Back in the days of 10-Mbps Ethernet, you debugged network problems by sipping traffic from your network, using a trusty network analyzer, and then retiring to a quiet corner to digest the accumulated data. But tapping into today’s networks, with their 100-Mbps Ethernet cards and gigabit backbones, is like drinking from a fire hose; a network spews too much data in just a few seconds to allow human manipulation. AG Group’s EtherPeek 4.0 lets you selectively capture just the packets related to a particular problem. Other enhancements and new features help EtherPeek retain its position as a big fish in a sea of network tools.
EtherPeek works by taking over an Ethernet card in your Mac and using it to capture packets, decode them, and display them for your perusal. The program comes with an array of plug-in modules that perform some analysis chores for you, including logging HTTP requests, detecting hacker attacks, and decoding mail and Telnet sessions. EtherPeek can also pipe output to a Web server for remote viewing.
Version 4.0 overhauls EtherPeek’s user interface, giving you the ability to sort traffic by various attributes and open multiple capture windows. You can also display various analytical views of the traffic, such as packet-size distribution, throughput history, and statistics for individual conversations and logical nodes. A new Global Statistics graph monitors the overall network usage and data rate in packets per second.
All these features help you distill the essence of captured data more quickly, but one of the most time-consuming analysis choreseven when automated by EtherPeekhas been matching numeric addresses with symbolic names. This version speeds name resolution by using DNS-resolution requests captured from the network to populate EtherPeek’s internal name tables.
The most powerful new feature, though, is a new selective-filtering capability that lets you choose which packets are captured based on AND, OR, and NOT logic rather than a simple selection mask. This selectivity is essential for capturing data from busy backbone data streams.
AG Group decided to cut anchor on 680X0 machines with this release, supporting only PowerPC processors, the most recent Ethernet cards, and Mac OS 8.0 or later. However, the package includes a backward-compatible capture tool that lets you capture traffic on previously supported platforms for postmortem analysis.