MyPeek
WPDN
Partners Login
Worldwide Sites
OmniPeek Enterprise
OmniEngine Enterprise
OmniPeek Professional
OmniPeek Basic
OmniEngine Desktop
OmniVirtual
Omnipliance
Omnipliance Portable
Home > Support > OmniPeek Product Family > OmniPeek User Guides > OmniPeek User Guide - Capture Window

OmniPeek User Guide - Capture Window

TOCPREVNEXTINDEX

The Capture Window

About capture windows

Creating an OmniPeek capture window

Creating an OmniEngine capture window

Configuring capture options

Navigating a capture window

Capture window views

Capture window dashboard

Opening saved capture files

Using capture templates

About capture windows

Capture windows are the main interface for presenting traffic analysis information about your network. With OmniPeek and OmniEngine, you can have multiple configurable capture windows, each with its own selected adapter, its own dedicated capture buffer, and its own settings for filters, triggers, and statistics output. The number of capture windows you can have open at one time is limited only by the amount of available system resources.

Creating an OmniPeek capture window

To create an OmniPeek capture window:

  1. To start a new capture, do one of the following:
    • Click the New Capture button on the Start Page
    • Choose File > New...

      • The General view of the OmniPeek Capture Options dialog appears.

  2. Configure the General Options. Click the Help button on the dialog or see Configuring general options for more information.
  3. Choose an adapter in the Adapter Options. Click the Help button on the dialog or see Configuring adapter options for more information

    4. Note: For a description of other configuration options, see Configuring capture options.

  4. Click OK. A new OmniPeek capture window appears.

See Capture window views to learn more about the different views available from the navigation pane of every capture window.

Creating an OmniEngine capture window

To create an OmniEngine capture window:

  1. Do one of the following to open the OmniEngines window:
    • Click the View Engines button on the Start Page
    • Choose View > OmniEngines

      • The OmniEngines window appears.

  2. Connect to an engine. (To connect to an engine, see Connecting to an OmniEngine.) The Home tab for the OmniEngine appears.

  3. From the Home tab, click New Capture (under the Captures icon) and select the type of capture window that you would like to create:
    • New Capture...: This option lets you create a new capture window based on the capture settings that you define. See Configuring capture options.
    • New Forensics Capture: This option lets you create a new capture window based on a pre-defined Forensics Capture template configured with capture settings optimized for post-capture forensic analysis. See Forensics capture template.
    • New Monitoring Capture: This option lets you create a new capture window based on a pre-defined Monitor Capture template configured with capture settings optimized to produce higher level expert and statistical data in a continuous capture. See Monitoring capture template.

      • Tip: Any captures already started on this OmniEngine will also appear in the list as options for a capture template.

    • Edit Capture Templates: This option opens the Edit Capture Templates dialog and allows you to create new or edit existing capture templates. See OmniEngine capture templates.

      • The General options of the OmniEngine Capture Options dialog appears.

      Note: You can also select the above options from the Insert button drop-down list available from the Capture tab, and from the New Capture options available from the Adapters tab.

  4. Configure the General options. Click the Help button on the dialog or see Configuring general options.
  5. Choose a capture adapter in Adapter options. See Configuring adapter options.

    6. Note: For a description of the other views available from the Capture Options dialog, see Configuring capture options.

  6. Click OK. A new OmniEngine capture window appears.

See Capture window views to learn more about the different views available from the navigation pane of every capture window.

Configuring capture options

You can have multiple capture windows open simultaneously, capturing and displaying data in real time. The various views in the OmniPeek and OmniEngine Capture Options dialog lets you configure each of these windows with its own capture settings.

The Capture Options dialog has the following options for configuring capture settings:

  • General: General options let you set the capture buffer size and other packet capture parameters. Each capture has its own capture buffer. See Configuring general options.
  • Adapter: Adapter options let you select and configure the adapter used for captures. All available recognized adapters are displayed in this view. Multiple capture windows can use the same adapter, or each a different adapter, as long as each capture window has one valid adapter selected. See Configuring adapter options.
  • 802.11 (OmniPeek only): 802.11 options let you control channel selection and security for the selected adapter. See Configuring wireless channels and encryption.
  • WAN (OmniPeek only): WAN options let you select the correct protocol for your WAN connection. See Configuring WAC settings.
  • Hardware Profiles (OmniPeek only): Hardware profile options let you configure hardware filters and packet slicing directly on Gigabit Analyzer Cards. See Configuring hardware profiles for GACs.
  • Triggers: Trigger options let you set triggers to start and stop a capture based on a time event or a filter match. See Setting triggers.
  • Filters: Filter options let you enable or disable filters used for capturing packets. See Enabling filters from the Capture Options dialog.
  • Alarms (OmniEngine only): Alarm options let you enable or disable individual alarms for a particular OmniEngine capture window. See OmniEngine capture window alarms.
  • Graphs (OmniEngine only): Graph options let you manage all aspects of remote statistics graphing capabilities. See OmniEngine graphs capture options.
  • Statistics Output: Statistic output options let you control the periodic output of statistics while the capture window is open and capturing. Choose from several groups of statistics in a variety of report and file output formats. See Generating statistics output reports.
  • Performance: Performance options let you optimize capture performance by selectively disabling certain functions and freeing up system resources. See Optimizing performance.

Configuring general options

The General options of the Capture Options dialog lets you specify settings for continuous captures, saving captures to disk, and packet slicing for each capture window that you create.

  • Capture window title: Type a name for the capture window, or accept the default.
  • Continuous capture: Select this option to enable the continuous capture of packets into the capture buffer. Capture does not stop until stopped by the user or by a stop trigger.

    • Important: When you select Continuous Capture, statistics for the capture window will reflect all of the packets seen since it last began capturing. If you did not also choose Save to disk, the packets themselves may no longer be available after the buffer has been emptied.

  • Save to disk: Select this option to save packets to a capture file on your disk. In an OmniEngine, the packets are saved to the Data folder configured when you set up the OmniEngine. See the OmniEngine Getting Started Guide that ships with your OmniEngine, or the online help in the OmniEngine Manager application.
  • File path: Type or browse to the location for the capture file where packets are saved. The file name you specify here will be used as a base file name for each capture file that is created using the Save to disk option. In addition, each capture file is appended with a timestamp indicating the date and time the file was saved. The format of the timestamp is YYYY-MM-DD-HH.MM.SS.mmm.

    • Tip: By default, the timestamp reflects local time and is placed immediately after the file name you entered. You can specify an alternate location of the timestamp within the file name by using the # character as a token for the timestamp. To have the timestamp written in Coordinated Universal Time (UTC) instead of local time, place the letter z immediately after the hash symbol. When UTC is in use, the letter z will appear at the end of the timestamp.

  • Stop saving after: Select this option and specify a size limit, in megabytes, for the amount of disk space reserved for all capture files that are created using the Save to disk option. Once the size limit has been reached, no more capture files will be saved to disk.
  • Keep most recent: Select this option and specify a limit for the number of capture files that are created using the Save to disk option. Once the file limit has been reached, the oldest capture file is replaced with a newer capture file.
  • New file every: Select this option and specify the number and period (Minutes, Hours, Days) to create a new file.
  • Limit each packet to: Select this option and specify a size limit, in bytes, for capturing only a portion of each packet instead of the whole packet. This is called Packet Slicing and allows you to save space in the capture buffer for capturing more packets. For example, entering a value of 132 will capture only the first 132 bytes of each packet. We recommend entering a value of 128 bytes or greater to ensure that, at a minimum, all of the bytes of the packet headers are captured.
  • Buffer size: Enter a buffer size, in megabytes, for the amount of memory dedicated for the capture buffer. The default is 16 megabytes.
  • Show this dialog when creating a new capture window (OmniPeek only): Select this option to display the General options of the Capture Options dialog whenever a new capture window is created.

    • Tip: Clear Show this dialog when creating a new capture window to have subsequent capture windows open with the same parameters you have just set in the Capture Options dialog. Each time you create a new capture window, it will open immediately using these parameters.

  • Start capture immediately (OmniEngine only): Select this option to immediately begin capturing packets once the OK button has been clicked.
  • Open capture window (OmniEngine only): Select this option to display a new capture window once the OK button has been clicked.
  • Save as template (OmniEngine only): Select this option to create a new OmniEngine capture template based on the current settings.

Configuring adapter options

The Adapter options of the Capture Options dialog lets you choose an adapter for this capture.

To select an adapter for an OmniPeek capture:

  1. Click the Adapter options of the OmniPeek Capture Options dialog.

  2. Select the capture adapter:
    • None: Select None to keep the monitor function disabled until an adapter is selected.
    • File: Select a file or choose New File Adapter to simulate network conditions without having to be connected to a network, or without having a supported adapter installed on your computer.
    • Module: Aruba Remote Adapter: Choose New Remote Adapter to select an Aruba Remote Adapter. The Aruba Remote Adapter lets you stream packets from one or more Aruba Access Points into a running wireless capture window in OmniPeek. To begin streaming packets, you will need to first create a new Aruba Remote Adapter entry, and then select the new adapter as the adapter for a capture window. See Capturing Packets from an Aruba Remote Adapter.
    • Module: Cisco Remote Adapter: Choose New Remote Adapter to select a Cisco Remote Adapter. The Cisco Remote Adapter lets you stream packets from one or more Cisco Access Points into a running wireless capture window in OmniPeek. To begin streaming packets, you will need to first create a new Cisco Remote Adapter entry, and then select the new adapter as the adapter for a capture window. See Capturing Packets from a Cisco Remote Adapter.
    • Module: RFGrabber: Choose New Remote Adapter to select a separately purchased RFGrabber probe. RFGrabber allows you to capture and monitor 802.11 WLAN traffic in a remote location and stream the results to OmniPeek via IP. For details, see the documentation that ships with the product.
    • Local machine: Select a network adapter installed on the OmniPeek computer. All locally installed network adapters are listed; however, only a supported network adapter can be selected as the capture adapter.

      • Information about the selected OmniPeek adapter is displayed below the list of adapters. For example, if you are capturing packets on a WLAN, only 802.11 wireless adapters that support the WildPackets API can be used to capture packets. If the description for WildPackets API is Yes, the adapter can be used; if it is No, the adapter may not be a supported 802.11 wireless adapter, or it may not have the WildPackets driver installed yet. See Supported adapters.

      Tip: You can right-click an adapter to configure certain settings such as network speed options (the available options are dependent on the type of adapter). In certain cases you may want to override the network speed default setting (Auto sense). For example, you may wish to set a nominal network speed for a particular adapter to ensure consistent statistics reporting.

To select an adapter for an OmniEngine capture:

  1. Click the Adapter options of the OmniEngine Capture Options dialog.

  2. Select the capture adapter.
  3. Click Options to open the Adapter Options dialog, where you can configure 802.11, gigabit, WAN, network speed, and buffer options (the available options are dependent on the type of adapter selected). For more information:

Capturing Packets from an Aruba Remote Adapter

To capture packets from an Aruba Remote Adapter:

  1. Create a new capture window in OmniPeek. The Capture Options dialog appears.
  2. Select the Adapter options.
  3. Click New Remote Adapter below the Module: Aruba Remote Adapter entry. The Aruba Remote Adapter Properties dialog appears.
  4. Enter a Name and Port for the Aruba adapter. The name can be anything and the port number defaults to 5000 (the default port number used by Aruba Access Points).
  5. Click OK to close the Aruba Remote Adapter Properties dialog.
  6. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop Aruba Capture button in the upper right corner.
  7. Click the Start Aruba Capture button. Packets will not populate the capture window until the Aruba controller begins sending packets to the OmniPeek computer as noted below.

    8. Important: To send packets from an Aruba Access Point to the IP address and port of the OmniPeek computer, you must configure the Access Point through the web based user interface of the Aruba controller. While the Access Point is sending packets, it is not operating as an Access Point. When you want to stop sending packets, you must configure the Aruba access point (via the Aruba controller) to stop sending packets; otherwise, the OmniPeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the OmniPeek computer and possibly your network. Refer to your Aruba documentation for instructions. See also our website at http://www.wildpackets.com/support/additional_resources/plugin_tips for additional information on configuring the Aruba Remote Adapter.

  8. Click the Stop Aruba Capture button to stop capturing packets. No additional packets are allowed into the capture buffer.

    9. Note: The Aruba access point will continue sending packets to the OmniPeek computer until it is configured to stop sending packets. Packets not accepted into the capture window buffer are returned as ICMP packets.

Capturing Packets from a Cisco Remote Adapter

To capture packets from a Cisco Remote Adapter:

  1. Create a new capture window in OmniPeek. The Capture Options dialog appears.
  2. Select the Adapter options.
  3. Click New Remote Adapter below the Module: Cisco Remote Adapter entry. The Cisco Capture Adapter Properties dialog appears.
  4. Enter a Name and IP address (or leave blank for any AP).
  5. Click OK to close the Cisco Capture Adapter Properties dialog.
  6. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop Cisco Capture button in the upper right corner.
  7. Click the Start Cisco Capture button. Packets will not populate the capture window until the Cisco controller begins sending packets to the OmniPeek computer as noted below.

    8. Important: To send packets from a Cisco Access Point to the IP address of the OmniPeek computer, you must configure the Access Point through the web based user interface of the Cisco controller. While the Access Point is sending packets, it is not operating as an Access Point. When you want to stop sending packets, you must configure the Cisco Access Point (via the Cisco controller) to stop sending packets; otherwise, the OmniPeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the OmniPeek computer and possibly your network. Refer to your Cisco documentation for instructions. See also our website at http://www.wildpackets.com/support/additional_resources/plugin_tips for additional information on configuring the Cisco Remote Adapter.

  8. Click the Stop Cisco Capture button to stop capturing packets. No additional packets are allowed into the capture buffer.

    9. Note: The Cisco controller will continue sending packets to the OmniPeek computer until it is configured to stop sending packets. Packets not accepted into the capture window buffer are returned as ICMP packets.

Navigating a capture window

The parts of the capture window are identified below.

  • Capture window title: Displays the user-defined (or default) title of the capture window.
  • Progress Section: Displays packet, memory, and filter information:
    • Packets received: Displays the total number of packets received since the capture was initiated.
    • Packets filtered: Displays the total number of packets received that match one or more filters set for this capture window.
    • Memory usage: Displays the percentage of capture buffer memory used for this capture window.
    • Filter state: Summarizes any enabled filter conditions.
  • Start/Stop Capture: Starts or stops a capture. When a trigger is set for the capture window, this button is labeled Start/Stop Trigger. See Setting triggers.
  • Filter bar: This area lets you quickly create advanced filters directly in a capture window. See Creating filters with the filter bar.
  • Navigation Pane: Displays available views for the capture window. The type of capture window determines which views are displayed in the navigation pane. See Capture window views.
    • Navigation pane right-click options:
      • Undock: Click this option to undock the view from the capture window, making it easier to display and organize views. To dock the view back to the capture window, close the undocked view.
      • Default View: Click this option to have subsequent capture windows open with this view.
  • Status Bar: Displays status information:
    • Capture status: Displays state of the capture process.
    • Current adapter: Displays adapter currently selected as the capture adapter.
    • Packets: Displays the number of packets in the capture buffer.
    • Duration: Displays the difference between the earliest and the most recent packet in the capture buffer.
  • View Section: Displays the contents of the selected view.

Capture window views

The navigation pane of every capture window presents the views that display information about the capture data. A capture window can have the following views:

  • Capture: These views display information about packets captured into the capture buffer.
    • Dashboard: This view provides an overview of network statistics for this capture. See Capture window dashboard.
    • Packets: This view lists all of the packets placed in the buffer of a capture window (or capture file). The Decode and Hex panes show the contents of the selected packet decoded or in hexadecimal and ASCII. See Viewing captured packets.
    • Log: This view collects messages generated by events relating to the particular capture window. These events include the results of notifications generated by the triggers or analysis modules selected for the capture window. See Viewing Log Files.
    • Filters: This view lets you enable or disable filters used for capturing packets into the capture window buffer. See Creating and Using Filters.
  • Expert: These views provide expert analysis of delay, throughput, and a wide variety of network events in a conversation-centered view of traffic in a capture window. See Expert Analysis.
    • Hierarchy: This view makes it easy to track events and to see them in the context of peer-to-peer or client-server traffic patterns. See Expert hierarchy view.
    • Flat: This view displays each flow independently in a flat view. This simplified view allows you to compare flows to one another, regardless of the node pair to which they belong. See Expert flat view.
    • Application: This view allows you to link end-user satisfaction with the performance of a network application through Apdex, an open standard that defines methods for reporting application performance. See Expert Application view.
  • Web (OmniPeek only): These views let you display web page requests and responses, allowing you to track client/server activity within a capture. The same web data is presented in four formats.
    • Servers: This view lets you focus on which servers are being used. See Servers view.
    • Clients: This view lets you focus on which clients are using which servers. See Clients view.
    • Pages: This view displays a list of web pages with each individual request nested underneath. See Pages view.
    • Requests: This view displays a flat list of individual HTTP requests. See Requests view.
  • Voice and Video: These views let you display the voice and video data in the following formats:
    • Calls: This view displays one row for each call. See Calls view.
    • Media: This view displays one row for each media flow. See Media view.
  • Visuals: These views graphically display network traffic and statistics.
    • Apdex (OmniPeek only): This view lets you lets you visualize the data in the Expert Application view. See Apdex view.
    • Peer Map: This view lets you visualize network traffic by displaying nodes and the traffic between the nodes. The lines indicate traffic between two nodes. The relative thickness of the lines indicate the volume of traffic occurring. See Using the Peer Map.
    • Graphs: This view displays individual items from the other statistics views graphically in real time. The data from these graphs can also be saved as tab-delimited or comma-delimited text, or as XML \ HTML. On an OmniEngine, this view must be enabled in the Graphs options of the Capture Options dialog. See OmniPeek capture window graphs.
  • Statistics: These views display various statistical data about your network.
    • Nodes: This view displays real-time data organized by network node. You can choose to display the nodes in a nested hierarchical view (logical addresses nested beneath their physical address), or in a variety of flat tabular views. Right-click the column header to add or remove various columns. See Node statistics.
    • Protocols: This view displays network traffic volume as a percentage of total bytes, broken down by protocol and subprotocol. You can choose to display the protocols in either a nested Hierarchical view or a Flat view. See Protocol statistics.
    • Summary: This views lets you monitor key network statistics in real time and save those statistics for later comparison. Summary statistics are also extremely valuable in comparing the performance of two different networks or network segments. See Summary statistics.
  • Wireless: These views display information about your wireless network.
    • WLAN: This view displays an SSID (Service Set Identifier) tree view of wireless nodes. See WLAN statistics.
    • Channels: This view displays a variety of statistics and counts for each wireless channel. See Channel statistics.
    • Signal: This view displays continuously updated graphs of signal strength (or related measures) for traffic in the capture window. See Signal statistics.

      • Important: Your version of the software may not include all of the views listed here. Please visit our web site at www.wildpackets.com for details about how to order the features that precisely fit the needs of your network.

Capture window dashboard

The Dashboard view of a capture window displays key statistics for the window. If files have been automatically saved to the hard disk, the Dashboard view also displays a list of the saved files.

The parts of the Dashboard view are identified below.

  • Traffic History: This display of the Dashboard view graphs network traffic in Mbits/second. You can right-click inside the display to select a Bar, Area, or Line display.
  • Wireless Signal: This display of the Dashboard view graphs wireless signal and/or noise strength (as a percentage) for each of the wireless channels. This display is available only when a wireless adapter is selected as the capture adapter. You can right-click inside the display to select the parameters to display. Hovering over a channel will display a tooltip with additional channel information.
  • Current Activity: This display of the Dashboard view shows three analog gauges with corresponding digital displays at their centers to show network utilization (as a percent of capacity), traffic volume (in packets per second), and error rate (total errors per second). You can right-click inside the display to select a Light or Dark background color for the Dashboard view.
  • Files: This display of the Dashboard view lists the files that have been saved to the hard disk. Files are only saved when the Capture-to-disk capture option is enabled. You can right-click inside the display to select a Light or Dark background color for the Dashboard view.
  • Top Talkers by IP Address: This display of the dashboard shows a graph of top "talkers" on the network, broken out by node. You can right-click inside the display to select a Bar or Pie display.

    • Note: This feature is automatically enabled for OmniEngine captures based on the Monitoring Capture template. Talkers are displayed as Not Available for OmniEngine captures using the Forensic Capture template. See Forensics capture template and Monitoring capture template.

Opening saved capture files

Capture files, or trace files, are capture windows that were saved to a variety of supported capture file formats. You can open capture files to load and process packets back into OmniPeek. See Save file formats for a description of the supported capture file formats.

OmniPeek capture files

To open an OmniPeek capture file:

  1. Do one of the following:
    • Click the Open Capture File button on the Start Page.
    • Choose File > Open.
  2. Select the capture file and click Open.
  3. Click the Packets view in the navigation menu.

    4. Triggers and capture filters are not available from a capture file. However, you can use "display filters" and filters created in the Filter Bar to view subsets of the traffic in the same window or copied to a new window. See Post-capture Analysis. See also Display filters and Creating filters with the filter bar.

Combining, splitting, and converting files

The PeekCat and PeekSplit command line utilities (located in the OmniPeek\Bin directory) lets you combine and split, respectively, multiple capture files of the same OmniPeek file format. Please see the peekcat.txt and peeksplit.txt files in the \Bin directory for more information.

The ProConvert packet trace conversion utility can convert between a wide variety of packet traces including OmniPeek, SnifferŽ (compressed *.enc, *.cap), Wandel Goltermann, and other formats.

OmniEngine capture files

On an OmniEngine, capture files are saved to the Data folder you specified when configuring the engine. See Configuring and updating OmniEngine settings.

The Files tab in the OmniEngines window displays a flat listing of all the capture files saved to the OmniEngine computer. From this tab, you can perform network forensic analysis using the data from one or more selected files. See Network forensics for more information.

Using capture templates

Capture templates let you use pre-defined settings when you start a new capture.

OmniPeek capture templates

Capture templates in OmniPeek supply the Capture Options dialog settings for windows created from them. You can save any capture window as a named capture template.

To create a capture template from an OmniPeek capture window:

  1. Make the capture window the active window.
  2. Choose Save Capture Template... from the File menu. This opens a Save As dialog.
  3. Choose the location in which to save the template and give the template a name.
  4. Save the template as a Capture Template format (*.ctf) file.

A capture template contains all of the settings in the OmniPeek Capture Options dialog, and applies these to any capture window created using the New From Template... command under the File menu.

When you create a new capture window from a template, the new window uses the capture window title specified in the template, adding the numbers 1, 2, 3... only when necessary to distinguish between multiple instances open at the same time.

Note: Capture windows created from templates are created without opening the Capture Options dialog, regardless of whether the check box labeled Show this dialog when creating a new capture window is checked or unchecked.

You can also create a single named template that will create multiple capture windows, each with its own individual capture options.

To create multiple capture windows with multiple capture options:

  1. Create or open the capture windows you wish to include in the template. Make sure only the capture windows you wish to include are open.
  2. Hold down the Ctrl key and choose Save Capture Template... from the File menu.

