Network Monitoring for Small Budgets

The minimum requirements to run Netasyst are a Pentium 600 MHz with 256 MB of memory running Windows 2000 or XP Professional. I tested the Cadillac Netasyst--the WLX or LAN/Wireless with Expert version--on a Windows 2000 computer in our Real-World Labs® at Syracuse University. Although the software will run using almost any network interface, NAI created enhanced drivers for a select few network cards and wireless adapters that can capture errors on the network interfaces. After installing the essential Sun Micro- systems Java 1.4.2, the software installation was a breeze.

Netasyst has the classic Sniffer look and feel--users of Sniffer products will feel right at home and new users will find the tool's interface intuitive. I started my tests on a spanned network port because I wanted to analyze and monitor traffic from many computers simultaneously. At start-up, the first view is the Dashboard, which displays the overall health of the network and supplies statistics on speed, utilization and errors on the network segment.

By clicking on topics such as application response time, host matrices and protocol distribution tables, you can drill down into the data to find abnormalities. I used these different perspectives to identify various problems on the network, including three virus-infected machines and a host creating massive amounts of spam e-mail.

I found it not only easy but also vital to define network filters to optimally capture and analyze data, including specific network protocols, application data and host-to-host network communications. To define filters, I selected computers that had been discovered by the software, and then specified the traffic I wanted to see from those computers. This was all done from a simple user interface. Despite the filters' usefulness and the ease with which they can be created, the process of creating filters is time-consuming. I'd like NAI to provide predefined filters during installation covering the basics, such as DNS, e-mail, Web and streaming media protocols. If these filters could also be modified, rather than requiring users to create their own filters from scratch, this would be top-drawer.

Packet Capture

Netasyst lets users capture packet traces, which they can then troubleshoot with the Expert system. Packet capture is simple. After setting your filter definitions, including buffer size parameters, hit the start button on the main capture window. This brings up the capture screen, which shows you the captured network traffic in a model similar to the seven-layer OSI model. The Expert system will find problems on the segments and offer diagnosis at the same time. In my tests I used a filter to capture DNS and Web traffic. The Expert showed that a sluggish Web response was caused by a slow and overused DNS server.

To better understand the Expert's troubleshooting techniques, you can view the objects and symptoms that the system used in its analysis. Additionally, packet captures can be saved in standard capture-file formats for analysis with other tools or to be decoded later using the Expert system.Netasyst is not the end-all network analysis tool; in fact, it lacks functionality that some midsize businesses may require. Alhough gigabit link analysis (fiber or copper) and wide-area technologies, such as ATM, are not widely used by SMBs, if you do use them, note that Netasyst does not support them. Other Sniffer products do. NAI says it will add these features as they become more prevalent in SMB networks.

SMBs will find this tool useful for more than troubleshooting network problems. For example, Netasyst analysis results can be used to justify capital expenditures, such as purchasing network bandwidth or upgrading your network infrastructure. They can also help recognize and eliminate nonbusiness-related applications on your networks, like streaming video, music and instant messaging, letting you free up bandwidth and possibly postpone purchases. Additionally, Netasyst can validate that security devices such as firewalls and VPNs are actually securing the data they are assigned to secure. Virus and worm infections will be more easily traced and eliminated as well.

Perhaps to justify its pricing, the Netasyst products use the same code base, developer resources, customer training resources and support technicians as all of the Sniffer products. This is a great advantage for SMBs because NAI has invested a lot of time and research in those products.

Christopher T. Beers is a Unix systems engineer at Syracuse University. Write to him at [email protected].

Post a comment or question on this story.