Dirty Dancing with AppDancer
It is panic time. You have another network problem, and you don't care what caused the problem -- you just want it fixed. How can you determine what to fix? Is it the network or an application-specific issue?
AppDancer/FA can rescue you with a powerful toolset that analyzes the packets on your network to show your network topography, network health and load status not only by protocol and device but also by application. It even drills down to the individual session if you need that detailed information to identify application bottlenecks or security breaches.
You do know something about computer networks -- after all, you are the company network manager -- but it can take years to become an expert network analyst. You want a tool that is easy to configure and is comprehensive, and that you can learn to use in your copious spare time. AppDancer/FA 2.0, a new network monitoring and analysis tool from AppDancer Networks, may be just the application that solves your network analysis and monitoring problems. Catching hackers and office network abusers was never so easy.
Basically, AppDancer is a sniffer and network analyzer rolled into one, but it is much more. The company has taken a radically new approach to IT network and infrastructure analysis. Previously no tool allowed analysis of network and application interactions. The standard protocols -- SMTP, DNS, FTP, etc. -- are supported as well as some new ones, SQL, Oracle transactions, VoIP protocols (including H.332) and SIP in one user-friendly package.
Initial installation and configuration is a snap. I downloaded the demo version from the website in about 10 minutes: it is a 40-megabyte file, so make sure that you have a fast Internet connection before you do it. (The company will send you a CD-ROM version if you don't have a large enough Internet pipe.) One word of warning: follow the company's recommended system configuration guidelines. This puppy is fully loaded, so it uses up lots of memory. The process was using 54MB of memory on my machine just idling. Tim O'Neill, director of sales, confirmed that people attempting to load it on machines that do not meet the minimum specifications might have trouble. Fortunately, it hummed along splendidly on my 1-GHz, 512MB Pentium III laptop capturing information in the background as I was doing my regular daily work.
After opening the application, you'll see a menu across the top of the interface that includes buttons for Home, Health, Application monitoring, Device monitoring, Analysis, Configuration, and History that immediately orients you. Everything is customizable, but the interface out of the box is elegant and intuitive. You have a choice of a Web or Windows interface, but they are identical in functionality and only differ slightly in look and feel.
Each screen has a frame on the left side that lists the available reports. The standard report format is a graphic chart showing utilization with a more detailed spreadsheet style report below. To view more details click on elements in the chart. The interface layout is comfortable and completely configurable.
I have used network monitoring and analysis software for years, and all the venders tell you that you can use the application out of the box. With AppDancer, that is finally true. I was able to use the application and get meaningful information about the network and application traffic on my admittedly small network in about 10 minutes without resorting to the manual.
In addition, I found out some interesting things about some of the sites that I commonly visit. I now know who is using Akamai for Web-page distribution. I was able to look at multiple views of the data and see my e-mail sessions quickly and easily.
Next page: Session Tracking and Analysis
What makes this unique application truly powerful is the ability to track and analyze application workflow sessions in the context of the network in as much detail as you wish. You can even record and track individual sessions. I.e. not only can you track SMTP (e-mail) traffic, but you can actually capture and analyze someone downloading an individual e-mail and view the contents (only if it is unencrypted of course). You will be able to see not only information about the network protocols, but a report showing all the packets associated with the e-mail session.
In addition, AppDancer/FA comes with a wealth of useful built-in reports. They all use the standard format for simplicity. For sophisticated users, you can create your own custom reports using simple clickable menus. You can also quickly create customized filters, alarms, thresholds and other useful monitoring tools.
Things to Watch
Plan on dedicating a powerful machine for this application. Don't make the mistake I did and load it on a machine that is connected to your network with a wireless 802.11 connection. It quickly brought my machine to a screeching halt. "Support for wireless networks is coming in the next release," O'Neill said. "Lots of people have been requesting that."
As the well-written and comprehensive manual so nicely puts it, "The AppDancer/FA product is a sophisticated program for analyzing today's complex networks. While the AppDancer/FA product provides an intuitive user interface, the user still must understand the data that is presented. This manual is NOT intended to explain the complex subject of networking, network troubleshooting, or application debugging."
This software is not for the heavy-duty telecom or data operations center that will need extensive scripting and database interface capabilities, but for the rest of us who need a well-integrated tool to keep our companies' networks humming this is an excellent tool to add to the arsenal.
Here is a quick rundown on some of the more advanced features in the package. Wireless protocols and additional applications are planned for the next product release.
- Oracle real-time monitoring. You can monitor Oracle Server user transactions in real-time using a unique "ladder and application content" views to display the complex flows of information and the application logic for each Oracle transaction.
- SCCP ("skinny client control protocol") real-time monitoring. You can monitor the entire call setup, management of the call and the call shut down process of SCCP, Cisco's version of VoIP call setup and RTP (real time protocol) flow support.
- VLAN support. View actual VLAN tagged station-level flows in real-time using the IEEE 802.1Q addressing scheme.
Where Do I Sign Up?
Who would be interested in AppDancer/FA? Anyone who needs to monitor and analyze a network would benefit, that includes network engineers, systems administrators, and IT security people -- really, technical IT staff of any stripe. Government and law enforcement agencies are using it to track potentially illegal activity. For a mid-sized company that needs sophisticated analysis but has minimal staff resources, this tool could be very useful.
"AppDancer products redefine network analysis by uniquely combining network application monitoring, network device monitoring, and network data capture, and analysis into one easy-to-use package." So says a recent press release about the latest version of the product. Nevertheless, don't take their word for it -- try it yourself. Go to the AppDancer corporate website at www.appdancer.com and download the demo version. It is a full-featured version that only works for 14 days. If you are as impressed as I am with this easy-to-use network monitoring and analysis tool, you can easily convert your demo into a purchase.
Beth Cohen is president of Luth Computer Specialists, a consulting practice specializing in IT infrastructure for smaller companies. She has been in the trenches supporting company IT infrastructure for over 20 years in a number of different fields including architecture, construction, engineering, software, telecommunications, and research. She is currently writing a book about IT for the small enterprise and pursuing an Information Age MBA from Bentley College.