Observer Suite 10

Observer Suite 10 is the latest version of Network Instruments' distributed network packet analyser. It features a new architecture for performing network data analysis and processing, the ability to capture and analyse packet data from virtual Lans (VLans) in real time, enhanced checks for wireless Lans, new reporting options and expanded data mining capabilities.

The product comes in several versions. The basic package costs £995, while the Expert Observer is £2,895 and the full Observer Suite 10 package comes in at £3,995. We looked at the full suite using standard desktop and laptop PCs, all fitted with dual network interface cards.

Installation proved simple enough and we were able to get things up and running, perform a packet capture and start taking data off a Lan in under five minutes - that's what we like to see.

One of the most significant changes in Observer 10 Suite is in how the Expert Probes analyse and present processed data when capturing packets at remote locations. The processing logic has been moved from the console to the actual probe so that the data is processed at the point of capture and only screen updates are transmitted over the network.

To look at the new Vlan options we segmented our switch, creating a virtual Lan for traffic passing to and from PCW's Labs and another for network traffic running between our email servers and networked storage shares.

Using the suite we could see packets received, packets transmitted, and the level of broadcasts, multicasts and overall utilisation of each Vlan - all in real time.

Network Instruments has improved the way the software monitors wireless networks, allowing admin staff to set thresholds or conditions to send alerts via email or a paging server if WEP is disabled or if a rogue access point is detected, for example.

As well as security alerts, Observer 10 can also report on wireless performance parameters such as data rates and station bandwidth utilisation.

In tests we found it easy to look through uploaded packet capture files and analyse the packets individually using the connection dynamics option or just look at a summary of the whole packet capture.

This gave data on the packet size distribution and a distribution by protocols such as Appletalk, address resolution protocol and IP. We could also drill down into the IP statistics to see how many DHCP and domain name service packets were moving around the network.

However, not everything with the Observer suite is as it should be. We did find a problem with the pair statistics matrix, a feature designed to track pairs of stations conversing on the network.

The data can be presented as a list or as a circular dial, but when using the dial, if there are a lot of stations on the Lan, then the text showing individual station's Mac or IP addresses becomes very difficult to see. Using the clumsy built-in zoom function is time consuming.

Users who need to capture and analyse large amounts data over extended periods will be pleased to know that Network Instruments has also improved the data mining capabilities of Observer 10 so that multiple files can be analysed.

You can use this to search multiple packet capture files for specific Mac addresses or IP addresses and analyse the data. The way the system reports and presents this information has also been improved. There are also more than 20 templates that can be used as a basis for making a network summary report.

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!