Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


June 2008

Network-Monitoring Tools

Gain insight into the content and characteristics of your network traffic
From the June 2008 Edition
of Windows IT Pro
Jason Bovberg
Buyer's Guide
InstantDoc #98842
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Hardware Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Executive Summary:

We drill down into the basics and look at what matters most in a network-monitoring tool, covering data-monitoring products, or packet sniffers, which examine the contents of individual packets, giving you the power to monitor the data traversing your network at a protocol level, and statistical monitoring products, which examine the way data flows through the network. The best network-monitoring tactic combines both approaches. More than fifteen network-monitoring products are laid out in the accompanying table offering a quick overview of features offered and prices.

Perhaps your network performance has become rather sluggish, or maybe you’ve just realized that you have no idea what kind of data is actually traveling through your network. Either way, you need a tool that’ll not only let you peek at network traffic and data but also let you perform analysis and troubleshooting.

In a previous buyer’s guide, we provided a unique approach to the topic by focusing on both network-traffic monitoring and service monitoring (see “Network-Monitoring Tools,” December 2006, Instant- Doc ID 93841). We found that many tools in this space were monitoring email databases, Active Directory (AD), WANs, and even the environment. Now, let’s look at what matters most in a network-monitoring tool: After all, what you really want is to be able to study the content and characteristics of your network traffic, and you need to know which products will best help you achieve that goal.

Packet vs. Flow
Network-monitoring products split into two approaches: data monitoring and statistical monitoring. Data-monitoring products, or packet sniffers, examine the contents of individual packets, giving you the power to monitor the data traversing your network at a protocol level. For example, you can keep an eye on FTP, HTTP, and SNMP packets to reveal inappropriate usage involving those particular protocols. When you’re shopping for a packet sniffer, check out the granularity of the tool’s reach and get a feel for the types of information the tool can discern from the captured data.

Statistical monitoring, by contrast, examines the way data flows through the network. Patterns of network usage can not only show you traffic trends (e.g., peak usage, bottlenecks) and general network functionality but can also expose vulnerabilities and even ongoing attacks. Using statistical monitoring, you might see many packets bombarding your network at once, indicating some kind of internal misconfiguration or even a malicious attack. A packet sniffer might be blind to that kind of problem. With a traffic-flow monitoring solution, you can also identify the source and destination of network traffic. If you have Cisco components in your network, you’re going to need a product that supports Netflow. Watch for the inclusion of other popular embedded technologies, such as sFlow (an industry-standard mechanism for capturing traffic from switches and routers) and SNMP (an application-layer protocol for monitoring network-attached devices).

Perhaps you’ve considered dropping traditional packet capture and network analysis and going instead with a statistical monitoring infrastructure. After all, statistical-monitoring tools offer excellent visibility and perspective. However, they won’t replace the essential ability to capture and analyze the data flowing through your network.

Think of Netflow, sFlow, and SNMP as reporting technologies— not as troubleshooting technologies. Embedded in your monitoring infrastructure, these technologies are best used to get an idea of traffic flow, usage patterns, and highly used applications in the environment. But they don’t let you look at the data itself and perform serious troubleshooting. The best network-monitoring tactic uses both packet sniffing and statistical monitoring approaches.

Other Considerations
Most network-monitoring products offer some kind of network topology map, though some maps are more dynamic or granular than others. You might also require VoIP support (e.g., call quality, call drops) and Multi-Protocol Label Switching (MPLS) support, so that you can see data as it traverses the MPLS mesh and determine whether it’s running correctly and whether your provider is offering what it claims to be offering.

You’ll see increasing support for 10GbE bandwidth. Maybe you don’t need it today, but making the investment in that future 10GbE visibility is worth considering. Finally, retrospective analysis is gaining popularity in the market, letting you funnel data to a disk array and perform retrospective troubleshooting—a new mainstay of the industry.

Tool Evolution
Many problems affect network performance—hardware breakdowns, incorrect network configurations, viruses, users taking advantage of your resources inappropriately—and the monitoring tools that unearth those problems take various approaches. Tools in this space continue to evolve and incorporate existing and changing methodologies so that you can tackle as many causes as possible.

See associated table

End of Article

Reader Comments
firewall's like stonegate, pix and checkpoint do help also if IP Security is applied and routers are secured, third party softwares like DAEMON Tools also do help and play a big role in monitoring

PrinceKanago June 02, 2008 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To Learn More About Network-Monitoring Tools
"Network-Monitoring Tools: Buyer's Guide"

"Top Networking Trends of 2008"

"Wireless Best Practices"
Top Viewed ArticlesView all articles
Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

WinInfo Short Takes: Week of September 8, 2008

An often irreverent look at some of the week's other news, including the long-awaited back to school season, Microsoft's first Seinfeld/Gates ad, some EU insights, another Netbook improvement, Opera silliness, and much, much more ...

IE 8.0 and Chrome Could Enable Next-Gen Web Apps—Unless Your ISP's Bandwidth Cap Gets in the Way

Both browsers are being positioned as the core system application that will enable the next generation of web apps--however, ISP usage caps could throw a major monkey wrench at web-based application delivery. ...
Related Articles VPN Firewalls for SMBs

NETIKUS.NET EventSentry 2.8

Enabling Netmon in Windows 2003

Essential Network Monitoring for the SMB, Part 1
Networking Whitepapers Enterprise IP PBX Buyers Guide: Features and Services That Matter

The VoIP-News Premise PBX Buyer's Guide

KVM Over IP For the Distributed IT Environment
Related Events Check out our list of Free Email Newsletters!
Networking eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

SQL Server Administration for Oracle DBAs
Related Networking Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

IT Connections
Dive into the new Microsoft platforms and products you implement and support with the experts from Microsoft, TechNet Magazine, Windows ITPro and industry gurus. There are 70+ sessions and interactive panels with networking opportunities.

Attention User Group Leaders...
Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes and add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Master SharePoint with 3 eLearning Seminars
Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!

Get SQL Server 2008 at WinConnections
Don’t miss Microsoft Exchange and Windows Connections conferences, the premier events for Microsoft IT Professionals in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.



Interested in Email Encryption?
Read about the advantages of identity-based encryption in this free report.

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Virtualization Congress Oct. 14-16 in London
Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technical Resources Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing