Germany
Japan
Korea
UK
United States
|
|
OmniPeek Enterprise
How do I access the new CDR (Call Detail Records)?
In the Capture Options Statictics Output, enable the "Save statistics report". Then under the "Report type" select the Call Detail Records option.
WildPackets Compass for the OmniPeek Console is an interactive dashboard for post-capture forensics on large quantities of wired and wireless network traffic. Compass employs an intuitive interactive graph, allowing you to visualize and interact with utilization statistics from large quantities of network data, before actually loading a specific time range of packets.
When upgrading to OmniPeek 6.6, should I uninstall my older version of OmniPeek first?
When you run the OmniPeek installation it will automatically prompt you that it has found an older version. Just select Remove and it will unintall your old version before it begans to install the new.
Can I search a trace file based on Time, Date, Address or Port?
Yes, this is possible with the Integrated Compass plug-in. WildPackets Compass for the OmniPeek Console is an interactive dashboard for forensics of large quantities of wired and wireless network traffic. Compass employs a nice looking interactive graph, allowing you to visualize and interact with utilization statistics from large quantities of network data, before actually loading a specific time range of packets. It is now integrated with OmniPeek and no longer need to be added as a pulg-in
When I try to open a *.pkt file, I receive a "Not Enough Storage Space" error.
This error means that there are not enough memory/resources available to load the file. A solution would be our integrated Compass plug-in. This plug-in creates real-time captures and monitoring, aggregates muliple filesis a single dashboard view, integrated drill down to packets and provides ket network statistics in real-time as well as post capture.
I have entered the correct key or passphrase but the encrypted packets are not being decrypted. Can you please tell me what's wrong?
OmniPeek *must* capture the complete (EAPOL) key exchange to successfully decrypt WPA/WPA2 encrypted traffic.
How do I create a filter to span multiple ports?
You can create an Advanced or Simple filter to span individual ports. Ports can be entered and separated by commas and/or semicolons. Here is how:
How do I capture VLAN packets?
First be sure the analyzer is placed where the tagged frames exist, this is generally on a switch trunk (a link that connects switch-to-switch). Second verify that your switch is not stripping the VLAN tags, you may need to contact your switch manufacturer. Lastly, the network interface card may strip 802.1q tags at the adapter/driver level. By default, Intel adapters strip the VLAN tag before passing it up the stack. Some Broadcom adapters also exhibit this behavior. Possible fixes for Intel and Broadcom adapters can be found below, for other adapters please contact your NIC manufacturer. Unsupported Fix for Broadcom Adapters: ** Please backup your registry before making these modifications ** Please look for the following registry key and follow the steps listed below. This fix is not supported by WildPackets. HKEY_LOCAL_MACHINE-->SYSTEM-->CurrentControlSet
Unsupported Fix for Intel Adapters: http://www.intel.com/support/network/sb/cs- 005897.htm Another solution is to purchase a tap. TAPs are passive and independent of the network. Please call (925) 937-3200 or write to sales@wildpackets.com to find out more about TAPs.
Where can I find a definition for the expert messages?
Right-click on any Expert event and choose EventFinder Settings. Click the Show Info button for a description of the event and possible causes and remedies.
Is there a way to only capture the header of a packet?
Yes, here's how:
What do the colors of the globes represent in the WLAN view?
Can I compare two different captures?
Yes, open the captures you would like to compare.
How can I start multiple captures simultaneously?
Can a NIC connected to a SPAN/Mirror port also be used for network services?
No, you will need an additional adapter to use for network services or use a multi-port adapter like the Intel dual or quad port adapters. These cards could connect via one port and capture on the additional, available ports.
How do I change port numbers for an existing protocol?
For example, maybe you want all traffic on port 80 and port 8000 to show up under HTTP in the Packet view, Protocol statistics, etc. In that case, you will need to modify the following file with a Text Editor: C:Program Files\WildPackets\OmniPeek\1033\pspecs.xml You can search for your protocol's PSpec Name (i.e. HTTP) and when you find the protocol, you can modify the existing port number(s). For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How do I add port numbers for an existing protocol?
The
For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How do I add a custom protocol to OmniPeek?
Quick Notes: The PSpecID is a numerical identifier for the protocol. It must be unique-that is, no two protocols are allowed to have the same PSpecID. You must choose a PSpecID that is not used anywhere else in the file. The
The PSpec Name will be displayed in the Protocol column of the Packets tab. The LName will be displayed in the Protocol Info dialog box (accessed by right-clicking the protocol and choosing Protocol Info). The SName will be displayed in the Protocol statistics. The Desc will be displayed in the Protocol Info box (Desc is optional. You can delete it if you don't want to write a description for your protocol). Color will be the color used for the protocol. Colors are defined at the beginning of the document. Color is optional. You can delete it and OmniPeek will choose a color for the protocol. CondSwitch tells OmniPeek how to recognize the protocol. For now, all you have to do is edit the "SrcPort ==" and "DestPort ==" entries to contain the port number that your protocol uses. These two entries should be the same. For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How can OmniPeek Enterprise help me baseline my network?
The summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline normal network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem. Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client network with a saved healthy router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance. To baseline with summary statistics: Choose Monitor > Summary. The Summary Statistics window appears.
What are some of the keyboard shortcuts?
What is the difference between OmniPeek Enterprise and OmniPeek Enterprise Connect?
Can you explain the Peer Map view?
Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes.
How can I import my company's network diagram into Peer Map?
Click the Peer Map view and click Open. The supported file types are *.BMP, *.JPEG, *.GIF, *.EMF, *.WMF, *.TIFF, *.PNG, *.ICO.
Why does some activity in the Peer Map contain spaces?
The space shows you where protocol segments start and stop within conversations.
Can you explain the Profiles, Configuration and Node Visibilities tabs in the Peer Map view?
The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map. The Configuration tab lets you control what part of the traffic in the Capture window's buffer is displayed in Peer Map. The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if this option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn't want new nodes to appear on the Peer Map as they are discovered.
It appears that my router is being misidentified?
Because routers forward traffic from other networks at OSI Layer 3, the logical address (IP) is forwarded unchanged but the physical address (MAC) is changed to that of the router doing the forwarding. In this case, Peek might misidentify your router when it tries to resolve the name using the Resolve Name/Passive Name resolution option (Tools->Name Resolution). To properly identify routers, we recommend that you add your routers to the Name Table.
Can I use the Peek analyzer to assist with firewall rules?
The following steps will give you some indication of which ports are open:
What is the default timestamp format?
The default Timestamp format is Microseconds. This setting can be changed by clicking on one of the columns in the Packets view and selecting the Format tab or by right-clicking a packet in the Packets View and selecting Packet List Options.
How do I use port numbers instead of port names?
Right click the column header and select the fields you would like to see. Then right click again and choose Packet List Options > Format tab and deselect "Show port names". You should now see port numbers instead of names. Also good to know, the source and port field numbers are always displayed in the 'Summary' field (Src=###,Dst=##) in addition to other packet information.
How many engines can I connect to with OmniPeek Enterprise?
OmniPeek Enterprise has unlimited engine connections and because OmniPeek puts the processing power at the point of capture, multiple connections and diverse configurations can be used without creating a strain on network bandwidth. Only the packets, statistical data, and other information required to refresh the display need to be sent from the Remote Engine.
Can I use both an OmniEngine and an OmniPeek console at the same time on the same machine?
The only console that was designed to work simultaneously with an engine is OmniPeek Connect. OmniPeek Connect provides the ability to locally configure and view the engine's analysis as the engine is capturing packets and performing analysis.
How secure is OmniPeek Enterprise 6.6?
Network analysis tools are powerful and must be protected from misuse. Data captured and sent across the network may be sensitive, so OmniPeek has been designed from the ground up to adhere to strict IT security requirements. By default, all traffic between the engine and console is compressed and encrypted and in addition to Windows® Security being used for access control to the OmniEngine and application features, TACACs and RADIUS authentication are supported also.
Are there any tips to optimize performance?
In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, OmniPeek will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature. Here are a few more tips to improve the performance of OmniPeek: Disable the Monitor adapter (Monitor/Select Monitor Adapter/None) Turn off scroll during capture. Control K will start/stop scroll. Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution. Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report.
I am unable to start a wireless capture. When I select 'OK' in the Capture Options I receive the error 'The adapter "Wireless Network Connection" is not supported by this product.' What am I missing?
In order to capture wireless traffic with OmniPeek, you must install a custom WildPackets driver. A list of supported cards and the WildPackets drivers can be found here: Please find your card from the list and download the appropriate driver. ***First install and test the adapter with the OEM driver. Do not install the WildPackets driver until the adapter is functioning properly on your network using the OEM driver.*** Also, be sure to follow the ReadMe carefully; you must choose 'Don't search. I will choose the driver to install.' 
Do the Web Views allow me to view pages visited by the users on my network?
Yes, the Contents tab of the Web Views will attempt to reassemble web pages from traffic still in the buffer. But since there are a myriad of different implementations, content from a number of sites my not be viewable.
In the new Web View, why can I view some requests content, and not others? What should I look for?
There are certain things that need to happen to see a requested files contents:
Why do the Web Views stop displaying new requests?
The web views currently have a limit to the number of requests it will display; 1/4 the expert flow limit. By default, the expert flow limit is set to 10,000, so the web views will only display the first 2500 requests. |
MyPeekCommunity Portal
MyPeek is WildPackets community portal where you can manage your products and contracts, get plug-ins, download white papers and much more. 
Training / Courses
Register now for upcoming courses and get network and protocol analysis training.
Product Tips & Tricks
Get tips & tricks to better utilize the great features of WildPackets products, including plug-ins.
WildPackets Forum
Join in the discussion forum for WildPackets products and general networking issues. |
Lawful Intercept
Deploying & Testing Applications
Distributed Networks
Network Baselining
Network Forensics
Network Performance Analysis
- NetFlow
Network Performance Management
Network Security
Network Troubleshooting
Product Development Support
VoIP Monitoring and Analysis
Video Monitoring and Analysis
Wireless Network Analysis
10 Gigabit Networks
Industry Specific Solutions
OmniFlow Collector
NetFlow Collector
sFlow Collector
OmniPeek Network Analyzer
Compass Live
OmniEngine Software Probe
OmniVirtual VMware Probe
TimeLine Network Recorder
Omnipliance Network Recorder
OmniAdapter Analysis Cards
Omnipliance Portable
Product Activation FAQs
Maintenance Programs
Product Versions
Contact Tech Support
Downloads
Training / Courses
Consulting
Custom Engineering
WildPackets Forums
MyPeek Community Portal
Information Kits
Video How-To's
Product Tips and Tricks
Networking Glossary
Networking Links
Free Utilities
Media Coverage
Media Kit
Blog
Peeks Newsletter
Success Stories
Reviews & Awards
Upcoming Events
Webinars & Webcasts
Software Upgrades
Hardware
Training
Maintenance Renewal
Per Incident Support
Sales Policies
Contact Sales
