Category Archives: Compass

Easy Steps to Analyze Behavior of Network Users with Compass Live

One of the most common network performance problems is latency with users being a prevalent catalyst to this issue. At WildPackets, we created Compass Live, which gives you a top level view of the network, to help you determine if it is a user or users causing the network pain.

If you are using Compass Live or interested in giving it a test run, check out our quick tips below on how to determine latency through user behavior.

Determining Latency with Top Talker View
With the growing popularity of voice and video over IP, latency is a common network issue that can be difficult to diagnose. Finding the right information can be daunting without the right tools, but Compass Live lets you interactively drill down into the network users’ activities to find out when and where the issue occurred. If your network is consistently experiencing high instances of latency, finding out which users were accessing the network at those times and what they were doing may give you the insight needed to solve the problem.

From the Compass Live dashboard you can see the high-level view of who the top users are on your network in real-time and capture the data in Bits, Bytes, Mbits, Gbits, Packets, or signal strength. In order to drill down into a particular user, select an entry from the “Top Nodes” graph to drill down into the unique statistics. Choose the filter option to see the specific for protocols in real-time or a particular period in network history.

Is the Users Behavior the Problem?
Compass Live offers the option to graph and report on users behavior, showing what was happening on your wired and wireless networks at any period of time. Users rely on the network for business critical tasks, but their behavior can impact the overall performance as well. A user who is complaining about slow network response may also be the same user who is downloading a large file via BitTorrent, which creates lots of peer-to-peer connections and has historically caused slow network response due to overwhelming the upstream bandwidth. Compass Live can help you focus on these users to see what they’re doing.

After you have opened a packet capture file, use the Top Nodes or Top Protocols window to select the basis for your filter. In the example of a user complaining about slow network response, select just that user. Next, at the bottom of the page, click the binoculars icon to apply that filter. If you have only selected a single user, the view excludes all other traffic, showing only what that user has been doing. Now you can find out if your users are causing their own problems, and problems for other users too!

From here, there are additional options to help you track down what’s happening. If the information from the filter shows that the users aren’t to blame, simply right-click the main graph and select “Undo Last Filter” to return to the previous view. However, if there’s significant traffic, or lots of protocols, you can select additional nodes or protocols and apply those filters for iterative drill-down. If you find the “smoking gun” proving that the user behavior has been causing problems, you can save the filtered packets to an OmniPeek packet file by clicking the blue floppy disk icon on the top bar. Additionally, you can demonstrate the problem to others by clicking the “Save Report” icon, which will create an HTML report of your visualization, suitable for inclusion in a document or slide for the post-mortem meeting.

Finding a Noisy Application
Any large enough organization will have internally-developed applications, which are often created by developers using high-level frameworks and toolkits for rapid development and deployment. While these applications help the business, they are occasionally deployed in ways the development team never intended. Compass Live is a great tool to debug how the application should be retuned for the new environment.

A few months ago, one of our customers received reports from a remote office that a core in-house application was slow. Using Compass Live, they were able to observe that a significant amount of the traffic across the WAN link was to/from the application server. That insight let the network analysts focus on those connections, and they discovered that the application was sending large amounts of data to each client for each transaction. The developers had found during testing that client-side filtering made the server run faster: if the server didn’t have to filter the data, it ran faster, and the application responded faster to users on a high-speed local LAN. However, the developers didn’t have a WAN link in their lab, so didn’t have a test case to show that client-side filtering would flood the slow link. Changing the application to server-side filtering slowed responses slightly for local LAN users, but greatly reduced the amount of data across the WAN, resulting in much faster response times for the remote office.

Compass Live is designed to be easy to use, focusing on intuitive visualizations for packet-level analysis. The differential visualizations make it quick to determine what nodes and protocols are causing congestion, greatly speeding the time it takes to figure out how to speed up the network.

How to Solve the Mobile Users Latency Issues
Compass Live is also able to access performance issues faced by mobile users when capturing with a WiFi adapter compatible with the WildPackets driver. With a single adapter, Compass Live allows for traditional walk-around troubleshooting: carry the laptop while capturing with Compass Live to get a real-time view of signal strength. If the signal goes down at a particular location, you now know that there are problems of either interference or signal strength. For additional troubleshooting detail, save the packets by clicking the blue floppy disk Save icon, and open the file with OmniPeek.

For Enterprise-class Wi-Fi troubleshooting, analyzing and aggregating files from multiple wireless channels to comparing signal strengths across APs. Compass Live can capture from multiple adapters at the same time, so insert 3 Wi-Fi adapters, set them to different channels, and perform true multi-channel aggregation.  If a node abruptly changes signal strength, that generally correlates with wireless roaming between APs with the same ESSID. Given that nodes only roam between APs when they detect a problem, large amounts of wireless roaming are also a clear indication of a source of external noise or something similar causing Wi-Fi problems. More granular analysis (including roaming latency) is available in OmniPeek by saving the packets, but even on its own, Compass Live is an excellent and inexpensive tool for this kind of information gathering and portable diagnosis.

