IPSonar Rolls With Net Changes

Version 3.0 detects variety of intrusions-for a price.

Lumeta Corp.s IPSonar 3.0 neatly expands intrusion and wireless access point detection, and it ferrets out potential information leaks across network boundaries. However, the products $18,000 license fee to monitor 5,000 IP addresses means it is best-suited to high-value networks where IT managers expect substantial changes.

IPSonar 3.0, which shipped in January, comes with a 1U (1.75-inch) IPSonar Server that is also an IPSonar Sensor. In eWEEK Labs tests, the product made quick work of network discovery and correctly reported nearly every IP device in our network. We used a single sensor to discover our network; additional sensors—including a small appliance for permanent installations and a laptop for portable use—are also available.

We think the product is a good choice for IT managers who are preparing to merge large networks. Managers conducting security audits will also benefit from IPSonars extensive network and server mapping reports, which provide precise details about the layout of a network.

During our initial tests, IPSonar 3.0 incorrectly identified a Cisco Systems Inc. Aironet 1100 Series wireless access point, indicating the IP network device was not a wireless access point. Company engineers identified a typo in the identification file and corrected the problem so that the Aironet 1100 was correctly identified.

Although we dont like to see this kind of error, especially when identifying common network equipment, Lumeta officials responded quickly. Furthermore, IPSonar did identify wireless access points from D-Link Systems Inc. and Buffalo Technology Group (which is a wholly owned subsidiary of Melco Inc.). IPSonar 3.0 also provided useful details about individual devices, such as which machines responded to FTP requests.

IPSonar 3.0s competitors include Fluke Networks Inc.s $13,395 OptiView Integrated Network Analyzer portable hardware device at the high end and Ipswitch Inc.s $795 WhatsUp Gold at the low end. In eWEEK Labs tests, IPSonar provided more-detailed maps and did a better job of discovering IP devices than did these rivals. However, the other tools mentioned are better at day-to-day operations and overall network management and troubleshooting.

We believe IPSonar 3.0 would be a good complement to other management tools in large, changing networks because it identifies areas of a network that overlap with other networks and its reports quickly highlight these junctions with other networks.

IPSonar 3.0s ability to discover wireless devices is a handy addition, but it should be used in conjunction with other wireless security tools. AirMagnet Inc., Network Instruments LLC and WildPackets Inc. make portable wireless sniffers that more effectively track down hijacked access points.

IPSonar 3.0 had no trouble discovering our test network and capably showed specific services—such as FTP—that were responding on our network devices. This information is probably most valuable as a way for network managers to check on overall network best practices, including making sure that devices are provisioned to provide the desired levels of performance and network security.

IT managers can use IPSonar 3.0 for much more than just security functions. For example, IPSonar revealed extensive, unexpected exposures of our network to the Internet. In this regard, IPSonar was a great help in ensuring that our network was properly confined to the eWEEK lab, with no crossover into other networks.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.