Sniffers New Twist on Net Analysis

eLABorations: Latest offerings have a nose for double-checking traffic at firewalls as well as other devices.

There are a couple of interesting twists in Network Associates Technologies Inc.s Sniffer product line.

First is the Sniffer Investigator, a protocol analyzer appliance designed for small to midsize enterprises. Investigator, which shipped in February, is a scaled-back version of Sniffer Pro.

The second notable ware, released April 4, is Sniffer Enterprise Management Architecture, a long-needed utility that centralizes creation and distribution of packet filters and provides remote capture analysis and reporting.

During interviews and on-site demonstrations of both products--plus other Sniffer tools that are under a press embargo until May 6--I got a glimpse of a mature product line that is making the right moves to stay in the enterprise administrators toolbox. This isnt to say that tools from WildPackets Inc. and Network Instruments LLC should be ignored: These products are often a cheaper way to decode traffic that doesnt involve a WAN link.

The neat thing about Sniffer Enterprise Management Architecture is that it will likely be one of the most important steps taken to spread human expertise to real-time network management. During the product demonstration, I was able to see two things that made this clear. The first is filter creation. Effective filters are usually built by human beings who have had extensive experience with network troubleshooting. Using Sniffer Enterprise Management Architecture, it is a simple task to distribute these filters to Sniffers in the field.

Second, I was able to open a remote troubleshooting session with another Sniffer user that allowed us to collaborate on tracking down a problem. This is crucial both for fast problem resolution and for enabling an experienced Sniffer user to teach other network staff the best way to quickly isolate problems.

It was clear from my interview with Bakul Mehta, president of Sniffer Technologies, that the product line has a clear set of goals that make sense for the future--it looks like Sniffer products will be able to smell out problems wherever they may occur in the network. This is critical, because its becoming clear that firewalls, intrusion detection tools and other security devices must be checked to ensure that problem traffic isnt getting through. The best way to do this is to use an independent test tool such as Sniffer, WildPackets EtherPeek or Network Instruments Observer to double-check the work of these security tools (watch for a comparative review of these three products in the April 22 issue of eWEEK).

Sniffer Investigator is Sniffer software installed on a laptop with a bit more than half of the decodes included in regular Sniffer products. This portable form factor and lower cost will likely appeal to network managers who dont have the variety of applications running on the network but need high-powered problem-solving capabilities.

Senior Analyst Cameron Sturdevant can be contacted at