Getting More Visibility Across the Network
Compass Live can perform aggregation on wired interfaces, just as it can with wireless. To get increased visibility across the network, install multiple NICs into a server running Compass Live, with each NIC on a different VLAN or segment. Compass Live gathers its information in a completely passive manner, so it’s even possible to connect it to multiple span or mirrored ports and monitor critical and core traffic.

As a network administrator, it is necessary to be able to see network activity at a high-level view before diving into the specifics. Compass Live provides the ability to aggregate traffic from multiple segments, both wired and wireless, for real-time latency troubleshooting to help you find where the problems are stemming from, whether latency, application, or user.

Customizing Network Analysis and Troubleshooting with OmniPeek

Today, most enterprise IT networks are composed of a wide range of distributed applications, wired and wireless systems. No two networks are the same, and in order to combat the rise in network complexity, IT and network administrators must rely on network analysis software that isn’t just a one size fits all solution.

We designed the OmniPeek network analyzer with this in mind. The highly extensible architecture enables you to extend your network analysis into areas that are the most important. We have also created an array of plug-ins and add-on modules, including capture adapters and specialized analysis, which can be installed and immediately deployed without having to update your current version of the software.

Below we discuss the different scenarios that you may currently be facing and how you can customize your network to fit these needs.

Wireless Problems?
You have rolled out your initial wireless network, however more users are beginning to access the network and new services, like VoIP over WiFi (VoFi), are being rolled out too. As more traffic begins to stream across your network, throughput drops during peak usage and users begin to complain about connectivity issues.

Capturing wireless packets remotely is easy using the WildPackets Cisco AP Capture Adapter, which allows existing Cisco managed APs to be temporarily converted to packet capture devices, forwarding all of their packets back to OmniPeek via TCP/IP over the wired network. Not a Cisco customer? WildPackets also supports remote wireless packet captures for other vendors.

Using an AP for packet capture is a simple way to improve visibility into areas that are experiencing wireless problems. It’s also a great way to extend the life of old APs: after replacing them with newer models, re-use the old AP for remote packet capture. Either keep them mounted in the old location, or deploy them on an as-needed basis to locations experiencing chronic problems.

Once a problem occurs, remote packet captures can be started instantly and you can begin to discovered the troubled environment and troubleshoot the issue. When dealing with problems that are difficult to reproduce, it’s critical to have a tool ready on-site, rather than waiting for someone to get to the trouble spot and hoping the problem still exists.

If you’re addressing the wireless congestion problem by adding more APs with more channels, WildPackets also helps with aggregated wireless capture for true multi-channel monitoring with roaming latency analysis. This is one of our most popular plug-ins, and it’s easy to see why, because it makes roaming easy to see.

Need Better Visibility into Whether it’s an Application or Network Problem?
Latency is one of the most common issues on your network, but it can be one of the most frustrating to diagnose. Detecting sources of latency: application or the network is where additional tools are needed. The Latency Monitor plug-in provides valuable insight into pinpointing whether the latency originated from the network or the application.

For most businesses, top performance at the end-user is necessary for performing mission critical tasks. Understanding what the normal levels for Application Response Time (ART) and Network Response Time (NRT) is key to identifying abnormal response rates and determining the source of latency. The Latency Monitor graphs all of the results together in order to easily see where the problems are with the network or the applications.

In order for network admins to make the most intelligent decisions possible about improving network and application performance, you need the most in depth information.

How Do You Monitor What You Don’t Own?
Today, many businesses run their important applications through browsers. If your company runs applications over the web, you will need specific information in order to troubleshoot issues when they arise. For example, if a page doesn’t load but everything comes up clear on the server-side you need to be able to retrace the request progress. The main tool for diagnosing web problems is built into OmniPeek, with the Web analysis views. These pages allow quick insight into web site performance, including information per server, per client, per page, and even down to the per-request level.

Monitoring and troubleshooting web service issues is increasingly complicated with the trend of migration to cloud hosting. While cloud has certain advantages, it comes at the cost of decreased control.

WildPackets addresses cloud monitoring with a pair of plug-ins: Cloud Stats and Cloud Latency Monitor. Cloud Stats uses Deep Packet Inspection (DPI) to provide dynamic name resolution for HTTP connections, greatly clarifying where the web traffic in your network is going. Rather than a HTTP connection to a numeric IP address, the Cloud Stats Plug-in will show the actual host portion of the URL.

Cloud Latency Monitor is designed for ongoing analysis of your cloud-hosted services, using either ping or HTTP to provide continuous latency measurement. This tool is so popular, we even made it into a stand-alone tool, which you can deploy for free.

