Today’s networks are the most critical component of a corporate infrastructure, yet they are often the most troublesome. Many networks were not carefully planned; they are typically the result of cobbling together gear and bandwidth as a company’s growth requires. This often leads to a tangled mess of routers, switches, wiring, gateways, and network protocols.
As a result, when a network issue surfaces, identifying the cause of the problem can be more art than science. New technology in network sniffers – the programs that capture and decode network packets – provides real-time packet decoding and expert analysis that can make pinpointing network problems quick and painless.
Network sniffers have been around for quite some time. In the past, packets were captured into a file and then manually analyzed or played back into an expert system for a detailed picture of what was happening on the network. Problem identification was neither a quick nor a simple process.
New technology for network sniffers now allows network administrators to capture, decode, and analyze packets in real time. With this technology, a system captures packets off the network, decodes them into human-readable format, runs the packet through an expert system for analysis, and finally displays the information to the administrator. Today a network administrator might be alerted to a network issue before users experience any significant problems.
As the packets pass through the expert system, they are analyzed for potential problems then alerts are sent to administrators to warn them of any major issues. These alerts can be defaults configured by the vendor, or they can be thresholds set by the network administrator and configured specifically for the organization’s network. Thresholds can be set for any number of variables, such as too much bandwidth being utilized by a specific system; slow HTTP, POP3, or FTP response time; too many TCP retransmissions; IP header checksum errors, and so forth.
Packet analysis tools also provide graphical representations and statistics. The peer map is an impressive feature that graphically shows which systems are communicating with one another and the volume of traffic they are passing, providing a quick, high-level overview of all traffic traversing the network. More detailed statistics are also available, such as the percentage of network traffic attributed to a specific protocol (including routing information protocol, HTTP, NetBios), detailed statistics for a specific node, statistics for a specific protocol, summary statistics for the entire network, and historical statistics to compare present and past performance.
These tools can also act as rudimentary network intrusion-detection systems. Many include analysis modules for basic Internet attacks, such as Jolt IP attacks, Land TCP attacks, RipTrace attacks, Teardrop IP attacks, and WinNuke TCP attacks. Additional modules could include detailed analysis of HTTP, SMTP, POP3, FTP, and Telnet sessions.
Network sniffers are an invaluable tool for the network administrator. The addition of real-time packet decoding and analysis makes them even more useful. As networks become increasingly crucial as the infrastructure component of e-business, quick identification of problems is a must.
WildPackets EtherPeek NX
The latest offering from WildPackets Inc., one of the main players in the network analysis arena, provides real-time packet decoding and analysis. Keeping WildPackets’ intuitive, easy-to-use GUI, EtherPeek NX is a breeze to use, and the data it can provide is astounding.
EtherPeek NX includes protocol analyzers for more than 1,000 protocols, ensuring it can function in just about any network. It also provides expert analysis modules that can assist in troubleshooting the most commonly used network services.
EtherPeek NX really stands out in its reporting and statistical analysis. Views include information by network node, protocol, and packet size. The Log area shows all the alerts issued by the expert system. The Expert area shows the detailed information behind the expert alerts, such as the number of packets, the number of problems, and the duration of each problem.
The Peer Map is one of the most impressive features in EtherPeek NX. This graphically shows the TCP and UDP (User Datagram Protocol) communications that are currently occurring on the network. The thicker the connection line, the more traffic being passed.
Another interesting feature is the Select Related Packets option. Here, packets can be grouped together by source address, destination address, port, conversation, and protocol. With this feature, analyzing specific network communications no longer requires poring over logs, but is as easy as a click of the mouse.
EtherPeek NX follows in the tradition of the original EtherPeek network sniffer. It is easy to use and very helpful in network administration. The addition of real-time packet decoding and expert analysis makes this product even more useful in the enterprise.
THE BOTTOM LINE
Executive Summary: Identifying network problems is critical in today’s business environment. If the network goes down, many organizations can no longer function. Packet decoding and analysis allow administrators to be proactive in their jobs, protecting corporate revenue and employee productivity.
Test Center Perspective: Real-time packet decoding and analysis tools go beyond yesterday’s network sniffers to help network administrators identify network issues more quickly and easily than ever before. The time and resources saved using real-time packet analysis can be used to improve the network and its performance and reliability.