Whatever size and type of network you run, a traffic analyzer for it was released this week
At one extreme, a 2TB device for deep analysis; at the other, a protocol decoder running on a Pocket PC. Sitting in the middle, two laptop-based analyzers — an expert LAN analysis tool from Fluke Networks Inc. and some application performance software from Itheon.
The biggest of the devices is the Gigastor probe from Network Instruments LLC. Its 2TB disk array has been set up to write a complete packet history of a gigabit network at wirespeed, says NI president and founder Douglas Smith.
It’s not cheap at US$46,080 and will compete with the likes of Sniffer Infinistream, according to Smith. It connects to NI’s Observer console alongside other probes for analysis of the gathered data. “It’s meant for forensics — with 2TB you can collect selected packets for weeks and weeks, or record a gigabit trunk at wirespeed for hours,” Smith says. “The trunk is a great place to look for data because it aggregates. As networks get faster, two minutes of data goes from tens of thousands of packets on 10Mbps Ethernet to millions on gigabit. Humans can’t sort that, but machines can.”
At the other end of the scale, PhatNet is a tool for Pocket PCs which can analyze a range of packet formats including Ethernet, UDP, TCP, DNS and NetBios — something that PhatWate’s president Stan Miasnikov says is a key strength, given the memory limitations of handhelds.
“You can store 32,000 packets in memory, or use a memory card of up to 2GB to store them for later analysis,” he says. “It’s convenient for small networks, for example to find someone who’s abusing a wireless hotspot.” Two versions are available, the US$99 Personal edition only monitors a PPP connection, while the US$299 Professional edition operates in promiscuous mode and can also store session data in Ethereal or LanWatch format for later analysis on a PC. Both can display real-time trace statistics or charts.
Miasnikov adds that although PhatNet is new, the underlying technology is well proven, being based on (and replacing) Epiphan’s CENiffer. “We purchased the product and made quite a few changes to the interface and how it works,” he said.
Itheon is aiming for an entirely different customer. “Our aim is application performance, not detailed network analysis,” explains Cliff Chapman, a network specialist with the company. Its Portable Network Consultant (PNC) software runs on a laptop for flow-based network monitoring.
“Sniffers are really there for technical problems, we are at the transaction level, looking at packet flows, response times and utilization profiles to make sure apps run smoothly.” PNC connects to any 10/100/1000 Ethernet segment, for example via a spanned or mirrored port or a tap, and monitors the traffic rather than collecting it. It can then summarize and profile the network to show what’s going wrong, says Chapman.
“It’s ideal for things like configuring QoS on a router,” he adds. “That’s all command line driven with no feedback, but you plug in PNC and it can instantly show you the result of the changes you just made.”
Last, but by no means least, comes the OptiView Series II integrated network analyzer from Fluke Networks. It may not be the cheapest around, but senior product manager Barry Lindsley reckons it will easily pay for itself in time saved.
At around US$18,500, it comprises two elements: a gigabit-capable network analyzer, and a PC running Windows XP for the user interface. It can also support a tri-mode wireless card for 802.11a, b and g WLAN analysis. “We want to provide the unique view that nobody else can, that helps you do your job better,” Lindsley says. “We are doing active discovery via a portable tool that plugs in anywhere and lets you see all your broadcast domains.”
The OptiView II is an RMON 2 probe as well, so it can integrate with other network management systems. It also includes the ability to estimate how far it has got through the device discovery process, so you know how much longer you might have to wait. “You still need to understand how a router or switch works, but you’re going to get a lot further with this tool,” Lindsley says. “It can help you find the right place to look and in the broadcast domain that’s a lot harder to do.”