China
Germany
Japan
Korea
UK
United States
|
|
OmniPeek Enterprise
OmniPeek 6.5 has an updated Filter List, but when I upgraded, I don’t see the new filters. Where do I find them?
The OmniPeek installer will keep your current filter file through an upgrade. You must import the new one that is installed with 6.5. Here is the procedure:
You will now have all of the new filters plus all of your original ones as well.
OmniPeek 6.5 has an updated Name Table, but when I upgraded, I don’t see the new names. Where do I find them?
The OmniPeek installer will keep your current Name Table through an upgrade. You must import the new one that is installed with 6.5. Here is the procedure:
You will now have all of the new name entries plus all of your original ones as well.
When upgrading to OmniPeek 6.5, should I uninstall my older version of OmniPeek first?
Yes, to remove OmniPeek, re-run the installer and choose "Remove"; or open the "Add/Remove Programs" control panel, select "WildPackets OmniPeek" and click the "Add/Remove" button. All files created during the installation will be removed; however, you may need to manually delete the OmniPeek folder to remove files created after installation.
Why do the Web Views stop displaying new requests?
The web views currently have a limit to the number of requests it will display; 1/4 the expert flow limit. By default, the expert flow limit is set to 10,000, so the web views will only display the first 2500 requests. 
Do the Web Views allow me to view pages visited by the users on my network?
Yes, the Contents tab of the Web Views will attempt to reassemble web pages from traffic still in the buffer. But since there are a myriad of different implementations, content from a number of sites my not be viewable.
In the new Web View, why can I view some requests content, and not others? What should I look for?
There are certain things that need to happen to see a requested files contents:
Why does the timeline column constantly flash?
The timeline column has to reassemble every visible request and draw something for each visible request. Since the default refresh rate for the view is set at 1 second, the web view reassembles every request each second and that is why the timeline column is flashing in this manner. To remedy this, change the default refresh rate to Manual or something greater then 1 second.
How do I create a filter to span multiple ports?
You can create an Advanced or Simple filter to span individual ports. Ports can be entered and separated by commas and/or semicolons. Here is how:
How do I capture VLAN packets?
First be sure the analyzer is placed where the tagged frames exist, this is generally on a switch trunk (a link that connects switch-to-switch). Second verify that your switch is not stripping the VLAN tags, you may need to contact your switch manufacturer. Lastly, the network interface card may strip 802.1q tags at the adapter/driver level. By default, Intel adapters strip the VLAN tag before passing it up the stack. Some Broadcom adapters also exhibit this behavior. Possible fixes for Intel and Broadcom adapters can be found below, for other adapters please contact your NIC manufacturer. Unsupported Fix for Broadcom Adapters: ** Please backup your registry before making these modifications ** Please look for the following registry key and follow the steps listed below. This fix is not supported by WildPackets. HKEY_LOCAL_MACHINE-->SYSTEM-->CurrentControlSet
Unsupported Fix for Intel Adapters: http://www.intel.com/support/network/sb/cs- 005897.htm Another solution is to purchase a tap. TAPs are passive and independent of the network. Please call (925) 937-3200 or write to sales@wildpackets.com to find out more about TAPs.
Where can I find a definition for the expert messages?
Right-click on any Expert event and choose EventFinder Settings. Click the Show Info button for a description of the event and possible causes and remedies.
Is there a way to only capture the header of a packet?
Yes, here's how:
What do the colors of the globes represent in the WLAN view?
Can I compare two different captures?
Yes, open the captures you would like to compare.
How can I start multiple captures simultaneously?
Can a NIC connected to a SPAN/Mirror port also be used for network services?
You will need an additional adapter to use for network services or use a multi-port adapter like the Intel dual or quad port adapters. These cards could connect via one port and capture on the additional, available ports.
How do I change port numbers for an existing protocol?
For example, maybe you want all traffic on port 80 and port 8000 to show up under HTTP in the Packet view, Protocol statistics, etc. In that case, you will need to modify the following file with a Text Editor: C:Program FilesWildPacketsOmniPeek1033pspecs.xml You can search for your protocol's PSpec Name (i.e. HTTP) and when you find the protocol, you can modify the existing port number(s). For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How do I add port numbers for an existing protocol?
The
For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How do I add a custom protocol to OmniPeek?
