Network Instruments Full-Duplex Probe and nTAP

I recently test-drove some high-end network-monitoring equipment from Network Instruments to see how it fared against my favorite free tool, Ethereal, which I'd set up on an extra box in my office. Ethereal is great for local monitoring but was never explicitly designed with remote analysis in mind. The big advantage of Network Instruments' Full-Duplex Probe Appliance, along with the company's Copper nTAP devices, is that you can use the solution to monitor servers from anywhere—even over a slow link.

The Full-Duplex Probe Appliance is a 1U box running Windows XP that comes with two network adapters—one for monitoring and another for regular network connectivity. You connect the probe's first network adapter to a Network Instruments nTAP device that sits between your switch and the server you want to monitor. The nTAP device sends a copy of the network signal to the probe without affecting the servers' network connectivity.

The Full-Duplex Probe Appliance performs protocol analysis locally and sends only the data you want to see to your management workstation. Therefore, you can monitor devices on remote networks even over a slow WAN link. I compared the amount of data sent to my monitoring workstation by the probe with the amount of data sent by RDP from a box running Ethereal. The data rate of the Remote Desktop session was 39.2Kbps. The data rate from the probe was a much more lightweight 3.9Kbps via SNMP and only 2.1Kbps via Observer, Network Instruments' protocolanalysis software.

It might take a large network to justify the price of a Network Instruments probe and nTAP devices for all your servers, but it's a great and reliable way to keep tabs on traffic with easy configuration and zero server or switch impact.

See the full version of this article-online at Instant Doc 48415.