Introduction
| At a Glance | |
|---|---|
| Product | Omnipeek Personal Network Analyzer |
| Summary | Powerful, free, real-time network analyzer with visual expert and packet visualizer toolsets |
| Pros | • Free • On-the-fly filter creation and switching • Visually stunning |
| Cons | • Windows only • Limited support options • Multiple NICs not supported |
Is there such a thing as a free lunch? Certainly in the world of network analyzer tools the answer would seem to be yes, what with the ever popular and powerful open source Ethereal product entering a new phase of its ever evolving life and still being a no-cost option despite the change of name to Wireshark.
WildPackets have taken the brave step of taking this established free giant head-on with OmniPeek Personal; a free version of the OmniPeek Analyzer that is included as a part of the not-so-free OmniAmalysis Platform product suite.
Inevitably comparisons will be drawn between Wireshark and OmniPeek, the first being platform compatibility. Wireshark is truly cross-platform and flexible, running on Apple Mac OS X, BeOS, FreeBSD, HP-UX, IBM AIX, NetBSD, OpenBSD, SCO UnixWare/OpenUnix, SGI Irix, Sun Solaris/Intel, Sun Solaris/Sparc, Tru64 UNIX (formerly Digital UNIX), Debian GNU/Linux, Gentoo Linux, IBM S/390 Linux, Mandrake Linux, PLD Linux, Red Hat Linux, Rock Linux, Slackware Linux, Suse Linux as well as Windows Me, 98, NT 4.0, 2000, XP and Server 2003.
In stark contrast OmniPeek Personal demands a narrow allegiance to Windows, supporting just Windows XP Professional (SP2), Windows 2000 (SP4), or Windows Server 2003 (SP1). So users of Windows XP Home are out of luck, and don’t even think of trying to be clever and running it on a system without Internet Explorer 6.0 (SP1) and Microsoft.NET Framework 2 installed, because it won’t run.
WildPackets gives the impression of viewing OmniPeek Personal as OmniAnalysis Lite: not a full product in its own right, more of an introduction to the advanced features found in its commercial brethren. Even the fact that Gigabit Ethernet and WANs are supported with an additional cost analyzer card is not made immediately clear.
Instead, theWildPackets product comparison tables suggest these features are only found in the commercial products. Nor does OmniPeek Personal come with free support beyond a basic FAQ and poorly populated support forum. Wireshark, by comparison, has an informative and busy support forum. WildPackets will happily sell you an OmniPeek Personal support package starting at $299 (€234, £162) per year though.
Visual appeal
The OmniPeek Personal GUI is well designed, being graphically rich without detracting from the core functionality of displaying of packet stream data. Graphics are displayed in real time, enable the viewing of packet stream based analytics by conversation pair while instantly locating network events such as SQL queries and DoS attacks, for example.
The inclusion of both Visual Expert and Packet Visualizer toolsets with a free product shows that WildPackets is serious in providing a worthy alternative to Wireshark.
The Visual Expert sets the graphical trend for OmniPeek Personal, with its packet visualisation and graphing functionality
While not being an open source product itself, OmniPeek Personal does compete at the developer community level by providing an open API and SDK to enable custom plug-in creation and so extend functionality. The number of available plug-in is very limited in number and real world usefulness; a SQLFilter being the most practical, enabling the indexing of individual packet files as well as live captures against which simple and complex queries can be made without opening the original trace files again.
A remote TCPDump adapter runs tcpdump over a SSH connection to a Unix/Linux box and then streams the packets back into OmniPeek, while the Google Maps Plug-in rather pointlessly provides an eye candy approach to the display of source and destination IP address locations.
Breaking the capture-wait-watch cycle
All too often free network analysis tools require the ongoing analysis to be stopped in order to be able to change what is being looked at. Thankfully this isn’t the case with OmniPeek Personal which allows for filters to be created (using a simple make filter command) and applied immediately, on the fly, without the hassle of stopping and starting packet captures: something that really should not be undervalued.
Creating filters is as easy as applying them, without interruption to the ongoing analysis
Nor should the ‘select related’ function be undervalued, which can select packets relevant only to a particular node, protocol or conversation with just a single mouse click. Compare and contrast to the multiple steps required to achieve the same type of operation in other analysers, and witness the amount of time saved when finding and fixing problems courtesy of the OmniPeek Personal approach.
Indeed, it is the real-time troubleshooting that impresses most: with OmniPeek Personal claiming the unique feature of being able to offer both expert diagnostics and frame decoding during capture, in real-time. By collecting network traffic into conversations, which are then aggregated by application and rated for user satisfaction, OmniPeek Personal can combine these with accurate response time analysis to give a truly remarkable level of application analysis.
This application view then enables end user satisfaction and network application performance to be linked through Apdex (Application Performance Index) for open standard reporting. Real time statistical support is just as impressive, and along with the historical performance data capture function make it very easy to very quickly determine chatty protocols, talkative nodes or router performance during busy periods for example.
Expert, real time, application diagnosis is not only possible using OmniPeek Personal, but easy as well
Expert analysis
An ‘Expert EventFinder’ brings both descriptions of problems and their possible cause along with suggested solutions for them, and much of the ‘Expert System’ can be tweaked and fine tuned to suit the exact needs of the user. Everyone benefits, however, from the expert view analysis of latency, throughput and network problems in a conversation-centric traffic view. But the expert model doesn’t stop there, a ‘Visual Expert’ toolset comes complete with a packet visualise and payload reconstruction, with the expected range of conversation-centric graphs, and also a cool ‘what if’ view that can estimate how changes to particular application and network parameters might affect network performance.
The flow comparison charting and packet visualise make instant visual troubleshooting easy to achieve
Sticking with this visual approach that is at the heart of OmniPeek Personal, the ‘Expert Peer Map’ happily displays all communicating network nodes as an organic vertically-oriented ellipse. This is made spectacularly simple to read thanks to the an intuitive approach that considers a thicker line between nodes indicates greater traffic, and the bigger the node ‘dot’ then the more traffic flowing through it.
Expert peer mapping is another example of just how seriously OmniPeek Personal takes the visual presentation of data
Wireless Working
WLAN support is well implemented, if limited in some areas. An SSID tree view provides a hierarchical structure of the relationship between ESSIDs/BSSIDs and respective stations, while application layer analysis is enabled courtesy of OmniPeek Personal decoding and decrypting encrypted packets with user defined WEP or WPA keys.
While supporting TKIP decryption, OmniPeek Personal does not however support either AES or WPA2 decryption. Nor is there any visibility of control and management traffic, or RF Monitoring capability for channel scanning or hopping. It also requires the installation of a special NDIS driver for a supported network driver in order to capture wireless packets. An Atheros WLAN adapter driver is included which supports WPA/PSK decryption, noise management and hardware timestamping with microsecond accuracy.
A hierarchical tree view of an 802.11 WLAN is OK, but OmniPeek Personal is actually rather limited when it comes to WLAN support and analysis functionality
Conclusion
Ease of use and communication of complex information do not usually go hand in hand, OmniPeek Personal ensures they do with the help of intuitive graphing aids and detailed network statistics
By escaping the capture-wait-watch mantra and introducing a highly visual and intuitive interface, OmniPeek Personal is worthy of serious consideration provided you meet the very inflexible OS requirement.