 AR2 AR3 AR4 AR5 AR6 AR7 AR8
Outlook 2000 1 016 1 016 1 016 1 016 3 460 3 460 2 348 1 332
Outlook 97 1 016 1 016 1 016 1 016 4 044 2 435 2 380 1 364
AR1 = with button Check Names, 1st time in the profile (then 1st time in the session).
AR2 = with button Check Names, 1st time in that Outlook session.
AR3 = with button Check Names, 2nd time in that Outlook session.
AR4 = with button Check Names, name previously checked.
AR5 = automatic resolution, 1st time in the profile (then 1st time in the session).
AR6 = automatic resolution, 1st time in that Outlook session.
AR7 = automatic resolution, 2nd time in that Outlook session.
AR8 = automatic resolution, name previously checked.
4 500
4 000
3 500
3 000
2 500
Bytes
2 000
1 500
1 000
500
0 ANR1 ANR2 ANR3 ANR4 ANR5 ANR6
Graph 4 : Address Lookup, Address Book View Lookup, Address Details (comparative:
Outlook 2000, Outlook 97)
6 000
5 000
4 000
Bytes
3 000
2 000
1 000
Out look 2000 3 844 3 844 3 844 3 306 3 246 4 796 5 556 1 032 1 792
Out look 97 3 904 3 904 3 904 3 306 3 306 4 796 4 796 792 792
AL1 = with button To, 1st time in the profile (then 1st time in the session).
AL2 = with button To, 1st time in that Outlook session.
AL3 = with button To, 2nd time in that Outlook session.
ABVL1 = scroll down once, 1st time in the profile.
ABVL2 = scroll down once, 1st time in the session.
AD1 = double-click 1st time in Outlook session on a resolved address in Address Book.
AD2 = double-click 1st time in Outlook session on a resolved address in To Line.
AD3 = double-click 2nd time in Outlook session on a resolved address in Address Book
AD4 = double-click 2nd time in Outlook session on a resolved address in To Line.
A first analysis shows that Outlook 2000 queries the global catalog server only to
resolve names. Only upon the second launch of Outlook 2000 (using the profile) is
the global catalog server queried. When a new profile is used, the GAL name is not
known, so Outlook cannot resolve it. It is during profile initialization (the first log
on) that Exchange 2000 gives the client the GAL name. Outlook 2000 stores this
name in its profile in a registry entry:
Upon the second launch, every initial name resolution (manual or automatic) in the
Outlook 2000 session generates traffic with the Exchange server and the global
catalog server. Subsequent queries are sent directly to the global catalog server. The
Exchange 2000 server does not process any more name queries.
On the other hand, Outlook 97 communicates only with the Exchange 2000 server,
which functions like a proxy server between the global catalog server and
Outlook 97.
Outlook 2000 caches all resolved names during the session. This cache is only
written or read when users click Check Names (or CTRL+K). The automatic
resolution does not use cache; it uses the global catalog. The automatic resolution
always contacts the Exchange 2000 server and the global catalog server during the
first resolution in the session.
The ambiguous-name resolution generates the same amount of traffic on
Outlook 97 and Outlook 2000. ANR always generates the same levels of traffic
with Check Names, but it generates less traffic when using automatic resolution on
a resolved name.
The traffic generated when the global address list is displayed in the address book
does not depend on the number of entries. The initial traffic only depends on the
visible entries on the first page.
In Outlook 2000, viewing address details from the To box generates 70 percent
more bytes than viewing details from the address book. In Outlook 97, both
methods generate the same amount of traffic. An initialization phase occurs when
viewing details during the first Outlook session, because the details form design
downloads. Showing other tabs during the first Outlook session also generates
extra traffic.
Generally, both versions of Outlook generate about the same amount of traffic. The
difference is in how the traffic is spread out. Outlook 2000 directly queries the
global catalog server for all address book-related actions; this consumes fewer
CPU cycles on the Exchange 2000 server.
Outlook Express can resolve names with LDAP. Because LDAP is a protocol used
for accessing directories, it is independent of the mailbox access protocols. You
will need to create an LDAP account. It is not necessary to perform tests with
POP3 and IMAP4. There is no difference between Check Names and Find
Address; the same LDAP query occurs.
Client Network Traffic with Exchange 2000 43
Analysis
These measurements allow us to quantify the traffic for find one person to 8 KB
per non-ambiguous name. Finding an ambiguous name generates logically more
traffic in bytes term.
The only way to resolve names in Outlook Web Access is to click Check Names
(CTRL+K is allowed). The automatic resolution functionality does not exist in
Outlook Web Access. Outlook Web Access does not perform resolved names
caching, so many of the tests for other clients are not useful because for Outlook
Web Access the tests always produce the same result. Outlook Web Access does
not provide addressbook lookup; you must find the name you are looking for. The
To and Cc and Bcc buttons display the same UI to find people.
These generic mail-item tests include the more common tasks performed by a
messaging client: sending, reading, modifying, and deleting messages, and opening
attachments.
The following list describes the general tasks that each e-mail client performed for
the tests.
• Send a 1 KB, 2 KB, and 4 KB item Send a mail message containing either
1 KB, 2 KB, or 4 KB of text. Include a simple subject indicating the contents of
the message. The recipient for the message is the current logged-on user. Send
messages as:
• RTF
• HTML
• Plain Text
• Send an item with a 10 KB, 50 KB, 100 KB, 500 KB, or 1,000 KB
attachment Send a mail message containing a 10 KB, 50 KB, 100 KB, 500 KB,
or 1,000 KB attachment, with no other text. Include a simple subject indicating the
contents of the message, such as “1 KB Attachment.” Send messages as:
• RTF
• HTML
• Plain Text
• Process delivery receipt Processed a 1–KB mail message sent with a read
receipt. The user double-clicks on the read receipt.
• Create subfolder Create a single subfolder in the Inbox folder.
SR1, SR2, SR3: Send an RTF message with 1 KB, 2 KB, or 4 KB of text
1. Open the x KB .msg file where x is 1 KB, 2 KB, or 4 KB.
2. Copy the text.
3. Create a new RTF mail message.
4. In the To box, enter a recipient other than yourself.
5. In the Subject box, enter a brief description of the test.
6. Paste the text in the message body.
7. Click Send.
SR4, SR5, SR6, SR7, SR8: Send an RTF message with 1 KB of text and an attachment
of 10 KB, 50 KB, 100 KB, 500 KB, or 1,000 KB.
1. Open the 1–KB .msg file.
2. Copy the text.
3. Create an RTF mail message.
4. In the To box, enter a recipient other than yourself.
5. In the Subject box, type R1–KBx where x is 0050, 0100, 0500, or 1000
(corresponding to the size of the attachment).
6. Paste the text in the message body.
7. Insert the corresponding attachment.
8. Click Send.
SH1, SH2, SH3: Send an HTML message with 1 KB, 2 KB, or 4 KB of text
1. Open the x KB .msg file where x is 1 KB, 2 KB, or 4 KB.
2. Copy the text.
48 Client
Network Traffic with Exchange 2000
SH4, SH5, SH6, SH7, SH8: Send an HTML message with 1 KB of text and an
attachment of 10 KB, 50 KB, 100 KB, 500 KB, or 1,000 KB.
1. Open the 1–KB .msg file.
2. Copy the text.
3. Create a new HTML mail message.
4. In the To box, enter a recipient other than yourself.
5. In the Subject box, type H1 KBx where x is 0010, 0050, 0100, 0500, or
1000 (corresponding to the size of the attachment).
6. Paste the text in the message body.
7. Insert the corresponding attachment.
8. Click Send.
SP1, SP2, SP3: Send a Plain Text message with 1 KB, 2 KB, or 4 KB of text.
1. Open the x–KB .msg file where x is 1 KB, 2 KB, or 4 KB.
2. Copy the text.
3. Create a new Plain Text mail message.
4. In the To box, enter a recipient other than yourself.
5. In the Subject box, type Px KB0000 where x is 1 KB, 2 KB, or 4 KB.
6. Paste the text in the message body.
7. Click Send.
SP4, SP5, SP6, SP7, SP8: Send a Plain Text message with 1 KB of text and an
attachment of 10 KB, 50 KB, 100 KB, 500 KB, or 1,000 KB.
1. Open the 1KB .msg file.
2. Copy the text.
3. Create a new Plain Text mail message.
4. In the To box, enter a recipient other than yourself.
5. In the Subject box, type P1 KBx where x is 0050, 0100, 0500, or 1000
(corresponding to the size of the attachment).
6. Paste the text in the message body.
7. Insert the corresponding attachment.
8. Click Send.
RR1, RR2, RR3: Open an RTF message with 1 KB, 2 KB, or 4 KB of text
1. Open the RTF message Rx KB0000 where x is 1 KB, 2 KB, or 4 KB.
Client Network Traffic with Exchange 2000 49
RH1, RH2, RH3: Open an HTML message with 1 KB, 2 KB, or 4 KB of text
1. Open the HTML message Hx KB0000 where x is 1 KB, 2 KB, or 4 KB.
RP1, RP2, RP3: Open a Plain Text message with 1 KB, 2 KB, or 4 KB of text
1. Open the Plain Text message Px KB0000 where x is 1 KB, 2 KB, or 4 KB.
RP4: Open a Plain Text message with 1 KB of text and an attachment of 10 KB.
1. Open the Plain Text message P1 KB0010 and open the attachment.
OR4, OR5, OR6, OR7, OR8: Open the 10–KB, 50–KB, 100–KB, 500–KB, and 1,000–KB
attachments in the 1–KB RTF messages.
1. Open the RTF message R1 KB0010 without opening the attachment.
2. Open the attachment.
OH4, OH5, OH6, OH7, OH8: Open the 10–KB, 50–KB, 100–KB, 500–KB, and 1,000–KB
attachment in the 1–KB HTML message.
1. Open the HTML message H1 KB0010 without opening the attachment.
2. Open the attachment.
OP4, OP5, OP6, OP7, OP8: Open the 10–KB, 50–KB, 100–KB, 500–KB, and 1,000–KB
attachments in the 1–KB Plain Text messages.
1. Open the Plain Text message, P1 KB0010, without opening the attachment.
2. Open the attachment.
DI2: Empty Deleted Items containing one 1–KB message with one 1,000–KB
attachment
1. Put one 1–KB message containing one 1,000–KB attachment in the Deleted
Items folder.
2. Empty the Deleted Items folder.
DI4: Empty Deleted Items containing ten 1–KB messages with one 1,000–KB
attachment each
1. Put ten 1–KB messages each containing a 1,000–KB attachment in the
Deleted Items folder.
