Traffic analyser gains VoIP insight

Launched in June, version 3 of WildPackets’ Omni enterprise network analysis platform comes with distributed voice over IP (VoIP) analysis capabilities and supports PCI-based T1/E1 WAN analysis. The OmniPeek management console and the PeekDNX remote packet capture engine are priced separately. Pricing varies with configuration, and WildPackets declined to give details.

The architecture is unchanged from the previous version. The main management console, OmniPeek, is based on the original EtherPeek UI, controlling distri- buted PeekDNX engines.

OmniPeek only supports Windows 2000, XP and Server 2003. WildPackets also pointed out that OmniPeek purchased with voice over IP (VoIP) analysis tools does not support Windows Server 2003.

WildPackets recommends minimum specifications for companies’ hardware of at least an Intel P4 or Xeon processor with 1GB of system memory.

For heavy use, high-speed dual CPUs are recommended with over 2GB of system memory and large-capacity Raid hard disks.

Firms can run the system on their own hardware or on WildPackets’ own hardware platform, the Omnipliance. This is a turnkey appliance requiring no network reconfiguration. But for gigabit networks in full duplex mode, optional NICs are also needed.

We installed OmniPeek and several PeekDNX engines on both desktop and server operating systems connected to several subnets. The PeekDNX engine can be run with encryption and compression and we could set user account access controls for the system on which the remote capture engine was required. We used OmniPeek to connect simultaneously to versions 2 and 3 of the PeekDNX engines.

OmniPeek’s user interface is still easy to navigate, and offers an outstanding peer map for a bird’s-eye view of network traffic. This can be set up to show Media Access Control (MAC), IP or IPX (Novell NetWare LAN) addresses.

Users having OmniPeek with the VoIP analysis module can get useful data on call type, IP addresses through the peer map, bandwidth resources used by the call as well as a voice quality measurement metric called the R-factor and data on letency and jitter. But we would like to see more information similar to that available from the vendor’s standalone VoIP analyser software, EtherPeek VX.

We were able to set up a capture option for a particular time or by ticking a checkbox for specific protocol filters, such as AppleTalk or NetWare, so the appearance of the protocols would trigger packet captures. Packet captures can be saved as compressed or uncompressed EtherPeek Packet Files, as a delimited packet list, as raw packets, in NAI Sniffer DOS file format or as a Libpcap format file, which can be used by programs such as Libpcap or the open source analyser Ethereal.

Since OmniPeek captures via an active Network Driver Interface Specification (NDIS)-driven Ethernet adapter, users who connect through a USB modem will not be able to see network traffic using OmniPeek. However, Ethereal traces can be imported for analysis.