Category Archives: network recorder

Why Customers Choose WildPackets

Customers come to us for a multitude of reasons. Some aren’t happy with their current network monitoring solutions; others are experiencing network glitches that they cannot solve; and some simply need a cohesive analysis solution. WildPackets offers a suite of products that bring customers to us from far and wide, many of whom need specific capabilities in their monitoring solution. Let’s take a look at just a few of the reasons WildPackets is the leading network analysis solution.

10G Analysis
WildPackets led the way in 10G analysis, being the first to introduce a network recorder to break the 10G barrier. When our TimeLine network recorder was introduced in 2010 it was the only network recorder to capture and store packet-level data, with no data loss whatsoever, at 11.7Gbps. Since then, WildPackets has continued to refine TimeLine, offering even more real-time statistics, increasing our overall data throughput, and adding support to capture directly from 40G network segments.

Network Forensics
Going hand-in-hand with network recording is network forensics. As you’re streaming packets to the network recorder perhaps you see a troubling trend in the real-time dashboard, or maybe a user enters a trouble ticket. Network forensics allows you to analyze a subset of your recorded data while the overall high-speed capture continues uninterrupted.

Often associated with security, network forensics goes well beyond security and also helps solve far more common issues on your network, like spikes in utilization, drops in VoIP call quality, and increased latency in both network and application performance. If a problem does occur, you no longer have to try to recreate the problem, which is typically the most time consuming task in any troubleshooting session. Instead, with TimeLine, you simply go back in time, find the problem on the dashboard, and solve it.

Remote Analysis
The days of using a laptop to perform portable analysis, especially on high-speed wired networks, are now extinct. Corporate networks are highly distributed, even for small to medium sized businesses. Even if your company operates from a single location, odds are you host some services remotely, and use some level of software-as-a-service (SaaS), making it difficult to always be where problems are occurring. WildPackets’ Omni Distributed Analysis Platform provides a wide range of options for remote network analysis, from “lightweight” software solutions like OmniPeek Remote Assistant and OmniEngine software probe, to high performance network recording appliances like TimeLine. With a WildPackets solution, network engineers can monitor and analyze highly distributed network architectures without ever leaving their desks.

Top-Down Approach to Network Monitoring
For an overall, top-down view of any network segment, customers find WildPackets flagship OmniPeek network analyzer most helpful, whether as a portable analyzer or as a console to any of our remote analysis solutions. OmniPeek provides complete visibility into your network – including Ethernet, Gigabit, 10G, 802.11a/b/g/n/ac, and VoIP and video. OmniPeek provides visual context into the network so that even junior IT staff can drill down into performance problems and solve performance issues across multiple network segments. This ensures maximum network uptime and user satisfaction.

The Full Suite of Network Monitoring and Analysis Products
And for a complete view across your entire network, WildPackets offers WatchPoint network monitor. This solution builds on our suite of distributed analysis products and provides a comprehensive graphical interface of overall network performance, including top talkers, top applications, overall utilization, VoIP performance, and detailed reporting of detected network and application problems (Experts). WatchPoint also provides a direct link for detailed, packet-level analysis to determine the root cause of any issue.

What is your favorite WildPackets product? Feel free to leave us a comment and share your thoughts.

Q&A: What you should know about managing high-speed networks

Thanks to Moore’s Law and the advances of IT, the growing appetite for network bandwidth is unabated. More applications, devices, and services are being added to the network causing greater complexity for network administration.

A lot of customers come to us with questions about how they should plan for the influx of data on their network, and how they should analyze this massive amount of data. Below, we’ve provided answers to some of the most common questions. If you have more, please leave us a comment and we’ll be happy to respond.

How should I monitor data on high-speed networks?
Due to the amount of data that is traversing the network, it is essential to identify the data you need to monitor for business purposes, especially if you plan to perform real-time analysis on the data.

We suggest dissecting your network into three areas – devices, network performance, and application performance. The reasoning here is that different solutions excel in each of these areas. Leveraging the best solution for each area will provide the maximum analysis capability, and spreading the monitoring and analysis load over several solutions will enable you to analyze even more data in real time.

Is a network recorder necessary at 10G?
Yes. At 10G, assuming you want to monitor the entire link, you need to capture and record data 24/7. It is extremely challenging, and time consuming, to recreate problems that you’ve missed at 10G. Trying to do this is like trying to find a needle in a haystack.

Use of a network recorder means you’ll be performing all of your analysis post-capture, since at 10G real-time analysis is essentially impossible. Most network recorders provide a very reasonable set of real-time stats to provide guidance when further analysis is required.

