EtherPeek

Imagine that you have a network comprised of three file servers, one print server, and an unlimited number of client machines, all connected to the Internet. Let's complicate the network by adding Macintosh computers that communicate using the AppleTalk protocol. How much activity would take place on this fictional network? If it's representative of the networks I've set up and worked on, in an average day you can have gigabytes of data streaming through the wires.

Now imagine that something goes wrong. That thought is frightening, isn't it? In a multiprotocol heterogeneous network environment, detecting and troubleshooting problems can be difficult. Fortunately, AG Group offers a Windows NT 4.0 version of EtherPeek with the promise of simplifying network analysis.

Surprisingly, EtherPeek packs a lot of functionality into a relatively small package. The entire program ships on a 1.44MB floppy. Installing the product is simply a matter of running SETUP.EXE and pointing the files to a directory. The program takes up a scant 2MB of space.

EtherPeek proactively sniffs traffic packets on a network. By default, EtherPeek supports AppleTalk, IP, IP Address Resolution Protocol (ARP), NetWare, TCP, User Datagram Protocol (UDP), NetBEUI, and NBT packets. To keep up with emerging technologies, EtherPeek lets users create filters for new packet types. Creating a new filter is almost effortless--just fill in the information, and EtherPeek adds the new packet type to its filter list. Once EtherPeek captures packets, it categorizes them according to a user-specified criterion.

You can capture packets based on the protocol, address, or contents of the packet. This capability simplifies diagnosing network problems, because you view only the pertinent packets (i.e., the specific packets between the two computers that aren't getting along). After you capture the packets, you can assign unique colors to each packet type, as shown in Screen 1, to simplify sorting through the logged information. I set up EtherPeek to capture TCP/IP and UDP packets going across the network. The program intelligently sorted them into organized columns. Double-clicking a packet entry brought up its contents, Screen 2, in text format, letting me export the packet information to a flat ASCII text file. In addition to using the packet sniffing features for diagnostic purposes, you can view utilization patterns by monitoring specific nodes and protocols for traffic.

EtherPeek also includes a number of useful Internet integration features. For example, you don't have to Figure out which IP address corresponds to which hostname; EtherPeek can automatically resolve IP addresses into hostnames, letting you easily identify network entries. You can import your own list into the name Tables as long as the file is in a flat text file format. Finally, EtherPeek supports both 10Base-T NICs and the new 100Base-T standard.

The best feature in EtherPeek is its ease of use. Anyone who's used traditional network analyzers knows there's a tradeoff between functionality and ease of use; functionality usually comes at the expense of an intuitive user interface. EtherPeek reconciles this trade off by wrapping up its expansive analyzing functions in a user-friendly interface.

Etherpeek doesn't have many downsides. The only significant flaw I noticed in testing the product is the lack of an online manual. AG Group packages a comprehensive 150-page manual with the product, but adding a searchable Help file to the product wouldn't have taken more than two extra floppies. Also, the plug-in interface included in the Macintosh version of EtherPeek is conspicuously absent from the Windows version. This interface lets you extend EtherPeek's functionality by adding new modules to perform specific tasks, such as monitoring Web and Network News Transfer Protocol (NNTP) servers for usage patterns. I hope, AG Group will add this useful feature in a future release. These two gripes aside, EtherPeek makes a great addition to any network manager's utility belt.

End of Article