2. Empty the Deleted Items folder.
With Outlook 2000, an attachment is loaded onto the server as soon as it is inserted
in the message. When an attachment is inserted in a message before the user
composes the message, the attachment has more time to load on the server and,
when the user clicks Send, the time before the message is sent is reduced.
This functionality is dependant attachment size. A 50–KB attachment immediately
uploads during composition, while 10–KB attachments upload only when the user
clicks Send.
The amount of traffic generated when a new folder is created depends on the
number of folders in the mailbox. In these tests, the capture occurred with standard
Outlook folders. Every new folder adds about 100 bytes in generated traffic.
The deletion (tests D1, D2) of items moves the items to the Deleted Items folder.
Graph 5 : Generic Mail Item / Outlook 2000 - Send item without attachment
(comparative: RTF, HTML, Plain Text)
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
0 1K 2K 4K
1 200 000
1 000 000
800 000
Bytes
600 000
400 000
200 000
0
1K t ext w / 10 K 1K t ext w / 1K t ext w / 1K t ext w / 1K t ext w /
O f f ice 50 K O f f ice 10 0 K Of f ice 50 0 K O f f ice 10 0 0 K O f f ice
at t achment at t achment at t achment at t achment at t achment
The size difference between message types is mainly due to attachment size. There
is no preferred format in which to send an attachment, because attachment
conversion does not affect the message size: 1 MB stays at about 1 MB after
conversion. The size difference between formats is due to the 1 KB of converted
text.
Client Network Traffic with Exchange 2000 55
Graph 7 : Generic Mail Item / Outlook 2000 - Read item without attachment
(comparative: RTF, HTML, Plain Text)
70 000
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
0
1K message with no 2K message with no 4K message with no
attachment attachment attachment
The analysis is the same than the one for sending messages: HTML is the heaviest
format, RTF is the lightest one.
Graph 8: Generic Mail Item / Outlook 2000 - Open and Read a 1K message with an
attachment (comparative: RTF, HTML, Plain Text)
1 200 000
1 000 000
800 000
Bytes
600 000
400 000
200 000
0 1K t ext w/
1K t ext w/ 10K 1K t ext w/ 50K 1K t ext w/ 100K 1K t ext w/ 500K
1000K
The analysis is the same than the one for sending messages with attachments: no
preferred format. As Outlook 2000 does not download the attachment when
opening such message, these tests include opening attachments. Otherwise, we
would have the same results whatever the attachment size.
56 Client
Network Traffic with Exchange 2000
Outlook 97 can only send RTF messages. The Deleting an item option means that
messages are moved to the Deleted Items folder. The act of emptying the Deleted
Items folder makes no impact on network traffic, whether or not messages have
attachments.
By default, the Save copy of sent message in the Sent Items Folder option is
selected. This option causes the message to be sent twice. When you clear it, you
can divide all sending operations by two.
When opening a message with attachments, the message and the attachments are
stored locally. If they are both read later, there is no more traffic. Netscape
Messenger generates traffic each time you want to read the attachment.
As soon as a message is received on the server, its header is sent to the client.
There is no need to generate a refresh.
Graph 9 : Generic Mail Item / Outlook Express / IMAP - Send item without attachment
(comparative: HTML, Plain Text)
140 000
120 000
100 000
80 000
Bytes
60 000
40 000
20 000
The conclusions are the same as those with Outlook 2000. There is a big difference
in message size between a message sent in HTLM format and a message sent in
Plain Text.
Client Network Traffic with Exchange 2000 61
Graph 10 : Generic Mail Item / Outlook Express / IMAP - Send item with attachment
(comparative: HTML, Plain Text)
3 500 000
3 000 000
2 500 000
2 000 000
Bytes
1 500 000
1 000 000
500 000
HTM L 63 793 184 331 332 972 1 523 040 3 009 231
Plain Text 45 710 166 267 315 138 1 505 086 2 991 219
The conclusions are the same ones done with Outlook 2000. The small gap
between formats is about the text format itself. There is no correlation between the
attachment’s size and the gap.
Graph 11 : Generic Mail Item / Outlook Express / IMAP - Read Item without
attachment (comparative: HTML, Plain Text)
70 000
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
Same analysis than the one for sending messages with none attachment.
62 Client
Network Traffic with Exchange 2000
Graph 12 : Generic Mail Item / Outlook Express / IMAP - Read item with attachment
(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K t ext w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K t ext w/
Off ice Off ice Off ice Of fice 1000K Of f ice
Same analysis than the one for sending messages with none attachment.
There is no refresh test in POP3 mode; the amount of network traffic is the same as
that for reading messages.
Graph 13 : Generic Mail Item / Outlook Express 5.01 / POP - Send item without
attachment (comparative: HTML, Plain Text)
70 000
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
HTML format consumes more bandwidth than Plain Text, even if the text has no
rich-text formatting.
Client Network Traffic with Exchange 2000 65
Graph 14 : Generic Mail Item / Outlook Express / POP - Send item with attachment
(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K text w/ 50K 1K text w/ 100K 1K text w/ 500K 1K text w/
Office Off ice Of fice Off ice 1000K Of fice
The difference between POP and HTML formats is mainly caused by the size of
attachments. There is no preferred format in which to send an attachment.
Attachment conversion does not change the amount of network traffic: 1 MB stays
at about 1 MB after conversion. The size difference between formats is due to the
1 KB of converted text.
Graph 15 : Generic Mail Item / Outlook Express 5.01 / POP - Read Item without
attachment (comparative: HTML, Plain Text)
70 000
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
Graph 16 : Generic Mail Item / Outlook Express 5.01 / POP - Read Item with
attachment (comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K t ext w/ 10K 1K t ext w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K text w/
Off ice Off ice Off ice Off ice 1000K Off ice
By default, Netscape Messenger stores sent items locally in the Sent folder.
Outlook Express stores sent items on a server folder. To ensure equal testing
conditions, the Netscape Sent folder was moved to the server.
Netscape Messenger does not download attachments with messages. Netscape
Messenger downloads only message bodies and then downloads the attachments
when users want access to them. The network traffic test captures at this point
included attachment download.
If a user closes the attachment and at a later point wants to access the attachment
again, Netscape Messenger downloads it again; it does not mark the attachment as
already available locally.
Graph 17 : Generic Mail Item / Netscape Messenger IMAP - Send item without
attachment (comparative: HTML, Plain Text)
50 000
40 000
30 000
Bytes
20 000
10 000
There is no gap between HTML and Plain Text using Netscape Message. It seems
to code the HTML text differently when it has no rich characters.
70 Client
Network Traffic with Exchange 2000
Graph 18 : Generic Mail Item / Netscape Messenger IMAP - Send item with
attachment (comparative: HTML, Plain Text)
3 500 000
3 000 000
2 500 000
2 000 000
Bytes
1 500 000
1 000 000
500 000
0 1K t ext w/ 10K 1K text w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K t ext w/ 1000K
Off ice Of fice Of fice Off ice Of fice
HTM L 43 162 165 118 315 643 1 520 309 3 024 199
Plain Text 43 219 165 115 315 698 1 520 064 3 023 951
Same analysis with or without attachment: no gap between format, when no rich
character is detected.
Graph 19 : Generic Mail Item / Netscape Messenger IMAP - Read item without
attachment (comparative: HTML, Plain Text)
70 000
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
Graph 20 : Generic Mail Item / Netscape Messenger IMAP - Read item with
attachment (comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K text w/ 50K 1K text w/ 100K 1K text w/ 500K 1K text w/
Office Office Office Office 1000K Office
Graph 21 : Generic Mail Item / Netscape Messenger POP - Send item without
attachment (comparative: HTML, Plain Text)
30 000
25 000
20 000
Bytes
15 000
10 000
5 000
1 600 000
1 400 000
1 200 000
Graph 23 : Generic Mail Item / Netscape Messenger POP - Read item without
attachment(comparative: HTML, Plain Text)
70 000
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
HTML messages consume more bandwidth than Plain Text messages, for both
Netscape Messenger and Outlook Express.
Client Network Traffic with Exchange 2000 75
Graph 24 : Generic Mail Item / Netscape Messenger POP - Read item without
attachment(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K text w/ 50K 1K text w/ 100K 1K text w/ 500K 1K text w/
Office Office Office Office 1000K Office
The difference in bandwith used to send these message types is mainly due to
attachment size. There is no preferred format in which to send attachments.
Attachment conversion does not significantly increase the difference.
For all the below tests, we use the default view which is “Messages” in Inbox.
MSG2: Attachments
1. In a blank new message, click Attachments.
SH4, 5, 6, 7, 8: Send a message with 1 KB of text and an attachment of 10, 50, 100,
500, and 1000 KB.
1. Open the x KB reference .txt file where x is 1 (2, 4).
2. Copy the text.
3. Create a new HTML mail message.
4. In the To field, enter a recipient other than yourself.
5. In the Subject field, enter H1 KBx where x is 0010 (0050, 0100, 0500,
1000).
6. Paste the text in the main message body.
7. Insert the corresponding attachment.
8. Click Send.
OH4, 5, 6, 7, 8: Open the 10 KB, 50 KB, 100 KB, 500 KB, and 1000 KB attachment in
the 1 KB message.
1. Open the message, H1 KB0010, without opening the attachment.
2. Open the attachment.
DI2: Empty Deleted Items containing one 1 KB message with one 1000 KB attachment
1. Put one 1 KB message containing one 1000 KB attachment in Deleted
Items folder.
2. Empty Deleted Items folder.
DI4: Empty Deleted Items containing ten 1 KB messages with one 1000 KB
attachment each
1. Put ten 1 KB messages each containing a 1000 KB attachment in Deleted
Items folder.
2. Click Empty Deleted Items Folder.
Showing the new message form generates traffic only the first time in the windows
profile. For any further new messages, no more traffic occurs. The network traffic
that occurs when you delete items in a folder depends on the number of items that
remain in the folder. When you delete items, the whole folder content is refreshed.
The fewer messages that remain, the less traffic is generated. But, more traffic is
generated when you delete the last item than when some items stay. Deleting does
not depend no item size.
Attachments are upload as soon as you click Attach in the Attachments dialog.
Clicking Attachments check names which generates more traffic if you already
filled a large text in the body. Attachments are download on demand.
It is more efficient to refresh your view with Check for new messages than with
Internet Explorer Refresh command (F5).
