Network Uptime

The History Samples function of Sniffer Pro is a welcome addition to this relatively new Windows-based GUI. Earlier DOS-based versions of the Sniffer software could sample network statistics over long periods of time, but these monitoring functions were contained within a separate executable than the protocol analyzer. Because of these limitations, history statistics could not gather while data was captured.

In the Windows-based Sniffer Pro, history information can be gathered at the same time as any other Sniffer function. This allows the network analyst to gather history statistics while the network data is captured to disk. This is especially helpful if questionable statistics arise while analyzing the history statistics. Specific timeframes can be investigated further by examining the captured Sniffer trace.

This tutorial uses Network Associates' Sniffer Pro version 3.0, although most versions of Sniffer Pro are similar to the screen shots and explanations in this tutorial.
The History Samples

The history samples function can be found on the main toolbar as a graph button,

or from the Monitor pull-down menu.

The history samples window contains many statistics that can be gathered over time. These statistics differ from one topology to another. These are the default Ethernet history samples:

There are additional vertical toolbar buttons on the left side of the history samples window. Clicking the right mouse button on any history sample can also access these functions

The top button starts the sample. This is only available when a history sample statistic is highlighted. Only one history sample statistic can be highlighted at a time.

The next four buttons determine the current view of the history samples window.

The Large Icons button is the default view.

The Small Icons button reduces the size of the icons, allowing more icons to reside in a window. This is especially helpful when working with WAN topologies, where there are over 100 history sample statistics from which to choose!

The List button places each history sample statistic in a columnar list.

The Details button list each history sample statistic with it’s associated low threshold, high threshold, interval (in seconds), and sample period.

The Properties button provides a method of changing the general history variables and the graph colors.

Creating Multiple History Samples

The Add Multiple History button allows the network analyst to gather multiple history statistics into a single graph. Only ten graphs can be active simultaneously in Sniffer Pro, so the multiple history function helps to increase the number of statistics that can be collected.

To create a graph with multiple history statistics, press the Add Multiple History button.

In the Name field, choose a name for this graph. The Name field is limited to 20 characters.

The sample interval determines how often a graph will update statistics. The maximum number of samples per graph is 3,600. The default is fifteen seconds, which provides a sample period of fifteen hours. The minimum is one second, and the maximum is 3600 seconds (one hour). A broadcast and multicast analysis may require gathering statistics every second, which would limit the total sampling period to one hour.

The graph type of Bar, Area, or Line can be chosen as default in this dialog box, but can be changed any time during or after the sample period.

The Selection tab allows the network analyst to select the statistics for the graph. Statistics that have large values should be moved to the bottom of the list, since these appear behind the other statistics in the three-dimensional graph views.

The Color tab allows the modification of colors for the foreground, background, and for each statistic.

Clicking saves the new multiple statistic history sample to the list of default history samples.

Starting a History Sample

To start a history sample, double-click on the appropriate history sample icon. A graph will appear and the collection of statistics will begin.

While the graph is running, the toolbar buttons on the left side of the graph window can alter the graph properties.

The first three buttons change the graph type between bar, area, and line.

The next group of four buttons changes the graph views.

The logarithmic/linear button changes the scaling of the vertical axis, which is helpful for displaying a graph's information when the statistical values are close together.

The 2D/3D button toggles the graph between a three-dimensional and two-dimensional view.

The Legend button toggles a graph legend, which is helpful on multiple history graphs.

The border button draws a black border around the history samples.

The Pause Screen Updates button can freeze the sample graph. While paused, history samples continue to gather. Pressing the pause button again will update the graph to the latest real-time view.

Exporting History Sample Information

The Export button provides a method to save all history information into an external file. This button prompts for a filename and an export format. Note that the history information is still gathered while the export dialog box is active. The exported information will consist of all information gathered before and during this period.

The three export formats are Comma Separated Value (CSV), text with tab delimiters, and text with space delimiters. For most external programs, CSV format is the easiest and most common text format for the importing of information.

Saving History Samples

The history samples can be saved at any time. If the history samples have reached their maximum number of data points, the graph will stop gathering statistics.

To save the graph, make the graph the active window and choose the File pull-down menu and select Save. The Save dialog box automatically displays the Sniffer Pro History Files (*.hst) format.

If the history graph is active, history statistics will continue to gather in the background. The saved history file will consist of all information gathered before and during this period.

Final Notes

The information gathered during a history sample can be used to pinpoint long-term network problems. However, the history sample display cannot show a large number of data points at one time. For more information on the use of the Sniffer Pro history capabilities, read the NetworkUptime.com tutorial, "Using Excel to Graph Sniffer Pro History Samples"