Another aspect of keeping your network healthy is monitoring network traffic and looking at the various processes and events related to network protocols. This means you actually have to be able to view the communication processes that actually take place on your network as data moves from servers to clients (and vice versa). Network monitoring is the process of viewing and analyzing network traffic, and network monitoring software packages are used to capture network data frames and examine them. A software package that can analyze protocol information in a data frame is often referred to as a protocol sniffer .
A number of software companies make network monitoring software and protocol analyzers. For example, Sniffer Technologies sells a range of network monitoring software for both the LAN and WAN environments. For the Unix/Linux environment and the Windows environment, a free network analyzer called Ethereal can be downloaded from www.ethereal.com.
Windows Server 2003 provides the Network Monitor, which can be used to capture frames (a frame being a data packet) and monitor network activity. The Network Monitor provides many of the features that you would find in other network monitoring software packages. Most network monitoring and packet sniffing packages are geared for Ethernet networks because it is the most commonly used network architecture.
Let's take a quick look at the Windows Network Monitor and how it displays the information that it captures. The Network Monitor window is actually divided into a number of different panes that provide different types of information. Figure 19.9 shows the Windows Network Monitor. This data is collected when you (the network administrator) use the Capture command to begin a capture session.
Figure 19.9. Network Monitor provides information on network traffic and can sample data frames traveling on the network.
The Network Monitor provides statistics such as the percentage of network utilization and the number of frames per second (this would be the number of frames traveling by the computer running Network Monitor; data is sampled by the computer's NIC). These more general statistics are listed in the Graph pane, which resides in the upper-left area of the Network Monitor window. The Total Statistics pane to the right of the Graph pane provides summary information.
The Session Statistics pane provides information on each session captured (a session being communication between two computers or devices on the network). The first column in this pane provides the hardware address (the MAC address of the device's network interface card) of the device that is sending the packets (the packets you are capturing). The second column provides the number of frames (packets) sent to the receiving device from the sending device during the communication. The third column shows the number of frames sent back to the initiating device, and the last column in the Session Statistics pane provides the hardware address of the receiving device participating in the session.
The Station Statistics pane appears below the Session Statistics pane in the Network Monitor window. It provides statistics related to your computer's activity on the network. A number of different columns of information appear in this pane :
Data collected by monitoring software such as Network Monitor can often be saved to a log file that you can view at a later time. This allows you to capture information related to the network and save it as a baseline. Data collected over time can then be compared to the baseline information. If there is a great deal of disparity between your baseline (or benchmark ) readings and the new capture information, you know that there must be a problem with the network. For example, if there are tons of broadcast messages from a particular MAC address, a computer on the network might have a malfunctioning network card.