In this tip, we will look at the Etherpeek NX product, what it does and why you can use it for network management. Etherpeek NX is a protocol analyzer used to aid in the capture, decode and analysis of protocol traffic passing through your network. Etherpeek NX, from WildPackets, is the newest release in the company's line of protocol analysis software. You may not be very familiar with packet-level analysis tools. This article will give you some things to think about if you decide to purchase a network management utility such as Etherpeek.
Many technicians have heard of or have seen the popular Sniffer Pro analysis tools from NAI. The problem with the Sniffer Pro tool is nothing more than the price. I believe that it's worth the money spent (up to $18,000), but this may not be affordable for many IT budgets, especially in smaller companies that may have more limitations. Etherpeek NX is able to give you an affordable tool set for far less -- it runs about $3500 base price.
So what does Etherpeek NX do? Etherpeek NX is the first protocol analyzer to offer both expert diagnostics and frame decoding in real time, during capture. This is revolutionary. With a tool like Sniffer Pro, you would have to create a filter (if desired), start your capture and then stop the capture to view it. You could then apply a filter on the capture once it had stopped. With Etherpeek NX, you can see the actual traffic as it is being capturing. In Figure 1, Etherpeek NX captured a ping in real time for me as I launched a ping sweeper across the test lab.
One of the other nice things about Etherpeek NX (besides it top two selling points -- price and real-time capture analysis) is the fact that it is created by WildPackets, which is a company made up of experts in their field. The product looks and feels comfortable and is extremely easy to use to capture and analyze traffic. Filters are are applied by point-and-click, and you can switch between most screens very easily. Other tools of this kind are typically trickier to use.
Expert Systems are included in the Etherpeek NX package to help you diagnose network problems as they come up. They are also straightforward and include direct links to the WildPackets Compendium for help with troubleshooting problems. The Etherpeek interface is easy to manipulate. It offers tools like the network statistics gauges that show percentages of utilization on network segments, the amount of traffic traversing segments and error counts. Figure 2 illustrates the network statistics counters.
Etherpeek NX can also help you manage possible problems that may be occurring (or may occur in time) by setting alarms for common problems. Natively, with the Etherpeek NX analyzer, you can see problems with bandwidth over utilization, duplicate addresses on your network, ICMP problems, and other protocol-related issues. You can also manage security issues with Etherpeek NX by enabling alarms for teardrop attacks, land attacks and other types of malicious behavior taking place on your network segments. In Figure 3, you can view some of the conditions you can monitor.
Etherpeek NX version 1.1 has several new features that weren't previously available in the older Etherpeek products. First, there is a new "New HTML Start Page," as seen in Figure 4. This launch page allows the technician to launch a capture, open older capture files, or use online and offline help. There are also "Enhanced Node Statistics" available for you to view in hierarchical format so that you can see nodes on the network defined by their names and addresses based on MAC address, IPv4 or v6 addresses, or other names and address formats to include AppleTalk and DECnet.
Another new feature is additional "Expert Diagnoses," including those for VoIP. The expert ProblemFinder that is available in EtherPeek NX v1.1 now contains over a dozen new Expert Diagnoses that will aid you in finding problems on your network. New types include:
- DHCP Request Rejected
- IP Zero Address in Broadcast
- TCP Lost Connection
- VoIP RTP Excessive Jitter
- VoIP RTP Excessive Packet Loss
- VoIP RTP Late Packet Arrival
- VoIP RTP Packet Out of Sequence
I find this extremely useful for any traffic analysis you need to do for VoIP technology, as there aren't many tools out there that can help you troubleshoot VoIP on the wire. You will also find new and improved Packet Decodes, which are very useful, especially since half of them are for VoIP. Here are some of the new decodes you can use. as well as some 'improved' decodes:
- VoIP (including G.711, H.225, H.263, H.323 and Q.931)
- SNMP (including SNMPv3, RMON, RMON2, MIB, MIB2, OID and SMI)
- IPsec (ESP and AH)
Lastly, you can use enhanced Filter Creation tools like sortable comments and filters where you can filter exportation.
As you can see, if you are into protocol analysis, or have a need to manage traffic on the wire, Etherpeek NX delivers what you need for a much more affordable price than some of the competitors. You will find that Etherpeek NX is a great add on tool to your network management arsenal to help with network optimization, security and management. You don't have to believe what I say, though, download it and you will see how handy the tool is for yourself.
To minimize the chance of packet capture loss and to optimize EtherPeek's overall performance, a system with at least a 600 MHz processor and 256 MB RAM running Windows XP or Windows 2000* is recommended. Microsoft Internet Explorer 5.0 or later is required for XML and HTML reporting/saving features. For gigabit analysis, a 64-bit PCI bus is required, and at least 1 GHz and 1GB RAM is recommended.
*Also tested on Windows NT 4.0 workstation
For additional hardware considerations, please visit:
For free demo software, go to:
Have questions or comments for Robert? You can contact him in the Net Management Forum, or send him an e-mail at [email protected]