Hi, everyone, A question for those of you having to monitor/debug multi-sites/LANs/WANs/multi-tier environments: have you ever used/found some sort of consolidator, capable of allowing multiple traces of ethereal to be "brought in", into a central location, in order to be interpreted in conjunction with each other?
Here is a possible scenario (which - right now - we are forced to analyze "manually"): multi-tier environment, with a client sitting in a remote location, behind a router, connecting through a WAN link to a corporate LAN, also behind its own router, to a web server, which - at its turn - has one or more levels of connectivity to other back-end servers (sort of multi-tier web-based access to databases, where the scenario is: client<-->web-server<-->database server). At present a scenario like the above would require (assuming the most complex of environments, i.e. switched LANs at both ends of the WAN) deployment of ethereal in the following locations: in the proximity of the client port (i.e. on a span-ed/mirrored port of the switch), another one on a mirrored/span-ed port for the web server, and yet another one on a mirrored/span-ed port of the database server. This should cover the main points for a thorough "view" of the traffic (catching any possible "drops" in between), but consolidating the data is a PITA! Before asking this question I looked at some commercial packages, and found similar functionality to what I would like to have, in the likes of Opnet (http://www.opnet.com/products/modules/ace/home.html), Network Instruments' Observer (http://www.networkinstruments.com/products/obs_families.html), NAI's Distributed sniffer (http://www.sniffer.com/products/dssrmon-analysis/default.asp?A=1), etc. Any idea of an open-source or GPL-ed solution? Any other suggestions? TIA, Stef
