This is the way that Network General (the creator of Sniffer ®) has deployed Distributed Sniffer ® since the beginning. While the product that you are using may be from another or Open-Source vendor,( i.e. Ethereal ®/ WireShark ®), this process is time honored and as such, is considered to be "Best Practice."
This design is meant to assure that the NIC that is listening to the Monitor is not sending any packets itself. The Monitor Card should have no protocols bound to itself and listens in promiscuous mode. Additionally, the PC should be as passive as possible and not phoning home to vendors because of unnecessary software it has loaded.
One process is to take a company's standard laptop and customize it by removing anything that is not needed to support the role of a Protocol Analyzer. Any software that is not part of the laptops OS requirements should be un-installed. Once the laptop has been stripped down this way, load the Open Source Protocol Analyzer of your choice and test it.
Once testing is satisfactorily completed, save an Image of the laptop to be used to generate other Open Source Laptop Protocol Analyzers.
System Requirements:
Pentium 4 or higher.
1GB Memory or higher.
2 NICs. One of which is 100Mbs (not Gigabit) to be used as the Monitor Card. (NOTE: This process is not appropriate for Gigabit Monitoring.)
Remote Control Software (i.e. VNC) that supports File Transfers from the laptop acting as a Protocol Analyzer to the PC used by the Network Transaction Analyst.
Two NICs:
1st NIC - Monitor Card - No IP bound to the card. This card just listens in promiscuous mode. It is the one that is attached to the Monitor Port in the Switch. This should be a 100 Mbs NIC.
2nd NIC - Transport Card - IP is bound (static) so that this card can be used on the Intranet to access the remote control function of the PC. This can be Gigabit if that is all that is available.
Other Configuration Issues:
No Management Software (SMS, Radia, etc.) enabled. No management of this device other than remote control.
Virus Protection (only if it is considered mandatory by company policy). However, this laptop should have no email client or any other software that will want to connect to the Internet (with the possible exception of Time Services). A Firewall rule can always be created to enforce its isolation from the public Internet except on approved sockets.
A Time Server should be in place to keep the various Protocol Analysis Laptops in sync. This can be an Internet source if Company Policy permits or a local Intranet source.
The laptop should not be a member of the Company Domain. One logs into the PC itself, locally or via remote control.
All Mirrors in switches are to be bi-directional.
Consider creating a shared folder to act as a Trace File depository. This is not required, but can be helpful as these files can easily grow too large for many corporate email policy size limits.
Use WinZip on the Laptop to allow compression of the large trace files to speed up transfer.
Related Articles
Packet-Sniffer Filtering Concepts-01
By: Barry Koplowitz | 12/02/2008 | Computers
This article is also available as a "The Sniffer Guy" Podcast on iTunes.
The most frequent questions we receive are about how to create filters with a packet-sniffer. In an article titled "The 7 Most Common Mistakes Using Packet-Sniffers" I do touch on this topic. However, it was just one of...
Baselining--Stress Testing--Performance Testing--Oh My--Part TWO-Testing
By: Barry Koplowitz | 23/07/2008 | Computers
This article is also available as a Podcast on "The ROOT Cause" available on iTunes. Written and Narrated by Barry Koplowitz.
This is the second of two articles discussing the topic of Test Environments and Testing Practices. The first one, "Baselining--Stress Testing--Performance Testing--Oh My--Part One--Environments," focused on proper testing environment design....
The Myths Of Network Utilization
By: Barry Koplowitz | 26/01/2008 | Computers
The Interpath Technologies Networking Myths Series™
This artilce is also availabe as a Podcast of "The Sniffer Guy" though iTunes.
Mythology is not fantasy or lies. It describes a basic truth-but as metaphor. If you understand that it is describing a fundamental reality-by telling a story-you know to look for the reality...
The Importance Of Application
By: Barry Koplowitz | 13/01/2008 | Computers
Awareness of performance problems in a large enterprise network comes from different sources. Sometimes it is a monitoring tool and sometimes it is complaints from business users.
Monitoring tool notifications stay within IT--quietly. With all the alligators to shoot, such issues may be left for a quieter time. Nevertheless, since those...
The Application
By: Barry Koplowitz | 18/01/2008 | Computers
This article is the topic of Episode 5 of "The Sniffer Guy" podcast series available through iTunes.
INTRODUCTION:
Application & Network Performance Analysis is a team sport. Rarely are all the required skills in one skull. Perhaps it is best understood once you think in terms of functions and skill-sets within a...
Interpath Application Flow Diagrams-01
By: Barry Koplowitz | 02/06/2008 | Computers
This article is also covered as a podcast on "The ROOT Cause" podcast series, available on iTunes.
Interpath Application Flow Diagrams have been the second most frequently read or listened to topic on the Interpath Technologies website and The Sniffer Guy / The ROOT Cause podcast series. While it has been...
Interpath Technologies Transactional Analysis Methodology For It Troubleshooting
By: Barry Koplowitz | 28/12/2007 | Computers
During 11 years of troubleshooting high profile network & application performance issues across global enterprises up to 120,000 nodes--Interpath Technologies Corporation developed its specialized Network & Application performance Analysis methodology.
We have helped companies like IBM, ING-Direct & Lucent Technologies find Resolution for under-performing networks & applications.
Application & Network Performance Analysis...
Performance Tuning Is A Process--Not A Tool
By: Barry Koplowitz | 29/12/2007 | Computers
MULTI-MILLION DOLLAR loses occur every day due to poor application testing plans, too much trust in automated testing tools and a general lack of the big picture. Plans are made without understanding how IT all works together. Yet more automated tools hit the market every day.
The Web is alive with...
Got a Question? Ask.
