Which Network Analyzer do you Use? Commercial or Freeware?
Consider the Problem
Deciding which analyzer to use depends largely on the nature of the problem. Does the problem involve application issues? Is the issue occurring remotely? Does the issue occur sporadically?
If you’re unsure whether the issue is caused by the network or application, your commercial analysis solution is the better choice. These solutions, like Observer, provide greater application-level detail and graphical tracking of conversations traversing multiple segments, which are critical for getting to the bottom of application and delay issues quickly. In addition, they offer robust expert analysis, which automates the troubleshooting process reducing the time needed to find the cause of the problem. Conducting application analysis with freeware tools is not an efficient use of time.
“What is missing from freeware and available in commercial tools is application analysis,” said Mike Pennacchi, founder of Network Protocol Specialists. “It’s the ability to decode specific SQL calls or reassemble VoIP packets to analyze conditions, obtain quality metrics, and easily generate reports.”
Often troubleshooting involves viewing what is happening from the perspective of an end-user. This means having an analyzer on someone’s remote machine, so you can run a capture and verify connectivity. If you don’t have an extra licensed copy of your commercial analyzer, using a freeware tool may be the best option due to its unrestricted licensing.
“With a freeware analyzer, I can set up a call with the end-user using Citrix GoToMeeting and gain control of their machine,” said Pennacchi. “I’ll download the freeware capture tool to their system and grab a trace file from the location. I can then either FTP or e-mail it to myself for further analysis. There are many cases where I grab a capture using freeware and bring it into a commercial analyzer for in-depth analysis.”
In cases involving small amounts of data and if you have a good idea of the problem, freeware programs, like Wireshark, have done a good job of making it easy to filter to these problems. These programs may not show you where the slowdown is occurring, but they can help to narrow the number of packets you need to inspect. In addition, advanced users can modify the code or API to define specific types of filtering and analysis.
Long-Term and High Speed Capture
If you’re using monitoring tools daily to manage network and application performance, you likely use long-term packet capture solutions, like the GigaStor, to store terabytes of packets. In this case, commercially available tools are really the only way to go. If you’re looking at gigabytes worth of data, you need indexing and search capabilities to quickly locate the relevant packets.
Also, when we’re talking about high-speed capture, you need appliance-based solutions capable of not only capturing packets but saving to disk at the rates of your network. “The free tools work well for capturing at a workstation or remote office,” said Pennacchi. “But, in high-speed environments we start to lose packets, which means we aren’t going to get a good picture of what’s really causing the problem.”
Ultimately, selecting an analyzer should be based on choosing the solution that is going to solve the problem in the shortest amount of time. In many cases, the answer may be both depending upon the specific situation you face. Here is a table that simplifies the decision process outlining the advantages of each solution.