EtherPeek

Simplify network analysis

Imagine that you have a network comprised of three file servers, oneprint server, and an unlimited number of client machines, all connected to theInternet. Let's complicate the network by adding Macintosh computers thatcommunicate using the AppleTalk protocol. How much activity would take place onthis fictional network? If it's representative of the networks I've set up andworked on, in an average day you can have gigabytes of data streaming throughthe wires.

Now imagine that something goes wrong. That thought is frightening, isn'tit? In a multiprotocol heterogeneous network environment, detecting andtroubleshooting problems can be difficult. Fortunately, AG Group offers aWindows NT 4.0 version of EtherPeek with the promise of simplifying networkanalysis.

Surprisingly, EtherPeek packs a lot of functionality into a relativelysmall package. The entire program ships on a 1.44MB floppy. Installing theproduct is simply a matter of running SETUP.EXE and pointing the files to adirectory. The program takes up a scant 2MB of space.

EtherPeek proactively sniffs traffic packets on a network. By default,EtherPeek supports AppleTalk, IP, IP Address Resolution Protocol (ARP), NetWare,TCP, User Datagram Protocol (UDP), NetBEUI, and NBT packets. To keep up withemerging technologies, EtherPeek lets users create filters for new packet types.Creating a new filter is almost effortless--just fill in the information, andEtherPeek adds the new packet type to its filter list. Once EtherPeek capturespackets, it categorizes them according to a user-specified criterion.

You can capture packets based on the protocol, address, or contents of thepacket. This capability simplifies diagnosing network problems, because you viewonly the pertinent packets (i.e., the specific packets between the two computersthat aren't getting along). After you capture the packets, you can assign uniquecolors to each packet type, as shown in Screen 1, to simplify sorting throughthe logged information. I set up EtherPeek to capture TCP/IP and UDP packetsgoing across the network. The program intelligently sorted them into organizedcolumns. Double-clicking a packet entry brought up its contents, Screen 2, in text format,letting me export the packet information to a flat ASCII text file. In additionto using the packet sniffing features for diagnostic purposes, you can viewutilization patterns by monitoring specific nodes and protocols for traffic.

EtherPeek also includes a number of useful Internet integration features.For example, you don't have to Figure out which IP address corresponds to whichhostname; EtherPeek can automatically resolve IP addresses into hostnames,letting you easily identify network entries. You can import your own list intothe name Tables as long as the file is in a flat text file format. Finally,EtherPeek supports both 10Base-T NICs and the new 100Base-T standard.

The best feature in EtherPeek is its ease of use. Anyone who's usedtraditional network analyzers knows there's a tradeoff between functionality andease of use; functionality usually comes at the expense of an intuitive userinterface. EtherPeek reconciles this trade off by wrapping up its expansiveanalyzing functions in a user-friendly interface.

Etherpeek doesn't have many downsides. The only significant flaw I noticedin testing the product is the lack of an online manual. AG Group packages acomprehensive 150-page manual with the product, but adding a searchable Helpfile to the product wouldn't have taken more than two extra floppies. Also, theplug-in interface included in the Macintosh version of EtherPeek isconspicuously absent from the Windows version. This interface lets you extendEtherPeek's functionality by adding new modules to perform specific tasks, suchas monitoring Web and Network News Transfer Protocol (NNTP) servers for usagepatterns. I hope, AG Group will add this useful feature in a future release.These two gripes aside, EtherPeek makes a great addition to any networkmanager's utility belt.