Competitive Analysis

Observer outperforms Sniffer
What Observer offers that Sniffer does not

What does Observer do better than Sniffer?

1. Combining Local and Distributed Analysis
   Observer offers an identical user experience and identical functionality for local and distributed analysis. Although Sniffer claims to be a fully distributed solution, the product offers a different level of functionality at the distributed level compared to the portable version. For example, Sniffer’s distributed product and its WAN product are different code bases and offer different screens, menus and user experiences from its Portable LAN products.With Observer’s Distributed Network Analysis (NI-DNA™) architecture, you can be assured to receive the same robust levels of functionality, data capture and features for all areas of your network.



2. Supports Multiple Topologies
   Networks are heterogeneous and so is Observer. Observer includes support for multiple topologies where Sniffer is sold on a per topology basis. For example, Network General’s InfiniStream product does not support Wireless or WAN.Because Observer is built from a unified code set and supports Ethernet,wireless,WAN and gigabit all in one package, you need only one solution to cover your network.



3. Application Analysis
   Observer’s application analysis monitors application response times, total transactions, failed transactions and also tracks application-specific statistics. Unlike Sniffer, Observer’s application analysis can be performed in real-time or post-capture.
   
   Sniffer’s Appera focuses only on the TCP level of conversation. It does not monitor the application traffic. Appera simply looks at the TCP/UDP port number and tracks items like SYN-SYN/ACK-ACK communication times and other layer 4 (OSI) transactions to gather response time information.These tools are not actually tracking application information; they are only tracking the protocols that transport the application data across the network.
   
   Observer offers true application response time statistics for deeper analysis, showing how long it takes for users to receive their data. By looking specifically at the application data in the packet, Observer can identify communication failures (i.e. DNS Name Does not Exist).
   
   Expert Observer and Observer Suite include Application Analysis for no additional cost. Sniffer’s Appera begins at $5,000.



4. Real Time Statistics
   Observer offers over 30 Real-Time Statistics.To make statistical analysis easier, Observer has created many one-click solutions to quickly bring together commonly requested network information. For example Router Observer tracks a router interface and offers insight into load and capacity utilization all in one comprehensive display. Observer’s Wireless Access Point Statistics instantly show utilization levels.With Observer, administrators can immediately get the whole picture without having to conduct complex calculations or data mining.Best of all, all real-time statistics are calculated at the data collection point. Sniffer offers the data but not the calculations behind the data to provide in-depth analysis.With Sniffer, determining what the data means is a more complex and cumbersome procedure.



5. Filtering
   Observer's filtering was designed from the ground up to be complete, but not complicated.The visual "flow chart" design allows complex filters to be easily created and executed. Observer’s Fast Post Filtering allows filters to be easily configured, activated and discarded with just a few mouse clicks. Set up filters before capture files are loaded for quicker breakdowns of data. Improved data-mining capabilities allow users to search through multiple files for any user-defined pattern quickly and easily for faster troubleshooting. Sniffer does not offer a graphical flow design to manufacture and monitor filters.



6. Reporting
   Observer takes the idea of reporting from a simple .csv file, to an advanced database with custom reporting options,web-based report generation, and third party tool support. Administrators can choose from a variety of common, ready-made reports and can also create user-definable reports. Select a time and day to have Observer automatically generate and send reports by e-mail, or post to the web. E-mail recipients do not have to be Observer users.The Report Scheduler offers a quick and easy way to update key individuals on network health, bandwidth utilization, top talkers, traffic statistics and more to Observer and non-Observer users alike.
   
   Observer offers more than 20 templates of the most commonly requested reports plus the ability to create your own custom reports providing consistent reporting of network health. Also, because Observer collects and saves the data, you can specify time intervals—choose to review network data for just today, yesterday, last week, last quarter and more. Sniffer does not offer these options.
   
   
7. Statistical Drill Down
   With Observer’s unique Statistical Drill Down, it’s easy to understand the root cause of an issue. Observer has been intuitively designed to predict what the next step in troubleshooting will be for the network administrator. For example, if an administrator is reviewing the Top Talkers screen and sees a device generating well above the norms of network traffic, they can drill down on that device to see what protocols and types of traffic are being generated. Sniffer does not offer a method of gathering deeper level data intuitively–with Sniffer there is no ability to drill down within data for a detailed analysis.



8. Network Trending
   Whether an administrator is using Observer to passively collect utilization metrics or actively perform packet captures, any network data that is generated is automatically saved and stored in the Observer database.Trending offers the advantage of being able to go back in time for a further review of network statistics.You can answer questions such as: What was my network doing a month ago? This bandwidth-heavy user that I’m seeing today,was this always the case? With Observer, you’re confident in knowing the data is there, and can be sliced and diced in any format at any time. Sniffer Distributed and Sniffer Portable do not include trending, forcing you to purchase a separate added application called nPO™. Observer’s robust Network Trending helps lets you produce specific time period (i.e. last month) and comparison (i.e. 1st quarter vs. 2nd quarter) reports so that your network health can be analyzed, understood and optimized over time.
   
