![[Contents]](a5f4558b.gif)
![[Back]](8016546c.gif)
![[<< Prev]](8f6f5240.gif)
![[Next >>]](e7ced9d2.gif)
Monitoring Network Traffic
Protocol analysis tools monitor network traffic by intercepting and decoding frames. Software-based tools, such as Windows NT Server’s Network Monitor (see Figure 12.1), analyze frames coming and going from the computer on which they run. Network Monitor records a number of statistics, including the percent of network utilization and the broadcasts per second. In addition, Network Monitor tabulates frame statistics (such as frames sent and received) for each network address.
An enhanced version of Network Monitor, which is included with the Microsoft BackOffice System Management Server (SMS) package, monitors traffic not just at the local system but also at other computers on the network.
For large networks, or for networks with complex traffic patterns, you might want to use a hardware-based protocol-analysis tool. A hardware-based protocol analyzer is a portable device that looks like a cross between a portable PC and a suitcase. The advantage of a hardware-based protocol analyzer is that you can carry it to strategic places around the network (such as a network node or a busy cabling intersection) and monitor the traffic at that point.
Some protocol analyzers are quite sophisticated. In addition to keeping network traffic statistics, they can capture bad frames and often isolate the source. They also can help determine the cause of bottlenecks, protocol problems, and connection errors. A hardware-based protocol analyzer is often a good investment for a large network because it concentrates a considerable amount of monitoring and troubleshooting power into a single, portable unit. For a smaller network, however, a hardware-based analyzer might not be worth the initial five-figure expense because less expensive software-based products perform many of the same functions.