Network Instruments Observer 11 review
It’s rare to see a new network analysis solution enter the market nowadays as the majority of products are from well established names that have had many years to develop and mature. The Network Instruments (NI) Observer product suite is a prime example as we first saw this analysis software over ten years ago and have watched it grow in sophistication ever since.
This latest version brings plenty of new features to the mix with NI offering a 64-bit version allowing Observer’s capture buffer to be limited only by installed physical memory. However, apart from this all other additional functions only appear in the Expert version. NI offers a number of options with the base Observer providing the foundation and delivering real-time statistics, packet capture and decoding, network trending and reporting. The Expert version adds NI’s expert analysis, network stream reconstruction and modelling – and this has now been augmented with VoIP support. NI clearly has its sights set on the enterprise as Observer offers optional hardware modules for monitoring and analysing fibre channel SANs and supports Cisco’s NetFlow, allowing its Advanced Expert probes to gather more detailed information about this vendor’s switches and routers.
Installation is a swift affair and you can start monitoring your network immediately. Observer uses a combination of local and optional remote probes and you can also add SNMP and RMON devices such as switches and access them directly to view utilisation data. Bearing in mind SNMP monitoring isn’t a key focus of Observer it does make a fair stab at it. Adding a 48-port ProCurve Gigabit switch to the monitor pane allowed us to view line graphs of IP, SNMP and TCP packets or port usage and throughput whilst a forms feature provided utilisation dials for every port and graphics showing their status. The Statistics menu offers a wealth of monitoring tools so you can keep an eye on the top ten talkers and view bandwidth utilisation, protocol distribution or maybe VLAN statistics. The Web Observer monitors all any selected ports on web servers and you can pull up a dashboard of dials to watch out for your routers.
A discovery tool makes light work of listing network nodes on the segment under scrutiny. It will resolve their IP addresses and let you start packet capture on specific systems directly from this interface. To refine the information you can use custom filters and save the buffer contents to disk for later analysis. The decoding tools are particularly useful as they provide views of raw packets and decodes plus all protocols and summaries. A scheduler also allows you to run daily or weekly capture sessions. Usefully, you can stress test your network with Observer’s traffic generator and capture general network activity over a specific period or continuously for trending purposes. The information gathered can be viewed in graphical or tabular format and also presented in a smart web browser report. Along with packet capture you have the option to schedule the creation of web reports from trend data on a regular basis. Application analysis is also on offer from the trending menu so you can monitor other protocols such as POP3 and SMTP and view graphs of response times and statistics.
Once you have a buffer of captured data saved in a file, Observer’s decoding skills come to the fore to provide a wealth of information. The Expert shows utilisation during the capture period, a summary of detected error conditions and an analysis of each one along with suggestions for remedial actions. Beneath are a range of events such as TCP, NetBIOS and UDP; selecting a line of data in one of them brings into play Observer’s new stream reconstruction. For web browsing it will show the sites that were visited and the associated IP address pairs for the source and destination. Email reconstruction extends to revealing the contents of a selected message but will also show the POP3 user account name and its password.