Network Computingwww.networkcomputing.com

As a network monitor, NetXRay includes a handy dashboard that displays current utilization, packets per second and errors per second in a legible speedometer format. Preset thresholds are displayed as red zones. Using history functions, NetXRay can display short-term trends, such as utilization, throughput, various error types and packet-size statistics. Likewise, a complete set of alarm thresholds enables NetXRay to operate as an early-warning system for unusual network activity on the subnet. Alarm actions consist of everything from capture triggers to e-mail messages and SNMP traps (through an included Visual Basic script).

Coupled with detailed network- and application-layer protocol statistics and a graphical conversation matrix display, NetXRay is a complete network monitoring tool. It offers good performance, a rich feature set, and an intuitive and solid Windows interface. The only things we missed were decodes for NFS (Network File System) version 3 and IMAP (Internet Mail Access Protocol).

NetXRay is a great choice for front-line packet capture and protocol analysis and will most likely remain on-call in our lab. We found it performed extreme ly well in our packet-capture tests because it uses a proprietary NDIS driver with the included CNet Technologies ISA NE2000-compatible card. However, beware of using any of these software-based protocol analyzers as an exclusive network analysis tool. Hardware-based analyzers guarantee wire-speed packet captures and full error counters and captures. Software-based analyzers must rely on specific individual NICs and NDIS drivers for a performance boost (see "Is Almost Good Enough?" on page 124).

Decoding Protocols NetXRay 3.0 is an excellent protocol decoder. It supported nearly every IP and IPX application-layer protocol we threw at it. And its decode viewer is well laid out and extremely efficient to use. One of our favorite features (also found in Shomiti's Surveyor and Triticom's LANdecoder32) is an abbreviated per-packet protocol decode in the actual buffer window. Showing more than just source and destination addresses, time stamps and protocol types, this window gives you a quick visual scan through the capture buffer without your having to wade through extraneous decode information. It not only specifies that a packet contains IP and SNMP, but also mentions whether it's a request or a reply, and includes the request ID--all without your looking at the detailed decode.

If you're looking for more detailed protocol information, NetXRay's efficient three-paned decode display includes collapsible protocol-layer decodes in the middle pane (decodes at every layer can be collapsed to save space and eliminate information overload). In addition, NetXRay does an elegant job of decoding protocols into digestible information. Control information from relatively straightforward TCP protocols, which operate in text mode, is extracted into an easy-to-read description of the packet.

Finally, the lower window pane in the decode window displays the raw HEX and ASCII packet translations. Conveniently, NetXRay highlights HEX characters when a particular decode line is selected; for example, if you click on t he IP address line of the protocol decode, it highlights the corresponding HEX and ASCII translations, and vice versa.

NetXRay includes equally powerful, yet easy-to-use capture and display filters for the all-important task of finding that needle in the haystack. Via a friendly graphical interface, the filter dialogue offers combinations of addresses and lists of protocol filters. Coupled with an efficient autodiscovery process in the address book, which associates IP, MAC and DNS addresses, NetXRay alleviates the headache of manually entering 12-digit hexadecimal MAC addresses. NetXRay also allows offset filters and conditional filters if you're more daring, or if you require more specific filters. These filters can be linked to capture triggers to start capturing traffic automatically when suspicious data is detected.

NetXRay's real-time monitoring tools include a "history" section, which provides a long list of short-term baseline graphs for everything from packets per second and utilization to packet-size distributions and error types. In addition, the product offers a traffic generator that replays capture buffers and a few other diagnostic and troubleshooting tools.