Network analysis is no longer the domain of the wealthy as an increasing number of software solutions at sensible prices is now becoming available - and you don't have to sniff around for long to find them, either. Sunbelt Software's LanHound typifies this dogged determination as it provides a surprisingly deep toolbox of analysis and packet capture features and yet costs a modest £425.
The only requirement is it must have access to a network adapter that supports promiscuous mode, so it will run on just about any Windows platform. During the brief installation process LanHound loads it own filter driver for each identified adapter and can force the card to operate promiscuously. You can disable this function, in which case the monitoring station will only receive broadcast, multicast and unicast packets. By their nature, switched Ethernet networks can be a problem for network analysis but LanHound comes with three remote agents included in the price that can be installed on systems on other network segments.
LanHound's main interface is simple enough to use although due to the number of features it can be easy to lose track of where some are accessed from. A side bar gives access to the three main options for traffic, statistics and alarms.
The traffic option provides an extensive range of monitoring tools with the matrix table revealing details of conversations between pairs of stations. You can swap between IP addresses and resolved station names to find out who each one is and see the number and type of packets. Each conversation has a small bar chart showing how much traffic is being generated by each pair as a ratio of the total and any of the columns of entries can be used to sort the data into ascending or descending order.
More information can be gathered from the host table which shows individual stations and their MAC and IP addresses, plus a complete rundown of incoming and outbound packets. There are plenty more tools to play with as the traffic option also provides tables showing usage by protocol, a handy TCP/UDP port chart, and graphs comparing bandwidth utilisation between network pairs. The top talkers table is always an invaluable tool as you can quickly see who is hogging all the bandwidth and whether they are just plain greedy or have a problem with their system.
The statistics tool is sub-divided into three functions showing distribution, rates and traffic by protocol. We found the rates tool to be most useful as amongst its myriad options is the ability to view general network utilisation as a percentage of available bandwidth. The matrix table may make it look as though certain stations are extremely busy but if overall available bandwidth isn't being seriously affected then it isn't a problem.
The alarm option could prove useful as virtually any category within the statistics window can have a threshold assigned to it. This could be anything from general utilisation to SMTP and POP3 rates, and if the threshold is breached LanHound will post an alert in its log and start a packet capture session if a trigger instruction is associated with the threshold. However, it's a real shame with this feature that LanHound doesn't have more alerting options such as email, pager or just a network broadcast.
The packet capture and protocol analysis tools turn LanHound into a pedigree product. Captures can be run on demand or scheduled for specific times each day and extensive filters are provided for weeding out extraneous data. You can decide how large the capture buffer should be and either stop the capture or let it wrap around when it becomes full.
On completion, the buffer is displayed in table format showing the source and destination stations along with a basic summary of each packet's contents. You can then drill down deeper by selecting an entry and calling up the decode window which gives a complete breakdown of the packet header. Even better, you can select the entire capture buffer or a range of entries and play them back over the network so see what the impact is.
There's nothing worse than not knowing what's happening on your network but traditionally the tools that can help you find out have been ridiculously overpriced. Well, not any more, as LanHound delivers a superb range of analysis and packet capture tools at a price the small business can easily afford.