By Charles Thompson

With ever increasing network complexity and bandwidth demand, it can be nearly impossible to catch and repair potential system failure before it strikes. Unfortunately for IT administrators, hindsight isn’t always 20/20 either. Even after a technological mishap, it can be difficult to tell exactly what, where and why a problem occurred. This potential for calamity creates an even greater need for versatile monitoring and analysis tools that can keep security and compliance in check. Retrospective Network Analysis (RNA) tools allow you to look back through network activity to reconstruct attacks or failures and offer distinctive advantages over real-time-only analysis tools.

Due to greater reliability in system hardware, the network engineer’s job has become more complex. The relative ease of finding and fixing blatantly failed hardware has been replaced with more intermittent problems, often at the application transaction level. A more detailed view is required to find and remedy these predicaments. RNA provides the capability for system managers to sort through large amounts of data and network traffic in a short amount of time.

RNA also allows system managers to view breaches and anomalies within the exact context they occurred. Viewing such problems in relation to other concurrent network activities allows greater understanding of the situation and limits the amount of investigative work necessary to locate and understand the situation.

Yet despite access to such helpful tools, IT professionals continue to waste an invaluable amount of time, effort and money attempting to recreate and understand system maladies on their own.

As IT demands increase, concerns do the same. A recent survey conducted by Network Instruments found that nearly 70 percent of IT administrators are concerned about increased network complexity. Nearly the same number shared concern about an increasing volume of network traffic, and over half of those surveyed said their most frequent problem is a lack of information about network problems and their causes.

Appliances are now able to store terabytes of packet-level traffic collected from a variety of full-duplex network topologies, including WAN, LAN, Fibre Channel, wireless, gigabit, and 10 Gigabit (10 GbE). Select appliances perform real-time processing and analytics at the probe rather than transferring packet captures over the network to the console.

Some vendors charge extra for functionality that others include. Those in the market for an RNA solution should look for products that include features like VoIP analysis and call scoring, real-time analysis on the probe, stream or application reconstruction, and the option to offload to SAN.

RNA is much like a TiVo® for the network, changing the way administrators conduct analysis. Traditional real-time packet capture and analysis gives network administrators insight into their networks via packet-level protocol decode and analysis. Such tools are valuable when managing any mid- to enterprise-level network, but using them to provide enough information to solve subtle or irregular problems is a grueling task. Also, the odds of witnessing a compliance violation or security breach when it happens are slim to none. RNA acts like a 24/7 surveillance camera—it is far easier to find the culprit using a stored video of the crime rather than just a photograph or composite sketch of what the perpetrator may have looked like.

But there is more to RNA than just capturing and storing the traffic. To be truly helpful, a tool should make it easy to locate the relevant connection or time period. RNA for the enterprise should also provide IT staff with the drill-down detail necessary for isolating problems to particular protocols, applications, servers, and stations. They should be flexible enough to monitor any topology and, for true network forensic analyze using Snort-style rules.

The benefits of employing an RNA solution are substantial:
• Higher network availability
• Improved ability to conduct business efficiently and effectively
• Satisfied customers and employees
• Ability to validate and provide evidence for compliance and security issues streamlines enforcement process

RNA can also be used for planning, rollout, and performance management stages for new applications such as VoIP, by taking advantage of monitoring and trending data to determine exactly how applications influence the network. Preliminary testing can save an enterprise the cost and headaches associated with a problematic application rollout.

Finally, the comprehensive functionality of RNA allows IT staff to spend less time attempting to reconstruct problems and spend more time on proactive planning. In short, reduced network downtime plus faster problem resolution equals a rapid return on investment. Many organizations currently use RNA technology to provide higher quality service and improved security to customers and employees in a way that saves time and money.

In a technological world that is growing by leaps and bounds, more advanced and complex networks are a natural progression. This growth brings with it a new wave of questions and concerns. RNA brings solutions and peace of mind to IT administrators in the form of revolutionary network monitoring, security, and analysis technology.

Charles Thompson is senior systems engineer for Network Instruments, LLC www.networkinstruments.com. Charles can be reached at 952-932-9899 x234 or This e-mail address is being protected from spambots. You need JavaScript enabled to view it .