Germany
Japan
Korea
UK
United States
|
|
OmniPeek Professional
WildPackets Compass for the OmniPeek Console is an interactive dashboard for post-capture forensics on large quantities of wired and wireless network traffic. Compass employs an intuitive interactive graph, allowing you to visualize and interact with utilization statistics from large quantities of network data, before actually loading a specific time range of packets.
When upgrading to OmniPeek 6.6, should I uninstall my older version of OmniPeek first?
When you run the OmniPeek installation it will automatically prompt you that it has found an older version. Just select Remove and it will unintall your old version before it begans to install the new.
Can I search a trace file based on Time, Date, Address or Port?
Yes, this is possible with the Integrated Compass plug-in. WildPackets Compass for the OmniPeek Console is an interactive dashboard for forensics of large quantities of wired and wireless network traffic. Compass employs a nice looking interactive graph, allowing you to visualize and interact with utilization statistics from large quantities of network data, before actually loading a specific time range of packets. It is now integrated with OmniPeek and no longer need to be added as a pulg-in
When I try to open a *.pkt file, I receive a "Not Enough Storage Space" error.
This error means that there are not enough memory/resources available to load the file. A solution would be our integrated Compass plug-in. This plug-in creates real-time captures and monitoring, aggregates muliple filesis a single dashboard view, integrated drill down to packets and provides ket network statistics in real-time as well as post capture.
I have entered the correct key or passphrase but the encrypted packets are not being decrypted. Can you please tell me what's wrong?
OmniPeek *must* capture the complete (EAPOL) key exchange to successfully decrypt WPA/WPA2 encrypted traffic.
How do I capture VLAN packets?
First be sure the analyzer is placed where the tagged frames exist, this is generally on a switch trunk (a link that connects switch-to-switch). Second verify that your switch is not stripping the VLAN tags, you may need to contact your switch manufacturer. Lastly, the network interface card may strip 802.1q tags at the adapter/driver level. By default, Intel adapters strip the VLAN tag before passing it up the stack. Some Broadcom adapters also exhibit this behavior. Possible fixes for Intel and Broadcom adapters can be found below, for other adapters please contact your NIC manufacturer. Unsupported Fix for Broadcom Adapters: ** Please backup your registry before making these modifications ** Please look for the following registry key and follow the steps listed below. This fix is not supported by WildPackets. HKEY_LOCAL_MACHINE-->SYSTEM-->CurrentControlSet
Unsupported Fix for Intel Adapters: http://www.intel.com/support/network/sb/cs-005897.htm Another solution is to purchase a tap. TAPs are passive and independent of the network. Please call (925) 937-3200 or write to sales@wildpackets.com to find out more about TAPs.
How do I create a filter to span multiple ports?
You can create an Advanced or Simple filter to span individual ports. Ports can be entered and separated by commas and/or semicolons. Here is how:
Is there a way to only capture the header of a packet?
Yes, here's how:
What do the colors of the globes represent in the WLAN view?
Can I compare two different captures?
Yes, open the captures you would like to compare.
How do I change port numbers for an existing protocol?
For example, maybe you want all traffic on port 80 and port 8000 to show up under HTTP in the Packet view, Protocol statistics, etc. In that case, you will need to modify the following file with a Text Editor: C:Program FilesWildPacketsOmniPeek1033pspecs.xml You can search for your protocol's PSpec Name (i.e. HTTP) and when you find the protocol, you can modify the existing port number(s). For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How do I add port numbers for an existing protocol?
The
For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines: http://mypeek.wildpackets.com/
How do I add a custom protocol to OmniPeek?
Quick Notes: The PSpecID is a numerical identifier for the protocol. It must be unique-that is, no two protocols are allowed to have the same PSpecID. You must choose a PSpecID that is not used anywhere else in the file. The
The PSpec Name will be displayed in the Protocol column of the Packets tab. The LName will be displayed in the Protocol Info dialog box (accessed by right-clicking the protocol and choosing Protocol Info). The SName will be displayed in the Protocol statistics. The Desc will be displayed in the Protocol Info box (Desc is optional. You can delete it if you don't want to write a description for your protocol). Color will be the color used for the protocol. Colors are defined at the beginning of the document. Color is optional. You can delete it and OmniPeek will choose a color for the protocol. CondSwitch tells OmniPeek how to recognize the protocol. For now, all you have to do is edit the "SrcPort ==" and "DestPort ==" entries to contain the port number that your protocol uses. These two entries should be the same. For more information on ProtoSpecs, please log into MyPeek and under the Resources section go to Developer Documentation and take a look at the ProtoSpecs XML Writing Guidelines. http://mypeek.wildpackets.com/
How can OmniPeek Professional help me baseline my network?
The summary statistics feature allows you to monitor key network statistics in real time and save these statistics for later comparison. Use this feature to baseline normal network activity, save the data, then compare saved statistics with those observed during periods of erratic network behavior to help pinpoint the cause of the problem. Summary statistics are also extremely valuable in comparing the performance of two different network segments. For example, a field support engineer could compare the real-time statistics on a client network with a saved healthy router snapshot and easily diagnose or eliminate the source of inconsistent or poor router performance. To baseline with summary statistics: Choose Monitor > Summary. The Summary Statistics window appears.