80 Client
Network Traffic with Exchange 2000
9 000
8 000
7 000
6 000
Bytes
5 000
4 000
3 000
2 000
1 000
0 1K wit h no att achment 2K wit h no att achment 4K wit h no att achment
Graph 26 : Generic Mail Item - Send item in RTF format with attachment
(comparative: Outlook 2000, Outlook 97)
1 200 000
1 000 000
800 000
Bytes
600 000
400 000
200 000
Out look 2000 21 192 65 272 120 792 564 422 1 118 554
Out look 97 35 106 85 004 120 352 564 102 1 118 234
In practice, there is – again - no difference between the two MAPI clients, even
if you send attachments or not.
Graph 27 : Generic Mail Item - Send item in HTML format without attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP / POP,
OWA)
140 000
120 000
100 000
80 000
Bytes
60 000
40 000
20 000
0 HTM L 1K message HTM L 2K message HTM L 4K message
Outlook Express is the most bandwidth consuming among all the tested clients
when messages are sent in HTML format.
IMAP clients consume more bandwidth than any other client—about twice the
traffic consumed by POP3 clients. Outlook Web Access generates the least network
traffic for HTML-formatted messages. Therefore, Outlook Web Access is the best
client for reading large text message.
82 Client
Network Traffic with Exchange 2000
Graph 28 : Generic Mail Item - Send item in HTML format with attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP / POP,
OWA)
3 500 000
3 000 000
2 500 000
Bytes
2 000 000
1 500 000
1 000 000
500 000
0 1K text w/ 1K text w/ 1K text w/ 1K text w/ 1K text w/
10K 50K 100K 500K 1000K
Outlook 2000 31 104 75 244 130 644 574 394 1 128 466
Outlook Express IMAP 63 793 184 331 332 972 1 523 040 3 009 231
Netscape IMAP 43 162 165 118 315 643 1 520 309 3 024 199
Outlook Express POP 32 857 93 126 166 506 762 390 1 505 455
Netscape POP 22 465 84 178 160 458 768 848 1 528 689
OWA 50 017 93 770 147 397 579 617 1 119 764
The difference between Outlook Express and the other clients is not so visible
because attachments create most of the traffic. The difference between IMAP and
POP clients is still there. MAPI clients and Outlook Web Access are very close;
they are the lowest consuming clients for HTML messages.
Graph 29 : Generic Mail Item - Send item in Plain Text format without attachment
(comparative : Outlook 2000, OExpress IMAP / POP, Netscape IMAP / POP)
60 000
50 000
40 000
Bytes
30 000
20 000
10 000
There is no bad client. The gap between IMAP and POP clients is clearly visible
(a two ratio). The MAPI client is the best one.
Client Network Traffic with Exchange 2000 83
Graph 30 : Generic Mail Item - Send item in Plain Text format with attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP / POP)
3 500 000
3 000 000
2 500 000
2 000 000
Bytes
1 500 000
1 000 000
500 000
0 1K text w/ 1K text w/ 1K text w/ 1K t ext w/ 1K t ext w/
10K 50K 100K 500K 1000K
Outlook 2000 21 120 65 316 120 748 564 498 1 118 630
Outlook Express IM AP 45 710 166 267 315 138 1 505 086 2 991 219
Netscape IM AP 43 219 165 115 315 698 1 520 064 3 023 951
Outlook Express POP 23 931 84 086 158 580 753 414 1 496 529
Netscape POP 22 581 84 173 160 332 768 784 1 528 628
The difference in network traffic between IMAP and POP clients is clearly visible.
The MAPI client is the lowest consumer of bandwidth.
Graph 31 : Generic Mail Item - Read item in RTF format without attachment
(comparative: Outlook 2000, Outlook 97)
9 000
8 000
7 000
6 000
Bytes
5 000
4 000
3 000
2 000
1 000
0 1K message 2K message 4K message
There is no difference between Outlook clients even for read or send messages.
84 Client
Network Traffic with Exchange 2000
Graph 32 : Generic Mail Item - Read and Open Item in RTF format with attachment
(comparative: Outlook 2000, Outlook 97)
1 200 000
1 000 000
800 000
Bytes
600 000
400 000
200 000
0 1K t ext w/ 10K 1K t ext w/ 50K 1K t ext w/ 100K 1K t ext w/ 500K 1K text w/ 1000K
Outlook 2000 21 948 66 890 122 308 566 608 1 121 334
Outlook 97 25 406 68 334 124 472 574 772 1 137 058
Graph 33 : Generic Mail Item - Read item in HTML format without attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP / POP,
OWA)
80 000
60 000
Bytes
40 000
20 000
Reading a HTML message is equal whatever the client, except for OWA, which
take more traffic for small message. Surprisingly, OWA is the best client for
reading large text message.
Client Network Traffic with Exchange 2000 85
Graph 34 : Generic Mail Item - Read and Open item in HTML format with attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP / POP,
OWA)
1 500 000
1 000 000
Bytes
500 000
Reading a HTML message with attachment is equal for IMAP and POP clients.
OWA and MAPI clients are the best. We find the same evolution for OWA than
in the previous chart: OWA is the best client for reading large messages.
Graph 35 : Generic Mail Item - Read item in Plain Text format without attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP / POP)
30 000
25 000
20 000
Bytes
15 000
10 000
5 000
Graph 36 : Generic Mail Item - Read and Open item in Plain Text format with
attachment (comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape
IMAP / POP)
1 500 000
1 000 000
Bytes
500 000
Out look 2000 21 980 66 922 122 340 566 640 1 121 366
Out look Express IM AP 22 355 82 107 155 902 746 802 1 484 499
Net scape IM AP 22 256 82 300 156 029 742 678 1 475 762
Out look Express POP 23 096 82 794 156 715 745 275 1 485 356
Net scape POP 22 657 82 114 155 495 742 495 1 475 556
When reading Plain Text messages with attachment, there is no gap between
clients, except for the MAPI client, which is the most bandwidth safe.
Client Network Traffic with Exchange 2000 87
The following list describes the general tasks that each mail client performed for
the tests
• Open calendar Initial view of the calendar, initiated by clicking the Calendar
icon.
• Open calendar appointment Initial view of a new appointment, initiated by
clicking New in the Calendar view.
• Add a calendar item Create a four-hour meeting in the Calendar (from 8 a.m. to
12 p.m. any day) using “Meeting” as the description.
• Modify a calendar item Move the above meeting to a new time slot (12 p.m. to
4 p.m.) on the same day; rename the meeting “Another Meeting”.
• Delete a calendar item Delete the above appointment.
• Open contacts Initial view of contacts, initiated by clicking the Contacts item.
• Open contact form Initial view of the Contact form, initiated by clicking New in
the Contact view.
• Add a contact item Create a contact with full name, company name, two
telephone numbers, business address, and an e-mail address. Click Save and
Close.
• Modify a contact item Rename the contact.
• Delete a contact item Delete the contact created above.
• Open tasks Initial view of tasks, initiated by clicking the Tasks item.
88 Client
Network Traffic with Exchange 2000
• Open task form Initial view of the task form, initiated by clicking New in the
Task view.
• Add a task item Create a task called “Task”.
• Modify a task item Rename it to “Another task”. Click Save and Close.
• Delete a task item Delete the above task.
Received by
Total Sent by Client
Client
Received by
Total Sent by Client
Client
Received by
Total Sent by Client
Client
Received by
Total Sent by Client
Client
40000
35000
30000
25000
Bytes
20000
15000
10000
5000
0 Open calendar Modify a calendar Delete a calendar
Add a calendar item
folder item item
Outlook 2000 4518 7498 6278 6938
Outlook 97 1552 7472 5798 5830
OWA 35888 15296 39127 12445
Calendar actions are very similar with both MAPI clients, except when opening the
calendar folder where Outlook 2000 has more features than Outlook 97. Outlook
Web Access is more bandwidth–consuming. This delta is visible when displaying
folder or opening item. Outlook Web Access downloads blank new form (message,
appointment, contact) only once in the windows profile; then it caches it in the
Internet Explorer cache folder. Further requests do not create additional traffic. It is
very similar to MAPI clients which get the form design from locally-stored
templates.
Graph 38 : Contact actions (comparative : Outlook 2000, Outlook 97, OWA)
35000
30000
25000
20000
Bytes
15000
10000
5000
0 Open calendar Modify a calendar Delete a calendar
Add a calendar item
folder item item
Outlook 2000 1124 3228 5474 1964
Outlook 97 632 4824 5422 1284
OWA 21898 7120 32102 12009
Client Network Traffic with Exchange 2000 93
5000
4000
3000
Bytes
2000
1000
Outlook 2000 and Outlook 97 are equivalent in tasks operations and related
network consumption.
94 Client
Network Traffic with Exchange 2000
8. Public Folders
The public folder tests provide traffic measurements generated by public folders.
They include MAPI and NNTP access. The tests were performed on the following
clients.
• Microsoft Outlook 2000
• Microsoft Outlook 97
• Microsoft Outlook Express 5.0 (with an NNTP account)
• Netscape Messenger 4.7 (with an NNTP account)
• Microsoft Outlook Web Access
For MAPI-client testing, mail was not sent to a public folder’ instead, the New Post
form was used.
The following list describes the general tasks that each mail client performed for
the tests.
• Connection When the user clicks Public Folders, an initial connection occurs
with the associated public folders server.
• Hierarchy listing When the user double-clicks All Public Folders, the hierarchy
of public folders, within the given organization appears.
• Post an item x KB (1 KB, 2 KB, 4 KB) Post a message containing x KB of text.
Include a simple subject indicating the contents of the message, such as “x KB of
text.” Create posts using the following formats.
• RTF
• HTML
• Plain Text
• Post an item with attachment of x KB (10 KB, 50 KB, 100 KB, 500 KB,
1,000 KB) Post a message containing an x KB attachment with no other text.
Include a simple subject indicating the contents of the message, such as “x KB
Attachment”. Create posts using the following formats.
• RTF
Client Network Traffic with Exchange 2000 95
• HTML
• Plain Text
• Read an item: x KB (with or without attachment) Open the items posted in the
previous two tests.
• Open the attachment within items Open the attachments posted in the earlier
test.
• Delete an item with or without attachment Delete the items posted in the
earlier test.
The test steps are identical to the tests for generic mail items.
In addition, the following tests were also run.
CNX1: Connection, first Outlook session
1. Start Outlook.
2. Show Folder view.
3. Double-click Public Folders.
PF1, PF5, PF10: Open All Public Folders, with 1, 5, or 10 public folder(s), first Outlook
session
1. Start Outlook.
2. Show Folder view.
3. Double-click Public Folders.
4. Double-click All Public Folders containing 1, 5, or 10 public folder(s).
PF2, PF6, PF11: Open All Public Folders, with 1, 5, or 10 public folders, second
Outlook session
1. Start Outlook.
2. Show Folder view.
3. Double-click Public Folders.
4. Double-click All Public Folders containing 1, 5, or 10 public folder(s).
PF1, PF5, PF10: Refresh Newsgroups List, with 1, 5, or 10 public folders, first client
session
1. Start the NNTP client.
2. Right-click the newsgroups server, and then choose Newsgroups.
3. Refresh the newsgroups list (In Outlook Express, click Reset List).
PF2, PF6, PF11: Open All Public Folders, with 1, 5, or 10 public folders, second client
session
This test was run after the PF1, PF5, and PF10 test.
