Sniffers New Twist on Net Analysis

By Cameron Sturdevant  |  Posted 2002-04-09 Print this article Print

eLABorations: Latest offerings have a nose for double-checking traffic at firewalls as well as other devices.

There are a couple of interesting twists in Network Associates Technologies Inc.s Sniffer product line. First is the Sniffer Investigator, a protocol analyzer appliance designed for small to midsize enterprises. Investigator, which shipped in February, is a scaled-back version of Sniffer Pro. The second notable ware, released April 4, is Sniffer Enterprise Management Architecture, a long-needed utility that centralizes creation and distribution of packet filters and provides remote capture analysis and reporting.
During interviews and on-site demonstrations of both products--plus other Sniffer tools that are under a press embargo until May 6--I got a glimpse of a mature product line that is making the right moves to stay in the enterprise administrators toolbox. This isnt to say that tools from WildPackets Inc. and Network Instruments LLC should be ignored: These products are often a cheaper way to decode traffic that doesnt involve a WAN link.
The neat thing about Sniffer Enterprise Management Architecture is that it will likely be one of the most important steps taken to spread human expertise to real-time network management. During the product demonstration, I was able to see two things that made this clear. The first is filter creation. Effective filters are usually built by human beings who have had extensive experience with network troubleshooting. Using Sniffer Enterprise Management Architecture, it is a simple task to distribute these filters to Sniffers in the field. Second, I was able to open a remote troubleshooting session with another Sniffer user that allowed us to collaborate on tracking down a problem. This is crucial both for fast problem resolution and for enabling an experienced Sniffer user to teach other network staff the best way to quickly isolate problems. It was clear from my interview with Bakul Mehta, president of Sniffer Technologies, that the product line has a clear set of goals that make sense for the future--it looks like Sniffer products will be able to smell out problems wherever they may occur in the network. This is critical, because its becoming clear that firewalls, intrusion detection tools and other security devices must be checked to ensure that problem traffic isnt getting through. The best way to do this is to use an independent test tool such as Sniffer, WildPackets EtherPeek or Network Instruments Observer to double-check the work of these security tools (watch for a comparative review of these three products in the April 22 issue of eWEEK). Sniffer Investigator is Sniffer software installed on a laptop with a bit more than half of the decodes included in regular Sniffer products. This portable form factor and lower cost will likely appeal to network managers who dont have the variety of applications running on the network but need high-powered problem-solving capabilities. Senior Analyst Cameron Sturdevant can be contacted at
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel