Summary: Sniffers and Monitors

From: Houser, Doug W. (dhouser@seta.com)
Date: Mon Sep 30 1996 - 12:16:41 CDT


ORIGINAL NOTE:

> Could someone please tell me the *basic* differences between packet
sniffers
> like snoop and etherfind, and any of the following network analyzers or
> management software?
> HP Openview, Sunnet Manager, SMS, Cabletron Spectrum System, Make System's
> WinMIND and NetWork Vue.

SUMMARY:

Thanks, Unix Guys, for the quick and helpful responses. And thanks in
advance for any additional responses. Special thanks to Joe Morel who sent
the following:

I am a Communications Analyst for a large Corporate Network. I work
with and have system admin duties with several of the packages you
mention.

The "basic's" are:

1. Firstly, HP OpenView (HP of course), SunNet Manager (SUN), and
Cabletron's SPECTRUM are actually Network Management
Applications or Systems which run on various Unix workstations/servers
and even on x86 platforms.
The three of them are mostly element managers using the SNMP (Simple
Network Management Protocol) to manage various vendors networking,
power, and LAN devices. They can receive unsolicited traps (condition
messages from the device that is configured to report to them, like "I'm
Down; I've switched to back-up power [or] back-up path; I've just been
power reset [cold-start], or software reset [warm-start]; and many
more. You can also use the SNMP protocol to set Event requests or Data
requests that will
provide you information on CPU utilization, Traffic statistics, etc.,
and set thresholds to warn you when problems exist.

Mostly you need applications from the vendors you use on your LAN
(Netware, Microsoft-W3.1, W95, NT) or Network (Cisco,
BayNetworks, and numerous others) that is designed to utilize the
"basic" HPOV, SNM, or SPECTRUM software.

2. In my view, the three we talk about above are the big players.
WinMIND and NetWork Vue I don't know anything about.

3. SMS I believe is mostly LAN management software.

4. Sniffers and Network Analyzers are tools to passively monitor the
packet stream on LAN (TokenRing, Ethernet, FDDI, etc.)
or WAN (telco T1 or partial T1) interfaces.

5. Snoop is an application on SUN Solaris 2.3 and above O.S.'s and
Etherfind is an application on Sun O.S. 4.1.3.
These let you see the packet stream on that machine's local Ethernet
interface(s).

6. In my view, Network General's SNIFFER is the best product for
analyzing LAN and WAN packets to find problems in your
network.

Talk about "basic". Discovering which of these tools to use in your
particular environment is a major undertaking, not to
mention the people and time resources you need to throw at them to
design, implement, update, and utilize the technology they
provide.

These tools are necessary to manage large LAN, WAN network
environments. But they are useless unless you have well trained
technically compitent, and highly motivated individuals doing the
design, implementation, and continuing administration of
these resources.

Use the search engines on the internet and you will find tons of
information on any and all of these tools and more.

I speak from 30+ years of experience.

Now wake up and go on to your next email. You surely have to be
snoozing by now.

Good luck to you,

Joe



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:11 CDT