Whistleblower Blog   by Chris Bloom

Most wireless networks evolve. They start out simple, with coverage in a few specific locations, like a conference room and the lobby waiting area. The network is used mainly by guests, so performance and reliability are not a focus - the network is a "nice-to-have" - and little or no network monitoring or troubleshooting is required. But employees become dependent on the wireless conference room access, and demand access from more locations and expect to have the performance and reliability characteristics of the wired network. The network grows, and so does the need for network analysis and troubleshooting. Given that the wireless coverage is still "spotty", portable network analysis - like that provided by OmniPeek running on a laptop - seems to fit the bill. Eventually the wireless network grows to cover the entire workspace, and it becomes a viable alternative to wired access. At this stage the network requires 24x7 monitoring and analysis. This just can't be accomplished with a portable solution. But with 20+ APs spread over 200,000 square feet, how can you be where the trouble is, and where it's occurring?

The only alternative has been "overlay networks" - a system of wireless sensors deployed within your wireless network. This approach is expensive, with both a significant up-front cost for all of the sensors and their management software, and an on-going cost to manage this "management network" network. But now you have a choice - to overlay or not to overlay, that is the question. WildPackets AP Capture Adapters for both Cisco and Aruba allow any managed AP, or a number of APs simultaneously, to be put into packet capture mode, acting as sensors only when needed. Though this implies a slightly more dense deployment of APs, it is still far cheaper than an overlay network, and it provides tremendous flexibility for capturing wireless packets - you can collect from anywhere, anytime, with the click of a button. Typical high-quality, enterprise-wide wireless deployments are designed with overlapping wireless coverage in mind anyway, so often times no additional hardware is required. Using only the AP management console and WildPackets' OmniPeek, you can monitor, analyze and troubleshoot your entire wireless network, using your existing hardware and without getting up from your desk.

Interested? The WildPackets AP Capture Adapters for Cisco and Aruba are all you need to get started, and they are freely available from the WDPN.

Cisco AP Remote Adapter
Aruba Remote Adapter

NetScout just picked up Network General at the auction house for only $205M. Their intention is obvious, lacking in deep packet analysis themselves; they are trying to round out their product offering with a protocol analyzer. On that account, who can blame them? But with what? Network General's Sniffer software is antiquated. While software and user interface technologies have come a long way, especially in light of Web 2.0, Network General has not had a major release of Sniffer in 7 years. The only real value in this purchase is their market share, and certainly not the technical leadership that customers should require.

While this might look good on paper to some, the problem arises when you realize that the real losers in this game of hot potato are the customers. Network General's products are not cheap, and in the past NetScout sold a lot of expensive products to big Enterprise IT departments. And even though there are much better and less expensive products on the market, it is still hard to convince upper management to move on, and dump 20 years of investment. However, over time, as Network General has failed to keep up with the needs of the market, their customer base has been forced to supplement their tools with other vendor's products. This has been necessary because Network General's products are not extensible.

And this is why the acquisition of Network General by NetScout does not have any synergy. The two products are very different, old, and have no API's. So how are they going to integrate? It will be hard, and if they do it will take so long, that in the accelerated time-space continuum of the network industry, others will step in and offer their customers better and less expensive solutions. The lack of API's on both sides also makes it difficult for these products to integrate with other solutions and with each other. And if you read much about the industry today, companies want integrated solutions because they want greater ROI.

So in the end, who really benefits? Hopefully customers will realize that this is merely a fire sale and the cost of restoration is just too high. Rebuilding with open, integrated, and extensible solutions - like those from WildPackets - is far more cost-effective, both now and in the years to come.

In my previous blog entry, I gave a history lesson on the rise and fall of the NetGen Empire, and why being acquired by NetScout won't help either of them. Although there are many reasons why this will be the case, a glaring lack of APIs and extensibility, an area near and dear to me as a Developer Evangelist, is an obvious one.

In sharp contrast to the closed box mentality of the NetScout and Network General applications, is WildPackets' OmniPeek product line. WildPackets continues to innovate with major new releases, each one improving on every aspect of the technology, including the gorgeous user interface. With the most recent release of the OmniPeek 5.0 product line, WildPackets became the first vendor to offer 802.11n wireless analysis. This is huge, and nobody else has it.

As a solution, the OmniPeek product line has API's coming out of its ears, a developer network with 3000 members, a developer website with all kinds of useful extensions and source code, and a full-time Developer Evangelist and Custom Engineering Team. The plug-ins and source code on the WildPackets Developer Network, also known as the WPDN, are free to maintenance customers.

As the needs of WildPackets’ customers change, the API's allow the products to be extended to meet those needs. Two examples of this are automation and analysis. Many companies use OmniPeek to test their own products, which they do over and over again. With WildPackets API's, the analysis on the back-end can be developed as plug-ins, and the tests themselves can be automated through API's on the front-end.

These API's have allowed WildPackets to integrate and partner with other vendors like Cisco, Aruba, and AirTight. These companies offer Access Points and Probes that can be used by OmniPeek to collect packets from different channels of the wireless network. What's more, the API's allow packets from multiple probes to be aggregated in real-time into a single capture. This solution, called Multi-Channel Analysis (MCA), allows engineers to perform roaming analysis and other types of analysis across channels. This measurement, up till now, has been a laborious and time consuming task that wireless engineers have performed by hand.

And the list of integration partners goes on and on, particularly in the area of wireless cards, where OmniPeek has more support for different wireless cards than any other vendor.

The most famous and innovative example of integration is the Google Map Plug-in, which maps the IP addresses captured by OmniPeek into the Google Map. However, the biggest demand is for application layer viewers for email, instant messaging, web pages, and so on. The API’s make it possible for WildPackets to keep up with the application layer viewing needs of its customers without changing the core product.

To aid the developer community in the creation of plug-ins for the OmniPeek product line, WildPackets has developed a Plug-in Wizard that integrates with Microsoft Developer Studio. This wizard generates plug-ins, with source code, allowing the developer to quickly create plug-ins, over and over again. This makes rapid prototyping and development of custom solutions easy and cheap.

Although scripting and plug-ins are the two primary ways to extend OmniPeek, other API's are available as well, and I will be talking about them in the future.