Synergy: The working together of two or more
things to produce an effect greater than the sum of their individual

So says the dictionary, but more to the point, synergy is what happens when you
use multiple OmniPeek plug-ins together.   The effect is of course
not limited to plug-ins, synergy is also found in the use of the many tightly
integrated features like summary stats and graphs.   But plug-ins
greatly increase the effect of built-in features as well increase the effect of
each other.

For example, let’s say that you want to capture the same packet from multiple
locations on different segments of the network and compare certain things about
them like the delta times, window sizes, and hop counts.   By using
the Remote TCPDump Adapter Plug-in and the PeekPlayer Plug-in you can capture
from multiple remote sources and aggregate all of them into a single capture
window, in real-time.   Along the way, you may have used a C Decoder
Plug-in, the WebStats Plug-in, or any number of other plug-ins that customize
the workflow to the specific needs of your business.

Another example is using multiple RFGrabbers, where each one is capturing
packets from a different channel, and using the PeekPlayer Plug-in to redirect
all the packets into a single capture window.   In this way you can
see the Signal and Channel graphs for all of the channels being monitored in a
single capture window.   If you have not done this yet, give it a
try.   The PeekPlayer makes it possible to redirect packets from one
capture window to another.

Finally, take the first example and add the SQLFilter to the aggregating
capture window so that as the packets are aggregated they are indexed into a
single database for post capture data mining and forensics.  In this case,
we are using OmniPeek, the Remote TCPDump Adapter, the PeekPlayer, and the
SQLFilter.    You might also be using an expert logging plug-in,
or any number of other plug-ins for filtering and processing of the packets in
the final capture window.

One of the advantages in these scenarios is the aggregation of multiple streams
into a single capture window in real-time.   This makes it easier to
analyze the data and saves the user the time it would have taken to manually
aggregate the packets through PeekCat.   But the other advantage is being
able to do most of the configuration on the aggregated capture window instead
of to all of them.  Again, this improves the workflow and as a result save
the user time and money.

This is really all about improving
workflow.   And since workflows are different from business to
business and network to network, the ability to customize OmniPeek sets it
apart from other products that are not quite so configurable.


Leave a Reply