Hi, everyone,
A question for those of you having to monitor/debug
multi-sites/LANs/WANs/multi-tier environments: have you ever used/found some
sort of consolidator, capable of allowing multiple traces of ethereal to be
"brought in", into a central location, in order to be interpreted in
conjunction with each other?
Here is a possible scenario (which - right now - we are forced to analyze
"manually"): multi-tier environment, with a client sitting in a remote
location, behind a router, connecting through a WAN link to a corporate LAN,
also behind its own router, to a web server, which - at its turn - has one or
more levels of connectivity to other back-end servers (sort of multi-tier
web-based access to databases, where the scenario is:
client<-->web-server<-->database server).
At present a scenario like the above would require (assuming the most complex
of environments, i.e. switched LANs at both ends of the WAN) deployment of
ethereal in the following locations: in the proximity of the client port
(i.e. on a span-ed/mirrored port of the switch), another one on a
mirrored/span-ed port for the web server, and yet another one on a
mirrored/span-ed port of the database server. This should cover the main
points for a thorough "view" of the traffic (catching any possible "drops" in
between), but consolidating the data is a PITA!
Before asking this question I looked at some commercial packages, and found
similar functionality to what I would like to have, in the likes of Opnet
(http://www.opnet.com/products/modules/ace/home.html), Network Instruments'
Observer (http://www.networkinstruments.com/products/obs_families.html),
NAI's Distributed sniffer
(http://www.sniffer.com/products/dssrmon-analysis/default.asp?A=1), etc. Any
idea of an open-source or GPL-ed solution? Any other suggestions?
TIA,
Stef
