HomeProducts/ServicesMaster LibraryHOT LabsBooksDownloadsAbout Us
  Library  >  Books   Newsletters   Articles   3rd Party Articles   Course Notes   Trace Files   Links   Downloads
 

Looking at the Sniffer Dashboard

By Laura Chappell, Sr. Protocol Analyst
<Available in PDF format also>

The main display of many analyzers include a common ‘dashboard’ look. In this article, we’ll take a quick tour of the Dashboard window of Network Associate's Sniffer Pro.

The Sniffer Pro is a GUI-based analysis product. Gone are the days of working through the ugly DOS screens.

The dashboard window contains three dials, as shown in Figure 1:

  • the packets per second dial
  • the utilization percentage dial
  • the errors per second dial


Figure 1: The Sniffer dashboard… just like your car!

The Packets per Second Dial

On this dial, the needle indicates the current packets per second rate. The red zone of the dial indicates the alarm threshold. Below the dial is an inset window that displays the current packet per second rate (the number of the left) and the peak packets per second rate (the number on the right).

When your network experiences a sudden burst of traffic, you'll find the packets per second dial goes shooting up into the red area. Although you may think that this is an indication that your network is becoming congested, that is not necessarily the case. Network congestion is caused by a high utilization rate. <Device congestion – or, more accurately device overload -- on the other hand – can be caused by a high packet per second rate.>

High utilization and high packets per second rate are not necessarily related. For example on a network that support a lot of telnet traffic, you'll see a high a packet per second rate, but the overall utilization will be low. This is because typical telnet traffic uses minimal packet sizes.

The Utilization Percentage Dial

The Utilization dial shows you the amount of bandwidth actually in use on the cabling system. Again, the red zone indicates the alarm threshold setting. The inset window below the dial indicates the current utilization percentage (the number on the left) and of the peak utilization percentage (the number on the right).

Unless you have been living under our rock, you should be well aware that many networks are starved for bandwidth. Watching your bandwidth dial, and some of the bandwidth trend information, will ensure that you are the first one to know when your network begins to choke.

The Errors per Second Dial

Just as in the previous dials we looked that, the Errors Per Second dial has a red zone that indicates the errors alarm threshold, and the inset window which indicates the current and peak error rate. This dial indicates when your network experiences any of a variety of errors.

On an Ethernet network, these errors include:

  • CRC errors
  • Runt packets
  • oversized packets
  • fragments
  • jabber
  • alignment errors
  • collisions
Clicking on the Detail Tab below the dials will provide you with additional information about how the network is running currently. As you can see Figure 2, the detail window shows the cumulative count of the packets seen on the network.


Figure 2: The Sniffer Detail window – great error and size distribution information.

The Detail Window

The detail window is broken up into three sections:

  • network information
  • detail errors
  • size distribution
The Network section lists the number of packets seen, the number of packets dropped by the analyzer (perhaps caused by the analyzers inability to keep up with the current packet rate), broadcasts, multicasts, bytes, utilization, and errors.

The Detail Error section lists each of the errors that are shown in the error per second dial.

The Size Distribution section shows the typical packet sizes used on the network. This is very interesting stuff. As you can see, on this network most of the packets are minimum sized packets (64 bytes). Lots of little itty bitty stinkin' packets! Certainly, this is not the most effective network we've ever seen. The ideal network has 80 percent of the traffic on the last line (the largest packet size listed).

So, as you can see there's a tremendous amount information to be gathered just by looking at the Sniffer dashboard. In fact I've seen some people sit and stare at the dashboard for hours...scary, eh?

For more information on the Sniffer, visit Network Associates WebSite (www.nai.com).

Laura Chappell
Sr. Protocol Analyst
Copyright 2000 Protocol Analysis Institute, L.L.C.

Other Articles:
Catching the Lovsan Worm in Action [PDF]
Time is of the Essence
The Wonderful Thing About Triggers... [PDF]
The Pain of Gnutella
About the 2301 Traffic
10 Cool Things You Can Do with the EtherPeek Demo [PDF]
Basic Packet Filtering [PDF]
Advanced Packet Filtering [PDF]
Looking at the Sniffer Dashboard [PDF]
TrenchTime: Ports to Watch
Did Your Know: Wireless Networks are Not Immune to Sniffing? [PDF]
The 10 Truths of Network Troubleshooting [PDF]
Carnivore? [PDF]
Sniffer: Using the Capture Panel [PDF]

Laura Chappell Presents...™ Sign In:

This area is exclusive for purchasers of self-study courses. Register for a free test drive.



Need Help?


Register now for Laura's Newsletter!


LAURA's CALENDAR

Hands-On Courses, check dates and cities

Copyright © 2006
Protocol Analysis Institute