1. Right-click the newsgroups server, and then choose Newsgroups.
2. Refresh the newsgroups list (In Outlook Express, click Reset List).
After the initial connection from the Outlook client to the Public Folder server,
each subsequent connection (in the same MAPI session) generated traffic. Clicking
Public Folders does not generate traffic based on the total number of public
folders. Instead, the traffic generated is dependent on the number of folders within
the Favorites folder. The status of the folders in the Favorites folder updates to
reflect the number of unread messages.
Clicking All Public Folders generates traffic based on the number of first-level
folders; sub folders do not generate traffic at this point. The first connection to All
Public Folders generates more traffic than subsequent connections, and these only
check for changes within the hierarchy.
For generic mail items, deleting a publication item is not effected by the message
size; rather, traffic levels rely on the existence of attachments. The traffic is equal
to one or many attachments.
Graph 40 : Public Folder / Outlook 2000 - Send Item without attachment
(comparative: RTF, HTML, Plain Text)
8 000
7 000
6 000
5 000
Bytes
4 000
3 000
2 000
1 000
0 1K message 2K message 4K message
HTML posts are larger than any other formats. In HTML tests, the text used was
not the same as in the generic mail item tests; instead, text from Readme files were
used. HTML text conversion depends on the form of the text format: the more line
breaks, the bigger the converted text.
Client Network Traffic with Exchange 2000 101
Graph 41 : Public Folder / Outlook 2000 - Send Item with attachment (comparative:
RTF, HTML, Plain Text)
1 200 000
1 000 000
800 000
Bytes
600 000
400 000
200 000
Message text formats do not impact network traffic when attachments are inserted.
The small difference with 100 KB in HTML can be due to an upload, which begins
when a message posts.
12 000
10 000
8 000
Bytes
6 000
4 000
2 000
Graph 43 : Public Folder / Outlook 2000 - Read item with attachment (comparative:
RTF, HTML, Plain Text)
1 200 000
1 000 000
800 000
Bytes
600 000
400 000
200 000
In general, less traffic is generated after the initial connection. During the initial
connection, the client requests and receives appropriate permissions, connects to
the NNTP server, and downloads the newsgroups list. The client keeps the list in a
local cache. In Outlook Express, the newsgroup list only shows the newsgroup
name and its description.
Graph 44 : Public Folder / Outlook Express / NNTP - Send Item without
attachment(comparative: HTML, Plain Text)
16 000
14 000
12 000
10 000
Bytes
8 000
6 000
4 000
2 000
0 1K message 2K message 4K message
HTML publications are still larger than Plain Text publications; however, sending
attachments is not format–sensitive.
108
Client Network Traffic with Exchange 2000
Graph 45 : Public Folder / Outlook Express / NNTP - Send Item with attachment
(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K t ext w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K t ext w/
Off ice Off ice Off ice Of fice 1000K Of f ice
The small gap is due to the 1KB text conversion. Sending attachments is not format
sensitive.
14 000
12 000
10 000
8 000
Bytes
6 000
4 000
2 000
Graph 47 : Public Folder / Outlook Express / NNTP - Read Item with attachment
(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K t ext w/ 10K 1K text w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K t ext w/ 1000K
Off ice Of fice Of fice Off ice Of fice
Usually, less traffic is generated after the initial connection. During the initial
connection, the client requests and receives appropriate permissions, connects to
the NNTP server, and downloads the newsgroups list. The client keeps the list in a
local cache. With Netscape Messenger, the list shows the newsgroup name, its
description, and the number of unread posts. This explains the difference in
network traffic consumed by Outlook Express and Netscape.
Graph 48 : Public Folder / Netscape Messenger / NNTP - Send item without
attachment (comparative: HTML, Plain Text)
8 000
7 000
6 000
5 000
Bytes
4 000
3 000
2 000
1 000
0 1K message 2K message 4K message
The gap is still there and lesser than the observed gap with Outlook Express.
Client Network Traffic with Exchange 2000 113
Graph 49 : Public Folder / Netscape Messenger / NNTP - Send item with attachment
(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K t ext w/ 10K 1K t ext w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K t ext w/
Off ice Off ice Of fice Off ice 1000K Of fice
The small gap is due to the 1KB text conversion. Sending attachments is not format
sensitive.
8 000
7 000
6 000
5 000
Bytes
4 000
3 000
2 000
1 000
0 1K message 2K message 4K message
The gap is still there and lesser than the observed gap with Outlook Express.
114
Client Network Traffic with Exchange 2000
Graph 51 : Public Folder / Netscape Messenger / NNTP - Send Item with attachment
(comparative: HTML, Plain Text)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K text w/ 50K 1K text w/ 100K 1K text w/ 500K 1K text w/ 1000K
Office Office Office Office Office
Public folders are available only via the Folders tab in the Outlook bar. The
concept of Favorites does not exist so there is no All Public Folders root folder ;
you have directly Public folders which contains all the public folders hierarchy.
The whole hierarchy (first level of Public Folders) is downloaded when the user
clicks the Folders tab in the Outlook bar. Thus, no further traffic is generated when
the user opens the public folders tree or show the Folders tab (you need to refresh
the URL via Internet Explorer to refresh the hierarchy).
Deleting an public folder item is similar to delete message item.
Once connection and hierarchy listings have been established, less traffic occurs
during similar queries in the same session.
Graph 52 : Public Folder- Send item in HTML format without attachment
(comparative : Outlook Express, Netscape)
16 000
14 000
12 000
10 000
Bytes
8 000
6 000
4 000
2 000
0 1K message 2K message 4K message
Outlook Express generates more traffic than Netscape Messenger in posting HTML
publications, regardless of the size of the messages being handled. However, there
is a small difference in network traffic generated by Outlook Express and Netscape
for posting HTML publications with attachments. Outlook Express needs, on
average, 2 KB more bandwidth than Netscape to get a publication with an
attachment.
Graph 53 : Public Folder- Send item in HTML format with attachment (comparative :
Outlook Express, Netscape)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K t ext w/ 10K 1K text w/ 50K 1K text w/ 100K 1K text w/ 500K 1K t ext w/ 1000K
Off ice Off ice Office Office Office
Outlook Express 20 002 80 363 154 802 750 406 1 494 197
Netscape 17 506 78 809 154 104 753 963 1 503 071
Very small gap between Outlook Express and Netscape in posting HTML
publications with attachment.
Graph 54 : Public Folder- Send item in Plain Text format without attachment
(comparative : Outlook Express, Netscape)
7 000
6 000
5 000
4 000
Bytes
3 000
2 000
1 000
Smaller gap between Outlook Express and Netscape in posting Plain Text
publications with no attachment.
Graph 55 : Public Folder- Send item in Plain Text format with attachment
(comparative: Outlook Express, Netscape)
1 600 000
1 400 000
1 200 000
Bytes 1 000 000
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K text w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K text w/ 1000K
Office Off ice Of fice Office Off ice
Outlook Express 17 297 80 363 155 249 764 598 1 527 879
Netscape 25 589 78 278 153 629 753 162 1 496 601
Very small gap between Outlook Express and Netscape in posting Plain Text
publications with attachment.
14 000
12 000
10 000
8 000
Bytes
6 000
4 000
2 000
Whatever the size, Outlook Express generates more traffic than Netscape
Messenger in reading HTML publications.
118
Client Network Traffic with Exchange 2000
Graph 57 : Public Folder- Read item in HTML format with attachment (comparative:
Outlook Express, Netscape)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K text w/ 10K 1K text w/ 50K 1K text w/ 100K 1K text w/ 500K 1K text w/
Office Office Office Office 1000K Office
Outlook Express 18 957 79 315 153 883 748 149 1 496 056
Netscape 16 690 76 997 151 435 747 027 1 490 688
Public Folder- Read item in HTML format with attachment (comparative: Outlook
Express, Netscape)
Graph 58 : Public Folder- Read item in Plain Text format without attachment
(comparative: Outlook Express, Netscape)
6 000
5 000
4 000
Bytes
3 000
2 000
1 000
Graph 59 : Public Folder- Read item in Plain Text format with attachment
(comparative: Outlook Express, Netscape)
1 600 000
1 400 000
1 200 000
1 000 000
Bytes
800 000
600 000
400 000
200 000
0 1K t ext w/ 10K 1K text w/ 50K 1K t ext w/ 100K 1K text w/ 500K 1K t ext w/ 1000K
Off ice Of fice Of fice Off ice Off ice
Out look Express 16 246 77 906 154 336 764 657 1 526 516
Net scape 16 364 76 629 151 067 746 545 1 490 206
9.1. Introduction
The Terminal Services client sends keystrokes and mouse movements to the server.
For that reason, the tests provide differing results because it is impossible to ensure
exact mouse movements. These tests were performed by moving the mouse very
carefully, generating as little additional traffic as possible. The traffic captured in
these tests is only that between the client and the Terminal server. During a
Terminal Services session, no traffic occurs between the Terminal client computer
and the Exchange server.
The following tests were performed.
Connect
Captures the traffic generated by initial connection to the server. The capture was
stopped when the logon dialog box appeared.
CONNECT: open a Terminal Services session
1. Start Terminal Services client
2. Click Connect.
TS Logon
Captures the traffic generated by opening a session on the server. The test stopped
when the desktop appeared.
TSLOGON: open a session on the Terminal server
1. Enter user name and password.
2. Press ENTER.
TS Logoff
Captures the traffic resulting from closing a session on the server.
TSLOGOFF: close the Terminal Services session
1. Quit all running applications.
2. Click Start, click Shutdown.
3. In the Shut down Windows box, select Log off current_user.
Outlook Logon
Captures the traffic generated by opening an Outlook session on the Terminal
server. The Outlook preview pane is open.
LOGON1: open Outlook containing no messages
1. Create a profile in an empty mailbox.
2. Double-click Outlook icon on the desktop.
122
Client Network Traffic with Exchange 2000
Outlook Logoff
Captures the traffic resulting from closing the Outlook session.
LOGOFF: logoff Outlook
1. Close all Outlook windows, except the main window.
2. Press ALT+F4.
Messages actions
Captures the traffic resulting from the last step in each of the following tests.