Quick Notes: The PSpecID is a numerical identifier for the protocol. It must be unique-that is, no two protocols are allowed to have the same PSpecID. You must choose a PSpecID that is not used anywhere else in the file. The
The PSpec Name will be displayed in the Protocol column of the Packets tab. The LName will be displayed in the Protocol Info dialog box (accessed by right-clicking the protocol and choosing Protocol Info). The SName will be displayed in the Protocol statistics. The Desc will be displayed in the Protocol Info box (Desc is optional. You can delete it if you don't want to write a description for your protocol). Color will be the color used for the protocol. Colors are defined at the beginning of the document. Color is optional. You can delete it and OmniPeek will choose a color for the protocol. CondSwitch tells OmniPeek how to recognize the protocol. For now, all you have to do is edit the "SrcPort ==" and "DestPort ==" entries to contain the port number that your protocol uses. These two entries should be the same. For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How can OmniPeek Enterprise help me baseline my network?
The summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline normal network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem. Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client network with a saved healthy router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance. To baseline with summary statistics: Choose Monitor > Summary. The Summary Statistics window appears.
What are some of the keyboard shortcuts?
What is the difference between OmniPeek Enterprise and OmniPeek Enterprise Connect?
Can you explain the Peer Map view?
Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes.
How can I import my company's network diagram into Peer Map?
Click the Peer Map view and click Open. The supported file types are *.BMP, *.JPEG, *.GIF, *.EMF, *.WMF, *.TIFF, *.PNG, *.ICO.
Why does some activity in the Peer Map contain spaces?
The space shows you where protocol segments start and stop within conversations.
Can you explain the Profiles, Configuration and Node Visibilities tabs in the Peer Map view?
The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map. The Configuration tab lets you control what part of the traffic in the Capture window's buffer is displayed in Peer Map. The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if this option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn't want new nodes to appear on the Peer Map as they are discovered.
It appears that my router is being misidentified?
Because routers forward traffic from other networks at OSI Layer 3, the logical address (IP) is forwarded unchanged but the physical address (MAC) is changed to that of the router doing the forwarding. In this case, Peek might misidentify your router when it tries to resolve the name using the Resolve Name/Passive Name resolution option (Tools->Name Resolution). To properly identify routers, we recommend that you add your routers to the Name Table.
Can I use the Peek analyzer to assist with firewall rules?
The following steps will give you some indication of which ports are open:
What is the default timestamp format?
The default Timestamp format is Microseconds. This setting can be changed by clicking on one of the columns in the Packets view and selecting the Format tab or by right-clicking a packet in the Packets View and selecting Packet List Options.
How do I use port numbers instead of port names?
Right click the column header and select the fields you would like to see. Then right click again and choose Packet List Options > Format tab and deselect "Show port names". You should now see port numbers instead of names. Also good to know, the source and port field numbers are always displayed in the 'Summary' field (Src=###,Dst=##) in addition to other packet information.
How accurate are the Delta and Relative times in the Packet view?
In regards to wireless, if using an Atheros driver v3.0.1.x and above the accuracy is approximately 1 micro-second as the packets are being time-stamped by the hardware, versions under 3.0.1.x use software timestamps. If using WinXP and other NT based systems packets have an approximate accuracy of .1 milliseconds. In regards to Ethernet, non-GAC Ethernet adapters use software timestamps and the accuracy depends on the OS. If using WinXP and other NT based systems packets have an approximate accuracy of .1 milliseconds. The WildPackets Gigabit Analyzer Cards provide hardware timestamps and have an approximate accuracy of 10 nanoseconds.
How many engines can I connect to with OmniPeek Enterprise?
OmniPeek Enterprise has unlimited engine connections and because OmniPeek puts the processing power at the point of capture, multiple connections and diverse configurations can be used without creating a strain on network bandwidth. Only the packets, statistical data, and other information required to refresh the display need to be sent from the Remote Engine.
Can I use both an OmniEngine and an OmniPeek console at the same time on the same machine?
The only console that was designed to work simultaneously with an engine is OmniPeek Connect. OmniPeek Connect provides the ability to locally configure and view the engine's analysis as the engine is capturing packets and performing analysis.
How secure is OmniPeek Enterprise 6.0?
Network analysis tools are powerful and must be protected from misuse. Data captured and sent across the network may be sensitive, so OmniPeek has been designed from the ground up to adhere to strict IT security requirements. By default, all traffic between the engine and console is compressed and encrypted and in addition to Windows® Security being used for access control to the OmniEngine and application features, TACACs and RADIUS authentication are supported also.
When I use OmniPeek to monitor my high speed network, the application tends to slow down. Are there any
tips to optimize performance?
In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, OmniPeek will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature. Here are a few more tips to improve the performance of OmniPeek: Disable the Monitor adapter (Monitor/Select Monitor Adapter/None) Turn off scroll during capture. Control K will start/stop scroll. Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution. Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report.
I am unable to start a wireless capture. When I select 'OK' in the Capture Options I receive the error
'The adapter "Wireless Network Connection" is not supported by this product.' What am I missing?
