Rolling Review: Network General

Sniffer InfiniStream and Visualizer appliances drill down into network analysis.

November 29, 2007

6 Min Read
Network Computing logo

In this seventh installment of our APM Rolling Review series, we take a look at the Sniffer InfiniStream Platform with AppIntel Intelligence Module and Visualizer Sniffer Platform, Network General's appliance-based answer to troublesome application performance issues. During the course of our review, Network General was purchased by NetScout, which we've also invited to this party.

While NetScout's focus is real-time monitoring and troubleshooting, Network General is much stronger on post-event analysis in that it takes a packet-centric approach to data collection. In contrast, other vendors we've tested complement packet analysis with agents and synthetic transactions to provide customers with a wider range of options. Using an appliance-based approach and continuous long-term capture, Network General monitors data for an entire transaction or series of transactions, then drills down to a specific area, such as an application, for more analysis. Once there, IT staff can conduct a retrospective assessment and try to prevent problems in the future.

Network General's application performance management system is centered on several loosely integrated appliances. Core data collection is performed by Sniffer InfiniStream appliances that capture detailed performance metrics at the packet level. The AppIntel Intelligence piece (which is also available as a standalone appliance) then shows how critical applications perform across the network, and the Visualizer appliance provides network and application performance from a network perspective using customizable dashboards and drill-down analysis. Not reviewed in this test was the NetVigil application, which manages the performance of business services by combining service-related IT components into logical groups.Sniff, Sniff

At its core, Network General's Sniffer understands network- and transport-layer protocols, including detailed header and trailer information such as IP address, port, length, TTL, TCP handshakes, packet fragmentation and assembly. While this is useful information and can help pinpoint network capacity, utilization, latency and packet loss performance issues, it will do little to solve application problems that are not related to the network. For example, our test document management application uses HTTP to request certain documents and to send user IDs, passwords and other data. Without Network General's AppIntel Intelligence, the InfiniStream doesn't know how to interpret the contents of the packets to the level that we need to find an application-centric issue.

Information Week's Rolling Reviews present a comprehensive look at a hot technology category, beginning with market analysis and wrapping up with a synopsis of our findings. See our kickoff and other reviews Application Performance Management .

To gain insight into these application issues, Network General is working to move customers to use the AppIntel Intelligence modules within the Sniffer InfiniStream platform. Enabling the add-on AppIntel Intelligence module on our packet capture engine allowed for more in-depth protocol and application analysis as AI discovers applications based on their packet-flow signatures. For performance measurements, this module looks at both client and server traffic to see who's using the network and provides time intervals to help identify when problems and anomalies occur. Data on the source, destination, application, time and interface of conversational flows are all collected, allowing IT managers to analyze data after a problem has been detected.

The Expert Analysis component supports more than 400 protocols and threshold information. We were impressed with the manner in which Network General could overlay network traffic with defined entities—for example, service, application, session, connection and conversation. Armed with threshold information, it detects breaches and presents these in the form of symptoms, then arrives at fault diagnosis through interpolation of the symptoms.

Let's Get VisualVisualizer provides different vantage points to analyze and monitor a given application's communications and provides historical analysis, baselining and long-term trending views. A topological view indicated server/client communications, with context-sensitive pop-ups tracking the number of communications between the given client/server pair and the amount of data transferred. Over time this data, combined with built-in algorithms, helps the Visualizer identify critical entities, including servers and applications, as well as the core network infrastructure that has a significant influence over the performance of applications.

The Visualizer has self-learning algorithms, used to update the list of identified critical entities and renew baseline data. Identification of critical entities and generation of baseline data occurs at fixed weekly intervals. This may be restrictive in highly dynamic environments, where network topology and traffic may be in flux due to unscheduled migration and maintenance.

Application Performance Optimization Immersion Center


When we drilled down, we reached a stage where we wanted to examine the transport layer to analyze network header information. This data existed in the Sniffer, but not the Visualizer. IT should be able to jump to the data from the Sniffer, but when we clicked the menu item, a message appeared indicating that the feature is yet to be implemented. This was disappointing because the correlation between network and application data is important in troubleshooting performance issues.


FEATURED PRODUCT: Sniffer InfiniStream Platform with AppIntel Intelligence Module & Visualizer Sniffer Platform; Starts at $17,000, $67,000 as tested ABOUT THIS ROLLING REVIEW: Application performance management products are being tested at our Real-World Labs at Windward Consulting Group. We're assessing the breadth of support for existing applications, how well the product detects and reports on performance problems, how well the architecture supports distributed application performance monitoring, and whether the software supports a tiered architecture with native high-availability and failover capabilities. We'll also explore how well the offering detects the true performance issue and how seamlessly it integrates with the surrounding environment. ALREADY TESTED:Indicative. NetIQ, NetQoS, Compuware, Nimsoft, Quest See all the APM Rolling Reviews here.NEXT UP:Next on deck will be BMC's ProactiveNet, followed by SymantecOTHER VENDORS INVITED:CA/Wily, HP/Mercury, EMC/SMARTS, IBM, Infovista, NetScout, Oracle and ProactiveNet

Michael Biddick and Kundan Bapat are with Windward Consulting Group, a firm that helps organizations improve it operational efficiency. Biddick is also a contributing editor for Network Computing/InformationWeek. Write to him at [email protected].0

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights