To get the most complete view of what’s actually happening on a network, you need to go down to the packet level.
This week, Riverbed (NASDAQ:RVBD) updated its product lines to integrate packet-based transaction analysis. The packet analysis technology comes by way of Riverbed’s acquisition of CACE, the lead commercial sponsor of the open source Wireshark packet sniffing project.
Riverbed acquired CACE in October, 2010 and has been working on integrating its technology into the Riverbed Cascade monitoring gear over the last several months. CACE had two primary commercial technology solutions: the Shark packet capture appliance and the Pilot software tool. Both of those technologies have now been rebranded under the Riverbed Cascade banner.
Yoav Eliat, director of product marketing for Cascade at Riverbed, told InternetNews.com that software changes have also been made in the CACE and Cascade products to provide an integrated solution.
“We can now click further down into the details and see information from the packets that were collected from the CACE products,” Eliat said. “We can now pull up deeper views in order to see Web traffic in detail.”
Eilat noted that, going a step further, a user can then click on the packet details to examine the packets with Wireshark. He added that Wireshark is integrated with Pilot, which is the software user interface.
Eilat stressed that the version of Wireshark that Riverbed is using is the same open source version that is publicly available.
“Wireshark remains an open source tool and always will be, “Eilat said. “We are trying to be very careful and respectful of the open source nature of Wireshark. Everyone knows what happens if you mess with an open source, the community behind it will just go somewhere else.”
Eilat noted that what Riverbed does is build tools around Wireshark.
“What Cascade does is it shows all the network information which will lead you to the right packets that you can then open up in Wireshark,” Eilat said. “So instead of looking at huge packet traces, you can just zoom into the packets you want.”
Eilat explained that if an enterprise is doing a packet capture at remote location it could generate a large file. What Riverbed is doing is transferring the data on demand for the specific data that needs to be analyzed.
While the Integration of the CACE Shark packet capture appliance is new for Riverbed, the company has had packet capture capabilities on its Steelhead WAN acceleration box.
“Packet capture on Steelhead is something you’d want to do at a branch office on an opportunistic basis if you’re having a problem in the network,” Eilat said. “You wouldn’t want to run packet capture full-time on the Steelhead, since it’s a WAN optimization appliance and doesn’t come with a huge amount of disk space.”
In contrast, Eilat noted that Shark is a full-time packet capture device that is more likely to run in the datacenter.