    3. The saved template will include all the open capture windows.

You can also create capture templates in the following ways:

OmniEngine capture templates

On an OmniEngine, you can create and edit capture templates or use the predefined Forensic Capture or Monitoring Capture templates. You can also modify existing templates to use in new remote captures. See Forensics capture template and Monitoring capture template.

To use OmniEngine capture templates:

  • For a connected OmniEngine, do one of the following:
    • On the Home tab, select Edit Capture Templates under New Capture.
    • On the Capture tab, click the arrow to the right of the Insert button and select Edit Capture Templates.
    • On the Adapters tab, select Edit Capture Templates under New Capture.

      • The Capture Templates dialog appears. The clickable buttons are described below.

  • Insert: Click to open the Capture Options dialog, where you can configure settings for a new template. When you click OK, your new template will be listed in the OmniEngine Capture Templates dialog.
  • Edit: Click to open the selected template. The OmniEngine Capture Options dialog appears, where you can change the capture settings.
  • Duplicate: Click to duplicate the selected template.
  • Delete: Click to delete the selected template.

Forensics capture template

On an OmniEngine, you can create a new capture window based on a pre-defined forensics capture template configured with capture settings optimized for post capture forensic analysis.

Forensics captures are saved automatically to the OmniEngine and are listed in the OmniEngine Files tab. From the Files tab, you can refine your search by start time, end time, any available filter, and specify which capture window views you want to display for further analysis. See Network forensics.

To start a capture with the forensics capture template:

  1. On the Home tab, select New Forensics Capture under New Capture. The OmniEngine Capture Options dialog appears with settings preconfigured for a forensics capture, such as Continuous capture with save to disk.
  2. Click the Adapters view and select an adapter for the capture.
  3. Click the Performance view. Notice that all of the statistics are disabled in order to optimize packet capture to disk.
  4. Click OK. An OmniEngine capture window appears with capture already under way.
  5. Click the Dashboard view of the capture window. The Files area of the Dashboard shows each file saved according to the user-defined capture buffer. Capture in progress is displayed with a small gear on the icon to the left of the filename. See Capture window dashboard.

    6. When capture is stopped, the forensics capture file will also appear in the list of files saved to the OmniEngine computer in the Files tab of the OmniEngine. See Network forensics.

    Note: The Top Talker by IP Address graph is available for captures only when statistics are selected in the Performance view of the Capture Options dialog. See Monitoring capture template.

To analyze the data from a forensics capture, see Network forensics.

Monitoring capture template

On an OmniEngine, you can use the monitoring capture template to view and analyze expert and statistical data. The template is optimized to display high level network statistics.

To use the monitoring capture template:

  1. In the OmniEngines window, select New Captures on the Home tab of a connected OmniEngine. See Connecting to an OmniEngine.
  2. Choose New Monitoring Capture.... The OmniEngine Capture Options dialog appears with settings preconfigured for a monitoring capture, such as Continuous capture with no save to disk.
  3. Click the Adapters view and select an adapter.
  4. Click the Performance view and notice that all statistics are enabled.
  5. Click OK. A new OmniEngine capture window appears.
  6. Click the statistics views to see various displays of the data in the remote capture.
  7. Click the Dashboard view to see network statistics for this capture. See Capture window dashboard.

    8. Note: The Top Talkers by IP Address is automatically enabled for OmniEngine captures based on the Monitoring Capture template. This area displays Not Available for OmniEngine captures using the Forensic Capture template. See Forensics capture template.

To analyze the data obtained from a monitoring capture, see Displaying and Reporting Statistics.


WildPackets, Inc.
http://www.wildpackets.com
Voice: (800) 466-2447
Fax: (925) 937-3211
sales@wildpackets.com
TOCPREVNEXTINDEX
COPYRIGHT © 2008 WILDPACKETS, INC   —   PRIVACY STATEMENT · CONTACT US CORPORATE  ·  PRODUCTS  ·  SOLUTIONS  ·  SERVICES  ·  SUPPORT  ·  PARTNERS  ·  BUY NOW
All registered and unregistered trademarks are the sole property of their respective owners