• 450-plus network protocol decodes and 240

unique, real-time Expert diagnoses—the

widest breadth in the industry—track all

network layer traffic from multiple

perspectives to solve problems fast

• Intuitive browser-based user-interface (UI)

allows easy access to the information

you want—anytime, anywhere

• Gathers RMON1 and RMON2 data to help

you proactively manage your network

• Groupware feature allows multiple users to

view real-time analysis screens to promote

collaborative troubleshooting and training

• World-class technical support, services, and

training—all from a single vendor—to meet

your unique network needs

What Is the Sniffer Distributed Expert System?

The Sniffer Distributed Expert system simulates

the thought processes of a human expert to

solve complex network problems by:

• Learning information about your network

as it captures frames

• Analyzing the frames and the functions

they perform

• Comparing the results against

preprogrammed protocol and standards

knowledge

• Using configurable and predefined

thresholds to search for potential problems

in your network

The Power to Fine-tune Your Network

• Sniffer Distributed combines an industry

leading protocol analyzer and RMON

probe in a single network appliance.

• Sniffer Distributed delivers the

unequaled ability to anticipate, isolate,

and diagnose network faults and

performance problems through a

combination of 240 unique, real-time

Sniffer Expert diagnoses and 450-plus

protocol decodes.

• Through its unparalleled protocol analysis

abilities and Expert system, Sniffer

Distributed addresses your immediate,

short-term, and long-term needs so you

can fix network problems quickly and

minimize costly downtime. Using its

Expert system you can conduct real-time

monitoring and receive alerts that

identify bottlenecks before they impact

your network.

• With its Windows or browser-based UI

(Sniffer WebConsole for Ethernet and

Gigabit only), it’s easy to securely and

centrally access Sniffer Distributed

Appliances—anytime, anywhere.

• Sniffer Distributed gathers industrystandard

RMON1 and RMON2 data for

invaluable long-term monitoring and

trend analysis. By establishing baselines

that define normal network behavior,

you can quickly spot deviations or receive

anomaly alerts. Now you can address

underlying issues before they affect

end users.

In-depth Presentation and

Reporting

Sniffer Reporter

• Included at no additional cost with

Sniffer Distributed

• Provides short-term reporting for:

- Network and application statistics

- Expert Analysis reports

• Support for major LAN and WAN

topologies

• Single-segment reports

Sniffer Watch

• You can archive and report on data using

Sniffer Watch, an optional reporting

product specifically designed to leverage

the richness of Sniffer Distributed data.

Sniffer Distributed is also compatible

with third-party reporting products, such

as Concord’s eHealth and Lucent’s

VitalSuite.

Industry-leading Protocol Analysis

Fault Anticipation

Expert symptoms and diagnoses make it

possible to discover network inefficiencies

before they lead to deterioration of network

performance. Diagnoses include Windows

Internet Naming Service (WINS), no response,

and too many retransmissions.

Fault Isolation and Diagnosis

Switches and routers make networks more

efficient, but they also make it more difficult

to isolate problems when they occur.

Networks use different topologies and

execute numerous protocols across the

different OSI layers. And many applications

run on the network simultaneously.

Sniffer Distributed cuts through this

complexity and gets to the source of the

problem through:

• Switch Expert—allows network managers

to control the port-mirroring features of

a switch, set triggers and alarms, and

perform real-time problem diagnoses

• Over 450 decodes, including legacy

protocols such as File Transfer Protocol

(FTP), Telnet, and Systems Network

Architecture (SNA), as well as newer

protocols like Virtual Router Redundancy

Protocol, SAP R3, Session Initiation

Protocol (SIP), Voice Over Frame Relay,

and Cisco Source Routing Protocol

• 240 Experts, including Oracle, Sybase,

MS-SQL, SAP, and MS-Exchange for the

application layer, and Hypertext Transfer

Protocol (HTTP) and ATM for the

lower layers.