What are some of the keyboard shortcuts?
Can you explain the Peer Map view?
Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes.
How can I import my company's network diagram into Peer Map?
Click the Peer Map view and click Open. The supported file types are *.BMP, *.JPEG, *.GIF, *.EMF, *.WMF, *.TIFF, *.PNG, *.ICO.
Can you explain the Profiles, Configuration and Node Visibilities tabs in the Peer Map view?
The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map. The Configuration tab lets you control what part of the traffic in the Capture window's buffer is displayed in Peer Map. The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if his option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn't want new nodes to appear on the Peer Map as they are discovered.
Can I use the Peek analyzer to assist with firewall rules?
The following steps will give you some indication of which ports are open:
How do I use port numbers instead of port names?
Right click the column header and select the fields you would like to see. Then right click again and choose Packet List Options > Format tab and deselect "Show port names". You should now see port numbers instead of names. Also good to know, the source and port field numbers are always displayed in the 'Summary' field (Src=###,Dst=##) in addition to other packet information.
How accurate are the Delta and Relative times in the Packet view?
In regards to wireless, if using an Atheros driver v3.0.1.x and above the accuracy is approximately 1 micro-second as the packets are being time-stamped by the hardware, versions under 3.0.1.x use software timestamps. If using WinXP and other NT based systems packets have an approximate accuracy of .1 milliseconds. In regards to Ethernet, non-GAC Ethernet adapters use software timestamps and the accuracy depends on the OS. If using WinXP and other NT based systems packets have an approximate accuracy of .1 milliseconds. The WildPackets Gigabit Analyzer Cards provide hardware timestamps and have an approximate accuracy of 10 nanoseconds.
Can I use both an OmniEngine and an OmniPeek console at the same time on the same machine?
The only console that was designed to work simultaneously with an engine is OmniPeek Connect. OmniPeek Connect provides the ability to locally configure and view the engine's analysis as the engine is capturing packets and performing analysis.
How secure is OmniPeek Professional 6.6?
Network analysis tools are powerful and must be protected from misuse. Data captured and sent across the network may be sensitive, so OmniPeek has been designed from the ground up to adhere to strict IT security requirements. By default, all traffic between the engine and console is compressed and encrypted and in addition to Windows® Security being used for access control to the OmniEngine and application features, TACACs and RADIUS authentication are supported also.
Are there any tips to optimize performance?
In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, OmniPeek will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature. Here are a few more tips to improve the performance of OmniPeek: Disable the Monitor adapter (Monitor/Select Monitor Adapter/None) Turn off scroll during capture. Control K will start/stop scroll. Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution. Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report.
I am unable to start a wireless capture. When I select 'OK' in the Capture Options I receive the error 'The adapter "Wireless Network Connection" is not supported by this product.' What am I missing?
In order to capture wireless traffic with OmniPeek, you must install a custom WildPackets driver. A list of supported cards and the WildPackets drivers can be found here: Please find your card from the list and download the appropriate driver. ***First install and test the adapter with the OEM driver. Do not install the WildPackets driver until the adapter is functioning properly on your network using the OEM driver.*** Also, be sure to follow the ReadMe carefully; you must choose 'Don't search. I will choose the driver to install.' |
MyPeekCommunity Portal
MyPeek is WildPackets community portal where you can manage your products and contracts, get plug-ins, download white papers and much more. 
Training / Courses
Register now for upcoming courses and get network and protocol analysis training.
Product Tips & Tricks
Get tips & tricks to better utilize the great features of WildPackets products, including plug-ins.
WildPackets Forum
Join in the discussion forum for WildPackets products and general networking issues. |
Lawful Intercept
Deploying & Testing Applications
Distributed Networks
Network Baselining
Network Forensics
Network Performance Analysis
- NetFlow
Network Performance Management
Network Security
Network Troubleshooting
Product Development Support
VoIP Monitoring and Analysis
Video Monitoring and Analysis
Wireless Network Analysis
10 Gigabit Networks
Industry Specific Solutions
OmniFlow Collector
NetFlow Collector
sFlow Collector
OmniPeek Network Analyzer
Compass Live
OmniEngine Software Probe
OmniVirtual VMware Probe
TimeLine Network Recorder
Omnipliance Network Recorder
OmniAdapter Analysis Cards
Omnipliance Portable
Product Activation FAQs
Maintenance Programs
Product Versions
Contact Tech Support
Downloads
Training / Courses
Consulting
Custom Engineering
WildPackets Forums
MyPeek Community Portal
Information Kits
Video How-To's
Product Tips and Tricks
Networking Glossary
Networking Links
Free Utilities
Media Coverage
Media Kit
Blog
Peeks Newsletter
Success Stories
Reviews & Awards
Upcoming Events
Webinars & Webcasts
Software Upgrades
Hardware
Training
Maintenance Renewal
Per Incident Support
Sales Policies
Contact Sales
