Observer is a 64-bit application that can run on wired as well as wireless
networks. However, it can be used on 32-bit machines also. It can analyze,
monitor and troubleshoot your network on the fly. It provides an instant view of
captured packets and can also present them in a readable format. The software
can provide information about things like bandwidth utilization, load on your
wireless access points and VLANs, analysis of Internet traffic, routers, etc,
all in real time. It has some very effective filters for specific packet types
that can help you analyze specific problems on your network quickly and easily.
It can also send off e-mails and pagers to the network administrator when it
finds any anomalies or attacks on your network.
|
It has a neat feature called Traffic Generation, which can generate heavy
traffic on your network and help you stress test it. This feature is useful if
you're planning to deploy a new application, and would like to know how much
juice your network can really take. It provides network trending and detailed
reporting to help you keep an eye on overall health of your network. When run
for the first time, Observer asks you to choose the network interfaces on which
you want to use with it.
Step 1: Create filters
To create a filter for capturing packets, click on Actions on the Menu Bar and
choose 'Filter Setup for Selected Probe.' A window will pop-up where you
will see various groups like Hack Filters, Virus Filters, Wireless Filters, etc.
There will also be some pre-defined filters under each category. You can use any
of these filters as is or customize them.
Observer's UI makes rule-creation very simple |
You can also create a new filter. For this, click on New Filter button,
provide a name for the new filter and click on OK. A new window will open, where
you can create your own filters based on addresses, ports, protocols, errors
etc. Once the filter has been created you can start capturing packets. Click on
the Capture button on the Menu bar and then on Packet Capture. Now the Packet
Capture window will appear on your screen. Here click on Start. Once it has
started capturing packets, you can see details about them in real time.
Step 2: Analyze VLANs on your network
To see VLAN statistics, click on Statistics tab in the Menu bar and choose
VLAN Statistics. A new window will pop-up. Here click on Start and it will start
showing you the number of VLANs you have and their statistics.
Analyze your VLANs with real time graphs |
In case you don't have any VLANs created on your network, the window will
display 'No VLAN' under the VLAN column but will still continue to provide
statistics on your network. The VLAN Statistics window will show you details
about broadcasts, multicasts, packets in the network and network utilization (in
percentage).
Step 3: Expert analysis
Now let's see how you can analyze data using Observer. From the Packet Capture
window, select the View icon and then click on Expert Analysis tab at the bottom
of the Decode display. Here the window will show you the network utilization
graph and just below it, the Network Condition summary, which shows you the
problems detected on the network and their count. Similarly, you can see
Protocols, Top Talkers, Application Analysis, etc by selecting them from the
bottom window.
Expert Analysis examines more network parameters |
To see the Network Trends from the Menu bar click on Trending/Analysis and
then on the Start Network Trending Viewer. In Viewer window click on the date
whose network trends you want to see. You can view trends in three ways:
Internet Patrol, IP to IP Pairs Matrix and TCP/UDP
Application Tree.
Step 4: View network traffic reports
Observer lets you create and view reports about activities on your network on a
Web browser. For analyzing the different activities, select Trending/Analysis
tab from the Menu bar and click on Start Web Browser Report. An Explorer window
will open with the Trending Report Library. Here you'll find detailed reports
pertaining to different tasks such as the network summary, Internet usage,
Application Analysis, VLAN, etc. These provide a good insight of the state of
your network.
You can view detailed reports in a Web browser |