Category: Network packet monitoring utility
Name of tool: EtherPeek v4.1
Company name: WildPackets
Price: $950, higher with annual maintenance contract
URL: www.wildpackets.com
Windows platforms supported: 95/98/2000/Me/NT (at least service pack 3)
Quick description: A fully featured network packet capture utility
Strom-meter:
**** = Very cool, very useful
Key features:
Pros:
Extremely easy and straightforward to use. Screen layout intuitive and
simple to navigate.
Cons:
Setting up the software to filter your traffic and focus on particular
problems will take some experience and training.
Description:
Network problems can be notoriously difficult to troubleshoot and
solve, given that you have to deal with issues with your cabling,
infrastructure, protocols, and operating systems and understand how to
juggle among these different pieces to figure out why something is
wrong. Every enterprise networker should have some kind of packet
capture tool to help.
These tools record network traffic and analyze it for patterns: a
chatty print server sending out lots of packets might indicate that it
is improperly configured, clogging your network with useless traffic.
Or your router might not be able to talk to your firewall because of
some setup mistake. Or a cable could be broken in a key place, or a PC
set up with the wrong protocols. In any event, these tools are
indispensable and often the only way a corporate support person can
figure out when something is wrong.
There are three schools of thought when it comes to using network
capture tools. One is to use something DOS-based, with character-mode
screens that are filled with data. While these can be hard to
understand, they can be useful to quickly get the entire picture of
what
To continue reading for free, register below or login
To read more you must become a member of SearchWinIT.com
is happening on your network. I have used an aging version of
LanWatch for years and it does the trick. The advantage to using DOS-
based programs is that they are generally quick to setup and run -- and
don't require much in the way of computing resources (Indeed, I have
run my version on a 286-based laptop).
But DOS being DOS does have its limitations. If you want to perform
more than one task, or switch between a monitoring screen and an
analysis screen, then you want something else. You can purchase a
Sniffer or something that is dedicated to the task of analyzing your
network: this is a great solution if you have the cash and intend to
use it and really understand how it works. But that may be more work
than you bargain for, especially when you are in the heat of trying to
track down something to help a user in distress in your corporation get
back up and running.
The third method is probably where most of us end up, using a Windows-
based software protocol analyzer. It isn't as pricey, can still help us
debug our network problems, and runs on a wide variety of computers.
There are dozens of choices, ranging from the free Network Monitor tool
included in every copy of Windows NT/2000 server versions to various
shareware tools with names like Net Analyzer, Anasil, and LanExplorer.
Windows' own NetMon tool is fairly limited: you can only capture
network traffic that originates from the same server that it runs on,
making analysis of overall network trends and problems difficult. My
favorite choice is WildPackets' EtherPeek. The product has been around
for more than a decade and over time it continues to be the easiest
packet capture tool and the most versatile.
Any tool should be able to quickly identify the physical network nodes
operating on your network. The trouble is that usually these identities
are expressed in long hexadecimal numbers that are almost always
meaningless to most of us. A far better solution is to resolve these
hexadecimal ID numbers into network host names so you can quickly focus
in on the appropriate PC, router, or hub that is being temperamental.
Any network analyzer worth its salt also allows you to filter out
traffic based on particular IP addresses, or types of applications
(such as all Web traffic, etc.) EtherPeek does this quite readily,
although setting up the filters will take some practice and some
guidance from the manual. You also want to be able to save your
captured data to a disk file, and replay it for subsequent analysis.
EtherPeek reads a wide variety of competitors' capture files, too,
including Sniffer, LANalyzer, and TCPDump. And, you want to be able to
sort your results to find the top talkers (or who is hogging all your
network bandwidth), as well as examine network bottlenecks.
About the only downside is the price of the tool -- over $1000, if you
purchase a maintenance contract. (I would recommend such a purchase,
given that you'll want some support with a tool of this caliber.)
You'll also need a fast 400 MHz or better Pentium with 128 M-byte of
RAM if you want to capture traffic on a 100 M-byte Ethernet -- for 10
M-byte networks, just about any machine is adequate -- I tried it on a
200 MHz Pentium running NT version 4.0.
WildPackets has plenty of support and training courses available,
should you wish to gain more experience with their tool. And, the
supplied documentation does a great job walking you through the
analysis process. Overall, this is a very useful tool and one that no
one should be without.
Strom-meter key:
**** = Very cool, very useful.
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.
Bio: David Strom is president of his own consulting firm in Port
Washington, NY. He has tested hundreds of computer products over the
past two decades working as a computer journalist, consultant, and
corporate IT manager. Since 1995 he has written a weekly series of
essays on Web technologies and marketing called Web Informant. You can
send him email at mailto:david@strom.com.
