Network Instruments Observer Core Features


Network Instruments Observer Standard

Download Observer Standard Trial
Download Datasheet

The new Observer® version 12 Standard, easily converts your PC or laptop into a powerful analyzer. Capture, view, and decode traffic in real time and instantly assess the effectiveness of network changes. Best of all, Observer allows you to monitor wired and wireless networks together.

Download Observer 12 New Features [PDF - 600 KB]

New Multi-Hop Analysis offers a unique method of quickly isolating transaction delay across multiple hops. Stream reconstruction capability helps with forensic investigations.

With Observer 12 and the GigaStor, you have all you need to navigate through massive amounts of data with ease. Observer 12 is also the first multi-topology, distributed network analyzer to include a 64-bit application core while also supporting a version for 32-bit.

Packet Capture and Decode:

Observer offers complete packet capture at wire speeds up to 100MB Ethernet, and Gigabit capture via a switch’s span port. Packet capture displays show total traffic, captured traffic and dropped packets (if any). Comprehensive filtering options include by MAC and/or IP address, an extensive set of included offset and protocol filters, the ability to create your own, include/exclude, error and range options.

Automatically start a packet capture anytime a probe is engaged or select specific times to schedule routine captures. Pre-programming packet captures can assist in solving recurring network issues or more elusive network problems.

  • Over 500 primary protocols
  • Countless subprotocols (including wireless)
  • Nanosecond resolution
  • Add administrator comments to any packet
  • Dynamic port protocol decode
  • Schedule packet captures
  • Conceal private IP addresses

Real-Time Network Statistics

Flow based statistics are available for all network speeds up to Gigabit. Each statistics display offers multiple ways to view your data, including graph, chart (2-D, 3-D, pie), dial and listing. Network Statistics help you quickly identify trends and network abnormalities, or test throughput and verify observations. Statistics are offered in real-time for any segment or server, and using Observer’s unique switch management console, by port or ports in switched environments. Statistics include:

  • Bandwidth Utilization
  • Internet Observer
  • Network Activity Display
  • Network Errors-by-Station 
    Ethernet, 802.11, Token Ring, FDDI, and Frame Relay)
  • Network Vital Signs
  • Network Summary
  • VLAN Statistics
  • Router Observer
  • Network Pair Statistics (Matrix)
  • Protocol Distribution
  • Size Distribution Statistics
  • Top Talkers
  • Utilization History
  • Utilization Thermometer

Full 802.11b/a/g Wireless Support

Because Observer includes complete decode, statistics, error tracking and trending for your 802.11b/a/g WLAN, there is no need to purchase additional software to manage your complete network.

All versions of Observer include wireless support, and when running Observer switching between monitoring your WLAN and your LAN is two mouse clicks away.

In addition to complete integration throughout all Observer modes, specific wireless modes include displays for:

  • Wireless Site Survey
  • Wireless Network Vital Signs
  • Wireless AP Statistics
  • Wireless Types by Station
  • Wireless Speeds by Station (cumulative)
  • Wireless Latest Statistics
  • Wireless Errors by Station
  • Wireless Channel Scan
  • Wireless Triggers and Alarms (to detect errors and intrusions)

Utilities to Help You Get Your Job Done

Observer includes many utilities and “One Button” solutions that let you get to the root of the problem - quickly and efficiently. From router tracking and reporting to automatic discovery of network names, Observer streamlines the job of troubleshooting. Each utility is designed to minimize the amount of work required to isolate a specific problem or trend, and quickly display the required information to solve the problem at hand. Click on the “learn more” icon above to read in detail about:

  • Efficiency History
  • Router Observer
  • Web Observer
  • Traffic Generator
  • Replay Packet Buffer
  • Discover Network Names
  • Ping/Trace Route
  • SNMP MIB Walker
  • Cross Mode Drill Down

Long Term Network Trending and Reporting

Observer’ trending facility collects and stores network, Internet and switch data for days, week, months or even years. View a single time period (i.e. a day or month), or create a period to period comparison reports. The graphical viewer offers text-based, graphical or Web-based reports.

Ready-Made Reports offer instant snapshots of network health. Any report can be customized and saved as templates for later use. Statistical data is optimized for feedback without being forced to maintain volumes of unnecessary data.

use the Report Scheduler to have Observer automatically generate and deliver reports to any folder or email box. Email recipients do not have to be Observer users.

Switch Management

Observer bridges the gap between switches and protocol analyzers by offering a number of methods to manage your switched LAN/WAN. The standard Observer product offers two methodologies for protocol analysis of switched devices - port based mirroring to view specific device traffic or packet capture (all managed from within the Observer console), or port looping to build a statistical view of all ports on a switch to judge switch performance and see aggregate problems as they develop.

IPv6

In line with a recent government mandate requiring that all government agencies support IPv6 by 2008, Observer now tracks, reports, and monitors IPv6 traffic. All Observer data is listed with the appropriate IPv6 address displayed and, more importantly, IPv6 has been pulled through and integrated with all Observer features, including Forensics, Application Analysis, Expert, and VoIP Analysis.

SSL and SSH Decryption

Observer now provides the capability to decrypt Secure Socket Layer (SSL) and Secure Shell (SSH) data traversing the network. SSL is primarily used to secure Internet communications while SSH is predominately used to access remote machines, but is also utilized in TCP ports and can transfer files using SFTP or SCP connections. Configure Observer with SSL and SSH certificates to decrypt secure data and troubleshoot problems by accessing packet-level detail.

Other Observer Features

Read/write Sniffer® Formatted Packet Buffers - Observer can be used as a capture facility to collect and save packet captures in Network General Sniffer® format (*.enc and *.cap formats).

