With the 10th version of its Observer network management and analysis suite, Network Instruments LLC provides a comprehensive network analyzer. Although Observer Version 10s latest features are not groundbreaking, they enable several welcome capabilities that ease ongoing reporting, reduce WAN congestion and improve wireless network analysis.
Click here to read the full review of Observer 10.
2
With the 10th version of its Observer network management and analysis suite, Network Instruments LLC provides a comprehensive network analyzer. Although Observer Version 10s latest features are not groundbreaking, they enable several welcome capabilities that ease ongoing reporting, reduce WAN congestion and improve wireless network analysis.
Many improvements in Version 10 bring the venerable Observer suite up to speed with competitors from different segments of the marketplace. For example, WildPackets Inc. introduced a scalable analysis architecture with low bandwidth utilization last year with its Omni3 product, and AirMagnet Inc. has been performing wireless analysis exceptionally well for years. But these rivals are now hard-pressed to match Observers comprehensive feature set for wireless networks or wired Ethernet and Gigabit Ethernet.
eWEEK Labs tests of Observer Suite 10, which is priced at $3,995, show that Observer is worth a look for any site that must hone and expand the scope of its network management.
The Observer suite includes the base packet capture and decode engines, plus Expert Analysis and SNMP- or RMON-based device management. We also tested the new Advanced Expert software probe (sold separately for $2,895) installed on a remote Windows XP workstation with Cisco Systems Inc.s 350 PCI adapter. Observer Suite 10 and Advanced Expert Probe started shipping late last month.
Advanced Expert Probe improves Observers NI-DNA (Network Instruments Distributed Network Analysis) architecture by performing network data analysis and processing at the remote probe instead of transferring whole packet streams back to the central Observer console. Sending such streams could congest WAN connections. Advanced Expert Probe sends screen updates instead of raw data back to the console, further reducing bandwidth demands. When performing decodes, the probe sends small numbers of data headers back to the console, with the rest of the packet available upon request.
Network Instruments also offers a full suite of hardware probes for full-duplex captures and Gigabit Ethernet network links or trunks that can report to the central Observer console, as well as individual software probes that do not offer the Advanced Expert Probes bandwidth savings.
Observer 10 includes several new wireless-specific Expert analysis tools that arm administrators with better abilities than previous versions to spot WLAN (wireless LAN) weaknesses or attacks. Although these wireless analysis capabilities are not quite as robust as those found in AirMagnet Distributed 4.0, they provide a lot of useful information.
Observer Suite 10 indirectly identifies DoS (denial-of-service) attacks by listing anomalous association and dissociation rates plus spoofed MAC (media access control) addresses. The new Expert tools can also identify access points that are enabled for WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) encryption, and it can detect open or shared authentication systems.
Administrators can create profiles with predetermined thresholds for numerous events for either wireless or wired networks. We configured our wireless Advanced Expert Probe with a list of all known access points with instructions to notify us when unknown access points were identified.
When an unknown device is detected, an alarm is automatically displayed in the Observer console. Administrators can also configure Observer to e-mail warnings to or page IT staff automatically or to send an SNMP trap.
Network Instruments has also added several features that make the product easier to navigate and enable it to generate useful data. We especially appreciated the new Fast Post-Filter, which allowed us to isolate a single conversation or device in the post-capture buffer by right-clicking a packet. This feature has been sorely lacking in previous Observer versions.
Overall, Version 10s filtering capabilities are greatly enhanced. Users can now search active buffers or saved captures for specific data—this ability will be invaluable for large capture files. Observer Suite 10 includes several prebuilt filters that identify specific hack attacks or virus activities, and Version 10 allows users to create their own filters for anything from hardware addresses to text strings.
We also liked the new VLAN (virtual LAN) detection capabilities that identify available VLANs and generate useful data on bandwidth utilization and throughput totals.
We didnt test the new Network Instruments Authentication Server, which is sold separately and priced at $2,000. Authentication Server is designed to improve the scalability of the NI-DNA solution by allowing each remote probe to authenticate users to a central database (either internally to Authentication Server or connected to Active Directory), instead of maintaining individual user accounts on every probe instance.
Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.