NetXRay by Cinco Networks

NetXRay turns your NT system into a network monitor

A LAN is like an ocean. The surfaceview is beautiful and serene, but the deeper you get, the stranger the scenebecomes. In fact, getting a good perspective on what's happening inside your LANis like looking out of a submarine--you frequently discover new and oftenunimaginable sights. If you have a yearning to explore possibly uncharted depthsof your network, dive into Cinco Network's NetXRay network monitoring software.

But be warned: Network monitoring software is not for the faint hearted.When you look at traffic on a LAN, you are privy to the hidden and seeminglyincomprehensible conversations that occur between interconnected computers. Ifyou aren't familiar with the inner workings of protocol suites such as TCP/IP,Internet Packet eXchange (IPX)/Sequenced Packet eXchange (SPX), and NetBIOS, youcan quickly get lost. If you are comfortable with the whispered words in whichcomputers talk to one another, you will readily understand and appreciate thevalue of NetXRay.

NetXRay to the Rescue
NetXRay is a network monitor and testing program that lets you observe yournetwork's overall utilization, capture and view packets (messages) transmittedover your LAN, and generate test messages so you can troubleshoot problem areas.NetXRay requires an Intel-based Windows NT Workstation or NT Server system witha 10Mbit-per-second (Mbps) Ethernet, 100Mbps Ethernet, or Token-Ring adapter. ANetwork Device Interface Specification (NDIS) version 3.1 (32-bit) driver mustservice the network adapter. If you run a Token-Ring network, the adapter mustsupport "promiscuous mode" operation, which rules out any Token-Ringadapter based on the IBM Tropic chip set. In contrast, Ethernet adapters supportpromiscuous mode.

Installing NetXRay is relatively straightforward. First, a simple setuputility lets you install the main product. You have to reboot your system duringthis installation phase. After the reboot, you must access the Network option inthe Control Panel to add the NetXRay driver. This driver intercepts traffic fromthe network adapter driver and passes it to the main NetXRay software for studyand evaluation. The driver also passes the same traffic to the usual NT networkservices, so you don't lose network functionality when you run NetXRay. AlthoughNT will prompt you to reboot after you install the NetXRay driver, you don'thave to; NetXRay is immediately useable after you install the driver.

NetXRay resembles Novell's highly successful LANalyzer network monitor.NetXRay offers a dashboard GUI with gauges that show LAN utilization and packetcapturing information. Screen 1 shows the NetXRay utilization and capturegauges. If you want additional information, you can click on a Detail tab andget a statistical breakdown of the gauge indicators. If you run NetXRay on anongoing basis, the gauge format provides the best at-a-glance view of networkactivity.

NetXRay can also be more than a passive monitor. You can configure it tosound an alarm if network utilization exceeds a certain percentage or if certaintypes of network errors cross the threshold values you set up.

The power of NetXRay is its ability to capture and view packets travelingthrough your LAN. You can capture all the traffic that the system running thesoftware sees, you can filter it according to protocol type (e.g., IPX/SPX orTCP/IP), or you can home in on traffic between specific systems. Once youcapture some traffic, you can view the contents of the captured packets. As yousee in Screen 2, NetXRay tells you which protocol is in use, the type of messagewith respect to that protocol (e.g., a name broadcast, a service request, or adata message), and the contents of the packet. Note that this capability makesNetXRay somewhat dangerous--a lot of information you transmit over LANs isn'tencrypted. So when you start capturing that information, you splay yourcorporate data open for view like a frog on a dissecting board. Bottom line:Don't put NetXRay on every desktop system.

NetXRay's monitoring and capturing capabilities make it a valuable tool forany network analyst or manager. But NetXRay doesn't stop there. It provides twomore capabilities of interest to the hard-core network crowd: First, it cangenerate "test" packets that can be benign test (no-op) messages orreplayed captured packets. Second, NetXRay can decode Simple Network ManagementProtocol (SNMP) Management Information Base (MIB) information, so you can usethe product to help set up and debug a large-scale network management system,such as HP's OpenView or IBM's NetView.

The documentation and online help that come with NetXRay are adequate, ifyou're familiar with all the protocols NetXRay can handle. At present, NetXRaycan recognize IPX/SPX, TCP/IP, NetBIOS, AppleTalk, DECnet, SNA, and Banyantraffic.

Deploying NetXRay
When you deploy NetXRay in any production system (workstation or server), beaware that NetXRay consumes its fair share of CPU resources. You will definitelynotice an operational difference when NetXRay is running. Still, this resourceconsumption is a small price to pay to uncover the secrets hidden under thesurface of your LAN.