Network Monitoring Software

Per Funke per.funke at hoe.se
Wed Mar 4 03:19:32 EST 1998



Please be aware of the fact that if you don't have complete knowledge of
how
your network is structured you might have problems seeing what you want
even with the best of sniffers.

If your lan is twisted pair, switches in the network may be setup so
they do not
forward ip-packets, directed to a certain ipaddress, to other ports than
the one this ip-address
is physically connected to. In other words if you connect your pc to a
certain port in the switch
and start sniffing you might very well see only packets directed to the
sniffing pc and
that won't be many. A sniffer is a good listener...

I reckon the same thing goes for the more expensive hubs too. They want
to see
outgoing packets from one or more machines on a port before they accept
incoming packets to those machines. I'm not an networking guru so trust
only  your local expert
how to do these things before you trow away gobs of money... please...He
is the
only person with sufficient previleges to configure a port allowing all
packets to pass through.

(The main reason for all this is that every effort is made to keep the
number of packets down
on each and every segment so
your network performance won't degrade during heavy loads.)


QUOTE:

Subject:
        RE: Network Monitoring Software
   Date:
        Sat, 28 Feb 1998 05:57:36 -0800
   From:
        "Vladislav S. Davidzon" <davidzon at metronet.lib.mi.us>
     To:
        Multiple recipients of list <web4lib at library.berkeley.edu>

As I promised, the following are the replies I got to my question
regarding network monitoring software, in case anyone needs this
information. Thanks to everyone who responded.  We now know that the
problems were apparently coming from our ISP.

Again, thanks to everyone who responded!

-vsd

----

NT 4.0 has a network monitor service but it only captures packets
to/from the server.  To get the full version you have to buy System
Management Server.  I suspect there are some basic free/shareware
utilities that will get the job done but haven't really investigated the

matter.

Take a look at Observer from Network Instruments
http://www.netinst.com.  It will allow
you to (among other things) capture packets to or from any IP host.  It
also decodes the
headers so you don't have to count byte offsets and all that.  You can
also fi
lter packets using a number of preset or custom filters so you only
capture the packets
you are interested in.


It is not cheap, about $700.  The demo version on their web site is just
that.  It is not
the real product only a canned demo.  I ordered mine from DataComm
Warehouse.


Usually what is used is special packet sniffing hardware, which is
very expensive.  You can rent these boxes though.  There is packet
sniffing software but its expensive too.  And of course you need the
skill to use and interpret it the data.  Sometimes hiring a
consultant with packet sniffer hardware might be worth it.

With your Linux PC you can use tcpdump, ipxdump and ipxparse (these
came with our RedHat 5.0, I assume they can be used with other
Linuxes also) to do a poor man's version of some of this.

http://www.ngc.com/product_info/sna/sna_dir.html Sniffer Network
Analyzer
has been one of the industry biggies for years...by the way, they will
send
you a cool networking diagram with all of the layers (transport,
network,
etc.) for free.

END QUOTE!

--
Per Funke, Systems Technician
University of Orebro, Library
+46 19 30 34 78, Fax +46 19 33 12 17





More information about the Web4lib mailing list