In today’s world, it seems that more of the people I run across do not feel they need — or, more accurately, don’t understand why they need — a protocol analyzer for their network.
In the old days (yes, just a few years back) it seemed that more people understood just how important the analyzer was. For some reason, as networks have become smarter and much more complex, this understanding seems to have dissipated. I am not sure whether it is due to the proliferation of network tools or the belief that a network can “heal” itself (trust me, it can’t). Either way, this is a trend that is frightening.
Let me compare a doctor to a network engineer or administrator to make my point. Doctors are very smart individuals, as are network engineers. Doctors have had many years of education to be able to deal with the varieties of situations they might encounter, as have network engineers. They both, in a sense, save lives. Granted, the comparison gets a little skewed here, but the fact is that lives may truly be at stake without networks running properly and efficiently.
Take Care of Your Patient
Let’s look a little deeper into this comparison for closer similarities. When you go to the doctor with a symptom, what does he do? Does he look at you from a distance and guess as to what the issue may be? Hopefully not, as that would not be very productive — nor would it make any of us feel very comfortable with the doctor’s skill set, no matter how much training he had. Now, he may get the diagnosis right on the first guess, but often, it may take two, three or even more guesses before he gets it right.
It’s the same with network engineers; except for some reason, many of us feel that it is okay to guess as to what the issue is, and “try” things to resolve it. Ouch! We certainly wouldn’t want a doctor to take this approach. So, what is a better approach? Or should I say, what is the right approach?
In the real world, the doctor would use tests to get more information and make an educated decision based on the results of those tests. What do those tests include? Well, it depends on your symptoms, doesn’t it? The commonality of all those tests, however, is that they will be accomplished with tools — not one tool, but possibly many. It may be something as simple as a stethoscope to something as technical and detail-oriented as an X-ray or a CAT scan. Certainly, not one tool is best for all situations, but the doctor would probably not depend on what he heard from the stethoscope if you had a very bad ongoing headache or a potentially broken limb. For such symptoms, he has more specialized tools and tests to employ.
Let’s put a slightly sadistic spin on this now. What if your doctor only had one patient — you? And what if he had you captive in one location? And what if his only goal was to make sure your body was efficient, free of disease, and lasted as long as possible without major surgeries, etc.? I would assume that if he was passionate about your health, he would take all the tools of his trade and hook them up to you permanently. He would constantly be taking X-rays, EKGs, listening to your heart beat, etc. That way, as soon as something got even slightly irregular, he could respond with minimally invasive procedures rather than a six-hour surgery.
Since you are in a similar situation with your network — it is the only one you probably have to be concerned about, and you have it captive — why wouldn’t you do network traffic monitoring with your protocol analyzer 24x7x365? After all, doing this on a network is not sadistic at all; it is good, fast, and efficient network management. Also, by using a toll that constantly monitors your network, you will spot changes long before they become issues, and you will avoid doing that expensive and time consuming “surgery” that will cost your company valuable time and money.
The Right Stuff
That brings us back to the question we started off with: Why do we need network analyzers? We have a variety of tools, just like a doctor, but many of them give us a very high-level view of what is happening on our networks. For some situations, that may be just fine — akin to the stethoscope. The bottom line, though, is that often these tools aren’t good enough to help us, and we need something that will show us exactly what is happening, down to the most significant details — something akin to the X-ray or CAT scan. Yes, for a network engineer, this is the network analyzer.
The X-ray was invented in 1895, and it is still a very significant tool in the doctor’s toolbox. The network analyzer is not nearly that old, but it is also a very valuable tool that will tell us EXACTLY what is happening on our network — both the good and the bad. It will give us that information right down to the bit level if need be, or as high-level as baseline comparisons, or top talkers, or just overall network utilization.
Many analyzers also provide the capabilities of expert systems, which can augment your knowledge and experience about what should or shouldn’t be happening on the network. This is your automated “second opinion” for the health of your network. The protocol analyzer may not be the only tool in your toolbox, but when the time comes that you need all the details, the protocol analyzer is the tool you will need.
Remember, all the network training in the world will not make you able to see through wires — or walls, for that matter. Use the tool that allows you to do that!
Network Health Checklist
We all need a network analyzer for our networks. We need them to save lives, either directly or indirectly. Yours might be the life (job) you save.
We need them in advance of the problems that may arise to provide baselines for anything important to our networks.
We need to understand how to use them and use them as often as possible to stay fluent. Your training taught you networks –, not how to see into wires or guess about the traffic traversing them or the issues that may be present.
Going back to the health comparison, you are the doctor for your network. Be a good network doctor, and use the tools that are available to you — not only to find and fix problems faster, but also to understand every “bit” of your network. This is where your extensive training will pay off, because you’ll be able to make educated decisions that will save time and money every single day.
Hopefully, this comparison will help you better understand the benefits of a protocol analyzer. If not, I hope you do a good job choosing your doctor. Otherwise, if he follows your example, you could be in for a lot of guessing, prodding and pain.
Jim Thor is a network engineer and technical instructor at WildPackets, a provider of network, application performance, and protocol analysis, VoIP-monitoring and troubleshooting solutions.
Interesting article. When it comes to interesting tools, this is the one that tops my intrigue meter right now.
I agree and disagree with the premise of this story on two accounts. First, I actually think many doctors would prefer to tie their patients to a gurney and initiate an expensive billable procedure. Who are the patients to question the esteemed doctor? Actually, the patient IS THE CUSTOMER.
Secondly, every key person in operations should have visibility into IT operations. This includes but is not limited to: IT, HR, Financial, Executives, Audit and outside audit personnel. How else can anyone do their job without an accurate accounting of assets and liabilities? It’s more than just feeds, speeds, flaws and bandwidth. These are just symptoms of usage which, for the most part, nobody seems to understand. Use of the network determines profit, loss, abuse, exposure and risk but we’ve all been told that by buying a specific piece of equipment we can control these things. It’s two-steps removed from understanding in my way of thinking. Understanding whether your users/technology adds to the bottom line or subtracts from it are fundamental to being in business. So inasmuch as it’s important to know your business from an IT perspective, one must also be able to relate the geeky bits to how they make the company money…or how it allows users to screw off or leave the company at greater risk.
I agree that a network cannot heal itself. Like any good doctor, rare these days, they ask a lot of questions and understand the full picture and background (diet, allergies, stress etc.) before they order one of those expensive operations. In stead, they learn the underlying causes of problems and address them at that source. It prevents much of the disruption associated with reactive emergency protocols (event management) and actually improves overall performance and results.
Embrace holistic IT and business management and analysis this….