The EtherScope is a new portable network investigation and troubleshooting tool that helps staff track down problems at site or LAN level. It is deliberately less advanced than some of Fluke's more in-depth enterprise-level analysis tools, which makes it simpler and quicker to get to grips with, and it has a much lower price tag, too.
The unit weighs a tad under 2lb and is encased in a yellow rubber boot to protect it from bumps and scrapes when you're wandering around. If you're using it on the desktop you can take off the boot to reveal a pull-out stand, which makes the unit easier to see and use. When in use as a self-contained device, operation is via a stylus on the built-in touch screen, though you can connect a USB keyboard and mouse if you're going to be in one place for a while. The unit also has a remote interface (based on a combination of Web access and the VNC remote access protocol) which lets you plonk the unit in the server room to collect statistics and refer to it from afar, for instance.
It's important to bear in mind that the EtherScope is not a layer 2 packet analyser. Instead, it uses layer 3 protocols (specifically SNMP) to discover its world. This isn't to say that it doesn't understand layer 2 concepts – it'll quite happily work with and correctly identify the VLANs it can see, for instance, and it's aware of some other layer 2 concepts such as the Spanning Tree Protocol.
The idea of the EtherScope is, however, to work at what Fluke calls the "access level" – keeping excessive detail out – and to leave the more in-depth stuff to the higher-end tools that are used by the more highly-trained third-line support people.
The unit is based on a Linux kernel with an attractive GUI. The "home page" lists the main functions available (connection details, devices, networks, VLANs, switches and the like), and clicking on an item shows a brief summary of its contents on the left-hand side of the screen. Clicking the "Details" button at any point drills down into the content of a section.
As you'd expect with this type of device, it looks around the network to find whatever devices it can. So long as it's able (i.e. it has the right SNMP community strings) to query switches, routers and the like, it can pull out information about what's connected, along with ongoing traffic levels, instances of errors – in short, anything that SNMP can tell it. If a device isn't SNMP-enabled, it'll simply appear in the list of miscellaneous hosts.
Once the unit has found what's in its world you can drill down into the data, so you can, for instance, go from a bandwidth overview into a protocol- or host-specific list of traffic. Incidentally, although you can delve into the data yourself, the unit also has a "Problem Detection" item that leads you immediately to obvious issues such as duplicate IP addresses,
All this is, of course, available from your average network monitoring package. The EtherScope does have some nice extras, however. There's the obligatory cable pin-out detector function, but there are some more clever concepts such as the ability to analyse the auto-negotiation capabilities of the switch it's connected to and to detect the PoE power levels if they're present.
Oh, and because it's a Linux-based tool, Fluke is able to add new gizmos in "experimental" form so they're accessible as Linux command-line options. This means it can try out new functions (a current one is a Cisco Discovery Protocol reporter) with minimal effort, and base the decision about whether to put them into the next release of the GUI on user feedback.
Our test unit had the first release of the software, and so a couple of bugs were inevitable. To Fluke's credit it was up-front about the problems it was expecting us to find, so we believe that a revised software version will fix them soon. There's a button with a slightly misleading name, for instance, and there's a problem with the impedance measuring tool on the link test page.
There's one fairly glaring omission to the GUI, which is that you can't view the output of reports on the EtherScope screen, although you can see them via a browser or by transferring the removable CompactFlash card to a PC. We did have one further problem with one of the features on our test unit, but we tried it on an identical unit and it worked OK, so it may just have been a software corruption on our box.
The EtherScope is usable, and it really does spot network problems - three of them, in the network we tried it on. Although much of its functionality could be achieved using a PC and a network analysis package, the extra functionality, the portability and the reporting capabilities that the EtherScope gives you probably do justify spending the extra money.
If you have a basic network – no VLANs, few switches, little SNMP – then get a copy of Ethereal for your laptop and you've got all you need for free. If you've got a more complicated network, the EtherScope is worth considering.