OmniPeek Enterprise
OmniEngine Enterprise
Support FAQs
Tech Tips
Supported Hardware
System Requirements
Getting Started Guide
OmniPeek Professional
OmniPeek Basic
OmniEngine Desktop
OmniVirtual
Omnipliance
Omnipliance Portable
OmniEngine Enterprise

Return to top of page How do I capture VLAN packets?

First be sure the analyzer is placed where the tagged frames exist, this is generally on a switch trunk (a link that connects switch-to-switch).

Second verify that your switch is not stripping the VLAN tags, you may need to contact your switch manufacturer.

Lastly, the network interface card may strip 802.1q tags at the adapter/driver level. By default, Intel adapters strip the VLAN tag before passing it up the stack. Some Broadcom adapters also exhibit this behavior. Possible fixes for Intel and Broadcom adapters can be found below, for other adapters please contact your NIC manufacturer.

Unsupported Fix for Broadcom Adapters:

** Please backup your registry before making these modifications. **

Please look for the following registry key and follow the steps listed below. This fix is not supported by WildPackets.

HKEY_LOCAL_MACHINE-->SYSTEM-->CurrentControlSet

  1. You need to find the right instance of the driver in the registry.
  2. Run Regedit.
  3. Search for "TxCoalescingTicks" and ensure this is the only instance that you have.
  4. Right-click on the instance number (eg. 0008) and add new string value.
  5. Enter "PreserveVlanInfoInRxPacket" and give it value "1".

Unsupported Fix for Intel Adapters:

http://support.intel.com/support/network/sb/CS-009720.htm

Another solution is to purchase a tap. TAPs are passive and independent of the network. Please call (925) 937-3200 or write to sales@wildpackets.com to find out more about TAPs.

Return to top of page I have a firewall installed. What port must be added to connect to my engine?

OmniEngine uses port 6367/TCP/UDP.

Return to top of page How can I collect and save Statistics on the engine?

Start a Monitoring Capture or a New Capture -> Select the Statistics Output View. Reports can be saved in CSV, TEXT, or XML, HTML.

Return to top of page Where can I find a definition for the expert messages?

Right-click on any Expert event and choose EventFinder Settings. Click the Show Info button for a description of the event and possible causes and remedies.

Return to top of page I installed the engine successfully but why can’t I start the OmniEngine service?

If the "Client for Microsoft Networks" driver is not installed, the service "Workstation" is also not installed, which may cause OmniEngine to not start up.

Return to top of page How can I import my company’s network diagram into Peer Map?

Click the Peer Map view and click Open. The supported file types are *.BMP, *.JPEG, *.GIF, *.EMF, *.WMF, *.TIFF, *.PNG, *.ICO.

Return to top of page Is there a reference standard for passive MOS?

Return to top of page Is jitter measured 'one way' (only one direction in the flow)?

Jitter is independent either direction. If both end VoIP devices send out periodic RTCP report packets, then the expert is checking jitter from the perspective of both endpoints, i.e. both ways. If only one device is sending RTCP packets, then it's the direction TO that device. Not all VoIP devices send RTCP reports.

To measure data at the point of capture, OmniPeek analyzes the RTP stream independently of RTCP reports. This is not necessarily the jitter as received by an end-point (unless OmniPeek Professional is on the end segment), but rather gives you a reading for jitter for some intermediate path.

Return to top of page Is there a way to only capture the header of a packet?

Yes, here’s how:

  1. Click View/Filters to bring up the filters window.
  2. Click the Insert button (Green +)
  3. Select Simple or Advanced for Filter Type.
  4. Select Protocol Filter.
  5. Select the Protocol and check Slice to Header.

Return to top of page What do the colors of the globes represent in the WLAN view?
  • Blue – ESSID
  • Pink – Access Point or Ad Hoc Equivalent
  • Orange – STA or Client
  • Gray – Admin or otherwise unknown
  • Gray with (?) – Indications for a particular node are contradictory or unexpected

Return to top of page Can a NIC connected to a SPAN/Mirror port also be used for network services?

You will need an additional adapter to use for network services or use a multi-port adapter like the Intel dual or quad port adapters. These cards could connect via one port and capture on the additional, available ports.

Return to top of page How can OmniEngine Enterprise help me baseline my network?

The summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline “normal” network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem.

Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client’s network with a saved “healthy” router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance.

To baseline with summary statistics:

Choose Monitor > Summary. The Summary Statistics window appears.

Return to top of page I created a filter but it is not showing up in the filter list. Why?

Be sure you have clicked the yellow bar "Click here to send changes".

Return to top of page What is the difference between OmniVirtual, OmniEngine Desktop and OmniEngine Enterprise?

OmniVirtual

Small, lightweight service for troubleshooting, optimizing and securing virtual applications Windows service that enables network engineers to remotely diagnose problems on desktops running Ethernet and Wireless Distributed capture and analysis designed for enterprise networks, including networks running Wi-Fi, VoIP, and Gigabit and 10 Gigabit segments

OmniEngine Desktop

Windows service that enables network engineers to remotely diagnose problems on desktops running Ethernet and Wireless

OmniEngine Enterprise

Distributed capture and analysis designed for enterprise networks, including networks running Wi-Fi, VoIP, and Gigabit and 10 Gigabit segments

Return to top of page Can you explain the Peer Map view?

Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes. For more information see the OmniPeek User Guide or the online Help.

Return to top of page How do I set the Apdex threshold duration?
  1. Click the Event Finder Settings icon in the Expert view toolbar.
  2. Expand the Expert Events under Application and select an Apdex related event.
  3. Set the Apdex Threshold Duration to the desired number of seconds.
    Note: A single Apdex Threshold Duration value is applied to all of the Apdex related events.
  4. Choose View > Colors > Independent. The upper pane Application view displays shows the following:
    • Green: Apdex score 0.85-1.00 (Good or excellent application response time)
    • Black: Apdex score 0.70.-0.84 (Fair application response time)
    • Red: Apdex score 0.00-0.69 (Poor or unacceptable application response time)
    • Grey: Small sample size -10-99 samples (Statistically untrustworthy)

Return to top of page How do I start a Forensics Capture?

To start a Forensics Capture:

  1. Click the Home Tab and select New Forensics Capture under New Capture. In Capture Options you will notice that some settings are preconfigured for Forensics Capture, such as Continuous capture with save to disk.
  2. Click the Adapters view and select an adapter for the capture.
  3. Click the Performance view. All statistics are disabled in order to optimize packet capture to disk.
  4. Click Ok.

Return to top of page Why does the Dashboard view display Traffic History and Top Talkers by IP Address as not available?

Be sure the modules are enabled. Start a new Monitoring Capture or New Capture -> Click the Performance View -> Traffic History and Top Talker Statistics should be checked.

Please also note that the Dashboard view is available only when Monitoring and Capturing. Forensic Captures by default have all Performance Statistics unchecked.

Return to top of page Does OmniEngine support WPA?

Yes, with the use of a supported Atheros chipset-based adapter and the WildPackets 3.0.1.12 and 4.2.2.9 Atheros driver.

Return to top of page What type of encryption does the OmniEngine support?

The OmniEngine supports WPA-PSK and WEP encryption.

Return to top of page Can I use both the OmniEngine and OmniPeek Analyzer at the same time on the same machine?

The only console that was designed to work simultaneously with an engine is OmniPeek Connect. OmniPeek Connect provides the ability to locally configure and view the engine’s analysis as the engine is capturing packets and performing analysis.

Return to top of page When I use OmniEngine to monitor my high speed network, the application tends to slow down. Are there any tips to optimize performance?

In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, the OmniEngine will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature.

Here are a few more tips to improve the performance of the OmniEngine:

  • Disable the Monitor adapter (Monitor/Select Monitor Adapter/None)
  • Turn off scroll during capture. Control + K will start/stop scroll.
  • Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution.
  • Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report.

The following component is an additional module (not included in the standard package):

  • Disable RMONGrabber (Tools/Options/Analysis Modules)

If you need one of the other features, you can enable it when you are actually viewing the capture file. Also if you're on a switched network, you can try using the switch's mirroring or monitoring capability to zero-in on the traffic you're looking for. Try only mirroring ports one by one to avoid overloading the analyzer with traffic. For more information, please see our whitepaper which also applies to the OmniEngine product: Applying EtherPeek to Switched and Gigabit Ethernet Network Management.

Return to top of page When trying to connect to the engine, why do I receive the following error? "An error occurred: The login attempt failed (Error code: 0x8009030C)".

The OmniEngine will not allow logins with a blank password. Please add a password to your account and try logging in again. If you are not logging in with a blank password, please see the instructions below.

OmniEngine supports authentication using Windows authentication services. In order to allow remote users to connect to an engine, the system administrator must configure the computer where the engine is to be installed.

Security Note: Users allowed to use OmniEngine are NOT required to have Administrative privileges and we recommend restricting their rights to minimize potential security risks, especially if the engine is accessed from outside of a firewall.

Disable Guest Network Logins
By default a network login will give each user "guest" credentials. This must be changed so that network logins will provide credentials based on the user's identity. Note: If your network uses a domain to control access, you must disable the Guest account on the domain controller.

Windows XP/Windows Server 2003: Please use the following steps to configure the system:

  • Open the "Local Security Policy" editor from the "Start | Settings | Control Panel | Administrative Tools" menu. Alternatively, launch the "Administrative Tools" from the Control panel window.
  • Under the "Local Policies" heading, click on "Security Options".
  • Ensure the following settings are set:
    • Accounts: Guest Account Status - Disabled
    • Network Access: Sharing and security model for local accounts - Classic

Return to top of page I am unable to start a wireless capture. When I select 'OK' in the Capture Options I receive the error 'The adapter "Wireless Network Connection" is not supported by this product. What am I missing?

In order to capture wireless traffic with the OmniEngine, you must install a custom WildPackets driver.

A list of supported cards and the WildPackets drivers can be found here:
http://www.wildpackets.com/support/downloads/drivers

Please find your card from the list and download the appropriate driver.

***First install and test the adapter with the OEM driver. Do not install the WildPackets driver until the adapter is functioning properly on your network using the OEM driver.***

Also, be sure to follow the ReadMe carefully; you must choose 'Don't search. I will choose the driver to install.'

Return to top of page Can you explain the Profiles, Configuration and Node Visibilities tabs in the Peer Map?

The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map.

The Configuration tab lets you control what part of the traffic in the Capture window’s buffer is displayed in Peer Map.

The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if this option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn’t want new nodes to appear on the Peer Map as they are discovered.

Return to top of page I have entered the correct key or passphrase but the TKIP encrypted packets are not being decrypted. Can you please tell me what's wrong?

Peek *must* capture the complete (EAPOL) key exchange to successfully decrypt WPA-PSK encrypted traffic. This exchange consists of the 4 packet Pairwise Master key (PMK) and the 2 packet Group Temporal Key (GTK). The below is an example of a successful EAPOL capture.

Screenshot

 - Click on thumbnail for larger view
Download a demo of OmniPeek
Custom Integration & Engineering
WildPackets understands that one size does not fit all. Moreover, we all face new challenges every day. WildPackets Custom Engineering performs software development and systems integration, complementing WildPackets products and enhancing the capabilities of Network Operations Centers.
Learn more...

Network Analysis & Consulting
WildPackets offers a full spectrum of professional services, available remote and on-site. Our network engineers provide expertise for your network troubleshooting, capacity planning, or baseline performance analysis needs.
Learn more...

Tip of the Month
Time to ‘Select’
This month I’m going to address the need of being able to actively select certain packets from an active capture. This occurs when you have an active capture running, which you cannot stop for whatever reason, but you wish to apply a filter to it.