home news blogs forums events research newsletter whitepapers careers


Network Computing Network Computing Network Computing
HOT PICKS

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |
APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


Network & Systems Management
F E A T U R E  
ESniff Noses Out Mischief Makers

  June 25, 2001
  By Sean Doherty

How We Tested

Content Monitors

We connected each product to a test network to monitor FTP, HTTP, IC (Internet chat), IM (instant messenger), POP3, SMTP, telnet and Usenet News NNTP (Network News Transfer Protocol) traffic generated by 20 Microsoft Windows 2000 clients.

Network traffic monitors are normally placed where they can access all network traffic. For example, a monitoring device may sit behind a firewall, viewing incoming and outgoing packets in pass-by or pass-through mode. Devices using pass-by mode connect to a hub or switched port configured to monitor or mirror all traffic on the switch. Pass-by monitoring is passive and collects packets on the network without affecting network bandwidth. In pass-through mode, the monitoring device is inserted directly into the network path. During the pass, the device monitors and inspects packets. Pass-through monitoring directly affects network performance. Not all the products we tested perform in pass-through mode, so our test bed was set up for pass-by monitoring, which they all support.

Test Bed

An Extreme Networks Summit48 switch was configured with a mirror port for the devices under test. The eSniff 1100 could make direct use of the mirror port to monitor traffic. We used a Silicon Graphics SGI 1450 server as the monitoring device for all software. The SGI 1450 is a four-way, 700-MHz Pentium III-class server with almost 4 GB of RAM and two NICs. A Fast Ethernet NIC was used to connect the server to the mirror port on the Summit48, home to 20 Dell Computer Corp. Celeron 500 systems running Windows 2000 Pro. SGI's Gigabit Ethernet NIC was also connected to the Summit48 to manage and administer the server while it monitored network traffic from the mirror port in a passive or pass-by mode.

To test POP3 and SMTP traffic, we set up a Sun Microsystems UltraSPARC III workstation running Sun Solaris 2.6 with Sendmail 8.11.3. This box was also used to generate telnet and FTP activity. To generate tests for IC, IM and HTTP, we connected client PCs to the Internet and used real-world traffic. In addition, Usenet News traffic was obtained from Syracuse University's NNTP server (news.syr.edu).

For each device, client PCs generated random traffic using FTP, IC, IM and telnet. A subset of the 20 clients under test POPed more than 100 mail messages and returned the same using SMTP. HTTP traffic was generated from Internet sites using cURL (the name plays on "client for URLs"), a command-line utility to get Web pages using URL syntax (see curl.haxx.se). With cURL, we wrote batch programs to download 50 Web sites that could be categorized as gambling, games, porn, racism, shopping and sports. Each batch program logged results and exceptions (errors) to files to verify the success or failure of each URL request. Batch files were executed simultaneously on each client for each product to simulate network activity requesting and receiving 1,000 URLs within about two minutes. This amounts to about eight pages per second. Using Extreme Networks' Web-based management tool and the Windows NT Performance Monitor, we found this activity did not stress the Summit48 switch or the NIC.

The ability of a monitoring device to capture all the traffic passing by a switch or hub is dependent on the amount of traffic and the hardware used. The eSniff 1100 and the SGI 1450 were both capable of capturing 100 Mbps, ample bandwidth for eight Web pages to pass by the port without error and without saturating the switch port or the NIC.

The eSniff 1100 reported 100 percent of all pages delivered to four clients; the same was true when we ran cURL with 10 clients. When we ramped up to 20 clients, eSniff fell to 96 percent. SurfControl's SuperScout maintained 100 percent throughout each test. Elron Software's Internet Manager and Pearl Software's Pearl Echo received just under 100 percent using 20 clients. Allowing for a 2.6 percent statistical variance, all products performed equally. If vendors were asked to take the stand to confirm 100 percent monitoring compliance, only SurfControl could answer in the affirmative.

From here, it became an academic exercise to saturate the switch with traffic where packets would be dropped and not monitored by the products under review. For final Web pages downloaded and final results, see "Monitoring Efficiency: cURL Results".


   Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Next Page





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch


Microsite of the Week


Powerful Information at Your Fingertips



techweb
Online Communities TechWebInformationWeekLight ReadingIntelligent EnterprisebMightyNetwork ComputingDark ReadingDigital LibraryWall Street & Technology
Byte & SwitchNo JitterInternet EvolutionLight Reading's Cable Digital NewsContentinopleUnStrungBank Systems & TechnologyAdvanced TradingInsurance & Technology
Face-to-Face Events
InteropWeb 2.0 ExpoWeb 2.0 SummitVoiceConBlack HatCSISoftwareEntrprise 2.0 ConferenceGTEC
Mobile Business Expo
InformationWeek 500 ConferenceBuy Side Trading XchangeBuy Side Trading SummitBank Executive SummitInsurance Executive SummitTelcoTVEthernet ExpoOptical Expo
Magazines  
InformationWeekWall Street & TechnologyInsurance & TechnologyBank Systems & TechnologyAdvanced TradingMSDNTechNetSmart EnterpriseThe Architecture JournalDatabase Magazine
 
Research & Analyst Services  
Heavy ReadingInformationWeek ReportsInformationWeek Analytics
 
   
   
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights