NetMinder Ethernet 5.0

“The network is slow” is an end-user complaint that rings constantly in the ears of many network managers. But all too frequently, the user gives no specific description of slow — instead, the statement is simply a clue that something, somewhere,might be wrong.

When you face this kind of problem, a network-analyzer program, such as Neon Software’s recently released NetMinder Ethernet 5.0, can quickly give you the insight you need. Now available as an OS X­native app, NetMinder Ethernet is an appealing and extremely useful tool that provides administrators with easily accessible and understandable information on the nuances of Ethernet packet transport.

Quickly Gain Intuition

Neon’s focus on ease of use lets any network manager — not just wireheads — quickly monitor a network. When you launch NetMinder Ethernet, it opens four windows that allow you to control data collection and view Ethernet packets, analyze IP usage on an address and protocol basis, analyze bandwidth-usage trends, and discover problems with specific packets. Once you start collecting information, you can use the TCP/IP Analysis window to see which nodes and protocols are consuming the most bandwidth on your network.

A common question network managers get is “How much network bandwidth is consumed by Web browsing?” The TCP/IP Analysis window can quickly tell you what percentage of your network traffic is HTTP or HTTPS, the two primary IP protocols used in Web browsing. Likewise, you can use the Trend Analysis window to see how many packets are being transmitted and what percentage of the theoretical amount of bandwidth this represents. And NetMinder Ethernet’s Packet Inference window displays messages that can alert you to possible aberrant traffic on your network. The Packet Inference feature compares Ethernet traffic with a predefined set of rules and alerts you when noteworthy events occur, such as an attack by a network worm (Code Red, for example) or the appearance of a duplicate IP address on your network. These alerts can prompt you to disable switched ports or isolate susceptible servers until the attack or problem can be mitigated.

Digging Deeper

NetMinder Ethernet decodes a variety of packet types; double-clicking on any packet in the NetMinder Ethernet window displays the headers and data contained in the packet. (You can define additional Ethernet-based protocols for identification, but this manual process requires a detailed understanding of the packet header and other characteristics.) Reviewing network conversations on a packet level is often useful when you’re trying to see whether a host or application is functioning properly.

If you’re monitoring a very busy segment of your network, finding the packets you’re looking for among the thousands that you’ll collect in a few seconds could be very time-consuming. Using NetMinder Ethernet’s filters, you can zero in on problematic traffic by specifying a source, destination, and protocol (including granular details specific to each protocol, such as flags or packet size). You can apply filters during the datacollection process or use them on data you’ve already collected, to sift through raw data — including captures made with the command-line utility TCPdump.

Wake-up Call

Reports of problems on your network are often intermittent and anecdotal — and therefore difficult to fix. For example, a user may tell you that he always has trouble with an application late in the afternoon. Unless you’re watching your network when the problem occurs, you’ll have a hard time determining the possible causes. NetMinder Ethernet’s ability to automatically begin data capture based on a time or a network event allows you to begin your triage without sitting in front of your workstation.

NetMinder Ethernet can also alert you when specified conditions or events occur on your network. For example, you may be trying to track down a rogue computer that’s intermittently causing problems on your network. You tell the application to send you an alert — via pager, e-mail, or SNMP trap — when the event occurs. Just about any condition can trigger these alerts, which can incorporate filters and Packet Inference messages, giving you quite a bit of flexibility in your troubleshooting tactics.

Runs Almost Anywhere

NetMinder Ethernet requires either OS X 10.1 (or later) or OS 7.X (or later) — that is, it will run on just about any Mac that has an Ethernet interface. There are some limitations on pre-OpenTransport platforms, because packet collection will require dedicated use of the Ethernet interface.

Though not mentioned anywhere in the documentation, NetMinder Ethernet can also be used on 802.11 wireless networks. The application treats a wireless interface (for example, an AirPort card) as another Ethernet interface.

Macworld’s Buying Advice

No network manager should be without a network analyzer. Other dedicated analyzers, such as Network Associates’ Sniffer, don’t run on a Mac and can cost $10,000 or more, but thanks to lower-cost offerings such as NetMinder Ethernet 5.0, you don’t need to spend a fortune to know more about your network. Whether you’re troubleshooting a problem or performing a simple baseline study of your network traffic, NetMinder Ethernet’s depth and ease of use make it ideal for any Mac network administrator.