Solved

Packet sniffers and what to do with them?

Posted on 2002-03-14
3
194 Views
Last Modified: 2013-12-07
Can anyone tell me what a packet sniffer could do for my network?

I have captured a few minutes of traffic...
I understand the src and dest. IP's aloong with the type of traffic.... but how do I know if I have too much traffic or how do I know if I am having a problem?



0
Comment
Question by:dteb
3 Comments
 
LVL 16

Accepted Solution

by:
SteveJ earned 100 total points
ID: 6865217
Using a trace from a packet sniffer to find problems with your network is extremely difficult. Typically you use an packet sniffer to help you locate the source of a problem.

Think of a packet sniffer as something different from a packet analyzer. A packet analyzer will help you locate problems with your network by doing the analysis for you. For example, to know if there was excessive ARP traffic on your network you'd need a trace, then you'd to count each ARP packet for the given time  . . . and you may or may not know what "excessive" means. A packet analyzer keeps track of this stuff on the fly - broadcasts per second, packets per second, bytes per second and on and on . . .

A packet analyzer like Sniffer Pro statistically analyzes data at the packet level. For example, it will note the time that an SYN packet was sent to a server, the time that it took the server to respond, and report this as a "slow server response" condition if the time is above a default threshold. It will also find and report large numbers of conditions that you'd never be able to find unless you were very, very good such as TCP windowing problems or high retransmit rates.

Analyzers also typically come with easy to use filtering software to allow you to limit what you have to sort through.

One packet sniffer thats free is Ethereal. No analysis, just traces. It does give protocol percentage breakdowns, but that's it. You can write filters for capture and display but for novices this can be a daunting task.

What else?

Good luck.
Steve
0
 
LVL 3

Expert Comment

by:CyberStretch
ID: 6865511
It would seem like you are searching for the correct tehcnology for a specifc problem.

In another thread, someone made mention of 3Com's Network Supervisor (http://www.3com.com/products/en_US/result.jsp?selected=5&sort=effdt&order=desc&sku=3C15100C). It is freeware and offers the ability to map and display alerts based upon threshholds that you set for any network component. Although this is not a packet sniffer, it does help to monitor network traffic and potential problems; offering ways to notify you if you are off site or away from the monitoring system.

I have tried this on my home network and it basically works pretty good. Some of the SOHO networking equipment I have is improperly detected, but that is to be expected. Also, I had problems getting the Advanced Package and SP1 to install. (Kept telling me I needed to have Network Supervisor installed, which I do on a different partition than the one setup suggested. Therefore, they could have coded the default install directory into the upgrades.)
0
 

Expert Comment

by:CleanupPing
ID: 9155799
dteb:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Finding a free PC on campus 6 54
Cisco Layer 2 Switches 6 52
Device same like our heart 12 49
Allowing Multicast in the firewall 2 14
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now