You Don’t Need Deep Pockets to go Deep Into Your Packets
By Brad Hale, Principal, Network Management Product Marketing, SolarWinds
Packet-level analysis has long been regarded as the Holy Grail of network and traffic performance analysis. It involves capturing (i.e., making a copy of) and inspecting network packets that flow between client and server devices. By inspecting packet flows and protocol parameters, useful information about network performance can be extracted, including network and application response time, and types and relative volumes of application traffic.
Packet inspection tools have historically come in two flavors: free and expensive. On the free end, you have the very powerful open source Wireshark, which can be installed on a workstation or laptop. Aside from the cost (let me say free again), Wireshark also has the benefit of being a portable solution that can be moved around within the network. On the downside, it requires a lot of skill to properly configure and use, and is typically used on an as-needed basis after some kind of event has occurred that needs investigation.
On the expensive side are the specialized packet capture appliances that perform high-throughput inspection and archiving. These are typically reserved for larger enterprises with deep pockets due to the deployment costs and technology knowledge required to use successfully.
This doesn’t leave a lot of options for the average IT department that would like to enjoy the benefits of packet capture.