



|
|
OmniPeek Enterprise
In the Capture Options Statictics Output, enable the "Save statistics report". Then under the "Report type" select the Call Detail Records option.
WildPackets Compass for the OmniPeek Console is an interactive dashboard for post-capture forensics on large quantities of wired and wireless network traffic. Compass employs an intuitive interactive graph, allowing you to visualize and interact with utilization statistics from large quantities of network data, before actually loading a specific time range of packets.
When you run the OmniPeek installation it will automatically prompt you that it has found an older version. Just select Remove and it will unintall your old version before it begans to install the new.
Yes, this is possible with the Integrated Compass plug-in. WildPackets Compass for the OmniPeek Console is an interactive dashboard for forensics of large quantities of wired and wireless network traffic. Compass employs a nice looking interactive graph, allowing you to visualize and interact with utilization statistics from large quantities of network data, before actually loading a specific time range of packets. It is now integrated with OmniPeek and no longer need to be added as a pulg-in
This error means that there are not enough memory/resources available to load the file. A solution would be our integrated Compass plug-in. This plug-in creates real-time captures and monitoring, aggregates muliple filesis a single dashboard view, integrated drill down to packets and provides ket network statistics in real-time as well as post capture.
OmniPeek *must* capture the complete (EAPOL) key exchange to successfully decrypt WPA/WPA2 encrypted traffic.
You can create an Advanced or Simple filter to span individual ports. Ports can be entered and separated by commas and/or semicolons. Here is how:
First be sure the analyzer is placed where the tagged frames exist, this is generally on a switch trunk (a link that connects switch-to-switch). Second verify that your switch is not stripping the VLAN tags, you may need to contact your switch manufacturer. Lastly, the network interface card may strip 802.1q tags at the adapter/driver level. By default, Intel adapters strip the VLAN tag before passing it up the stack. Some Broadcom adapters also exhibit this behavior. Possible fixes for Intel and Broadcom adapters can be found below, for other adapters please contact your NIC manufacturer. Unsupported Fix for Broadcom Adapters: ** Please backup your registry before making these modifications ** Please look for the following registry key and follow the steps listed below. This fix is not supported by WildPackets. HKEY_LOCAL_MACHINE-->SYSTEM-->CurrentControlSet
Unsupported Fix for Intel Adapters: http://www.intel.com/support/network/sb/cs- 005897.htm Another solution is to purchase a tap. TAPs are passive and independent of the network. Please call (925) 937-3200 or write to sales@wildpackets.com to find out more about TAPs.
Right-click on any Expert event and choose EventFinder Settings. Click the Show Info button for a description of the event and possible causes and remedies.
Yes, here's how:
Yes, open the captures you would like to compare.
No, you will need an additional adapter to use for network services or use a multi-port adapter like the Intel dual or quad port adapters. These cards could connect via one port and capture on the additional, available ports.
For example, maybe you want all traffic on port 80 and port 8000 to show up under HTTP in the Packet view, Protocol statistics, etc. In that case, you will need to modify the following file with a Text Editor: C:Program Files\WildPackets\OmniPeek\1033\pspecs.xml You can search for your protocol's PSpec Name (i.e. HTTP) and when you find the protocol, you can modify the existing port number(s). For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
The
For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
Quick Notes: The PSpecID is a numerical identifier for the protocol. It must be unique-that is, no two protocols are allowed to have the same PSpecID. You must choose a PSpecID that is not used anywhere else in the file. The
The PSpec Name will be displayed in the Protocol column of the Packets tab. The LName will be displayed in the Protocol Info dialog box (accessed by right-clicking the protocol and choosing Protocol Info). The SName will be displayed in the Protocol statistics. The Desc will be displayed in the Protocol Info box (Desc is optional. You can delete it if you don't want to write a description for your protocol). Color will be the color used for the protocol. Colors are defined at the beginning of the document. Color is optional. You can delete it and OmniPeek will choose a color for the protocol. CondSwitch tells OmniPeek how to recognize the protocol. For now, all you have to do is edit the "SrcPort ==" and "DestPort ==" entries to contain the port number that your protocol uses. These two entries should be the same. For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
The summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline normal network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem. Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client network with a saved healthy router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance. To baseline with summary statistics: Choose Monitor > Summary. The Summary Statistics window appears.
Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes.
Click the Peer Map view and click Open. The supported file types are *.BMP, *.JPEG, *.GIF, *.EMF, *.WMF, *.TIFF, *.PNG, *.ICO.
The space shows you where protocol segments start and stop within conversations.
The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map. The Configuration tab lets you control what part of the traffic in the Capture window's buffer is displayed in Peer Map. The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if this option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn't want new nodes to appear on the Peer Map as they are discovered.
Because routers forward traffic from other networks at OSI Layer 3, the logical address (IP) is forwarded unchanged but the physical address (MAC) is changed to that of the router doing the forwarding. In this case, Peek might misidentify your router when it tries to resolve the name using the Resolve Name/Passive Name resolution option (Tools->Name Resolution). To properly identify routers, we recommend that you add your routers to the Name Table.
The following steps will give you some indication of which ports are open:
The default Timestamp format is Microseconds. This setting can be changed by clicking on one of the columns in the Packets view and selecting the Format tab or by right-clicking a packet in the Packets View and selecting Packet List Options.
Right click the column header and select the fields you would like to see. Then right click again and choose Packet List Options > Format tab and deselect "Show port names". You should now see port numbers instead of names. Also good to know, the source and port field numbers are always displayed in the 'Summary' field (Src=###,Dst=##) in addition to other packet information.
OmniPeek Enterprise has unlimited engine connections and because OmniPeek puts the processing power at the point of capture, multiple connections and diverse configurations can be used without creating a strain on network bandwidth. Only the packets, statistical data, and other information required to refresh the display need to be sent from the Remote Engine.
The only console that was designed to work simultaneously with an engine is OmniPeek Connect. OmniPeek Connect provides the ability to locally configure and view the engine's analysis as the engine is capturing packets and performing analysis.
Network analysis tools are powerful and must be protected from misuse. Data captured and sent across the network may be sensitive, so OmniPeek has been designed from the ground up to adhere to strict IT security requirements. By default, all traffic between the engine and console is compressed and encrypted and in addition to Windows® Security being used for access control to the OmniEngine and application features, TACACs and RADIUS authentication are supported also.
In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, OmniPeek will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature. Here are a few more tips to improve the performance of OmniPeek: Disable the Monitor adapter (Monitor/Select Monitor Adapter/None) Turn off scroll during capture. Control K will start/stop scroll. Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution. Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report.
In order to capture wireless traffic with OmniPeek, you must install a custom WildPackets driver. A list of supported cards and the WildPackets drivers can be found here: Please find your card from the list and download the appropriate driver. ***First install and test the adapter with the OEM driver. Do not install the WildPackets driver until the adapter is functioning properly on your network using the OEM driver.*** Also, be sure to follow the ReadMe carefully; you must choose 'Don't search. I will choose the driver to install.'
Yes, the Contents tab of the Web Views will attempt to reassemble web pages from traffic still in the buffer. But since there are a myriad of different implementations, content from a number of sites my not be viewable.
There are certain things that need to happen to see a requested files contents:
The web views currently have a limit to the number of requests it will display; 1/4 the expert flow limit. By default, the expert flow limit is set to 10,000, so the web views will only display the first 2500 requests. |
MyPeekCommunity Portal
Training / Courses
Product Tips & Tricks
|
Lawful Intercept
Deploying & Testing Applications
Distributed Networks
Network Baselining
Network Forensics
Network Performance Analysis
- NetFlow
Network Performance Management
Network Security
Network Troubleshooting
Product Development Support
VoIP Monitoring and Analysis
Video Monitoring and Analysis
Wireless Network Analysis
10 Gigabit Networks
Industry Specific Solutions
OmniFlow Collector
NetFlow Collector
sFlow Collector
OmniPeek Network Analyzer
Compass Live
OmniEngine Software Probe
OmniVirtual VMware Probe
TimeLine Network Recorder
Omnipliance Network Recorder
OmniAdapter Analysis Cards
Omnipliance Portable
Product Activation FAQs
Maintenance Programs
Product Versions
Contact Tech Support
Downloads
Training / Courses
Consulting
Custom Engineering
WildPackets Forums
MyPeek Community Portal
Information Kits
Video How-To's
Product Tips and Tricks
Networking Glossary
Networking Links
Free Utilities
Media Coverage
Media Kit
Blog
Peeks Newsletter
Success Stories
Reviews & Awards
Upcoming Events
Webinars & Webcasts
Software Upgrades
Hardware
Training
Maintenance Renewal
Per Incident Support
Sales Policies
Contact Sales






Germany
Japan
Korea
UK
United States















