Making The Diagnosis With Windows Protocol Analyzers

InformationWeek 500 Conference -- September 14-16, 2008 Registed Today!

IMMERSE YOURSELF:

Storage & Servers

Making The Diagnosis With Windows Protocol Analyzers

By Dan Backman Every doctor, from your family physician to an emergency room resident, has special instruments for diagnosing patient woes. As a network administrator, you are no different. Whether you're snooping around trying to assess the health of your network or diagnosing a critical business-stopping fault, you need a network analyzer. Choosing the right device for your network will make all the difference when you need to make a lifesaving diagnosis.

Protocol analyzers come in many forms--from complex, powerful and expensive professional-grade products to easy-to-use tools for those on a budget. Although today's Pentium-class Windows95 and Windows NT workstations are more than capable of capturing packets from a half-duplex, standard 10-Mbps Ethernet segment, monitoring high-performance networks like Fast Ethernet, FDDI or ATM requires proprietary, often coprocessed hardware (see "HP Takes the Lead in the Fast Ethernet Analyzer Race," September 15, page 98).

To address the need for powerful, yet relatively easy-to-use products for the network manager and front-line technical support staff, we brought five leading Windows95 and Windows NT-based software analyzers into Network Computing's Syracuse University lab. The AG Group's EtherPeek for Windows 2.0 (Beta), Network General Corp.'s NetXRay 3.0, Network Instruments' Observer 4.0e, Shomiti Systems' Surveyor 2.1, and Triticom's LANdecoder32 1.10 are all 32-bit products, so they take advantage of the large memory spaces and underlying services of modern Windows environments. We tested each for capture and monitoring accuracy, as well as performance. In addition, we verified the products' protocol decodes against 31 common protocols in the IP and IPX protocol suites.

To view the Report card.
Best in Test In our tests of the five products, Network General's NetXRay 3.0 quickly rose to the top. Its comprehensive network monitoring features make it a good tool for checking the pulse of your network. Likewise, its straightforward capture and display filters and comprehensive and easy-to-navigate protocol decodes make it a valuable tool for on-the-spot troubleshooting.

A close second, Shomiti's Surveyor offers equally impressive network monitoring, protocol capture and analysis features, as well as the ability to support up to four concurrent NDIS (Network Driver Interface Specification) monitors. However, we were continually frustrated by its nonintuitive design.

Noteworthy are Triticom's LANdecoder32, which was the only product tested to feature an expert system for analyzing captures, and Network Instruments' Observer, which offered network monitoring tools, such as passive Web server and performance monitors.

Good software analyzers should be usable by any network administrator, regardless of his or her experience level. So, we also look at each product's ease of use. Finally, of particular interest to us were the filter-creation routines and navigation through the protocol decode windows. Filters must be powerful, let you set multiple conditions on MAC (Media Access Control) and network-layer addresses and protocols, and also be intuitive. NetXRay and Surveyor scored big points for their well-designed capture displays.

To download an Adobe Acrobat .pdf format version of the 32-bit Windows Eternet Analyzers features charts, click here.