MSG1: Open Inbox folder containing no messages
1. Open Outlook.
2. Open Deleted Items folder.
3. Click Inbox on the Outlook bar.
MSG6: Open Outlook Today containing one appointment and one task
1. Open Outlook.
2. Click Outlook Today on the Outlook bar.
Calendar actions
Captures the traffic resulting from the last step in each of the following tests.
CAL1: Open Calendar folder with no entry
1. Open Outlook.
2. Click Calendar on the Outlook bar.
Contacts actions
Captures the traffic resulting from the last step in each of the following tests.
CTC1: Open Contacts folder containing no entries
1. Open Outlook.
2. Click Contacts on the Outlook bar.
Tasks actions
Captures the traffic resulting from the last step in each following test.
TSK1: Open Tasks folder containing no entries
1. Open Outlook.
2. Click Tasks on the Outlook bar.
Notes actions
Captures the traffic resulting from the last step in each following test.
NOT1: Open Notes folder containing no entries
1. Open Outlook.
2. Click Notes on the Outlook bar.
Client to
Received by Client to TS TS Server to Exchange 2000
Total Sent by Client Exchange 2000
Client server Client Server to Client
Server
Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Frames Bytes Frames
Connect 18 024 69 4 795 33 13 229 36 4 795 33 0 0 13 229 36 0 0
Open TS session 13 812 46 1 321 18 12 491 28 1 321 18 0 0 12 491 28 0 0
Close TS session 13 910 79 3 569 38 10 341 41 2 200 29 1 369 9 9 074 34 1 307 7
183 Client Network Traffic with Exchange 2000
These tests were done with an 800 x 600 pixel resolution for the Terminal Services
session. Other captures were done on the tests “Connect” and “Open Terminal
Services session” with a lower resolution (640 x 480) and higher resolution (1024 x
768). These new captures had the same traffic volume (bytes and frames).
To reduce traffic during Terminal Services sessions, use keyboards shortcuts as
much as possible. Mouse events are sent based on a regular frequency and
increased network traffic. In addition, when configuring a Terminal Services
connection, select the option to enable data compression; this will also decrease
traffic.
Client Network Traffic with Exchange 2000 129
10.1. Introduction
The Microsoft Web Storage System is a database for messaging, collaboration, rich
document storage, and Web-enabled applications. The Web Storage System can be
accessed by a wide range of client software, including:
• Microsoft Outlook 97, Outlook 98, and
Outlook 2000 messaging and
collaboration clients
• Outlook Express and any e-mail or
newsgroup client that supports
SMTP/POP3, IMAP4, or NNTP
• Microsoft FrontPage
• Microsoft Office 2000
• Windows Explorer
• Web Folders (included with Internet
Explorer 5, Office 2000, and
Windows 2000)
• Any Web browser
• The MS-DOS prompt
• Any 32-bit application for Windows
Upon installation, the Web Storage System is mapped to the M drive on the
Exchange 2000 server, and accessed in the same way as the existing Windows file
system. The administrator can share this virtual drive to give access to users who
can then access their mailboxes and public folders as with any file server. You can
access through Uniform Naming Convention (UNC) or a mapped drive letter.
130
Client Network Traffic with Exchange 2000
Received by
Total Sent by Client
Client
Fram Frame Fram
Bytes Bytes Bytes
es s es
With UI via Tools/Map 7112 44 4502 24 2610 20
network drive
With command line NET USE 3768 18 2588 10 1180 8
Logoff 0 0 0 0 0 0
Client Network Traffic with Exchange 2000 131
Theuser traffic results are similar to the traffic generated when you work with a
standard shared directory on a file server. Exchange 2000 Server does not generate
network traffic; all processing is performed on the server.
If you compare the user traffic results with sending or opening such attachments
with a MAPI client, you will not see big difference. The Web Storage System is not
a particularly more or less efficient way to work with your mailbox; it is just a
convenient method for some users. It makes mailbox access easier because
Collaboration Data Objects (CDO) is not required. You can now run batch files on
your mailbox.
Client Network Traffic with Exchange 2000 133
11.1. Introduction
Instant Messaging consists of immediate, text-based messages that you can send to
other users on a computer network. Unlike e-mail messages, these messages post to
the other user’s screen, providing the basis for new forms of collaboration. Instant
Messaging has become a wide-scale communication phenomenon for Internet users
and is poised to play a significant role as a business tool for organizations of all
sizes. Exchange 2000 includes an Instant Messaging service built on a secure,
standards-oriented architecture ideally suited for both enterprise deployment and
deployments across the Internet for business-to-business communication. The
client software for instant messaging in Exchange 2000 is the MSN Messenger
client.
Presence information, closely related to Instant Messaging, enables one computer
user to see whether another user is logged onto a network, corporate LAN, or the
Internet. Exchange 2000 provides complete support for presence information.
• Busy
• Be right back
• Away
• On the phone
• Out to lunch
• Appear offline
134
Client Network Traffic with Exchange 2000
The traffic was tracked on the contact side, and on the user side (where the contact
is added).
• Send and receive messages This function is divided into three parts:
• Entering characters with keyboard
The Instant Messaging client generates network traffic when the status changes or
when messages are sent.
This section provides the basis of interactions between Exchange 2000 servers
within an organization. It covers these subjects:
• Network traffic between one front-end server and back-end servers
• Network traffic between two routing groups
• Network traffic between one Exchange 2000, Domain Controller and
Global Catalog.
The network traffic captures are done with Microsoft Network Monitor 2.0. It is
the version 5.00.943 available in the Microsoft System Management Server 2.0,
Service Pack 2. This version works fine under Windows 2000.
The BIRD06 server is set as a Front-End server. It will be used as mailbox server
for internet clients, even if the mailboxes are on one of the three other servers
(BIRD04, BIRD05, BIRD07): this is the front-end concept. You change a standard
server (back-end) to a front-end by checking the option « This is a front-end
server » option as shown below. After this change, you need to restart the services
W3SRV, POP and IMAP to apply changes.
To not disturb captures, we have made adjustments on Exchange 2000 settings and
registry keys.
The Exchange 2000 server query Active Directory on a Global Catalog to get
information.
Configuration information are get by requesting the AD of a domain controller
(DC). We can force the queried DC by setting the following registry entry :
You can also force the server used to get Address Book information. In that case, a GC
is used. You can set the GC name in the following registry entry :
144
Client Network Traffic with Exchange 2000
By default, Directory Access has a cache to keep last resolved information. This cache
allows to not stress the GC by always query it for the same information (sender,
recipients). The default lifetime is 10 minutes. The 2 following registry entries allow to
enable or disable the cache and to set the lifetime.
Last but not least, many process are running inside a Exchange 2000 to insure that
information is up to date. The « Recipient Update Service » is one of them. Its function
is to keep Address Lists up to date. By default, its schedule to run is set to « Always ».
Because, we do not create/remove users, we set the frequency to “Never” in the lab. We
need to set this value for both the Enterprise Configuration and for the Organization
level (Global Address List).
Client Network Traffic with Exchange 2000 145
Here are the frames which are generated by sending this message :
The client initializes the TCP connection with the front-end server on port 25
(SMTP)
1 11.576646 BIRD08 Clt BIRD06 FE X2000 TCP ....S., len: 0, seq:2361275243-2361275243, ack BIRD08 Clt
BIRD06 FE IP
2 11.576646 BIRD06 FE X2000 BIRD08 Clt TCP .A..S., len: 0, seq:1769021499-1769021499, ack BIRD06
FE BIRD08 Clt IP
3 11.576646 BIRD08 Clt BIRD06 FE X2000 TCP .A...., len: 0, seq:2361275244-2361275244, ack BIRD08 Clt
BIRD06 FE IP
The SMTP service on the front-end server responds. The SMTP dialog can
begin
4 11.576646 BIRD06 FE X2000 BIRD08 Clt SMTP Rsp: Service ready, 116 bytes BIRD06 FE
BIRD08 Clt IP
Client Network Traffic with Exchange 2000 147
The TCP connection is closed between the client and the front-end server
19 11.716848 BIRD06 FE X2000 BIRD08 Clt TCP .A...F, len: 0, seq:1769021919-1769021919, ack
BIRD06 FE BIRD08 Clt IP
20 11.716848 BIRD08 Clt BIRD06 FE X2000 TCP .A...., len: 0, seq:2361276536-2361276536, ack
BIRD08 Clt BIRD06 FE IP
21 11.716848 BIRD08 Clt BIRD06 FE X2000 TCP .A...F, len: 0, seq:2361276536-2361276536, ack
BIRD08 Clt BIRD06 FE IP
22 11.716848 BIRD06 FE X2000 BIRD08 Clt TCP .A...., len: 0, seq:1769021920-1769021920, ack
BIRD06 FE BIRD08 Clt IP
148
Client Network Traffic with Exchange 2000
The front-end server sends a LDAP query to BIRD01 (GC) on port 3268
(specific GC port)
23 11.716848 BIRD06 FE X2000 BIRD01 GC LDAP ProtocolOp: SearchRequest (3) BIRD06 FE
BIRD01 IP
+ Frame: Base frame properties
+ ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
+ IP: ID = 0x65AE; Proto = TCP; Len: 1326
+ TCP: .AP..., len: 1286, seq:1730121002-1730122288, ack: 33021289, win:16762, src: 1882
dst: 3268
+ LDAP: ProtocolOp: SearchRequest (3)
SMTP service on back-end server responds. The SMTP dialog can begin
35 12.708273 BIRD04 BE X2000 BIRD06 FE X2000 SMTP Rsp: Service ready, 116 bytes BIRD04 BE
X2000 BIRD06 FE IP
The TCP connection is closed between the front-end and the back-end server
54 12.918576 BIRD06 FE X2000 BIRD04 BE X2000 TCP .A...F, len: 0, seq:1769384832-1769384832, ack
BIRD06 FE BIRD04 BE X2000 IP
55 12.918576 BIRD04 BE X2000 BIRD06 FE X2000 TCP .A...F, len: 0, seq:1840746234-1840746234, ack
BIRD04 BE X2000 BIRD06 FE IP
56 12.918576 BIRD04 BE X2000 BIRD06 FE X2000 TCP .A...., len: 0, seq:1840746235-1840746235, ack
BIRD04 BE X2000 BIRD06 FE IP
57 12.918576 BIRD06 FE X2000 BIRD04 BE X2000 TCP .A...., len: 0, seq:1769384833-1769384833, ack
BIRD06 FE BIRD04 BE X2000 IP
150
Client Network Traffic with Exchange 2000
The following drawing summarizes the chronology of exchanged frames between client,
front-end and back-end server.
Depends on message
body length
1 3 5 7 9 11 ... 16 17 20 21
BIRD08 BIRD06
Client 2 4 6 8 10 11 ... 16 18 19 22 Front-End
32 33
23 24
29 25 34 35
31 26
36 37
27
28 38 39
30
40 41
42 43
BIRD01
GC
44 45
...
45
Depends on message 51
body length ...
51 53
52 55
54 56
57
BIRD04
Back-End
14.1.1. Analysis
An Internet client only communicates with the front-end server. The front-end server
send LDAP queries to GC to know who are the sender and recipient, and especially to
know where is the home server of the recipient. Then, it re-sends the SMTP frames, it
received, to the recipient home server. It acts as a router.
Client Network Traffic with Exchange 2000 151
If we enable “Save copy of sent messages in ‘Sent Items ‘folder”, the front-end server
send the message to the sender mailbox home server.
Here are the frames which are generated when getting information on mailbox folders
The client initializes the TCP connection with the front-end server on port 143
(IMAP)
1 3.795458 BIRD08 Clt BIRD06 FE X2000 TCP ....S., len: 0, seq:3572614102-3572614102, ack BIRD08 Clt
BIRD06 FE IP
2 3.795458 BIRD06 FE X2000 BIRD08 Clt TCP .A..S., len: 0, seq:2884848472-2884848472, ack BIRD06 FE
BIRD08 Clt IP
3 3.795458 BIRD08 Clt BIRD06 FE X2000 TCP .A...., len: 0, seq:3572614103-3572614103, ack BIRD08 Clt
BIRD06 FE IP
IMAP service on front-end server responds. The IMAP dialog can begin
4 3.795458 BIRD06 FE X2000 BIRD08 Clt TCP .AP..., len: 93, seq:2884848473-2884848566, ack BIRD06 FE
BIRD08 Clt IP
The client requests the listing of capabilities that the front-end server
supports
5 3.795458 BIRD08 Clt BIRD06 FE X2000 TCP .AP..., len: 17, seq:3572614103-3572614120, ack BIRD08 Clt
BIRD06 FE IP
152
Client Network Traffic with Exchange 2000
The front-end server initializes the TCP connection with BIRD01 (GC) on port
3268 (LDAP) and sends credentials (frames 8 to 14)
The front-end server sends a LDAP query to BIRD01 (GC)
15 3.805472 BIRD06 FE X2000 BIRD01 GC LDAP ProtocolOp: SearchRequest (3) BIRD06 FE BIRD01 IP
18 3.815486 BIRD01 GC BIRD06 FE X2000 TCP .AP..., len: 758, seq:1310880126-1310880884, ack BIRD01
BIRD06 FE IP
19 3.815486 BIRD06 FE X2000 BIRD01 GC TCP .A...., len: 0, seq:2884909188-2884909188, ack BIRD06 FE
BIRD01 IP
IMAP service on back-end server responds. The IMAP dialog can begin
23 3.815486 BIRD04 BE X2000 BIRD06 FE X2000 TCP .AP..., len: 93, seq:2950776391-2950776484, ack
BIRD04 BE X2000 BIRD06 FE IP
The front-end server requests the listing of capabilities that the back-end
server supports
24 3.825501 BIRD06 FE X2000 BIRD04 BE X2000 TCP .AP..., len: 14, seq:2884951767-2884951781, ack
BIRD06 FE BIRD04 BE X2000 IP
Client sends some frames to the front-end server to say it is in waiting state,
these frames are forwarded to back-end server and acknowledged through
the front-end server (frames 29 to 36)
Client asks for « Drafts » folder status via the front-end server
37 3.915630 BIRD08 Clt BIRD06 FE X2000 TCP .AP..., len: 40, seq:3572614160-3572614200, ack BIRD08 Clt
BIRD06 FE IP
38 3.915630 BIRD06 FE X2000 BIRD04 BE X2000 TCP .AP..., len: 38, seq:2884951819-2884951857, ack
BIRD06 FE BIRD04 BE X2000 IP
We see clearly in the capture that there is no message (MESSAGES 0), and no unread
messages (UNSEEN 0) in that folder
Client Network Traffic with Exchange 2000 155
Client sends some frames to the front-end server to say it is in waiting state,
these frames are forwarded to back-end server and acknowledged through
the front-end server (frames 41 to 48)
Client asks for « Inbox » folder status via the front-end server (frames 49 and
50)
49 3.935659 BIRD08 Clt BIRD06 FE X2000 TCP .AP..., len: 39, seq:3572614217-3572614256, ack BIRD08 Clt
BIRD06 FE IP
50 3.935659 BIRD06 FE X2000 BIRD04 BE X2000 TCP .AP..., len: 37, seq:2884951874-2884951911, ack
BIRD06 FE BIRD04 BE X2000 IP
We see in the capture that there is one message (MESSAGES 1) which is unread
(UNSEEN 1) in that folder.
Client sends some frames to the front-end server to say it is in waiting state,
these frames are forwarded to back-end server and acknowledged through
the front-end server (frames 53 to 60)
Client asks for « Sent Items » folder status via the front-end server (frames 61
and 62)
61 3.945674 BIRD08 Clt BIRD06 FE X2000 TCP .AP..., len: 44, seq:3572614273-3572614317, ack BIRD08 Clt
BIRD06 FE IP
62 3.945674 BIRD06 FE X2000 BIRD04 BE X2000 TCP .AP..., len: 44, seq:2884951928-2884951972, ack
BIRD06 FE BIRD04 BE X2000 IP
We see in the capture that there are 30 read message (MESSAGES 30 UNSEEN 0) in
that folder.
Client sends some frames to the front-end server to say it is in waiting state,
these frames are forwarded to back-end server and acknowledged through
the front-end server (frames 65 to 68)
Frames 69 to 75 are closing connections between Client and FE, and FE and
BE
Now, the first part of client refresh is over. IMAP folders are up to date.
The next part is the downloading of new messages. It is not described because its logical
path is very similar to the first part:
• Opens connection,
• Asks capacities
• Authentication
• Downloads messages
• Disconnection
This phase operates also like above : all client requests received by the front server are
forwarded to its back-end server and vice-versa. The front-end server acts as router also
with IMAP protocol.
Client Network Traffic with Exchange 2000 157
The following drawing summarizes the chronology of exchanged frames between client,
front-end and back-end server.
BIRD06
BIRD08 2 4 6 8 ... 14 28 29 ... 36 40 41 ... 48 52 53 ... 60 64 65 ... 68 Front-End
Client
20 21
22 23
15
24 25
19 16
17 26 27
18
38 39
50 51
62 63
BIRD01
GC 69 69
... ...
75 75
BIRD04
Back-End
14.2.1. Analysis
Operation mode with IMAP is closed from the one used with SMTP requests. The main
difference is that IMAP requests are immediately forwarded to the back-end server or to
the client via the front-end server. An IMAP client only communicates with the front-
end server. The front-end server send LDAP queries to GC to know where is the login
user mailbox home server. It acts as a IMAP router.
158
Client Network Traffic with Exchange 2000
Any clients using an Internet protocol (POP3, IMAP4, SMTP) can take advantages of a
front-end server.
MAPI clients cannot use these configuration ; they always contact their real mailbox
server.
A front-end server is designed as a router for internet protocols : it centralize client
access, forwarding their requests to the right back-end server. When a message is sent to
recipients who are not on the same Exchange box, the front-end sends the message to
each concerned mailbox home server. When a client makes a LDAP query to the front-
end server, the front-end server forward the query to the closest GC then forward reply
from GC to client.
As a front-end server acts as a protocol router, the whole traffic generated by a client is
forwarded to the back-end side (and vice-versa). There is no compression, neither
modifications.
You can create mailboxes on front-end servers. But, those mailboxes will only be
reachable with MAPI clients. Internet client cannot access to mailboxes located on a
front-end server.
Client Network Traffic with Exchange 2000 159
This part must provide us traffic analysis when sending messages through a routing
group connector. First of all, we will examine it in a front-end / back-end situation.
A Routing Group Connector is configured to link the two routing groups Paris and
Nantes. To make easier captures, we define bridgehead servers:
• On the PARIS Routing Group, the server BIRD04 is set to be the only server to
be able to send messages to the NANTES Routing Group.
The remote bridgehead server in NANTES Routing Group is BIRD07.
• On the NANTES Routing Group, the server BIRD07 is set to be the only
server to be able to send messages to the NANTES Routing Group.
The remote bridgehead server in PARIS Routing Group is BIRD04.
We comment below the network traffic which is generated by sending this message.
Note : some of frames do not appear in the numeric order because they were captured in
the same time. To comment accurately, we replace the frames in the real logical order.