Ask the community a question about this article:
Q&A Powered by:
Latest Computers Articles
Get the Most Out of Your Nanny Spy Cameras - Use Them For Other Purposes!
By: Nahshon Roberts | 25/07/2008
Lest you think that nanny spy cameras are only good for spying on the nanny, think again. The term is another designation for hidden surveillance cameras, supposedly because these are now more commonly used to monitor childcare providers in an increasingly nanny-paranoid society.
Nanny spy cameras are usually...
Analyzing Consumer Electronics Devices
By: James Brown | 24/07/2008
Many consumers are drawn to consumer electronics because of the technology that makes each device perform its mission. While many consumers might not have a technical degree, many have a working knowledge of what the device is equipped with and the selling points of the device after they enter a...
Types of Consumer Electronics
By: James Brown | 24/07/2008
With so many updates and changes made to consumer electronics lately, some consumers are having a difficult time understanding what types of consumer electronics are most popular among middle class Americans and those who live on limited incomes where budget cuts made most consumer electronics seem unaffordable. Families across the...
Benefits of Unlocked Cellular Phones
By: Abe S. | 24/07/2008
You may not know much about your cellular phone other than that you cannot live without it! Your cell phone is your connection to the rest of the world and is a very important tool. Many cell phones are made to use a SIM card - a Subscriber...
How to Start a Business Selling Cell Phones
By: Abe S. | 24/07/2008
In today's unstable economy with reduced income and rising prices, everyone wants to save money if they can. Even if the economy were booming, saving money is always a wise choice. There is no shame in wanting to save as much money as possible when it comes to...
How Can I Work With Sybase Database Tools?
By: Patricia Stevens | 23/07/2008
To use a Sybase server, you are should have Netscape Enterprise Server. You cannot get an access to Sybase from Netscape FastTrack Server. Sybase has both one-line, and multiline drivers on some Unix-platforms. If Sybase has the multiline driver for the concrete Unix-machine, you are obliged to use LiveWire for...
Baselining--Stress Testing--Performance Testing--Oh My--Part TWO-Testing
By: Barry Koplowitz | 23/07/2008
This article is also available as a Podcast on "The ROOT Cause" available on iTunes. Written and Narrated by Barry Koplowitz.
This is the second of two articles discussing the topic of Test Environments and Testing Practices. The first one, "Baselining--Stress Testing--Performance Testing--Oh My--Part One--Environments," focused on proper testing environment design....
Page Yield / Cartridge Yield
By: Kwan Lo | 23/07/2008
Page yield is the number of pages that you can print with a printer cartridge. It is also known as cartridge yield. Many cartridge manufacturers use the terms "standard yield" or "high yield" to describe their printer cartridge but each cartridge should have a page yield value. It...
More from Barry Koplowitz
Baselining--Stress Testing--Performance Testing--Oh My--Part TWO-Testing
By: Barry Koplowitz | 23/07/2008 | Computers
This article is also available as a Podcast on "The ROOT Cause" available on iTunes. Written and Narrated by Barry Koplowitz.
This is the second of two articles discussing the topic of Test Environments and Testing Practices. The first one, "Baselining--Stress Testing--Performance Testing--Oh My--Part One--Environments," focused on proper testing environment design....
How it Vendors Direct it Best Practices
By: Barry Koplowitz | 18/06/2008 | Computers
This article is covered in a podcast on "The ROOT Cause" Podcast Series available on itunes.
TOOLS CREATE NEEDS
There is an old vaudeville routine about a man who finds another man, a bit inebriated, crawling around on the cement under a street light looking for something. He asks him, "What are...
Interpath Application Flow Diagrams-01
By: Barry Koplowitz | 02/06/2008 | Computers
This article is also covered as a podcast on "The ROOT Cause" podcast series, available on iTunes.
Interpath Application Flow Diagrams have been the second most frequently read or listened to topic on the Interpath Technologies website and The Sniffer Guy / The ROOT Cause podcast series. While it has been...
Packet-Sniffer Filtering Concepts-01
By: Barry Koplowitz | 12/02/2008 | Computers
This article is also available as a "The Sniffer Guy" Podcast on iTunes.
The most frequent questions we receive are about how to create filters with a packet-sniffer. In an article titled "The 7 Most Common Mistakes Using Packet-Sniffers" I do touch on this topic. However, it was just one of...
The Missing Link In It Management
By: Barry Koplowitz | 05/02/2008 | Computers
There is a role that is needed within the IT Management Structure that is missing. In my opinion, this role could save large corporations many millions of dollars per year while contributing greatly to the overall health of all IT departments, and their personnel. While working on muti-month projects that...
The Myths Of Network Utilization
By: Barry Koplowitz | 26/01/2008 | Computers
The Interpath Technologies Networking Myths Series™
This artilce is also availabe as a Podcast of "The Sniffer Guy" though iTunes.
Mythology is not fantasy or lies. It describes a basic truth-but as metaphor. If you understand that it is describing a fundamental reality-by telling a story-you know to look for the reality...
The Application
By: Barry Koplowitz | 18/01/2008 | Computers
This article is the topic of Episode 5 of "The Sniffer Guy" podcast series available through iTunes.
INTRODUCTION:
Application & Network Performance Analysis is a team sport. Rarely are all the required skills in one skull. Perhaps it is best understood once you think in terms of functions and skill-sets within a...
The Importance Of Application
By: Barry Koplowitz | 13/01/2008 | Computers
Awareness of performance problems in a large enterprise network comes from different sources. Sometimes it is a monitoring tool and sometimes it is complaints from business users.
Monitoring tool notifications stay within IT--quietly. With all the alligators to shoot, such issues may be left for a quieter time. Nevertheless, since those...
Computers 
