NPI is frequently engaged by clients to identify the
source of anomalies and other conditions that negatively impact
performance, operations or the security of their enterprise network.
A partial list of software tools used to perform our analysis includes the
following items.
NetSpector
An SNMP based software tool written by Network Partners as an aid in
discovering a client's enterprise network configuration that assists in
identifying anomalies that impact the efficient operation of their
network. The NetSpector software quickly
and efficiently gathers pertinent configuration and operational data from
all routers, switches, hubs, servers and other devices within the network,
and builds an Access database for use in analyzing areas of concern. NPI
personnel has evaluated equivalent tools from multiple vendors over the
past years and found each to be significantly lacking in one or more areas
of network analysis.
The tool allows NPI personnel to retrieve layer-3
routing tables, layer-2 switch forwarding tables, ARP tables from each
significant device, key spanning tree parameters, interface MTU values,
RMON statistics and other data, providing our personnel the ability to
identify instability, security, and other network anomalies based on data
already available from the customer's network devices. In addition, the
software can be configured to selectively poll remote device interfaces
and Frame Relay PVC's to build a network baseline database, and display
the baseline data in graphical form for use in assembling formal traffic
usage charts and documents.
NetLogger
NetLogger is a syslog-like software tool also written by
Network Partners and is used to receive and log error messages generated
by the customer's network devices. Syslog messaging has been incorporated
into most network hardware devices and many servers, however a large
percentage of past NPI clients have not implemented any form of system to
log these important operational messages.
NetLogger was written to be a highly flexible mechanism to log the
messages and to notify NPI personnel of significant events through
rules-based paging and/or email functions.
Additional software modules are currently under
development to allow two-way pager and/or cell phone interaction with the
software, and an SNMP polling engine to detect network devices or
interfaces that may have failed with generating a syslog message.
Sniffer Analyzers
NPI personnel uses a protocol analyzer to capture and
identify anomalies that are not detectable through other tools or
mechanisms. The analyzer provides NPI personnel with the tool necessary
to identify detailed vendor protocol anomalies, system response time
issues, and many other highly technical analysis capabilities.
In addition to being considered expert users of the
analyzer, NPI personnel have provided Sniffer Analyzer training to
numerous clients over the past years.
Route Monitor
Route Monitor is another software tool written by Network
Partners as an aid in tracking layer-3 routing changes in a client's
network. The tool passively listens for RIP (version 1 and 2), OSPF and
IGRP packets that are present on the client's network, and analyzes the
contents of those routing-protocol packets to detect change and
instability. Should a change occur, Route Monitor logs the before and
after conditions for NPI personnel to view and analyze. The tool has been
used in numerous accounts to detect intermittent network stability
problems.
Security Audit Tools
Although many security analysts rely solely on commercial
and shareware port-scanners, most are not familiar with the sophisticated
tools necessary to detect alternate network access mechanisms and
other network security concerns. NPI personnel have conducted network
security (or vulnerability) assessments using many of the same tools
noted above in addition to the familiar port-scanners available from
multiple sources. NPI's past vulnerability assessments have been
characterized as far more complete and all-encompassing as our ability to
discover the undocumented network components exceed the capabilities of
most security consultants.
Microsoft Office and
Visio
The Microsoft Office products (e.g., Word, Excel, Access)
are used by Network Partners for the generation of formal customer
documentation. Microsoft's Visio product is used for all network
diagrams, schematics and other drawings. When NPI has completed a
project, all documentation is provided to the customer in both printed and
electronic forms.
Network Modeling
Software
Network modeling software was more important in years past
when customers often operated a multi-protocol network with DEC, IBM and
other systems attached to their shared network facilities. Currently, few
customers are interested in modeling additions and/or changes to their
TCP/IP based networks. NPI has the capability to both simulate and model
numerous types of customer traffic, however the model is often times
highly dependent upon the type of system or network to be analyzed.
Specific modeling projects, and the modeling tools to be used in those
projects, can be discussed when sufficient technical detail is known.
|