Software Evaluation - NeoTrace Pro v3.25

NeoWorx Inc.

Adam Meyer

INLS 187

Product Overview

- NeoTrace Pro is a visual traceroute suite that interprets and displays traceroute data in a number of formats, including worldmap and nodemap view options, as well as integrating a number of other network analysis tools into a single software suite. It is aimed primarily at IT professionals, both in the security field as well as other areas.

- The product design is both attractive and intuitive, and while its target audience is the IT community, its basic features can be easily employed by users with only very minimal experience with networking and network analysis. NeoTrace is also equipped to allow users to integrate their own custom defined external applications, as well as utilize preconfigured external options

- NeoTrace is available for numerous Microsoft operating systems including from Windows 9x forward, however, usage on Apple Mac OS requires the use of Virtual PC.

 

Purchase and Installation

- Installation is a straightforward process that even the most novice user should be able to complete. The initial configuration consists of a single step: setting the user's home location, which can be done by country and zip code, or in an advanced mode through the use of GPS coordinates, alllowing the usage of NeoTrace in any environment, including aboard ship or in transit. The install package is small, less than 2 MB in size, and is available for immediate purchase to the general public through numerous internet sites by means of electronic delivery. US Price for a single license version of NeoTrace Pro is approximately USD$30. These factors give NeoTrace the considerable benefit of being easily available to those outside of the law enforcement community, including small businesses.

Advanced and Wizard options exist for defining the user's home location.

 

 

Major Features

- Visual Traceroute: NeoTrace is, first and formost, a visual traceroute program. In this it excels. It offers realtime display of traceroute results with the option of either a world map or node map view. One of the main benefits of this is that these images are visually very attractive, and can be easily used for presentation purposes to illustrate complex network architecture to individuals with no knowledge of the technical details whatsoever. This can make the job of the CIO or Security Office easier by several orders of magnitude when it comes time to justify annual budgets or explain a major network event to non-IT professionals. The Node View option is also a quick and dirty way to draw a network architecture map for simple connection diagrams, and is also suitable for inclusion in presentations, though with more of an eye towards those experienced in Network architecture. It is also worth noting that the map view is skinnable to any number of color schemes. v3.25 comes packaged with several good ones, and the option always exists for a savvy user to create his or her own.

 

NeoTrace Provides a wealth of information in a visually pleasing format. Note the Information Panel to the right side of the application window.

 

- Network Analysis: While performing a trace, NeoTrace Pro also performs WhoIs database lookups for each node it hits, as well as generating a trace summary and taking network metrics for roundtrip time and packet loss, among other statistics. The software offers a third view option, the list view, which is customizable depending on the user's desired display fields, and displays traceroute data in the "classic traceroute" format, for use by IT professionals.

- Generation of CSV format files: NeoTrace can parse its output into .csv files, which can be easily integrated into any number of applications.

- External Applications: NeoTrace Pro offers the option to configure and use external applications in conjunction with the its output. Some of the preconfigured applications include the option to Telnet and FTP to a given node, to open the node's WhoIs and site data in a web browser, and to display satillite and topgraphical maps of a node's location through web lookup (though these features are currently misconfigured with the 3.25 release, with some tweaking of the configuration files, they should become operational). The option also exists for users to define their own external apps to call from within the program through the use of .config files in the NeoTrace ExternalApps directory. The help file has very explicit instructions on how to achieve this.

- HackerWatch Reporting: NeoTrace also includes the option to sign up for statistical event reporting to HackerWatch, which allows NeoTrace to report detected firewall events to HackerWatch and add to their ever multiplying statistical database.

 

 

- Customizable: NeoTrace provides a number of options that allow users to tailor the program to their own needs. Exploration of the Options menus and the Help File will yield more insight into the specific options available.

- Help Files: NeoTrace offers a clear and well organized help file and FAQ on their website. However, the distribution that I obtained was reconfigured to direct all help requests to McAfee's commercial site, an annoying modification, but one that was easily overcome.

 

Performance

- In order to test NeoTrace's basic effectiveness, I utilized it to trace several different addresses including:

http://www.yahoo.com

http://www.2600.com

http://www.somethingpositive.net

http://security.kolla.de

http://www.yahoo.co.jp

152.2.254.254 (el-loco.net.unc.edu)

anmeyer@email.unc.edu

 

In each of these cases, NeoTrace returned results within a matter of seconds, accompanied in realtime during the traceroute by audibly pleasing notification sounds for each node it hit. It is worth noting that for the email address trace, it obviously only traces to the mail server where the account resides, an obvious, but important distinction to make for those who are not IT professionals. In addition to the traceroute results, it obtained WhoIs data utilizing two separate nameserver databases, a primary and secondary, for each node, as well as metrics for the packets themselves. In this, NeoTrace performed extremely well. I also exported the map and traceroute data for http://security.kolla.de in .bmp, .jpg, .html and .txt formats with no problem whatsoever.

Functionally speaking, NeoTrace does exactly what it is supposed to do, and with no issues whatsoever. The only problem with the distribution I obtained is the misconfiguration of some of the external applications (specifically the mapping apps) and the help files. However, for the pricetag, functionality, and customization options, this is an issue that is easily overlooked.

 

Recommendations

Based on the above review and test results, I would highly recommend NeoTrace Professional for any IT professional as a versatile and easily obtainable tool to have. Its ease of use and multifunctionality, as well as its small size and reliability make it too attractive not to employ, especially when it comes time for major architecture and performance presentations, as well as for determining the origins of system intrusions and charting virus vectors. On a personal level, NeoTrace Pro is not as useful, however, it does provide an attractive way to visualize how networks actually function, and in an educational setting, such as IT bootcamps for non-IT executives, or introductory IT classes on the high school and college level, it can be highly illustrative. Allowing users to play with it on their own as an exploratory tool can also be very useful for demonstrating some of the basic concepts underlying networks and the Internet itself.