Review: OmniPeek

By on
Review: OmniPeek

This complete software offering can be installed on almost any system in the organization to capture data from the system's internal wireless card. But check the compatibility chart before ordering, as only a specific set of wireless cards are supported.

This complete software offering can be installed on almost any system in the organization to capture data from the system's internal wireless card. But check the compatibility chart before ordering, as only a specific set of wireless cards are supported.

AiroPeek and OmniPeek provide a full packet capture interface, where network data can be viewed, analyzed, and sorted. By using customizable filter rules, almost any event can flag an alert to be handled by the network administrator. Each filter rule, while powerful, is extremely complicated and is not in intuitive formats. In order to create a new rule or customize an existing one, a unique and difficult format must be applied, which can frustrate even the most technical of users.

Fortunately, some defaults that ship with the product are ample for most of user needs, and provide a template for those who wish to create their own.

OmniPeek is a powerful analysis tool and central point of administration that builds on AiroPeek, monitoring the network locally as well as through remote PeekDNX servers to monitor any segment of the network from one location.

The remote PeekDNX client is an unobtrusive service that can be placed in the background on any computer in the building, so does not require a dedicated machine.

OmniPeek is more robust than AiroPeek, and includes its full wireless functionality as well as the ability to listen on almost any network interface your system might need in order to monitor the wired network segments. But the individual products can be a nightmare to configure.

AiroPeek differs from OmniPeek only in that it is unable to capture from physical interfaces or connect to remote PeekDNX servers. It requires custom drivers for the wireless cards it supports, so if it does not support your card you will not be able to capture packets directly from the wireless stream. Omnipeek, because it can capture on normal interfaces, can capture all the wireless data, so you can see exactly how the products respond to such data.

The monitoring filters enabled by default for both products are very low-level network monitoring alerts. Fortunately, some extra filter templates are included with the install and can be imported into the program through a simple import utility.

Of the security filters tested, a few failed to work at all, however.

For:

Powerful analysis tool.


Against:

Extremely complex to configure, limited wireless card support, monitoring filters very complex.


Verdict:

Good tool spanning wireless and wired networks, but not for the faint-hearted.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?