The OptiView is intended to be an all-in-one tool for monitoring and analysing networked devices and the traffic on the network, and for helping the network manager identify problems with current network applications and predict issues that might arise from rolling out new networked applications.
The basic unit is a tablet PC running Windows XP, with a proprietary card (the “acquisition unit”) that handles the connections to the wired LAN and an optional wireless card. An additional battery attached to the back with a pair of thumbscrews to boost the life of the unit when you’re carting it around with you; fully loaded, it weighs about three kilos.
The acquisition unit has three ports: a 10/100/1000 UTP port for copper networks, an SPF port that accepts a variety of fibre connections, and a second UTP “management port” that isn’t used at present but will be in a future version. A pair of fans increases the noise level nicely, and the variety of lights on the front panel show link status, data transmissions, collisions, errors and (in the form of a bar graph) link utilisation.
The OptiView software itself is a Windows application – as you’d expect, given that the unit is a tablet PC. When you start it up, you’re shown the “front page”,which tells you whether it’s connected to the LAN and whether it’s found an IP address via DHCP. Then there’s a list of devices it’s found, a box containing errors and warnings that have been encountered, a list of the network types (IP, IPX and NetBIOS and VLANs) it knows about along with how many of each it’s found, and finally a pie chart showing the relative proportions of the various traffic types (IP, IPX, ARP, etc) it’s come across.
As with most devices of this sort, the unit can discover what’s on the network. The best way to start off is to allow it to scan its own subnet, since each discovery process throws a variety of requests at each entity (most notably simple pings and then more complex SNMP requests). Once it’s found devices, it’ll interrogate them to see what other networks they know about, and if you so wish you can tell it to extend the search into any or all of those. The theoretical limit in the discovery list is 10,000 devices, but in reality you’ll restrict it to the number your brain can cope with!
There are seven main sections to the GUI; the front page plus tabs for statistics, auto-discovery, device details, cable testing, packet capture and setup options. Within each section you get a set of tabbed pages with the various sub-sections, and jumping from section to section is very intuitive since clicking (or, more accurately, prodding the tablet screen with your stylus) on an item will take you straight to the “obvious” destination.
The statistics section is a two-pane screen that shows the various traffic types flying around the network and the various devices that are using those traffic types. The types are in a hierarchy, so you can start with “everything”, then drill into just the TCP packets, then further down into just the POP3 packets, and so on. As you select traffic types, the detail screen changes to show the traffic filtered into just the type you’ve selected. As well as drilling down by packet type, you can change the detail screen to list items by protocol, host or conversation (i.e. pairs of interacting hosts).
The discovery section, as it sounds, shows you what the device has found on the network. They’re listed by type in the overview pane, with a second pane showing the item detail for the selected device category.
The device detail is pretty self-explanatory too – and as well as being a top-level section in its own right it’s also one of the most common places that you can bounce to from the various other screens. For each device it’ll tell you its various names (derived from NetBIOS and/or the DNS), its address on the IP/IPX networks, the protocols it supports, its Windows domain, and any additional information that can be gleaned by SNMP, where it’s available, such as network interface lists. If you have manageable switches that the OptiView can interrogate (you can give it a list of SNMP community strings to try, by the way) it can also do some clever things like figuring out which switches lie in the path between two hosts.
The cable test screen is a pretty simple one – it’ll do the usual basic tests on your copper cables, as well as launching into Fluke’s Fiber (sic) Inspector if you happen to have it.
The screens we’ve dealt with so far cover the device and protocol discovery aspect of the device; the capture/generate screen deals with the other essential aspect of network analysis and monitoring: packet-level inspection. Packet capture is handled entirely by the acquisition unit, which means it can operate at full network speed instead of (as would be the case with a capture tool running on a normal PC) being slowed down by having to run through Windows’ IP layer. The maximum capture buffer size is 480Mbytes, and you can choose whether to have it stop capturing or simply wrap around when the buffer fills up. You can set filters in order to capture just the traffic type(s) you want, as well as setting triggers for the capture start (so if you have an intermittent problem, you can tell the unit: “Start capturing next time you see this type of packet”). Once packet capture is complete, you’ll bounce into the Protocol Expert, which is a separate application but which is launched automatically for you from the main program. Likewise the wireless LAN analyser, in fact – it’s a separate entity but just a single prod in the taskbar opens it up. Oh, and we mentioned packet generation: as well as capturing packets, the acquisition unit can also generate traffic for performance prediction purposes. You select the destination (which can be to broadcast to all stations, multicast in order to generate a bit of background noise, or all aimed at a single destination) and parameters such as the volume of traffic to send, the rate to sent it at, the type of traffic, and the packet size. Again, because the transmission is handled by the acquisition unit, it’s very fast – it had no problem at all maxing out the 100Mbit/sec switch in our lab, for instance. Packet generation can also be used to measure the throughput of the LAN, incidentally – so long as there’s a suitable device at the other side of the network for the OptiView to talk to.
The final thing to mention is that as well as being a portable (if rather hefty) unit, the OptiView can also be used remotely by up to eight users simultaneously. To view HTML reports that have been produced by the device, you can simply point your Web browser at it and hit “Saved Reports”; likewise you can download packet capture files if you have a capture analyser on your PC. The third option, though, is “Install Remote UI”, which downloads a Java applet that replicates the OptiView GUI on your desktop. This is useful in two ways: first, it means you can leave the unit connected in the comms room and access it from afar; second, it means that you can run the GUI without the 800x600 restriction of the tablet’s own touch screen.
It’ll come as no surprise that the price tag of the OptiView is into five figures, but just for a change, that’s not something I’m going to moan about. In a previous life I bought a Fluke LanMeter, which was the mutt’s nuts at the time, which was a genuinely useful tool, and which had a similar price tag to that of today’s OptiView III. Yet the latter is an order of magnitude more powerful and far simpler to use, thanks to the evolution of technology and the efforts of its developers, without a corresponding price hike. There are plenty of new features for those with previous versions of the OptiView, too, from a directional RF aerial (for tracking down those pesky RF sources) to the new fibre interface, support for 802.1x authentication, hardware-based triggering of packet captures, better VLAN support, and a speeded-up acquisition unit. So it’s a bit heavy, and quite noisy, but if you want a network analyser that can keep up with a gigabit LAN and can handle pretty well all the functions you’d need in a single tablet PC, the OptiView is the one to get.
You can, of course, get packet analyser software for free. The point of the OptiView is that it’s a world apart from basic packet analysers, and also that it uses custom-built hardware in order to keep up properly with the traffic on Gigabit networks.