animind - Fotolia

When to use a packet capture appliance

This week, analysts explore best cases for packet capture appliance use, network automation and "worst practices" in network security.

Analyst Chris Greer, writing on LoveMyTool, recently examined when a packet capture appliance is really necessary. To find out, Greer compared a laptop-equipped Wireshark with a dedicated appliance. His question was simple: When should IT professionals use a packet capture appliance? By generating and capturing packets, Greer attempted to overwhelm traffic to his laptop. To do so, he used 100% of a 1 GB connection, and sought to determine which approach -- the laptop or a dedicated appliance -- would be more effective.

All told, 18,000 packets out of the 100,000 packets sent were actually captured by the Wireshark installation on the laptop, in contrast with almost 100% of packets captured by the appliance. Examining the results, Greer said his laptop wasn't able to keep up with 1 GB traffic, and it couldn't also determine when standard packet transmission spacing fell below specs.  According to Greer, he has never seen a laptop support full packet capture even at 1 Mbps. If a link goes above 5% utilization, Greer recommends using a purpose-built packet capture appliance.

Read more about Greer's thoughts on packet capture appliance use.

Supporting network automation

Drew Conde, an analyst with Enterprise Strategy Group Inc. in Milford, Mass., recently attended the Network Automation Meetup in San Francisco. There, Matt Stone, a speaker with Brocade, discussed infrastructure management and best practices for a network automation system. Stone indicated that code management tends to follow a multi-step cycle, encompassing everything from building, testing and validating to deploying, monitoring and revising.

While Conde emphasizes the process and potential benefits of network automation, he also spells out potential concerns facing enterprises.  Stone stressed the growing stability of automation tools, such as git, which have become virtually mainstream. Nonetheless, Conde writes that enterprises may struggle with integrating some of these tools. Similarly, while some products such as ElasticSearch have horizontally scaling features, many systems lack easy large-scale deployment, and may not offer support given their open-source features. To avoid some of these problems, Conde recommends SaaS cloud-hosted versions that may offer better support.

Discover more of Conde's thoughts on network automation.

Worst practices for network security

Andrew Lerner, an analyst with Gartner Inc. in Stamford, Conn., has put a lot of thought into network security. While many analysts stress that enterprises employ best practices to cloak their security policies, such practices are not always clear -- especially as they relate to actual network security hazards. To that end, Lerner identifies 12 "worst practices," including the notion known as the "shiny object syndrome," (as new ideas and technologies capture too much focus) risky network segmentation, poor security event management, bad branch architecture and others.

According to Lerner, Gartner has identified a number of areas of security weakness in most enterprise IT environments. They include those associated with Fibre Channel storage area networks, IPv6 capabilities and cloud-based services spanning service models, such as PaaS, SaaS and IaaS. Additionally, problems can arise as mobile devices connect to email servers, or through Secure Sockets Layer traffic and Time Division Multiplexing systems.

Read more of Lerner's thoughts on worst practices.

Next Steps

How does packet capture work?

Avoiding issues with network security

Understanding network automation

Dig Deeper on Network management and monitoring