October 15, 1996, Issue: 716
Section: Sneak Previews -- Network Analysis

EtherPeek 3.0: Worth More Than A Glance

By Joel Snyder

Every network manager needs a LAN protocol analyzer, and The AG Group's EtherPeek has been one of the best. EtherPeek 3.0 in- cludes new features to help man-agers analyze traffic, track problems and discover more about the state of their network. EtherPeek is a fraction of the price of Network General Corp.'s Sniffer, the gold standard for LAN analyzers, and in areas such as ease of use and quality of display, EtherPeek beats the Sniffer cold. For less than $3,000, we put together a complete network troubleshooting tool that fits in a briefcase and offers an elegant, powerful and portable tool to the network manager.

One of EtherPeek's new features is native PowerPC support, which we tested on a PowerBook 5300-one of Apple Computer Corp.'s fastest portable systems. Unfortunately, we immediately discovered a shortcoming: Even though EtherPeek supports PC Card Ethernet cards, performance is lackluster. To handle high Ethernet loads, we installed a Focus Enhancements Ethernet adapter in our 5300, which worked perfectly at loads up to about 40 percent (of a 10-Mbps Ethernet) with peaks to 80 percent.

Some 3.0 features are obvious improvements. EtherPeek 3.0 has an improved filter-setting interface that let us pick from a huge menu of protocols, all arranged hierarchically (TCP is a subset of IP, for example), which saves time and brainpower. The filter-defining operations offered in previous versions are still available. Additionally, we were impressed by EtherPeek's ability to dynamically map IP and AppleTalk addresses to names-using Domain Name Service (DNS) and AppleTalk Name Binding Protocol (NBP)

One feature that looks good but has not yet realized its potential is the addition of plug-in modules. These can be used to monitor traffic as it flows through EtherPeek. One plug-in decodes Hypertext Transport Protocol (HTTP) traffic and displays Web URLs in a separate window. This feature looks like a challenge to Network General's "expert" capabilities, but the modules provided in this first release don't hit the mark yet. While we could see newsgroup names flying by on our network, EtherPeek had no plug-ins to evaluate the LAN and tell us that Address Resolution Protocols (ARPs) weren't being responded to-a feature of the Sniffer's expert system.

A Matter of Protocol We tested EtherPeek extensively, going through five beta versions before we hit a winner. We found the product to be rock-solid. Our tests included networks using IP, DECnet, LAT, IPX/SPX, AppleTalk and NetBIOS protocols. We found that coverage and decoding of IP protocols-including nightmarish ones such as the Simple Network Management Protocol (SNMP) and the new IPv6 line-were complete for all the common protocols.

EtherPeek has some higher-level application protocols, especially in the TCP/IP, IPX and AppleTalk worlds, but doesn't offer much to the Open Systems Interconnection (OSI) or DECNet network manager who might need to decode an X.400 message traveling across the LAN. Most troubleshooters won't find this much of a shortcoming. For the true network troubleshooters, The AG Group has documentation on writing your own protocol decoders.

Joel Snyder is a senior partner at Opus One, in Tucson, Ariz., where he helps people build large information-sharing and e-mail systems. He can be reached at jms@opus1.com.

Copyright 1996 CMP Media Inc.