  • Top Talkers:
    • Understand bandwidth usage by device
    • Determine if a station is consuming too much bandwidth
    • View LAN use patterns
    • Detect faulty network hardware
    • Make informed decisions about network segmentation
    • Find broadcast storms
    • Review switch usage and resource allocation
  • Filtering:
    • Include or exclude packets by address, address range, protocol offsets, and presets
    • Use Boolean logic to create complex features
    • Filter with Perl-compatible regular expressions
    • Design filters visually
    • Create protocol filters from the protocol distribution list
    • Execute multiple filters concurrently
    • Share filter libraries with other Observer users
    • Quickly configure filters with fast post filtering
    • Utilize data mining capabilities
  • Triggers and Alarms:
    • Flag activities or errors with a pre-defined list
    • Set custom notifications based on any filter
    • Receive alerts as vulnerabilities are detected
    • Choose alert method (e-mail, pager, etc.)
    • Obtain e-mails with virus information including source and destination
    • Setup any trigger to have an associated action
      • Pop up message windows
      • Active captures
      • Start/append logs
      • Print trouble tickets
      • Execute external programs
    • Manage triggers and alarms for multiple probes from one location
    • Set a trigger on any WLAN activity
  • VLAN Analysis:
    • View each VLAN data independently or in aggregate
    • Real-time statistics
    • Determine loads by station and by VLAN
        
  • Wireless Support:
    • Complete support for 802.11a/b/g – no additional software necessary
    • Gain WLAN-specific metrics such as
      • Access Point statistics
      • Wireless types by station
      • Errors by station
    • Utilize site configuration tools for better planning
    • Choose from multiple security encryption options
    • Collect long-term trending information
    • Stay on top of your WLAN with Wireless Site Survey
    • Find rogue access points
    • Understand signal quality and data rates
    • Enforce WLAN security policies
    • Determine AP placement by measuring signal strength
    • Monitor wired and wireless with one interface
    • Receive instant notifications on problems with wireless Triggers and Alarms
  • Internet Observer:
    • Obtain specific Internet activity
    • Review individual Internet usage with Internet Patrol
    • Receive true Layer 3 IP addresses with IP Pairs Matrix
    • Use IP Subprotocols by Station to gain each users’ specific Internet usage by service
  • Router Observer:
    • Understand router activity
    • Determine router usage
    • Obtain a “heads-up” immediate display of packets/sec, bit/sec, and interface utilization
    • Review traffic by direction (in, out, total) and percentages of interface utilization
    • One-minute and one-hour displays available

Observer Reporting Server

Gain high-level aggregate reporting on network and application activities across the enterprise with the new Observer Reporting Server. Optimize performance by combining high-level performance monitoring with root-cause analysis in a seamless solution that can scale to collect data from hundreds of Observer probes.

Observer Reporting Server benefits:

  • Enterprise-wide reporting on all network activity collected by Observer
  • Segment data by individual business units or user groups
  • Drill down with Observer for root-cause analysis
  • Assess developing trends to prepare for capacity expansion
  • Aggregate datafrom Observer Probes, NetFlow devices, and other collection agents on the network

The Observer Reporting Server is available as a software-only license, a stand-alone rack mountable appliance, or in an appliance with the Observer Suite console.

MPLS Analysis

For organizations moving to MPLS, Observer now provides complete MPLS analysis. Utilize Observer to obtain a detailed breakdown of your MPLS network, pinpoint MPLS problems, and measure performance before and after MPLS migration.

Observer MPLS benefits:

  • Judge network performance before and after MPLS implementation with Observer’s baselining and trending capabilities
  • Isolate MPLS issues quickly
  • Track varying MPLS priorities
  • Scrutinize Service Level Agreements by creating MPLS-specific alarms
  • Segment MPLS data by label, CoS (Class of Service), and embedded protocol type

VoIP Expansion with Avaya and Nortel

According to a recently released Network Instruments survey, the adoption of VoIP will continue to increase during 2007 with 30 percent planning to implement the technology in the next 12 months. Network Instruments continues to invest in and expand the Observer VoIP offering to provide greater support to the countless engineers that use Observer to monitor and optimize VoIP traffic.

Observer’s VoIP Analysis includes:

  • Support for Avaya CCMS — expanded
  • Support for Nortel UNIStim — expanded — (licensed separately)
  • Support for SIP, SCCP (Cisco Skinny), H323, and MGCP
  • Long-term trending for call detail records
  • Expert Events

VoIP Analysis is available in Observer Expert. Support for Nortel UNIStim is available as an add-on option.

Application Analysis

Countless organizations use Observer for isolating application problems. Observer provides true application response time, allowing you to prioritize, configure, and optimize your application performance. Version 12 now offers integrated support for more applications, including:

  • Microsoft Networking (Server Message Block) — New
  • Citrix
  • Oracle
  • VoIP
  • MS Exchange
  • HTTP
  • SQL
  • FTP
  • POP3
  • Telnet
  • SMTP
  • SNMP
  • DNS

Utilize Observer’s Application Analysis to:

  • Track application session flows and failed transactions
  • Receive statistics on errors and monitor response times
  • Obtain up-to-the-minute application performance

With version 12, you can set an alarm to trigger on application metrics. This allows your network engineers to know about application problems before they affect users.

All Application Analysis enhancements are available within Observer Expert or any Observer Probe running Expert software.

Automated MultiHop Analysis

Observer’s MultiHop Analysis tracks conversations or transactions as they traverse multiple segments, hops, and routes. This helps isolate and identify transaction problems, such as delay and intermittent connectivity, caused by network congestion, fragmentation, and packet loss.

With version 12 MultiHop Analysis is automated. Observer can now start simultaneous packet captures from different network segments and then automatically synchronize the buffers to find delay and packet loss.

Use MultiHop Analysis To