In this month's tip we will discover the process of performing proactive network performance baselining with the Sniffer Pro protocol and network analysis tool. Although Sniffer Pro has many more capabilities, today we will look at a specific portion called the Dashboard. The Dashboard is a small tool within the Sniffer Pro's toolset. If you have Sniffer Pro, you can click on the Dashboard icon on the toolbar to get to it, or you can go through the file menu system by going to Monitor, then Dashboard. It will open the Dashboard as seen in Figure 1.
|Figure 1: The Sniffer Pro Dashboard|
Now that you have it open, we can look at what we are offered as far as functionality is concerned. Most technicians don't know how to use the Sniffer Pro analysis tool for protocol decoding and traffic analysis. Many times, this tool is looked at as too advanced with the need for special training to get it working. In many cases that is true,
What's nice about the Dashboard is that you can launch it (as we have already done), and it immediately starts real-time analysis. It's important to emphasize that it works in real time; you don't need to flick any switches to get it working. If you look at Figure 1 again, you can see the three dials at the top of the dialog box. Dial one monitors utilization for the network segment to which the Sniffer Pro is connected. It is important to understand that it is not getting statistics for the entire network, only the segment to which it's connected. Utilization should be around 40% for a non-switched environment and 70% for a switched environment. If these basic utilizations are crossed, you may have a problem with your network being over-utilized.
Dial two monitors packets per second. You of course would want to look at the number of packets on your network segment, but even more important is the sizes of the packets. In Figure 2, you can see the details for the dials. Size distribution is in the middle column. When using Ethernet, you should have a nice spread from 64 to 1518, with multiple frame sizes in between. You want to look at the number of smaller sized packets versus the amount of larger sized packets. Remember that if you have too many smaller sized packets, your routers, NICs and switches are all working twice as hard to process twice as much (if not more).
|Figure 2: The Detail Tab|
The last dial in Figure 1 shows errors per second. Again, click over to the details for the gauges and you can see exactly what errors are listed and how many instances of them you are receiving. I will not list all the error types here because they are explained in detail in the Sniffer Pro's help system. You should, however, be on the lookout for excessive amounts of collisions on a non-switched network, and always be concerned about CRC (Cyclic Redundancy Check) errors, which show data that has been dropped and/or retransmitted. Anything in excess should be a concern. Of course, you will have occasional errors, but a baseline of your network will show you how many are typical for normal operations.
|Figure 3: Setting the Dashboard properties|
Next, you should be aware that there are useful charts that are available as well. In Figure 1, you see a simple chart with network utilization being monitored. Since not much is going across the wire, network utilization is at about 0-1%. You can also monitor all the items you see in Figure 2 (the detail tab) within this chart, as well as the ones below it (detail errors and size distribution). You can view this daily to see spikes in network utilization, packet sizing or any of the other options listed -- in real time.
You can always adjust the thresholds of what you see. If you click on the "set thresholds" link at the top of Figure 1, you will open the Dashboard Properties dialog box as seen in Figure 3. In this dialog box, you can alter the settings within your gauges and details to flag a problem only on the threshold you set it at. In other words, if you wanted to set the utilization on a switched network to 70, you can change it in the MAC Threshold tab as seen in Figure 3.
In sum, Sniffer Pro is often underutilized because administrators don't understand its capabilities. In future tips, we will look at even more network management functionality within the toolset of the Sniffer Pro network analysis application.
For more information about Sniffer Pro, visit Network Associates.
This was first published in June 2002