EtherPeek 4.0.1 for Windows

When the network is down, no one is the focus of more attention than the network manager. Because companies rely on computer networks for day-to-day business operations and revenue, downtime can be costly, so tools that minimize or prevent downtime are valuable. AG Group's EtherPeek 4.0.1 for Windows is a software-based network- and protocol-analysis tool. EtherPeek helps network managers configure, manage, and troubleshoot Ethernet networks by monitoring and capturing network traffic and simplifying traffic analysis.

To test EtherPeek's features, I installed it on a custom-built 466MHz Intel Celeron-equipped PC that had 128MB of RAM and ran Windows NT Workstation 4.0 with Service Pack 6 (SP6). A D-Link DFE-530TX PCI Fast Ethernet adapter connected the PC to the network.

Installing EtherPeek was a snap: The software came on a CD-ROM and presented me with a menu of options that included installing EtherPeek, installing AGNetTools (a suite of TCP/IP troubleshooting utilities that include Ping, Ping Scan, Trace Route, Name Lookup, Name Scan, Port Scan, Service Scan, Finger, Whois, and Throughput), and viewing documentation. During the installation, the software prompted me for user information and the product's serial number. After the required reboot, I launched EtherPeek, which prompted me to specify a network adapter for network monitoring.

I initially connected my system directly to a network switch that didn't provide port-mirroring capabilities. In this setup, EtherPeek can see only network traffic destined for or generated by my PC. The EtherPeek manual presented several options for monitoring switched-network environments. I chose to connect my monitoring PC to a 10Base-T hub; I then connected a hub-based branch of the Windows 2000 Magazine Lab network to the 10Base-T hub. With my monitoring PC connected to a hub-based network, EtherPeek could report statistics for all the devices attached to my Ethernet segment.

I referred to the product's hard-copy manual and the online documentation several times throughout my tests. The printed manual contains a 10-page section that outlines the basics of packets and protocols and how EtherPeek interprets them. After reading this section, I was ready to dive in and test the product.

EtherPeek's main program window contains menus for all of EtherPeek's operations. Each statistics monitor and packet-capture operation appears in a separate section of the main window. I opened a window for each category that the Statistics menu offers.

Statistics Monitoring
EtherPeek's Statistics menu lets you monitor network traffic in the following categories: History, Nodes, Protocols, Conversations, Network, Error, Size, and Summary. The History window displays statistics in a user-selectable graphic format. You can choose to view a bar, area, or line graph of overall network utilization or of the bytes per second or packets per second sent over the network.

The Nodes window displays a table of all the nodes in your network segment and their corresponding utilization statistics. For each node, the table showed the media access control (MAC) and IP address, the byte total, the packet total, and the node's overall network-utilization percentages for inbound and outbound traffic.

The Protocols window, which uses AG Group's ProtoSpecs technology to organize all the protocols into an expandable tree format, provides an example of EtherPeek's user-friendly functionality. As Figure 1 shows, the Protocols window enumerates in table format all the protocols on the network. For each protocol listed, the table displays the total network-utilization percentage, total bytes, and total packets. You can access a description of any protocol by right-clicking the protocol in the treeview and selecting Protocol Info.

The Conversations window outlines in table format all conversations between devices on the network. For each conversation, the table displays the source and destination nodes, which protocol the conversation used, and the conversation's total bytes and total packets.

The Network window displays realtime information about network traffic as a percentage of total network capacity and as packets per second. EtherPeek uses speedometer-type gauges to display this information.

The Error window also uses a gauge to represent statistics. This window provides numbers for cyclical redundancy check (CRC), frame-alignment, and runt- and oversize-packet errors.

The Size window displays a chart that represents the number of packets per packet-size range. You can display this packet-distribution information in a bar or pie chart.

The Summary window shows detailed realtime network statistics in table format. You can arrange the table's columns in ascending or descending order by clicking the column headings. You can also save table data to a delimited text file for use in a reporting or data-logging application. A snapshot feature lets you save statistics for later comparison.

One of EtherPeek's most useful features is its ability to log statistics directly to an HTML file. You can log statistics captured in the Nodes, Protocols, Conversations, and Summary windows. From the main window's Statistics menu, I selected Statistics Output. In the resulting window, I configured the HTML output frequency and accepted the default path. EtherPeek wrote four HTML files, each of which provided a report that included neatly arranged statistics.

Capturing and Analyzing Packets
In addition to monitoring statistics, EtherPeek offers packet-capturing operations. Packet captures let you see the nuts and bolts of packets on your network. To start a packet capture from EtherPeek's main user interface (UI), select New from the File menu, then Start Capture from the Capture menu. The software can run multiple packet captures simultaneously and opens a separate window for each capture.

When I started a new packet capture, the software presented me with the Capture Buffer Options dialog box, which offers several configuration choices. I left the default selections, clicked OK, then clicked Start Capture in the resulting capture window. The first thing I noticed was that the software didn't take long to fill the default 4096KB buffer with captured packets. After the buffer reached capacity, the software stopped the capture. To ensure that you capture the data you want, EtherPeek offers several file-saving and buffering schemes that you can tailor for different packet-capture scenarios. To test this feature, I configured a continuous capture that used a 10MB buffer. I directed EtherPeek to write the buffer to disk until the capture files filled 100MB of disk space. EtherPeek saved each capture file with a filename that indicated what time the software saved the file to disk.

As the software captures the data, you can view captured packets in realtime from the capture buffer or save the data to a file to view later. To view the data from different perspectives, you use tabs at the bottom of the capture window that separate the data into the following categories: Packets, Nodes, Protocols, Conversations, Size, Summary, History, Log, and Filters. These views provide the same information that the Network Statistics window provides, similarly formatted.

   Previous  [1]  2  Next