As an independent troubleshooter, I am always interested in tools that are portable and provide instant information.
Many times when I am looking at a customer’s problem, I cannot assume that they will graciously give me their SNMP strings or access to their network management system. That being the case, RMON and any other flavor of Flow would also be out of the question as well. Honestly, I hope a customer wouldn’t willingly give out that kind of information or access to anyone.
Since my background is protocol analysis, I tend to gravitate to those tools that work from the packet level. Of course I know this isn’t always possible, but I’ll take whatever I can get. And as the old saying goes, “Packets don’t lie”.
In this article I am showing you a quick peek at Colasoft’s (www.colasoft.com) nChronos product which basically captures packets and uses a slick GUI to control how you report on what it just captured.
The trick with all packet capture tools revolve around a few critical points:
- Make sure the packet capture tool can handle the flow of traffic it is monitoring. For example, in this video I used a laptop to monitor my internet link because I know it isn’t a high speed link. I wouldn’t use this laptop to monitor a 100 Mb, or greater, since the packet loss would be high.
- Understand your network topology and pick your monitor points carefully as well as decide how you intend to intercept this data. For example, do you use a tap, mirror/span or hub'
- Pay close attention to what the tool does with all those packets to make post processing easier. I have seen protocol analyzers that can capture 1 GB or data, but struggle to load the same trace file it just created.
I also used this tool to investigate what is causing the 2 Mb/s data stream and why my WiFi performance is subpar.