Is it better to have multiple 1G streams for network analysis, like five or six, rather than simply one network recorder monitoring at 10G?
Basically, this question boils down to “do you want to perform real-time analysis, or is post-capture analysis sufficient for your needs”? If you really want to do real-time analysis on a 10G link, use a smart tap to capture the 10G traffic and then break that traffic down into manageable chunks, typically 1Gbps or less, and then feed these slower speed streams into your real-time network analysis solution.

How does network analysis change at 10G?
The basic difference is moving from real-time analysis to post-capture analysis, or network forensics. The analysis itself is basically the same, except that in post-capture analysis you pick a small subset of the data, based on time, or an IP address range, or a certain protocol, and only do the detailed analysis on that specific slice of data. This approach allows a single appliance to be able to both capture and store all data on a 10G link and provide detailed analysis when required. As always, being judicious in your data analysis will enable you to focus on the specific problems and solve them most quickly.

Scale Your Network Visibility with WildPackets

Scalability is an issue that’s coming up more and more frequently as 10G and 40G networks grow in popularity. As networks grow in size, the ability of network analysis solutions to either handle the growing amount of data or to accommodate the growth is telling of its scalability.

Network growth results in more network analysis through increased analytical throughput, scope, data storage, and distributed analysis. As your network grows and you encounter these issues, there are ways to scale your visibility so that you’re not looking for a needle in a 10G haystack.

Architect for Visibility
As always, knowing your network is key. Know what traffic is important to your company. Is it mission critical business applications, like order entry, financials, and CRM? Or is it web-based traffic that’s driving your online retail business? Once you decide what, and how much, of this traffic requires ongoing monitoring and analysis, you’ll know where to look to specifically identify the traffic that you’ll want to capture. Building visibility into your network infrastructure can help both of these practices. Through strategic placement of analysis points, you’ll be able to get instant information to fix problems faster.

Visibility includes both summary level monitoring data and detailed network metrics, including visibility into network packet traffic and even specific packet decodes. Only a packet-based network analysis system, like the Omni Distributed Analysis Platform, provides the complete range of visibility required to monitor and troubleshoot today’s high-speed networks, keeping networks running smoothly and guaranteeing the very best end-user experience.

Backbone Visibility
Though often the fastest link in your infrastructure, the network backbone – the aggregation of all your distribution layer networks – can be an excellent point for monitoring network traffic and capturing network data for more detailed analysis. Depending on your overall network architecture, the network backbone may be a roll-up of just about all of your critical network traffic, especially if traffic is driven through a centralized network operations center (NOC), or if your company is a heavy user of cloud-based or other third party SaaS applications that drive network traffic through your WAN link. Using high speed network monitoring appliances on the network backbone can centralize your network monitoring and analysis, and save money by consolidating network analysis into a single appliance.
The aggregated traffic on the network backbone will typically be high speed, with more and more enterprises migrating to 10G backbones. Packet-based network analysis on the backbone means you’ll be interested in all of the packets, so you will likely need an appliance like WildPackets’ TimeLine network recorder, which captures at rates up to 12Gbps with zero packet loss. Timeline network recorder allows you to store all your data for forensic analysis while continuously capturing network traffic. And if you’re already migrating your backbone to 40G, you can simply add an aggregation tap and a few more TimeLine appliances for a complete 40G solution.

Adding Visibility to Virtual “Blind Spots”
Traditionally, north-south traffic was the most important in network monitoring. However, with the explosive growth virtualization, east-west traffic is becoming more and more important in enterprise networks, and poses a new challenge in network and application performance monitoring. East-west traffic is typically traffic moving within a virtual host or a distributed virtual system. Since much of this traffic resides solely within the virtual environment, and therefore never hits a physical network interface, traditional network monitoring and analysis that is done by tapping into the physical network does not capture this east-west traffic. For example, let’s say the order entry system and the inventory database reside on separate VMs within the same host or distributed system. Communications between the order entry application and the database are east-west traffic. Application performance issues between these systems are “hidden” within the VM. To add visibility, you can either install WildPackets OmniVirtual on one of the VMs to gain visibility into the entire host, or, in the case of larger, distributed virtual systems, the use of a virtual tap is recommended. Virtual taps are sold by many tap vendors, and they provide a physical link that traditional network monitoring appliances can access to expose east-west traffic within the virtual system.

For more information about how WildPackets can help scale your networks, check out our ondemand webcast.