NetXRay turns your NT system into a network monitor
A LAN is like an ocean. The surface
view is beautiful and serene, but the deeper you get, the stranger the scene
becomes. In fact, getting a good perspective on what's happening inside your LAN
is like looking out of a submarine--you frequently discover new and often
unimaginable sights. If you have a yearning to explore possibly uncharted depths
of your network, dive into Cinco Network's NetXRay network monitoring software.
But be warned: Network monitoring software is not for the faint hearted.
When you look at traffic on a LAN, you are privy to the hidden and seemingly
incomprehensible conversations that occur between interconnected computers. If
you aren't familiar with the inner workings of protocol suites such as TCP/IP,
Internet Packet eXchange (IPX)/Sequenced Packet eXchange (SPX), and NetBIOS, you
can quickly get lost. If you are comfortable with the whispered words in which
computers talk to one another, you will readily understand and appreciate the
value of NetXRay.
NetXRay to the Rescue
NetXRay is a network monitor and testing program that lets you observe your
network's overall utilization, capture and view packets (messages) transmitted
over your LAN, and generate test messages so you can troubleshoot problem areas.
NetXRay requires an Intel-based Windows NT Workstation or NT Server system with
a 10Mbit-per-second (Mbps) Ethernet, 100Mbps Ethernet, or Token-Ring adapter. A
Network Device Interface Specification (NDIS) version 3.1 (32-bit) driver must
service the network adapter. If you run a Token-Ring network, the adapter must
support "promiscuous mode" operation, which rules out any Token-Ring
adapter based on the IBM Tropic chip set. In contrast, Ethernet adapters support
promiscuous mode.
Installing NetXRay is relatively straightforward. First, a simple setup
utility lets you install the main product. You have to reboot your system during
this installation phase. After the reboot, you must access the Network option in
the Control Panel to add the NetXRay driver. This driver intercepts traffic from
the network adapter driver and passes it to the main NetXRay software for study
and evaluation. The driver also passes the same traffic to the usual NT network
services, so you don't lose network functionality when you run NetXRay. Although
NT will prompt you to reboot after you install the NetXRay driver, you don't
have to; NetXRay is immediately useable after you install the driver.
NetXRay resembles Novell's highly successful LANalyzer network monitor.
NetXRay offers a dashboard GUI with gauges that show LAN utilization and packet
capturing information. Screen 1 shows the NetXRay utilization and capture
gauges. If you want additional information, you can click on a Detail tab and
get a statistical breakdown of the gauge indicators. If you run NetXRay on an
ongoing basis, the gauge format provides the best at-a-glance view of network
activity.
NetXRay can also be more than a passive monitor. You can configure it to
sound an alarm if network utilization exceeds a certain percentage or if certain
types of network errors cross the threshold values you set up.
The power of NetXRay is its ability to capture and view packets traveling
through your LAN. You can capture all the traffic that the system running the
software sees, you can filter it according to protocol type (e.g., IPX/SPX or
TCP/IP), or you can home in on traffic between specific systems. Once you
capture some traffic, you can view the contents of the captured packets. As you
see in Screen 2, NetXRay tells you which protocol is in use, the type of message
with respect to that protocol (e.g., a name broadcast, a service request, or a
data message), and the contents of the packet. Note that this capability makes
NetXRay somewhat dangerous--a lot of information you transmit over LANs isn't
encrypted. So when you start capturing that information, you splay your
corporate data open for view like a frog on a dissecting board. Bottom line:
Don't put NetXRay on every desktop system.
NetXRay's monitoring and capturing capabilities make it a valuable tool for
any network analyst or manager. But NetXRay doesn't stop there. It provides two
more capabilities of interest to the hard-core network crowd: First, it can
generate "test" packets that can be benign test (no-op) messages or
replayed captured packets. Second, NetXRay can decode Simple Network Management
Protocol (SNMP) Management Information Base (MIB) information, so you can use
the product to help set up and debug a large-scale network management system,
such as HP's OpenView or IBM's NetView.
The documentation and online help that come with NetXRay are adequate, if
you're familiar with all the protocols NetXRay can handle. At present, NetXRay
can recognize IPX/SPX, TCP/IP, NetBIOS, AppleTalk, DECnet, SNA, and Banyan
traffic.
Deploying NetXRay
When you deploy NetXRay in any production system (workstation or server), be
aware that NetXRay consumes its fair share of CPU resources. You will definitely
notice an operational difference when NetXRay is running. Still, this resource
consumption is a small price to pay to uncover the secrets hidden under the
surface of your LAN.
End of Article
)
StevenLi June 11, 2004