Network Computingwww.networkcomputing.com

We were wondering what impact remote monitoring would have on traffic. Some remote-analysis products require packet collection from an RMON agent/probe without any sophisticated filtering capabilities to speak of and need to transfer all of the packets captured remotely to a local site for analysis. Others, such as the Distributed Sniffer System (DSS) keep traffic to a minimum by emulating the screen and keyboard of a remote machine and doing the analysis remotely. Such a setup works well for minimizing data transfer over problem or bottlenecked links or with low-bandwidth situations, such as a 28.8-Kbps dial-up connection over the Internet.

NetMon offers a clever compromise between these two approaches. While monitoring, you can specify the statistics display update at periodic intervals, with the default at two seconds. All of the captured packets are contained remotely until you actually view them. By attaching another protocol analyzer to the same segment as the local NetMon, we were able to see the impact on the network while viewing the remotely captured packets.

We could see on the second analyzer that NetMon only transfers packets that are viewable in the capture display of the local NetMon. Not until we scrolled down, were more packets transferred. In fact, grabbing the scroll bar and moving it a ll the way to the end of the buffer merely transferred the last few packets that were in the remote buffer. Of course, if you want to save the entire trace, the remainder of the remote buffer will need to be transferred.

Conclusion We found that Network Monitor provides many of the features found in other commercially available protocol analyzers. The detailed Microsoft Browse decodes were especially welcome, helping us to solve a tough troubleshooting problem and also further our understanding of how Microsoft resource browsing works. For Novell NetWare diehards however, stick to LANalyzer or Sniffer since NetMon offers only basic NCP (NetWare Core Protocol) decoding and no NDS decoding whatsoever.

And, there's no denying its price is hard to beat. NetMon is already in Microsoft BackOffice as part of SMS. If you don't have BackOffice, you can purchase SMS for as low as $695. Not bad, even if you only install the Network Monitor part of the package and toss the rest. The icing on the cake is tha t Microsoft will be incorporating "Experts" into its next release of Network Monitor in SMS 2.0.

J. Scott Haugdahl is founder of Net3 Group and can be reached at scott@net3group.com. A snapshot of the browse problem trace file used in this article is available at www.net3 group.com, as well as a comprehensive table of NetBIOS name suffixes and their meanings as used by Microsoft.