If McAfee Visual Trace (formerly NeoWorx NeoTrace) isn’t a part of your net admin toolkit, you may be missing out on a powerful program with features that can make your job a lot easier. Visual Trace includes some handy functions that can help you troubleshoot problems and track down possible hackers who could be launching attacks on your servers or snooping around where they shouldn’t be.

Because of Visual Trace’s low price—it costs just $19.95—and its useful features, it’s easy to see why net admins would want to use it as an everyday diagnostic and troubleshooting utility. To help you decide whether you need to pick up a copy, we’ll look at Visual Trace’s features and see how one net admin uses the tool to perform a variety of tasks.

As its name implies, Visual Trace presents ping and trace route data in graphical formats. When you ping an IP address, Visual Trace displays the geographic location of the source as a point on a map. It also traces the route to the destination IP as a graphical representation of hops and includes information about ping times between your location and the points along the route.

As Figure A shows, Visual Trace displays a map of your ping or trace from your location to the destination address and reports the time required to complete the communication.

Figure A
Visual Trace map

You can look up information using an e-mail address, a URL, an IP address, or a host name. Using any one of these, Visual Trace can tell you:

  • The name of the registration entity.
  • The organization’s phone number and e-mail address.
  • The physical address of the originating server.

Visual Trace displays information derived from pings or traces in three ways:

  • Map view shows a geographical map of the source and destination with the route traced between the points.
  • List view simply displays IPs along the route as text.
  • Node view is a graphical representation of hops along the route.

The identification features make Visual Trace a valuable security utility. If you have a source IP, URL, e-mail address, or host name to work with, you can identify individuals who are attacking your network or whose actions are at least suspect. This capability makes Visual Trace a good investigative tool if your network is attacked.

Not only is Visual Trace useful for tracking down spammers and hackers, but it’s also a useful diagnostic tool for identifying network problems. You can ping another location in your organization to determine possible trouble spots that are hampering your connections.

Figure B  shows how the route hop screen can reveal information about the speed of communication between your location and various points along the route.

Figure B
Router hops

The graphics representing the hops are highlighted according to the acceptability of the response time: green for a good response time; yellow for a slower response time; and red for an unacceptable response time.

The indicators are based on thresholds you configure in the Options screen. You tell Visual Trace what you consider to be a good or bad response time by adjusting sliders for each indicator, as shown in Figure C.
Figure C
Options setup

External apps
Along with the built-in tools for gathering information, Visual Trace offers links to external apps that can supply you with additional details if you need to proceed further with an investigation. For example, once you’ve traced an IP to its source, you can use an external app link to pull up a satellite picture of the location, courtesy of TerraServer. Another link allows you to view a map of the specific location you’ve pinged via MapBlast. You can also view a topological map.

A more useful feature is the link to the Whois service, which will display the Whois lookup of the IP, URL, etc., in a browser window. Figure D shows the list of external application links available from Visual Trace.

Figure D
External apps

Visual Trace in the trenches
Lori Hyde, an administrator for CNET Networks, said she’s been happy with Visual Trace.

“We just kind of stumbled onto it, and it was cheap, really easy to install, and easy to use.”

Hyde said that although other tools—even freeware—might perform the same tasks as Visual Trace, her IT department continues to use it because of its simplicity. And since it’s a commercial product, Hyde also feels it has the advantage of better support and documentation than freeware would offer.

Another reason she uses Visual Trace is that it returns information quickly, and the range of that information eliminates some of the manual lookups that would otherwise be required. For example, it automatically returns identification information.

“It gives you a ton of information very quickly, and when you’re fighting a problem, time is really critical.”

Hyde uses Visual Trace as both a diagnostic utility and an investigative tool to track down possible hackers. She said it’s invaluable for tracking down NAT issues at her company’s corporate headquarters.

Visual Trace also helps Hyde combat crawlers. When she gets reports of activity linked to a particular IP, she enters the information into Visual Trace to identify the culprit and can then take action to block the activity. Hyde has found Visual Trace to be useful for tracking down a variety of suspicious network activity.

“When you see one server making tons of connections, all to one host, you want to know what that host is.”

Visual Trace can quickly identify the host and enable you to determine what to do about the situation.

Hyde is one admin who swears by Visual Trace. Its helpful features, low price, and ease of use can make it a valuable utility for any net admin’s toolkit.