----- Original Message -----
Sent: Wednesday, April 16, 2003 7:08
AM
Subject: RE: [Ethereal-users] Ethereal
help
Royce,
I
think you missed the point of my previous email. Ethereal is an
indispensable network management tool but it is
not a one-stop shop for network performance analysis. (It ranks second
only to perl, in the order I install software on a new
PC).
Start off by monitoring your servers, routers and
switches using MRTG or whatever network monitoring system you prefer.
* Understand which network
devices are the biggest users.
* Understand when traffic levels
are high (and check to see if the problems disappear when traffic levels are
not)
* Understand whether performance
problems are to do with errors, packet loss, congestion or (as always
happens) is an application issue nothing to do with the
network.
Once you have a fair idea of knowing *what* is
wrong with your network (eg "My server is sending tons of broadcast
messages"), should you a use Ethereal to find out *why*
things are going wrong. (eg My server is spamming ARP messages to
get the MAC address of another server I removed from the network last week).
I
like to think of Ethereal as a microscope, where as MRTG is more like a CCTV
camera. A daily scan through the CCTV TV tells whether there's a need for
forensic research using Ethereal (and Netflow/RMON2/ntop data too).
Cheers,
Alistair