   
9. Gigabit Analysis
   Network Instruments designs and manufactures its own high performance gigabit capture card.This second generation PCI-X adapter is built from the ground up to be optimized for Observer capture performance and user flexibility. Sniffer uses a generic, off-the-shelf adapter manufactured by Xyrotec, and has no control over architecture, quality or functionality.
   
   
10. WAN Delay Analysis
    Observer’s WAN Delay Analysis analyzes captures from both ends of a conversation across a WAN link to measure response times.This feature allows you to focus on the WAN segment, and determine delay and packet loss attributed to the WAN. Unlike Sniffer, Observer shows information in an easy-to-interpret graphical display.Additionally,WAN Delay Analysis is not included with Sniffer, it’s only available as an additional cost via nPO Manager.
    
    
11. VoIP Expert
    Expert Observer includes a VoIP Expert, which displays all H.323/SIP conversational data, allowing users to continually monitor VoIP connections to improve VoIP performance across the organization. Observer’s VoIP Expert can save or play voice conversations or video streams. Observer displays a percentage of jitter and lost packets for each direction of VoIP traffic as well as total utilization. Sniffer charges extra for VoIP analysis capabilities.

  
What does Observer offer that Sniffer does not?

1. Single User Interface
   Observer offers a single user interface for portable and distributed environments across all supported topologies. Regardless if you are reviewing the local console or a remote probe, gigabit links, a wireless network, a wide area network, or Ethernet connections, Observer offers one user interface. For the customer, this means complete integration of local and remote network data in one easy-to-read display. Sniffer does not have a single user interface for their distributed product, instead they have two interfaces with competing functionality levels–Sniff View and a web interface based upon Java.
   
   
2. Multi-Session and Multi-Interface Support
   Observer’s multi-probe capability provides enormous flexibility in remote monitoring. First, the multi-probe offers multi-interface support.Users can monitor multiple NICs at the same time. Second, the multi-probe supports multi sessions, where multiple users can monitor the same NIC simultaneously. Multi-interface allows an efficient use of resources to combat multiple problems. Multi-session offers greater problem solving capabilities.
   
   In Sniffer’s distributed environment they permit one active user and four passive viewers. Only the active viewer has the ability to run packet captures, perform Expert analysis or run statistics. In contrast, Observer offers up to 64 active users, where each user can access every feature.The Advanced Multi-Probe functionality is also included within the Advanced Expert Probe.The Expert Probe offers real-time Expert analysis at remote locations as well as complete support for multi-session and problem-solving collaboration.



3. SNMP Management Console
   The front line for network monitoring, SNMP is integrated into most network infrastructure devices today. Complete SNMP device management comes standard with Observer Suite. Gathering this valuable information on switches and routers essential to any troubleshooting activity.



4. Connection Dynamics
   Observer’s unique Connection Dynamics provides a graphical view of conversations up to the application layer. It shows packet-to-packet delay times, allowing instant identification of response times. Connection Dynamics also flags retransmissions, lost packets, and errors for quick identification of possible problems.
   
   
5. Industry-Leading 4 GB Packet Capture Buffer
   Observer’s industry-leading 4 GB packet capture buffer was designed to keep up with enterprise level traffic. A 4 GB buffer allows for increased packet capture size and substantial time frames for Expert Analysis. A user-defined memory model lets each administrator fine tune Observer’s individual memory mode usage.



6. VLAN Analysis
   Observer’s VLAN analysis offers key metrics and information on traffic passing through individual VLANs. By understanding which stations comprise a VLAN and the ability to dive deeper into VLAN statistics, it is easy to troubleshoot VLAN issues. For example, you can take an aggregate view of bandwidth consumption by VLAN and then drill down to view which device on that VLAN is creating the most amount of traffic. Sniffer does not offer VLAN statistics.
   
   
7. Wired and Wireless
   In today's networks, the boundary between wired and wireless is blurred.What wireless network is not connected to a wired network? To ease the management of wired and wireless networks, Observer includes WLAN monitoring capabilities. Sniffer Distributed does not offer an integrated method to monitoring wireless. Observer offers one solution that covers both.
   
   
8. “What-If” Analysis
   “What-If” Analysis predicts how network changes can affect response times.Thinking of upgrading from 100 Mbps to 1000 Mbps or increasing the load on your server? How do you know when your current equipment will no longer be sufficient? Observer’s “What-If” Analysis performs measurements based on actual client, server, or peer-to-peer conversations. Sniffer does not offer a method for gauging network response to capacity upgrades, network changes, and other critical planning projects.
   
   
9. RMON Support
   Observer fully supports all 21 RMON and HCRMON groups and is compliant with all RMON1 and RMON2 specifications. Observer Suite users can monitor and control any RMONstandard device with the included RMON console. Sniffer does not offer support for the RMON industry standard.