When you think about IBM software, usually you think words like "slow," or "a day late and a dollar short," or "lacking competition." Well, forget about these and other descriptions: IBM has written some superlative software in its latest version of DatagLANce, its software-only network protocol analyzer. Indeed, this product can go head-to-head with market-leader Network General's [MENLO PARK, CA] Sniffer and even best the old workhorse on several counts. What, you haven't heard of this product? Didn't even know that IBM made a protocol analyzer, or that it has been shipping one since the beginning of the year and is now on version 1.2? Blame IBM's lousy marketing on that. Indeed, a search of Ziff's Computer Select database came up empty: meaning that none of the hundreds of computer trade magazines and newspapers in this archive have ever written about it in the last year. Obviously, IBM still has a few lessons to learn about promoting its accomplishments. Because of its high quality, I recommend the product for the enterprise, with a few caveats. First is that the product is pricey: $7,000 list price for the single topology version, although you can get it for thousands less from dealers and catalogs. This is still less than the price of a Sniffer, although not by much. Low-end Sniffers go for a bit less than $10,000, but that also includes an adapter card. However, DatagLANce can analyze up to four individual network segments (two Ethernet and two Token Ring, which costs an extra $1,000) concurrently: something that Sniffers can't do without buying into the higher-priced spread of the Distributed Sniffer line. And, switching from a Token Ring to an Ethernet Sniffer is not very easy and will require purchasing two separate copies of the software. [CHECK!] But price isn't something that you should be so concerned about. After all, if you troubleshoot a particularly thorny network problem it could easily cost you several thousand dollars in lost productivity or in your own time and airfare to track things down. Another caveat is that you'll need to have an IBM adapter handy, since that solely what DatagLANce supports. You have a wide choice of adapters in the IBM line, including the latest PCMCIA adapters for both Ethernet and Token Ring. While that is a bit of an inconvienence, the prices for these are reasonable: for example, a twisted-pair Ethernet ISA card goes for around $100. I'm told IBM is considering widening the list to non-IBM adapters, which I would encourage them to do. Third, DatagLANce runs on top of OS/2 2.x. Now this is both a blessing and a curse. It is a curse because for many people they would rather be on Mars than bring OS/2 into their shop. Count me a Martian: I am one of those long-suffering OS/2 fans, and am glad to see that IBM has developed a truly useful and unique application that shows off OS/2's advantages. Want to use the same machine to analyze networks and for other office productivity applications? No problem: just stick in another adapter, and configure the machine so that DatagLANce uses one for its analysis functions, leaving the other for normal use. Try that in a DOS or Windows machine: you can't. Another advantage is that OS/2's graphical Presentation Manager is just the right interface for a network analyzer. I didn't used to think so, being a long-time Sniffer user and used to the rather arcane command-line navigation tools that it uses. However, after trying out DatagLANce for a week I am hooked and never want to go back to a character interface again. It is easy to bring up various windows and navigate about while trying to troubleshoot your problem. You don't need much training and the windows are designed without clutter and come up quickly. Now, Novell's LANalyzer works with Windows and offers some of the same graphical feel, but costs and does less than DatagLANce. I also don't think Windows has the performance or the stability that OS/2 does. For example, at one point during my tests I managed to lock up my analysis session. I merely clicked on the right mouse button, killed the session, and restarted it again. The rest of the applications running in my OS/2 machine were unaffected. Now, that's the way multitasking and memory protection should work. Think about this for a minute: you've got three products from IBM: an adapter, the analyzer software itself, and the operating system. Wouldn't it make sense for them to bundle all three, put them inside an IBM Thinkpad (which are still impossible to buy because so many people want them), and sell as a ready-to-run product? Wouldn't that be a good idea? Hello, Mr. Gertsner, how many marketing VP's will it take to implement this one? Maybe I am asking for too much here. A final issue is that this software is copy protected. Now, as you know from my earlier reviews, I am rabid against copy protection. I can see why IBM included a hardware key in the product: after all, in the wrong hands, someone with this software can wreak all sorts of havoc and uncover passwords and so forth. So having a hardware key can prevent this. Well, I still don't like them. IBM has given users a way around it: if you don't want to attach the key to your parallel port, you can run a routine that will eliminate the key. However, this routine permanently matches the copy of your software to a particular network adapter in the machine. (Sniffer does something similar.) If you want to run the software on another adapter (say the original adapter breaks), or if you want to change your configuration from one network topology to another (say you want to switch from token ring to Ethernet), you are out of luck. In IBM's documentation, they say to call them and "we'll explore your alternatives