Examine Live IP Traffic With Expert Observer

Expert Observer is a Microsoft Windows-based network monitor and protocol analyzer utility for Ethernet, 802.11a/b/g wireless, Token Ring and FDDI. The software can snoop into both shared and switched network environments.

Out of the box, Expert Observer can monitor single-segment networks, and optional probes can reveal conditions on remote networks. The probes relay remote information to an Expert Observer console, thereby eliminating the need to travel to remote sites. Software probes offer remote analysis and monitoring for 10/100 Ethernet, 802.11a/b/g wireless, Token Ring and FDDI networks, and hardware-based probes are available for wire-speed, full-duplex Gigabit and T1/E1 or HSSI/DS3 WAN networks.




technical Editor

Expert Observer's software-based probes operate in two modes: Advanced or RMON. The Advanced software probes work only with the Expert Observer console; they run on any Windows 98/ME/NT/2000/XP PC with no additional hardware and provide snapshots of current LAN or switch conditions. Advanced probes can be configured to run as a service under Windows NT, 2000 and XP. An advanced probe must be installed on at least one system on each remote LAN, segment or switch for the segment to be monitored.

The probes are set up to transfer captured packets to an Expert Observer console only on demand, but they also can be configured to collect trending data completely unattended, with no connection to an Expert Observer console. Collected trending information can be downloaded and viewed on an Expert Observer console at any time to generate a historical baseline of network or switch conditions on a remote site without generating any network traffic.

Sponsored post

The RMON probe is an industry-standard RMON 1/RMON 2-compliant probe that works with any industry-standard management console. The RMON probe can report to multiple management stations, the number of which is limited only by the memory on the RMON probe PC.

An RMON probe can report to any RMON or SNMP management console and can be configured to report traps to one or more management stations. Statistics displays offer multiple ways to view data, including various types of graphs and charts. Statistics can include bandwidth utilization, network activity, errors, vital signs and protocol distribution. New advanced multi-probes featured in Expert Observer 9.0 let a network administrator monitor multiple locations at once and allow multiple administrators to examine the same network interface simultaneously.




CRN Test Center Recommended

Expert Observer supports any network adapter card with an NDIS 3.0/3.1 or greater driver that supports promiscuous mode. To use Expert Observer's looping probe option, a switch must support port mirroring and have an SNMP or Telnet management interface. Expert Observer can capture packets at wire speeds up to 100 Mbps. The software can capture Gigabit data via a switch's span port. Packet-capture displays show total traffic, captured traffic and dropped packets. The software can filter packets by MAC and/or IP address, by protocol or by using custom filters. Expert Observer can decode more than 500 protocols and identify more than 4,000 unique frame types.

Expert Observer works with wireless networks when it monitors a wireless network interface. Menus specific to wireless include network vital signs; AP statistics; types, speeds and errors by station; latest statistics; channel scan; and special triggers and alarms.

Using Expert Observer, a network administrator can see network traffic in realtime and make decisions based on fact rather than speculation. The effectiveness of network changes can be observed instantly, and trending data can be collected over a period of days, weeks or months. Triggers and alarms, which can activate message windows, captures, logs and trouble tickets, or even contact an administrator via e-mail or pager, can be set to help pinpoint problems. In addition, a traffic-generator and packet-buffer replay capability allows for stress testing and controlled duplication of specific problems.

Network Instruments' Observer line is available in three different packages, depending on a customer's needs. The base product ($995) performs complete protocol analysis, network troubleshooting and long-term trending for all wired and wireless networks. It includes packet capture and decode of more than 500 protocols, realtime statistics and a base-lining facility to view traffic trends.

Expert Observer ($2,895) has all the features of Observer with the addition of realtime expert analysis, event notification and modeling.

Observer Suite ($3,995) includes all the features of both Observer and Expert Observer, along with an integrated SNMP console and management interface, an integrated RMON 1/RMON 2 console and management interface, a built-in Web server with Web-based access to trending and reporting, one local probe and one remote probe.

In addition, probes can be added to any version of Observer. A software probe costs $495, while a Gigabit monitoring kit costs $8,000. A WAN hardware probe kit costs $6,000.

PRICE: $2,895
MARGIN: 30 percent
WARRANTY: 30 days
DISTRIBUTORS: Direct from vendor


CHANNEL OVERVIEW: Minneapolis-based Network Instruments provides a wide range of one-on-one assistance to partners. The vendor's field-based sales representatives participate in joint sales calls, seminars and online demos, and help solution providers to research and target sales leads. Network Instruments' solution provider Web site includes tech tips, seminar resources, sales information and joint marketing materials. The company provides on-site sales and technical training, both of which are required for authorization. Phone-based technical support is available during the company's business hours, 9 a.m. to 5 p.m. CST, and Network Instruments can provide 24x7 and on-site support if necessary.

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.