New Analysis Gig
This tool answers the challenges of decoding high-speed, high-capacity networks--all with user-friendly ease.
October 10, 2003
I found the overhauled interface mighty intuitive. Many app-specific types of network traffic are segregated and summarized automatically, with errors highlighted in an environment that's enjoyable to navigate.
Transactional processes are gathered under their own headings, as are mail and messaging, database apps, voice-over-IP flows and RTP (Real-Time Transport Protocol) for streaming media. A generic category acts as a bucket for other packets. All headings show traffic details that include source and destination addresses and ports, errors, packet sizes, byte counts and response-time details.
Going Deep
Interface |
Built on the rugged Dolch FlexPAC platform, ClearSight's analyzer uses Windows XP Professional. The 2-GHz Pentium 4 CPU and 2 GB of RAM provide plenty of horsepower for the analyzer's network-monitoring and capture functions, whether the device is used in pass-through mode (between two gigabit switches) or as an end-station that monitors a network switch span port.
The analyzer has a generous512-MB-per-channel capture buffer, is capable of full wire rate and streaming capture, and can operate with a streaming speed of up to 800 Mbps, depending on packet type in the wire. Pass-through configurations can employ the included low-loss tap or the platform's onboard interfaces.The analyzer is configurable based on your needs. For example, if you have no interest in monitoring Exchange traffic, but need to capture your enterprise's VLAN-specific data and add a protocol in response to a new worm attack, you can tailor the settings with just a few clicks.
Testing 1, 2, 3
I used the analyzer in both pass-through and end-station setups on a network built primarily with Cisco hardware. My end users had freedom to do whatever they chose on the network, including creating their own problems. In every session, I instantly identified those conditions that caused network slowdowns--such as dozens of machines on one subnet trying to make a high number of DNS calls to a nonexistent server. And it took mere seconds to filter a port used by one of the recent attacks to find machines that were still spewing worm-related traffic.I hopped around the detailed Web traffic flows during the session to determine how much ad-server traffic was present across HTTP flows. In more than one instance, I was able to show that the network was healthy while other factors--the retransmit of Web objects from the Internet or failed authentications attributable to device misconfigurations--were creating the illusion of slowness.
There are drawbacks to the ClearSight analyzer: It lacks long-term trending, and its reports are not nearly as flexible as I would like. Also, the device cannot generate packets.
Master of the Network
In addition to easy drill-downs for detail, timing diagrams are standard for every network flow. These diagrams show a complete single-view synopsis of the conversation, with every error along the way in its proper place in the conversation.
Perhaps most impressive is the tool's ability to play back network conversations, such as streaming media and VoIP phone calls, in their exact entirety. This lets you view what the end user experienced during the session, complete with jitter or delay. It's hard to imagine a truer form of analysis.Lee Badman is a network engineer at Syracuse University. Write to him at [email protected].
You May Also Like