Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!husc6!spdcc!ftp!jbvb From: jbvb@ftp.COM (James Van Bokkelen) Newsgroups: comp.dcom.lans Subject: Re: Netware 2.0a++ performance degradation, how come? Summary: Some LAN monitors are expensive, some are inexpensive (even free). Message-ID: <723@ftp.COM> Date: 20 Sep 89 18:23:45 GMT References: <5620@decvax.dec.com> <406@excelan.COM> Organization: FTP Software Inc., Cambridge, MA Lines: 52 In article <406@excelan.COM>, edc@excelan.com (Eric Christensen) writes: >.... > Anyhow, unfortunatly, the only way to really find out what's going on > with a misbehaving network is to use a network analyzer and a TDR (time > domain reflectometer). While I highly reccommend that both these tools > be part of any network admin's tollkit, they're quite pricey ( $10,000 > or so for a network analyzer and a couple grand for a good TDR). There > are some small, hand held network monitors around which can replace the > TDR for a few hunderd bucks, and are easier to use (interpreting a TDR > trace is not a job for the network novice). But there's just no > replacement for a good network analyzer. >.... Network monitors are indeed invaluable when something goes wrong, and you need a way of seeing what is actually happening on the cable. However, they aren't all as expensive as Eric implies (the more expensive ones do indeed provide more functionality, but it may not be what you want). Long ago people working on PC-IP at MIT needed a monitor, and had PCs with first-generation network interfaces in them, so they wrote "Netwatch", which puts the interface in promiscuous mode and displays summary information about each packet it receives. This is freeware, and is available in the PC-IP source distribution (FTP to husc6.harvard.edu, or buy a tape of an older version from the MIT Microcomputer Office). The authors of Netwatch helped found FTP, and they had an agenda for improvements to Netwatch, which resulted in our "LANWatch" product ($1.2K). We like it well enough that we don't own anything else, but we *are* somewhat likely to be biased... Wollongong also offers a derivative of Netwatch, which I've never seen. The common weakness of all these is that their packet capture and hardware analysis capabilities are limited, because they use a standard PC LAN interface instead of specialized hardware. This was much more crippling when the 3C500 was pitted against the EXOS225 than it is now that 3rd generation cards are everywhere, but it can be important in some situations. The 10K and up monitors will do their best to capture everything (there was an article in PC Magazine (I think) recently comparing the Spider Monitor, the LANAlyzer, the Sniffer and the HP monitor; they all started out well but their buffers aren't infinite). The ones that run on hardware you already own definitely can't capture everything, and they may not report as much detail on damaged packets, etc. on the net. The worst thing about all these monitors is that they aren't too much use unless you understand something about the protocols you're using; they don't tell you "4.2bsd host foo.bar.com apparently can't understand IP options", instead they let you look at the last packet before it crashed and make you figure it out for yourself. -- James B. VanBokkelen 26 Princess St., Wakefield, MA 01880 FTP Software Inc. voice: (617) 246-0900 fax: (617) 246-0901