In order to capture wireless traffic with OmniPeek, you must install a custom WildPackets driver. A list of supported cards and the WildPackets drivers can be found here: Please find your card from the list and download the appropriate driver. ***First install and test the adapter with the OEM driver. Do not install the WildPackets driver until the adapter is functioning properly on your network using the OEM driver.*** Also, be sure to follow the ReadMe carefully; you must choose 'Don't search. I will choose the driver to install.' I have entered the correct key or passphrase but the TKIP encrypted packets are not being decrypted. Can you please tell me what's
wrong?
Peek *must* capture the complete (EAPOL) key exchange to successfully decrypt WPA-PSK encrypted traffic. This exchange consists of the 4 packet Pairwise Master key (PMK) and the 2 packet Group Temporal Key (GTK). The below is an example of a successful EAPOL capture.
OmniPeek Screenshots
Click on thumbnail for larger view
Dashboard
I have captured the required EAPOL keys but why can't I decrypt the WPA traffic?
When WMM (802.11e) is enabled WPA-PSK decryption will fail, some adapters have an Advanced Settings Tab that will allow this feature to be disabled. If your adapter does not have this setting, disable the feature on the corresponding Access Point. Once you have disabled the feature on the client's adapter who is sending the traffic of interest or the AP, you should be able to decrypt the traffic completely.
When I try to open a *.pkt file, I receive a "Not Enough Storage Space" error.
This error means that there are not enough memory/resources available to load the file. A solution would be our SQL filter plug-in. This plug-in creates a SQL database of packet headers from real-time captures or loaded file captures. Once installed, the SQL Filter plug-in will appear under the Tools view in OmniPeek, you will be able to select packets based on the results of queries that were entered. By using the SQL Filter Plug-in to index trace files into a database, files of any size can be read back into OmniPeek using SQL queries. The SQL Filter Plug-in is available to MyPeek members; you can sign up for an account here:
Can I search a trace file based on Time, Date, Address or Port?
Yes, this is possible with the SQL filter plug-in. This plug-in creates a SQL database of packet headers from real-time captures or loaded file captures. Once installed, the SQL Filter plug-in will appear under the Tools view in OmniPeek, you will be able to select packets based on the results of queries that were entered. The SQL Filter Plug-in is available to MyPeek members; you can sign up for an account here:
What is the SQL Filter Plug-in?
The SQL Filter plug-in creates a SQL database of packet headers from real-time captures or loaded file captures this enables you to submit SQL queries to locate key data in packet captures. The SQL Filter Plug-in is available to MyPeek members; you can sign up for an account here:
Can I install the SQL Filter Plug-in on my engine?
No, at this time only local captures are supported.
Can I start OmniPeek from the command line?
Yes, here is how: Opeek.exe [/autoload |/autostart ] [template1] [templateN] The /autoload switch loads the specified Capture Template (*.ctf) file(s). The /autostart switch loads the specified template(s) and begins capture. Multiple templates may be listed, separated by a space. You can use the * (asterisk) character or the ? (question mark) character as wildcards in specifying template names, following standard Windows wildcard usage. In a default installation of OmniPeek, the command line would be started from: To automatically load template file capture1.ctf, for example, the command would be: |
|
Lawful Intercept
Deploying & Testing Applications
Distributed Networks
Network Baselining
Network Forensics
Network Performance Analysis
- NetFlow
Network Performance Management
Network Security
Network Troubleshooting
Product Development Support
VoIP Monitoring and Analysis
Video Monitoring and Analysis
Wireless Network Analysis
10 Gigabit Networks
Industry Specific Solutions
OmniFlow Collector
NetFlow Collector
sFlow Collector
OmniPeek Network Analyzer
OmniEngine Software Probe
OmniVirtual VMWare Probe
TimeLine Network Recorder
Omnipliance Network Recorder
OmniAdapter Analysis Cards
Omnipliance Portable
Product Activation FAQs
Maintenance Programs
Product Versions
Contact Tech Support
Downloads
Training / Courses
Consulting
Custom Engineering
WildPackets Forums
MyPeek Community Portal
Video How-To's
Product Tips and Tricks
Networking Glossary
Networking Links
Free Utilities
Media Coverage
Media Kit
Blog
Peeks Newsletter
Success Stories
Reviews & Awards
Upcoming Events
Webinars & Webcasts
Industry Alliances
Channel Partners
Training Partners
Integration Partners
Partner Portal
Software Upgrades
Hardware
Training
Maintenance Renewal
Per Incident Support
Sales Policies
Contact Sales
COPYRIGHT © 2010 WILDPACKETS, INC | PrivacyAll registered and unregistered trademarks are the sole property of their respective owners