The client initializes the TCP connection with the front-end server on port 25
(SMTP)
1 1.361958 BIRD08 Clt BIRD06 FE X2000 TCP ....S., len: 0, seq:1755925180-1755925180, ack BIRD08
Clt BIRD06 FE IP
2 1.361958 BIRD06 FE X2000 BIRD08 Clt TCP .A..S., len: 0, seq:1012320851-1012320851, ack
BIRD06 FE BIRD08 Clt IP
3 1.361958 BIRD08 Clt BIRD06 FE X2000 TCP .A...., len: 0, seq:1755925181-1755925181, ack BIRD08
Clt BIRD06 FE IP
The SMTP service on the front-end server responds. The SMTP dialog can
begin
4 1.361958 BIRD06 FE X2000 BIRD08 Clt SMTP Rsp: Service ready, 116 bytes BIRD06 FE
BIRD08 Clt IP
162
Client Network Traffic with Exchange 2000
The TCP connection is closed between the client and the front-end server
19 1.592290 BIRD06 FE X2000 BIRD08 Clt TCP .A...F, len: 0, seq:1012321271-1012321271, ack
BIRD06 FE BIRD08 Clt IP
20 1.592290 BIRD08 Clt BIRD06 FE X2000 TCP .A...., len: 0, seq:1755926426-1755926426, ack
BIRD08 Clt BIRD06 FE IP
21 1.592290 BIRD08 Clt BIRD06 FE X2000 TCP .A...F, len: 0, seq:1755926426-1755926426, ack
BIRD08 Clt BIRD06 FE IP
22 1.592290 BIRD06 FE X2000 BIRD08 Clt TCP .A...., len: 0, seq:1012321272-1012321272, ack
BIRD06 FE BIRD08 Clt IP
The front-end server sends a LDAP query to BIRD01 (GC) on port 3268
(specific GC port)
23 1.592290 BIRD06 FE X2000 BIRD01 GC LDAP ProtocolOp: SearchRequest (3) BIRD06 FE
BIRD01 IP
+ Frame: Base frame properties
+ ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
+ IP: ID = 0x858E; Proto = TCP; Len: 1326
+ TCP: .AP..., len: 1286, seq: 412539185-412540471, ack:3661302845, win:17520, src:21448
dst: 3268
+ LDAP: ProtocolOp: SearchRequest (3)
Client Network Traffic with Exchange 2000 163
SMTP service on local bridgehead server responds. The SMTP dialog can
begin
35 3.655256 BIRD04 BE X2000 BIRD06 FE X2000 SMTP Rsp: Service ready, 116 bytes BIRD04 BE
X2000 BIRD06 FE IP
38 3.655256 BIRD06 FE X2000 BIRD04 BE X2000 SMTP Data - continued from frame 36, 142 bytes
BIRD06 FE BIRD04 BE X2000 IP
39 3.655256 BIRD04 BE X2000 BIRD06 FE X2000 SMTP Rsp: Unknown response type, 68 bytes
BIRD04 BE X2000 BIRD06 FE IP
The TCP connection is closed between the front-end and the back-end server
54 3.815486 BIRD06 FE X2000 BIRD04 BE X2000 TCP .A...F, len: 0, seq:1013044439-1013044439, ack
BIRD06 FE BIRD04 BE X2000 IP
55 3.815486 BIRD04 BE X2000 BIRD06 FE X2000 TCP .A...F, len: 0, seq:3887739882-3887739882, ack
BIRD04 BE X2000 BIRD06 FE IP
56 3.815486 BIRD04 BE X2000 BIRD06 FE X2000 TCP .A...., len: 0, seq:3887739883-3887739883, ack
BIRD04 BE X2000 BIRD06 FE IP
57 3.815486 BIRD06 FE X2000 BIRD04 BE X2000 TCP .A...., len: 0, seq:1013044440-1013044440, ack
BIRD06 FE BIRD04 BE X2000 IP
58 5.798338 BIRD04 BE X2000 BIRD06 FE X2000 TCP .AP..., len: 89, seq:2964667342-2964667431, ack
BIRD04 BE X2000 BIRD06 FE IP
At this point the traffic is 100% equal to the traffic in above section (with recipient in
same routing group). We see that front-server contacts the local bridgehead server to
send a message to a recipient in a remote routing group.
The next part is to transfer the message from local bridgehead server (in RG Paris) to the
remote bridgehead server (in RG Nantes). It means from BIRD04 to BIRD07.
Client Network Traffic with Exchange 2000 165
The SMTP service on the remote bridgehead server responds. The SMTP
dialog can begin
62 5.808352 BIRD07 X2000 BIRD04 BE X2000 SMTP Rsp: Service ready, 116 bytes BIRD07 BE
BIRD04 BE X2000 IP
65 5.838395 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 63, 14 bytes
BIRD04 BE X2000 BIRD07 BE IP
67 5.838395 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 65, 1460 bytes
BIRD04 BE X2000 BIRD07 BE IP
68 5.838395 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 67, 322 bytes
BIRD04 BE X2000 BIRD07 BE IP
71 5.848410 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 68, 6 bytes
BIRD04 BE X2000 BIRD07 BE IP
73 5.848410 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 71, 142 bytes
BIRD04 BE X2000 BIRD07 BE IP
74 5.848410 BIRD07 X2000 BIRD04 BE X2000 SMTP Rsp: Unknown response type, 68 bytes
BIRD07 BE BIRD04 BE X2000 IP
The recipient name then the message body are sent to BIRD07
77 5.858424 BIRD04 BE X2000 BIRD07 X2000 SMTP Cmd: Recipient <test7@europe.com>, 28 bytes
BIRD04 BE X2000 BIRD07 BE IP
78 5.858424 BIRD07 X2000 BIRD04 BE X2000 SMTP Rsp: Requested mail action okay, completed, 29
by BIRD07 BE BIRD04 BE X2000 IP
80 5.858424 BIRD07 X2000 BIRD04 BE X2000 SMTP Rsp: Enter mail ..., 22 bytes BIRD07 BE
BIRD04 BE X2000 IP
79 5.858424 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 77, 15 bytes
BIRD04 BE X2000 BIRD07 BE IP
81 5.858424 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 79, 988 bytes
BIRD04 BE X2000 BIRD07 BE IP
83 5.858424 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 81, 16 bytes
BIRD04 BE X2000 BIRD07 BE IP
84 5.858424 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 83, 1460 bytes
BIRD04 BE X2000 BIRD07 BE IP
85 5.858424 BIRD04 BE X2000 BIRD07 X2000 SMTP Data - continued from frame 84, 80 bytes
BIRD04 BE X2000 BIRD07 BE IP
82 5.858424 BIRD07 X2000 BIRD04 BE X2000 SMTP Rsp: Requested mail action okay, completed, 16
by BIRD07 BE BIRD04 BE X2000 IP
86 5.858424 BIRD07 X2000 BIRD04 BE X2000 TCP .A...., len: 0, seq:2373516021-2373516021, ack
BIRD07 BE BIRD04 BE X2000 IP
BIRD07 acknowledges that the message is well received and is now queued
87 5.928525 BIRD07 X2000 BIRD04 BE X2000 SMTP Rsp: Requested mail action okay, completed, 81
by BIRD07 BE BIRD04 BE X2000 IP
91 5.938539 BIRD07 X2000 BIRD04 BE X2000 TCP .A...., len: 0, seq:2373516168-2373516168, ack
BIRD07 BE BIRD04 BE X2000 IP
92 5.938539 BIRD07 X2000 BIRD04 BE X2000 TCP .A...F, len: 0, seq:2373516168-2373516168, ack
BIRD07 BE BIRD04 BE X2000 IP
93 5.938539 BIRD04 BE X2000 BIRD07 X2000 TCP .A...., len: 0, seq:3888353473-3888353473, ack
BIRD04 BE X2000 BIRD07 BE IP
168
Client Network Traffic with Exchange 2000
The following drawing summarizes the chronology of exchanged frames between client,
front-end and bridgehead servers.
BIRD08 1
Client Depends on message
3 body length
5
2
7
4
9
6
11
8 ...
10 16
11 17
... 20
16
21
18
19
22
BIRD06
Front-End
23
30 24 32 33
31 25 34 35
26
36 37
27
28 38 39
29
40 41
BIRD01
GC
42 43
44 45
...
45
Depends on message 51
body length ...
51 53
52 55
54 56
57 58
92 91 89 87 86 82 80 78 76 74 72 70 69 66 64 62 60
BIRD07 93 90 88 85 84 83 81 79 77 75 73 71 68 67 65 63 61 59 BIRD04
Back-End Back-End
Client Network Traffic with Exchange 2000 169
15.2.1. Analysis
As designed, the client does communicate only with the front-end server.
The front-end server send LDAP queries to GC to know who are the sender and
recipient, and especially to know where is the home server of the recipient. It sees that
the recipient is on a different routing group. So it needs to contact the local bridgehead in
its own routing group (the front-end routing group) which knows how to contact the
remote routing group. Then, the front-end server send the message to the local
bridgehead server. Then the local bridgehead server sends all the messages in its queue
to the remote bridgehead server. As seen above, there is no data compression between
servers through a routing group: it is pure SMTP dialog.
In that test, the front-end server cannot send messages to the remote routing group. If we
have enabled it, the traffic would have been lesser. The front-end could send directly the
message to the server in the remote routing group. Then, we save one exchange
(between front-end sever and local bridgehead server).
170
Client Network Traffic with Exchange 2000
16. Appendix
This section includes detailed information about DSProxy and client access to
Active Directory.
16.1. DSProxy
At startup, the Exchange System Attendant finds the most appropriate Active
Directory server in the domain through the Domain Name System (DNS), then
resolves and passes its name through to the DSProxy process (Dsproxy.dll). This is
signaled by event 9010 for the MSExchangeSA process.
It is also possible to ascertain which Active Directory domain controller a
particular Exchange server is using by means of Exchange computer properties in
the Microsoft Exchange System Manager snap-in.
In some situations, the administrator can specifically set the server that DSProxy
uses. You can accomplish this by changing the following registry entries:
To specify the global catalog server for earlier MAPI clients:
1. On the Run line, type regedit.exe, and then click OK.
2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\MSExchangeSA\Parameters.
3. Select the NSPITargetServer entry.
4. Assign the name of the global catalog server to specify the global catalog
server for earlier MAPI clients that use only NSPI.
5. Close the registry editor.
Caution Do not use a registry editor to edit the registry directly unless you
have no alternative. The registry editors bypass the standard safeguards
provided by administrative tools. These safeguards prevent you from entering
conflicting settings or those likely to degrade performance or damage your
system. Editing the registry directly can have serious, unexpected
consequences that prevent the system from starting, thus requiring a re-install
of Windows 2000 or Exchange 2000. To configure or customize
Windows 2000, use the programs in Control Panel or Microsoft Management
Console (MMC) whenever possible.
Client Network Traffic with Exchange 2000 171
The DSProxy NSPI works by blindly forwarding MAPI directory system (DS)
requests to a global catalog server. This means that the remote procedure call
(RPC) packet is not opened or evaluated because this would incur a significant
overhead on the Exchange 2000 server, and complicate the security structure. The
process begins by creating a listening thread for each supported network protocol,
and a single working thread for each processor. This can accommodate up to 512
client connections and dynamically adds more threads as required. A socket-
mapping table keeps a reference of connections between clients and servers,
ensuring that the correct responses from Active Directory pass to the associated
client.
DSProxy works over TCP/IP, Internetwork Packet Exchange (IPX), and AppleTalk
protocols; however, it does not work over network basic input/output system
(NetBIOS).
The following sections explain how different mail clients access information stored
in Active Directory.
The referral mechanism reduces the load on the Exchange 2000 server and address
book lookup latency; however, when an explicit server name is entered into the
profile, Outlook requires a restart if that Active Directory server fails. If that
occurs, the Exchange 2000 server passes Outlook a new referral.
Messages Directory
requests
Outlook
Some scenarios require Outlook clients, even the latest versions, to go through the
DSProxy process without being referred. For example, when a firewall exists
between client computers and Active Directory servers, the firewall can be opened
up to allow the Exchange 2000 server to access Active Directory.
To prevent Exchange from returning referrals:
1. On the Run line, type regedit.exe, and then click OK.
2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\MSExchangeSA\Parameters.
3. Click Edit, point to New, and choose DWORD Value.
4. Type NoRFRService to name the entry.
5. Right-click NoRFRService, click Modify, and then assign a value of 1 to
prevent Exchange from returning directory referrals.
