Tip of the Month

Network Analysis Tip of the Month – September 2006

No Longer a Tool...

By Jim Thor, WildPackets Professional Services

Those of you who have heard me speak in various locations around the country know just how passionate I am about not using the Peeks merely as a troubleshooting tool.

This is an area that is very close to my heart as I feel that over 95% of the people who use protocol analyzers never use them to their full potential. And as each of you is reading this, I am sure you are asking yourself, if they (the Peeks) aren’t a tool, what are they? If I don’t use it to troubleshoot, what am I going to use it for?

The answer is simple. Packets don’t lie. And if the packets don’t lie, then we should take every opportunity to listen to what they have to say. Not just listening when there is a problem or issue on the network, but always! When things are working properly is possibly one of the best times to listen, as that is when we can see the true expected behavior.

So how can you do this? Well, you probably already own a Peek product (or more), or you wouldn’t be reading this, so that is the first step. Now, start long term captures on one or many NICs. If you have available disk space on your system, you can save the last ‘x’ amount of packets up to your available disk space, but that is not necessary if you don’t have space. You can still capture the long term statistics. Just set the Save files options to whatever best suits your needs.

Now take this to a whole new level without much cost. Grab the next system that someone is going to retire, validate it has the basic requirements to run the Peek (not much required), and load it full of NICs. Get another license for the Peek of your choice, and connect those NICs to various segments throughout your network. You can now gather long term statistics on nodes, protocols, summary stats, utilization, etc. from any segment that you are connected to. You could even export that data automatically from every segment to a web page if you chose.

Now you have visibility into all those segments, for only the cost of one more Peek license. And the Peek is no longer a troubleshooting tool, it is an application, a 24x7 network analysis application!