Monitoring IP traffic on your network is a tedious chore. Standard network-monitoring software often does not differentiate between IP protocols, such as Simple Mail Transfer Protocol (SMTP) or Post Office Protocol (POP), but instead collects statistics at the packet level. Other software collects protocol-level statistics but does not provide packet-level monitoring. Now, WebXray, created by Cinco Networks (available from Network General), can be another tool to help you monitor your IP network.
WebXray is similar to its sibling, NetXray (for a review of NetXray, see page 117) in appearance, installation, and usage. However, WebXray monitors IP traffic on your network rather than acting as a global protocol analyzer, like NetXray. Instead of collecting statistics on the number of IP packets vs. the number of IPX packets, WebXray collects statistics on the number of HTTP packets vs. the number of FTP packets.
When you launch WebXray, a dashboard and a capture window appear. The dashboard monitors IP traffic on your network. The window lets you capture IP traffic and analyze the physical packets traversing your network.
With WebXray, you can draw a topographical map of your networking environment. Many different drawing programs (e.g., Microsoft PowerPoint) are available, but few contain the icon set you need to properly draw a network diagram. To access this feature, select Tools and New Topology Map from the toolbar. If you have an existing topology map, you can select File and Open to pull up the drawing tool on the screen. When the map is on the screen, a series of icons graphically represent nodes on your network. On the left side of the window, toolbar icons let you perform mapping tasks. The software can auto-discover all the nodes on your network and place them on the map for you, or you can add them manually. After you add all your icons, you can draw connection lines between nodes to graphically represent a connection. In my small network example, I auto-discovered four nodes and added my hub manually. I then connected the nodes using the line and connection tools. Screen 1 shows the result.
Another nifty feature of the topology map is the Status index tab. When you select this tab, a list of all the hosts on your topology map appears, along with a list of the IP protocols that the software tracks. If a host has an active service monitoring the IP service, a small, yellow smiley face appears. If the host is not monitoring that IP service, a red circle with a minus sign is displayed. This graphical mapping is extremely useful in determining which sites support different services. For example, if you auto-discover all the nodes on your network, you can refer to the map to see which hosts are FTP servers, Web servers, POP servers, and so on.
Packet analysis and picture drawing are not the only features WebXray has to offer. The software includes a series of tools (available when you select Tools from the toolbar) you can use to monitor your network. One tool is Protocol Distribution, which maps all your network's IP-based protocols and their relative traffic levels and presents this information as a chart. For example, if you have a network with a large amount of Web traffic, you might see a pie chart that shows a 40 percent slice for Web traffic and the remainder split among the other services on your network.
Unfortunately, I did not achieve network-monitoring nirvana with WebXray. On my test Windows NT Workstation 4.0 host, WebXray core dumped with access violations at irregular intervals, and I lost a significant amount of work and statistical data.
Despite my problems, WebXray is a tool that systems administrators on an IP-based, midsize-to-large-company network need. The software's fantastic selection of graphical reports, the ability to map your network's topology, and the overall network monitoring features make this utility a staple for any systems administration toolbox. However, I would wait until the next release for Network General to work out all the bugs.
\[Editor's Note: At press time, Network General and McAfee announced plans to merge to form Network Associates.\]
Network General 415-473-2000 or 800-764-3337
System Requirements: Windows NT or Windows 95, 80486 DX/50 (minimum) Pentium recommended, 16MB of RAM (NT), 12MB of RAM (Win95), 8MB of hard disk space, 3.5" floppy drive, Approved network interface adapter, Promiscuous mode operation—NDIS 3.1 driver support