Want to See Information, Not Just Packets?
To ensure that you have full visibility of your network as well as the ability to go back in time to check out behavior of your network users, OmniPeek has the Compass Dashboard, which allows you to capture and visualize Gigabytes or even Terabytes of application server traffic then mine the transactions to discover any compliance or security issues. Compass provides dynamic differential visualization to go beyond the Top Talkers list, and graph individual nodes or protocols against the total traffic, or even against each other, to figure out what’s really going on.

Compass is another tool that has been so popular, we’ve released it as a free stand-alone tool. Install it on any node you want to get visibility into any segment.

Your Business Relies on Your Network, You Can Rely on Us
Businesses today are multi-faceted, and it’s no surprise that networks are the same. With the decentralization of most IT environments, it is necessary to have a monitoring and analysis solution that can be adjusted accordingly.

For a more in depth description of these as well as other plug-in capabilities, check out our blog, “Most Popular OmniPeek Plug-ins.”

Multi-Tier Network Support Helpdesk Solution with OmniPeek Remote Assistant

The presence of wireless devices in the home as well as the office has become common place, and although these products are marketed to be simple, they are actually very complex, and problems often arise during installation and routine use. The nature of wireless networking is such that many of the problems are environmental, requiring that those troubleshooting the problem have access to the exact location where the problem is occurring. Since this is typically unrealistic, the companies who make these products have a very difficult time providing technical support to a wide range of people who know little to nothing about networking protocols.

Let’s take a look at a common scenario.

It’s your birthday and you just received an access point extender – OK, we know you’re a geek, so are we. This $90 piece of equipment will allow you to surf the web on your tablet in the bedroom. Currently, with your primary AP you only receive one bar and web pages take too long to load. The AP extender was meant to change all that. Sadly it did not.

You call technical support, and work your way through at least 3 levels of support, until after three hours, it is finally decided that the device is faulty, and that you need to return it. Whether it is really faulty or not, or whether the support organization just decided they had reached the maximum amount of time to spend on a $90 device, is irrelevant. The bottom line is that it took a lot of your time, and the manufacturer’s time, and now it will take more of your time as you have to return the unit. And you may not even buy the same brand again, which means the manufacturer just lost quite a bit of money on this particular transaction.

In any product support organization there are multiple levels of support, which are called “tiers”, and each level has an increasing amount of expertise. Although there can be any number of tiers, the person in the final tier is a network engineer or protocol analyst who is armed with a variety of tools, like protocol analyzers, to help solve the most granular and challenging problems.

This top tier protocol analyst is a fairly rare breed, and is an expensive resource for a support organization. For this reason, there are typically only a few of these guys and gals at the top tier, and because of this there are a number of people working on the tiers below. Typically the people in tier 1 have a basic knowledge of the product and access to a database of problems and questions to help solve each problem. As they are helping you, they are also transcribing your problem in case it needs to be escalated to the next tier. Subsequently you make your way up the tiers with each different tier providing a little more technical understanding than the last.

The process, as shown through the scenario above, can be very time consuming and quite frustrating, especially if you have some knowledge yourself. This does not have to be the case, and is not the case when all the tiers are provided with the right set of network and monitoring tools.

At WildPackets, we help each tier in the support organization with a vast array of high quality troubleshooting tools. Our family of tools consists of three products, and when they are spread throughout a support organization, they provide the maximum level of support.

As a packet analysis company, we believe the first step in troubleshooting a network problem is capturing traffic on that network. Traditionally, the tool that was used to capture the traffic, and the tool that was used to analyze the traffic were the same. But of course, as described above, it is only the top tier people who have these tools and the knowledge to use them effectively.

With our family of products, we have changed all of that and now offer different products that separate the functions of data capture and analysis. The family of products includes:

- The OmniPeek Remote Assistant
- The Compass Latency Monitor
- The OmniPeek Enterprise Network Analyzer

The OmniPeek Remote Assistant (ORA) is a simple, easy-to-use tool that captures wired and wireless traffic on multiple channels and aggregates that traffic into a single secure file. This file can then be attached to a support case file and escalated to the next level for analysis. In order for the lower support tiers to capture traffic, or even the customers themselves to capture traffic, the ORA can be distributed quickly, whenever and wherever it is necessary.

The Compass Latency Monitor is a network visualization tool that provides high-level views of the network traffic with easy-to-use, interactive graphs. Compass makes it easy to load trace files, and display the network traffic over time. The analysis features of Compass make it possible to solve certain problems, and in the case where more in depth packet analysis is necessary, it provides information and filtering of data to the next tier.

OmniPeek Enterprise is our award winning network analyzer. It includes all of the functionality provided by the ORA and Compass, and other high-level network analysis features, as well as the ability to decode individual packets.

When support organizations have all these tools in place, it saves time and money, provides faster results to their clients and allows companies to work with a single vendor for all of their network analysis tool needs.