----- Original Message -----
Sent: Wednesday, April 16, 2003 7:08
AM
Subject: RE: [Ethereal-users] Ethereal
help
Royce,
I
think you missed the point of my previous email. Ethereal is an
indispensable network management tool but it is not a
one-stop shop for network performance analysis. (It ranks second only to perl,
in the order I install software on a new PC).
Start off by monitoring your servers, routers and
switches using MRTG or whatever network monitoring system you prefer.
* Understand which network
devices are the biggest users.
* Understand when traffic levels
are high (and check to see if the problems disappear when traffic levels are
not)
* Understand whether performance
problems are to do with errors, packet loss, congestion or (as always happens)
is an application issue nothing to do with the network.
Once
you have a fair idea of knowing *what* is wrong with your network (eg "My
server is sending tons of broadcast messages"), should
you a use Ethereal to find out *why* things are going wrong. (eg My
server is spamming ARP messages to get the MAC address of another server
I removed from the network last week).
I
like to think of Ethereal as a microscope, where as MRTG is more like a CCTV
camera. A daily scan through the CCTV TV tells whether there's a need for
forensic research using Ethereal (and Netflow/RMON2/ntop data too).
Cheers,
Alistair