6. Close the registry editor.
Caution Do not use a registry editor to edit the registry directly unless you
have no alternative. The registry editors bypass the standard safeguards
provided by administrative tools. These safeguards prevent you from entering
conflicting settings or those likely to degrade performance or damage your
system. Editing the registry directly can have serious, unexpected
consequences that prevent the system from starting, thus requiring a re-install
of Windows 2000 or Exchange 2000. To configure or customize
Client Network Traffic with Exchange 2000 173
Frame 1 :
The capture starts with a BONE frame; this is an administrative frame that
Network Monitor puts onto the network wire for its own use. A BONE frame,
which uses a target MAC address of Multicast 2 or 030000000002 on Ethernet,
will not cross a router unless the router is configured to bridge BONE frames.
Note : Just if you need more info on the bone frame:
Network Monitor uses the BONE frame to:
• Find out who is using Network Monitor on the local network.
• Implement security (in Network Monitor version 2.0 only).
Frame 2 & 3 :
Client goes for IP resolution via ARP (usual name resolution)
Frame 4 – 6 :
This is the classical TCP 3way handshake with 2 network devices using this
protocol.
Frame 7 – 10 :
RPC bind to UUID = E1AF8308-5D1F-11C9-91A4-08002B14A0F1 (End
Point Mapper) on port 135 (this is the port ALWAYS used by EPM to listen to
RPC calls). Any client requesting an RPC call will first connect to this port
then pass to the server the requested service. The answer will be the port of the
service requested.
Here client gets a "bind ack" from the server and then request the opnum 0x3.
The source code indicate the called function is "ept_map" (the port on which
the service the client wants to connect to is listening).
Remember RPC calls are encrypted so we cannot know what info is passed. We
can only see header infos.
Frame 11 – 14 :
This is the TCP usual end of conversation. Acknowledge the previous frame
and send a end signal (No more data from sender).
174
Client Network Traffic with Exchange 2000
Frame 15 – 17 :
TCP 3 way handshake between client and Exchange Server.
Frame 18 :
Client bind to UUID = 1544F5E0-613C-11D1-93DF-00C04FD7BD09. This is
basically the only UUID of the Referral Interface (RFR).
Bind ack from server
Frame 20 :
Client call function rfrGetNewDSA (the client request a name for a directory)
=> the return is the GC FQDN.
From now, we will only focus on RPC frames as they are the most interesting.
Frame 31 – 34 :
After ARP detection and TCP 3way handshake, client call the server returned
by Exchange 2000 as the directory server on the EMP (UUID = E1AF8308-
5D1F-11C9-91A4-08002B14A0F1) basically to know on which port the client
can contact the NSPI interface. The NSPI interface is in charge of accepting an
authenticating client connections.
The answer of the GC is a bind ack.
We have then TCP traffic of disconnection & 3way handshake
Frame 42 & 43 :
Client send a call to the directory on the port returned by the EPM using the
UUID = F5CC5A18-4264-101A-8C59-08002B2F8426. The result is a bind
ack. This does not mean, the client is connected to the directory ! This only
means the directory is ready to accept calls from Outlook clients.
Be aware the RPC call in frame 42 is NOT authenticated ! This is a regular
procedure. Clients always connect to the directory anonymously the first time.
Frame 44 & 45 :
Client tries to bind to the directory. Remember it has not authenticated on the
RPC_bind call.
The result of the NSPI_Bind is 0x80040111 = non zero = fails ! We could make
some anonymous RPC calls on the directory but definitely not a bind.
Client Network Traffic with Exchange 2000 175
Frame 49 & 50 :
Outlook then goes for an authenticated bind to the Exchange Directory. Note
we don't go back to the EPM as we know which port the service listen to.
Frame 52 & 54 :
The client binds successfully to the directory ! The result of the NSPIBind is
equal to zero. Remember this time, RPC bind was authenticated.
Frame 58 – 61 :
After a TCP 3way handshake the client connect to the store EPM to get the
store access point (port number the service is listening to).
Frame 69 :
The client ended the call with the server and started again a TCP connection.
The RPC call then goes to the UUID = A4F1DB00-CA47-1067-B31F-
00DD010662DA (The store UUID). Note the RPC call is however
authenticated :)
Frame 70 :
Server acknowledge the client RPC request. The client is bound to the store.
We can now proceed with usual logon sequence.
Frame 72 :
EcDoConnect: Client goes for a MAPI connection to the store and passes the
DN of the Mailbox it wants to open .
Frame 73 :
Exchange 2000 server passes a request to a DC. This confirm that the
Exchange server is passing the authentication provided by the client to a DC to
validate the EcDoConnect request to this specific mailbox.
We have the answer of the DC in frame 75 and then Exchange reply to the
client on Frame 76 with the DN of the mailbox to open.
176
Client Network Traffic with Exchange 2000
Frame 77 :
The RPC call from the client is EcDoRPC which is a package of several MAPI
Calls to improve store access efficiency. One of the calls is EcDoLogon. This
would then explain the further traces.
Exchange 2000 fires an LDAP request to the GC sending the
msExchMasterAccountSid and requesting data like objectDistinguishedName
or ObjectGUID.
As soon as we recieve the anwser from the GC (LDAP) we give the answer to
the client in RPC mode (Frame 82).
Frame 83 - 86:
We only can say this is a EcDoRPC call. Nothing can be dumped out of the
crypted data ...
As we don't see any access to a DC or a GC, this is some calls like
"EcOpenFolder" or "EcQueryRows".
Frame 87:
EcRegisterPushNotification: The client register to the server a port on which he
can receive new mail notification.
Frame 89 - 100:
We get consecutive EcDoRPC calls. We are not really able to see what's done
at this point of the logon sequence : an EMSMDB32 trace would be more
efficient.
9- MAPI logon
11 10
- -
V A
og
al ut M
id he AP
tal
at
e nt I l
Ca
us ica ogo
l
er tio n
og
ba
6 -
ac n
tal
4-
co
A
G lo
un
cc
Ca
Ac
5-
3-
es
the
al
ce
s
s
b
i
s
in
e
n
ut
n
Glo
re
rty
Cl to t
fu
ho
m
Cl to th
h
pe
e
e
se
ris
fro
d
e
n
po
t c Gl
t c Gl
d
e
c
er
by
ct
on ob
by
on oba
je
sw
ne al
th
t
e
Domain Controler
ob
An
he
ct l Ca
he
t a Cat
-
Gl
y
n
ve
Gl
an tal
ob
15
ut alo
ie
mo
tic
ob
on og
g
al
at
us
al
etr
ly
ed
at
- R
Ca
ta
alo
14
g
log
Global Catalog
183 Client Network Traffic with Exchange 2000
16.2.1.2. Other sessions opened with the same user profile with
Outlook 2000
When you reopen Outlook 2000, the client haven’t to ask a GC to the
Exchange 2000 server. Outlook will use the GC name store in the registry key.
The traffic is exactly the same than for the first session but start at frame 31.
Global Catalog
2
3
6
1
4
5 Exchange 2000
Server
Outlook
Client Network Traffic with Exchange 2000 185
17. Index
17.1. Graphs
Graph 19 : Generic Mail Item / Netscape Messenger IMAP - Read item without
attachment (comparative: HTML, Plain Text)................................................ 70
Graph 20 : Generic Mail Item / Netscape Messenger IMAP - Read item with
attachment (comparative: HTML, Plain Text)................................................ 71
Graph 21 : Generic Mail Item / Netscape Messenger POP - Send item without
attachment (comparative: HTML, Plain Text)................................................ 73
Graph 22 : Generic Mail Item / Netscape Messenger POP - Send item with
attachment(comparative: HTML, Plain Text)................................................. 74
Graph 23 : Generic Mail Item / Netscape Messenger POP - Read item without
attachment(comparative: HTML, Plain Text)................................................. 74
Graph 24 : Generic Mail Item / Netscape Messenger POP - Read item without
attachment(comparative: HTML, Plain Text)................................................. 75
Graph 25 : Generic Mail Item - Send item in RTF format without attachment
(comparative: Outlook 2000, Outlook 97)...................................................... 80
Graph 26 : Generic Mail Item - Send item in RTF format with attachment
(comparative: Outlook 2000, Outlook 97)...................................................... 81
Graph 27 : Generic Mail Item - Send item in HTML format without attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP /
POP, OWA) .................................................................................................... 81
Graph 28 : Generic Mail Item - Send item in HTML format with attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP /
POP, OWA) .................................................................................................... 82
Graph 29 : Generic Mail Item - Send item in Plain Text format without attachment
(comparative : Outlook 2000, OExpress IMAP / POP, Netscape IMAP / POP)
........................................................................................................................ 82
Graph 30 : Generic Mail Item - Send item in Plain Text format with attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP /
POP) ............................................................................................................... 83
Graph 31 : Generic Mail Item - Read item in RTF format without attachment
(comparative: Outlook 2000, Outlook 97)...................................................... 83
Graph 32 : Generic Mail Item - Read and Open Item in RTF format with
attachment (comparative: Outlook 2000, Outlook 97) ................................... 84
Graph 33 : Generic Mail Item - Read item in HTML format without attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP /
POP, OWA) .................................................................................................... 84
Graph 34 : Generic Mail Item - Read and Open item in HTML format with
attachment (comparative: Outlook 2000, Outlook Express IMAP / POP,
Netscape IMAP / POP, OWA) ....................................................................... 85
Graph 35 : Generic Mail Item - Read item in Plain Text format without attachment
(comparative: Outlook 2000, Outlook Express IMAP / POP, Netscape IMAP /
POP) ............................................................................................................... 85
Graph 36 : Generic Mail Item - Read and Open item in Plain Text format with
attachment (comparative: Outlook 2000, Outlook Express IMAP / POP,
Netscape IMAP / POP)................................................................................... 86
Graph 37 : Calendar actions (comparative : Outlook 2000, Outlook 97, OWA).... 92
Graph 38 : Contact actions (comparative : Outlook 2000, Outlook 97, OWA)...... 92
Graph 39 : Task actions (comparative : Outlook 2000, Outlook 97)...................... 93
Client Network Traffic with Exchange 2000 187
17.2. Figures
The information contained in this document represents the current view of Microsoft Corporation on the issues
discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of
any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under
copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights
covering subject matter in this document. Except as expressly provided in any written license agreement from
Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights,
or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses,
logos, people, places and events depicted herein are fictitious, and no association with any real company,
organization, product, domain name, email address, logo, person, place or event is intended or should be
inferred.
Microsoft, Active Directory, Windows, and Windows NT are either registered trademarks or trademarks of
Microsoft in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective
owners.