Packets still rule when it comes to useful network traffic analysis

-

It seems obvious to say that network traffic is growing in volume and speed. And of course, it means that IT staff are always looking for faster ways to detect any problems that would interfere with the reliable movement of data, but simply monitoring traffic flow has proven to be insufficient.

The proof in the pudding, is in the packets.

Jay Botelho, director of product management at Savvius, said for a long time the network traffic monitoring industry got away from looking at packets, opting to watch networks at a higher level, but it’s switching back: “The packets don’t lie.”

Savvius, which was previously known as Wildpackets, developed one of the first protocol analysis tools, initially designed to mainly run on desktop computers for engineers who wanted better visuals than what was available in DOS. Over time, said Botelho, the company has built up a portfolio of tools, while staying with the initial premise of doing analysis on a packet basis, which he said few vendors still do.

Many vendors offer tools that work at a high level – traffic flow – but they lack what you need for troubleshooting. “Most engineers end up looking at packets whether they want to or not. Flow-based data lacks detail.” Botelho said Savvius is very focused on cause analysis.

The company recently updated its OmniPeek Software to better support real-time as well as forensic analysis. Enterprises can view real-time statistics while storing high-speed network data for forensic purposes. Through integration with Splunk, users can also easily store, analyze and generate reports over any historical period. Network analytics can also be correlated with other IT management systems.

Savvius has also beefed up the labelling in the latest version of OmniPeek for more detailed geographical identification of network nodes, as well as the ability to analyze time-sensitive data. Botelho said this is particularly important to industries such as the financial sector, which needs to understand — with nano-second precision — when a data packet leaves and arrives at its destination.

Customers can just buy the OmniPeek software from Savvius, or a hardware version on an appliance. Both run the same codebase, said Botelho, but acknowledges that appliances get expensive if you want to deploy a lot of them. “Software keeps the costs down.”

Not only are packets making a comeback, said Botelho, but the company is finding that customers are archiving more packets of data, so Savvius has added RAID6 capability for long-term retention, although generally, he said, most are only saving a day’s worth of packets or less.

The number one issue that customers face, said Botelho, is dealing with the speed of networks and keeping tabs on packets. “That comes up more and more.”

In addition, he said, packet analysis and storage has taken a central spot in security; last year, the company introduced a new product, Vigil, that uses the OmniPeek codebase but modified to react to incident response from a security perspective.

Would you recommend this article?

0
0
Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Powered By

- Advertisment -