Protocol analyzers are well-known—and, for the most part, well-understood—tools that are part of every network administrators virtual toolbox. Whats interesting about these tools today is the extent to which they are taking on new capabilities, both to distinguish themselves from one another and because playing around with packet-sniffing technology is just too tempting for developers.
I spent some time in eWeek Labs with Network Instruments LLC, maker of Observer 8.0. Aside from the packet capture and decode, which are the bread and butter of every protocol analyzer, Observer comes with a variety of probes and specialized tools that let it peer deeply into the network in an effort to solve sticky network problems.
Network managers should explore any extras that their protocol analyzer may include, to see if it can help with more than the standard problems. For example, Network Instruments Observer has an SNMP browser that we used to check on the detailed status of a switch and server that both had SNMP agents. We used Observer to monitor traffic loads and CPU utilization.
Granted, these are measurements that can be taken by many other tools, but the point is, at the time we were using Observer to sniff for problems in a particular network segment, we were also able to get this additional SNMP information. We could see what kind of traffic was traveling over each interface and, most important, it was usually easy to see network problems just by looking at SNMP performance graphs.
Network managers should also make sure that they take a little time out of every day to ensure that tools they already own are being used to the fullest. In the case of Observer, its worth making sure that the comprehensive set of probes that are available for the product, from RMON to Frame Relay, are being used to cut the number of steps (or even more so, flights) needed to monitor geographically dispersed network devices.
The staid network protocol analyzer will likely be pulled into the whirlpool of storage management with monitors of iSCSI and Fiber Channel proving their worth in diagnosing a new host of problems that have at their core the humble data packet. Senior Analyst Cameron Sturdevant can be contacted at firstname.lastname@example.org.