at this time," but I find that unacceptable for businesses that have purchased such an expensive tool. At the minimum they should ship you a new version overnight, no questions asked. Okay, enough of the fine print. How did this analyzer stack up in everyday usage? Testing an analyzer is not easy: you can't always count on your network to misbehave when you want it to. Nevertheless, I found some interesting things out even on the small network in my office of less than ten nodes. I installed two other network analysis products while I was looking at DatagLANce: FTP Software's Lanwatch, which is another software-only protocol analyzer that runs on top of DOS, and Fluke's 675 Lanmeter, which is more of a cable testing tool than a full-blown analyzer. All were on my Ethernet network with a single NetWare server. Not exactly the kind of network that justifies the price of all this test gear, but read on. Installing DatagLANce is not easy and took about an hour outside of the time it took to get OS/2 installed. (Compare this with Lanwatch which took about 10 minutes to get running.) Most of the problem is that the adapter configuration program runs under DOS, while the analyzer runs on OS/2. And if you already had configured OS/2 (as I did) with a non-IBM networking adapter, that will take some doing to remove those drivers and fiddle around with CONFIG.SYS and rebooting between the two operating systems. Ideally, I'd like to see a configuration program running under OS/2 that can set up the adapter on the fly. Speaking of that dreaded sink-hole left over from the dark days of DOS, CONFIG.SYS is also where you have to set the size of the capture buffer. Yuk. You can set this during the installation program, but I missed this option somehow and had to go in with a text editor and fool with this parameter. The capture buffer takes RAM away from other OS/2 applications, and the bigger the buffer the more frames you can record from the network. Almost immediately upon starting the DatagLANce machine on my toy network, alarm bells started ringing. What was the problem? I was accumulating runt (too-short) packets at a furious rate. Now, I never noticed a problem with my network before -- certainly the Lanwatch software didn't seem to take note of this condition. But the Fluke tester showed a cable break on my Ethernet that I couldn't pin down. Perhaps a bad terminating resistor or bad connection. I think it was nice that the IBM software found this out -- I've been running my network unaware of any problem for almost two years now. Just as soon as I finish my next article I want to rip out the cabling and track this one down. What about some of the things that you might want to use the DatagLANce analyzer for? There are a few nice features that are far and beyond what other analyzers offer: -- Great protocol decodes. When the network gets sick, you want to have the best diagnosis possible. I've always been a fan of Network General's decode quality: they have long had the best and most protocols under their wing. IBM's decodes are just as good, and the way they are displayed makes it easy to find things out. -- Flexible displays. Once you know you have a problem, you want to isolate it and examine just those particular nodes or a particular protocol to see what is going on. DatagLANce makes it easy to do this, and without a lot of mouse clicks either. -- Playback network trace files. One of the more important uses of analyzers happens way after you've solved the problem: you want to train others to understand how you figured things out. To do this well you'll need a way of recording your network traffic and then being able to play it back, either on the screen or actually over the wire itself. DatagLANce allows you to do both, and also allows you to read in trace files from LANalyzer, Sniffer, and Network General/ProTool's Foundation Manager. I had a trace file from the latter product and it read it flawlessly. -- Know what you are capturing. Every analyzer can't capture every packet, and it is nice to know when this happens just in case one of the packets you are looking for is among the lost boys. IBM has all sorts of ways to filter, capture and examine network traffic all in real time, something that Sniffer can only do in a more cumbersome process. As I said earlier, this is a superior piece of software and one that goes against the usual IBM grain of mediocrity. Now if only more people knew about it. Vital Stats IBM's DatagLANce Network Analyzer for Ethernet and Token Ring version 1.2 shipping since August $8000 ($7000 for single support of either Ethernet or Token Ring networks) Ready for Enterprise? YES, but a bit pricey Competitive analysis: UP: A wide variety of protocol decodes and some nifty playback features make this a first-rate product. UP: Costs less than Network General's Sniffer, especially for analyzing multiple network segments. DOWN: Comes with hardware key which is cumbersome but useful to protect network security. Software may be operated without the key. Test bed: NetWare 3.11 server on combined thin-wire/twisted pair Ethernet network with a variety of DOS, Windows, Macintoshes. A Fluke Lanmeter 675 network analyzer and FTP Software's LANWatch were also used for comparison purposes. Note: DatagLANce runs on OS/2 2.0 or higher and requires an IBM networking adapter. It was tested on a Compaq Prolinea 486/33 with 32 megabytes of memory and an IBM Ethernet LAN adapter running OS/2 2.1. IBM Corp. POB 12195 Research Triangle Park, NC 27709-9990 919 254 1364 800 ibm-call (for orders) 919 254 0984 (fax) internet: encookmeyer@vnet.ibm.com
Click here to return to the
previous
page
David Strom
Port Washington, NY 11050 USA
US TEL: 1 (516) 944-3407