Sniffer Distributed’s Expert system diagnoses

include:

• DB slow-server response

• Slow HTTP server

• Protocol negotiation failure

• Slow file transfer

• WINS no response

• IP NetBIOS session reject

• TA list resources exhausted (ATM)

• LANE configuration phase failure (ATM)

Faster, More Efficient

Thanks to its Expert system, Sniffer

Distributed diagnoses network problems

faster and more efficiently than other

network analysis products. For example:

• The Expert system can find a duplicate

network address in 5 seconds, compared

to an average of 3.3 hours for

conventional analysis—a 2,400-fold

increase in speed.

• The Expert system can diagnose

retransmissions in 10 seconds, (versus the

40 minutes required by conventional

tools), making Sniffer Distributed 50

times faster.

• The Expert system identifies slow

response time in 5 minutes versus 8

hours for conventional analysis, a 96-fold

increase in speed.

These efficiencies give you a compelling

return on investment by significantly

reducing network downtime and increasing

your productivity. A quick calculation shows

that Sniffer Distributed will pay for itself in a  matter of months.

The Sum Is Greater Than Its Parts

Adding to the value provided by Expert

protocol analysis capabilities, as well as

RMON1 and RMON2 compliance, Sniffer

Distributed helps you meet the challenges of

managing today’s complex and diverse

networks. Its distributed architecture enables

you to:

• Troubleshoot remote network problems

without the need to travel, saving time

and money

• Better leverage your staff by matching

specific problems with the expertise of

individual resources, regardless of

location

• Engage multiple engineers in

collaborative troubleshooting, using the

Groupware feature, leading to faster

problem resolution and valuable training

for less experienced engineers

Simplify Your Network Management Challenge

With the myriad of tools flooding the market

today, your network management platform

can become almost as complex as your

network. Sniffer Distributed is the industry’s

most trusted protocol analyzer combined

with an RMON2 probe—both in one unit—

and from one vendor. To further simplify your

network management challenge, you can

integrate Sniffer Distributed with your

existing network management products. You

can use it with Concord’s Network Health,

NetScout’s nGenius, and Lucent’s VitalNet.

Sniffer Distributed Server Options

The Sniffer Distributed server is based on

Sniffer Technologies’ Sniffer architecture. It

incorporates a high-performance, SNMPmanageable

RMON2 agent that fully

implements industry standards and complete

Sniffer Expert functionality. Designed from

the ground up, it provides simultaneous

RMON2 and Sniffer Expert capabilities in a

single, cost-effective package for Ethernet,

Gigabit, FDDI, Token Ring, WAN, High-Speed

Serial Interface (HSSI), ATM, and LAN Servers.

The following graph displays network

usage based on the network, transport,

and application layer protocols. Sniffer

distributed scrutinizes such popular Internet

Protocol (IP) applications as NFS, FTP, SMTP,

SNMP, and HTTP. It also monitors IPX

transport-layer protocols, including NCP,

SAP, RIP, NetBIOS, NLSP, and SPX.

Network Security Complement

• Sniffer security filters complement

antivirus engines leveraging patternmatching

signatures on-the-wire to

detect worm-infected segments of your

network. Armed with this information,

you can pinpoint affected machines,

which minimizes detection time and

clean-up efforts.

• Sniffer Expert diagnoses complement

Intrusion detection system (IDS)

capabilities to provide incident analysis,

identify log-in breaches, and detect

unauthorized database log-in attempts.

You can also set alarms to alert you

when these security breaches occur.

• You can use Sniffer Distributed to

baseline your network so you can

understand network performance before,

during, and after an attack. Baselining

identifies anomalous traffic during an

attack, and it can pinpoint impacted

network segments. With Sniffer

Distributed, you can confirm that attacks

are over by comparing post-attack

metrics to the established baseline.

Monitoring capabilities built into the server keep

tabs on the network, detect anomalies, and record

overall network performance.

Protocol distribution provides real-time analysis of

protocols present on the network.

Sniffer Voice Option

Sniffer Voice is a value-added, optional

package that integrates with Sniffer

Distributed to provide necessary insights

into voice and video converged traffic. The

Sniffer Voice Experts automatically detect

and help resolve key problem causes on VoIP

networks—jitter, packet loss, packet

sequencing, and latency. These VoIP Experts

and call-tracking capabilities, along with the

traditional Sniffer Experts, help ensure

successful Voice over IP (VoIP) network

rollouts while maintaining "toll-quality

voice" and high-quality data for all users.

.