Sometimes a network that has been running well will start slowing way down for no apparent reason. When this happens, the easiest way to spot the problem is to break out the protocol analyzer and look for sources of excessive traffic. There are countless protocol analyzers available ranging in price from free to very expensive.
Network Probe is a commercial protocol analyzer that’s specifically designed to help you to locate excessive traffic on your network, and you can download a version of it for free. I’m going to introduce you to Network Probe 0.4 and show you how to acquire, install, and use this valuable networking utility.
Acquiring Network Probe
At the present time, the full retail version of Network Probe 1.0 has yet to be released. Network Probe 1.0 is set for release in September 2003 and will sell for $300. In the meantime, you can purchase a pre-release version for $150 that entitles you to the full version when it becomes available. Or, you can download version 0.4 for free; it's 4.29-MB file. Version 0.4 is what I will be using for my examples in this article. I'll focus on the Windows version, but there is also a fully functional Linux/UNIX version as well.
Installing Network Probe
After downloading the Network Probe installer for Windows, double-click it to launch the Setup Wizard. Click Next when you see the wizard’s welcome screen, and you’ll see the software’s end user license agreement. After accepting the license agreement, you’ll be asked to supply your name and the name of your organization. You’ll also be asked whether you want the application to be accessible to everyone who uses your computer or if the application should be accessible to only you. Finally, you’ll be prompted for the installation path, after which you’ll see a summary of the installation options that you’ve chosen. If everything looks good, click the Install button and Network Probe will be installed. When Setup completes, click the Finish button and you’ll be prompted to reboot your computer.
Using Network Probe
After your system reboots, you’ll find that the Network Probe Setup program has placed a Network Probe icon onto the Windows desktop. Double-click this icon to launch Network Probe. When you launch Network Probe for the first time, you’ll be asked to supply a password for the Admin account. Keep in mind that the Admin account is internal to Network Probe and is not a Windows user account. You will also be asked which network card Network Probe should use. For most workstations, there will be only one choice, but if your PC is multihomed, this is something that you need to pay attention to (especially if one of the NICs isn’t connected to anything).
After entering this final bit of configuration information, you’ll be prompted to log in. You’ll notice that the Network Probe interface is actually Web based. The Network Probe URL is http://localhost:7030/. This means that Network Probe is piggybacking off Windows XP’s built-in Web server and that you can access Network Probe from any PC on your network by using the following URL:
After logging in to Network Probe, click the Probe Setup button in the bottom-left corner of the browser window. This will open a window that allows you to configure some of Network Probe’s basic options. Near the top of this window, you can control which network card Network Probe uses. This is handy in case you make a mistake during the initial setup or if you want to switch Network Probe to monitor a different network. Just beneath the NIC selection, there is a section that allows you to control which network statistics are collected. There you can turn various statistic collections on and off independently. Network Probe even goes so far as to tell you which collectors are memory hogs.
At the bottom of this screen, you can control how often and when Network Probe’s statistics are reset. By default, Network Probe resets itself every day at midnight.
Just to the right of the Probe Setup button is a User Setup button. If you click this button, Network Probe will open a window that allows you to add Network Probe user accounts. By doing so, you can allow others to use Network Probe without giving them the Admin password.
Along the top of the screen are tabs with names such as Protocols, Hosts, and Conversations (Figure A). As you click each tab, Network Probe changes the information that it displays to reflect your choice. By default, Network Probe displays the Protocols tab. This tab shows all the protocols running on your network, along with some basic statistics about each protocol. For example, you can see the port number, the number of packets, and the byte count for the protocol. You can even tell the last time that the protocol was used. A handy graph at the bottom of the screen allows you to see graphically how the various protocols relate to on another in traffic volume.
The Hosts tab breaks network traffic down by computer and device (i.e., host). You can see each host’s IP address and the volume of inbound and outbound traffic for each host. You can even see the last time that a particular host was active on the network.
The Conversations tab allows you to see which devices are talking to each other. This tab also allows you to view the amount of network traffic generated by each conversation. You can see the volume of traffic within a conversation either numerically or graphically.
The Protocols Per Host tab allows you to see which protocols are running on each host. The tab is broken down so that you can easily see which protocols on which hosts are producing the most network traffic. The Protocols Per Conversation tab allows you to see which protocols are being used for specific conversations and which of these protocols is generating the most traffic.
The Network Cards tab allows you to view the volume of traffic flowing into and out of each network card. This view is extremely helpful when you narrow a problem down to a PC but the PC has multiple NICs. Finally, the Network Card Conversations tab allows you to view the volume of traffic flowing between specific network cards on your network.
Easy to use
Network Probe can reveal tons of information about your network and the traffic that moves across it on a regular basis. Network Probe also displays this information in a way that’s quite accessible and easy to understand. The free version is so useful that I’m definitely curious to see the full commercial version when it becomes available, especially since it's still going to be offered at a reasonable price—at least in relation to other detailed protocol analyzers.
TechRepublic originally published this article on 16 June 2003.