[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

Network Monitoring: So many to choose from, but what's the right one!

Hello - I've been receiving more and more user issues that requires me to come up with a spare computer, load Wireshark, connect it to the network and begin monitoring. Then, I tell the user to call when they experience issues so we can remote in and watch the packets. Sometimes they call, sometimes they don't. More often they don't and the issue persists. Then, my client comes to me because the user complains about an outstanding issue that never gets resolved.

Finding the workstation, loading the software, coordinating with the user; it's exhausting and it's happening more and more. I'm looking around for a cost effective and simple way of collecting the data and analyzing it. I stumbled across this product a few years ago and it's still around, http://bit.ly/rZ5Ybw. I'm not sure what monitoring hardware they are referring to or the software used to analyze. I assume this is like connecting a hub to the network with one of my Wireshark monitoring workstations, which isn't really what I'm looking for.

It would be great if I could connect a device to the network and that device collect data like the Teeny Tap and store it so I can take it offline later and download the collections for analysis with something like Wireshark. Does this type of hardware exist? Has anyone used something like this? What are you using when you have to monitor/analyze your network for issues like these?

Thanks for your time!

digitap
0
digitap
Asked:
digitap
  • 6
  • 3
  • 2
  • +1
4 Solutions
 
SouljaCommented:
What you want is NetScout. It is the golden grail of network traffic monitoring. It is expensive though, but I have used it in the past. It will allow you to do packet captures from the past! Plus netflow and other traffic monitoring.
0
 
Ernie BeekCommented:
As Soulja said, it's big $$$$$

Did you consider building something yourself?
Using dumpcap for example: http://packetlife.net/blog/2011/mar/9/long-term-traffic-capture-wireshark/
0
 
digitapAuthor Commented:
I came across NetScout, but it still seems to be along the lines of "here's our software now you come up with the hardware" type of solution. Again, I'm not even sure if what I'm looking for exists. A simple hardware device that collects the packets and allows for analysis offline.

@erniebeek :: I've thought about building one myself. The article you provided is nice and I'll strongly consider that. It looks like the OS is Linux and that's a drawback for my boss. I understand that Windows has CLI for dumpcap so that may possibly work.

What I like about Teeny Tap is the size and the ability to be between the device having issues and the rest of the network. Maybe I'm wishing in one hand...
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
SouljaCommented:
Hmmm, the Netscout installs that I used in the past had Netscout appliances.
0
 
digitapAuthor Commented:
Interesting. Do you recall which you used?
0
 
Ernie BeekCommented:
Is there a certain budget you must keep to?
0
 
digitapAuthor Commented:
Well, it's taken a number of years (I gave my boss an article about the Teeny Tap in 2008), to get him to consider looking at something for our clients. I know I'm going to have a fight on my hands so having options will be helpful.

My boss likes cheap, but I know you get what you pay for. I don't know what budget I have to work with.
0
 
Ernie BeekCommented:
Hehehe, ok.
I've seen a Cascade shark appliance once: http://www.riverbed.com/us/products/cascade/cascade_shark_overview.php

Over that you won't have to fight. Looking at the price your boss will die of a heart attack straight away ;)

But serious, you would like an appliance that's kinda small, can be plugged in between a faulty device and the network and preferably logs in a format wireshark can read?

Something is humming in the back of my mind, just can't grasp it. Let me sleep over it. If it comes back to me I'll let you know.
0
 
digitapAuthor Commented:
I can always tell when I know it's going to be expensive when they say, "Contact a sales rep for pricing." I'm sure it's good, but...

Yes, you've described what I'm looking for perfectly. Sure, when you've deciphered the humming, let me know. I have a while before I make my presentation.
0
 
digitapAuthor Commented:
Talking with my associate, I think we're going to put together something similar to the link provided by erniebeek, http://packetlife.net/blog/2011/mar/9/long-term-traffic-capture-wireshark/. My associate is going to put the hardware together and I'm going to focus on the analysis software.

So, my take is I only have time to specialize in so many things. I am a tech of many trades, but when I'm looking at packet traces, I rarely can pull out quickly what I'm looking at. I'd like to have something that would allow me to summarize the data and get a quick idea of which direction to go.

So, what should I look at?
0
 
eeRootCommented:
0
 
digitapAuthor Commented:
@eeRoot :: I'll have a look at it.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 6
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now