Recently in Network Monitoring Category

Top 10 OmniPeek Plug-ins

By WildPackets on March 9, 2010 3:40 PM | No Comments | No TrackBacks

The OmniPeek Plug-ins are flying off the shelves. And they should, since they are free to customers with maintenance. There are over 40+ plug-ins available on MyPeek. Some are more popular than others. To help you decide which ones to try first, we have taken a look at the stats, and have come up with the top 10 most downloaded plug-ins.

Google Map Plug-in!

The Google Map Plug-in displays a Google Map in the OmniPeek capture window showing the locations of all the public IP addresses of captured packets. This feature is a great way to monitor your Web site at a high level and to see in real time where in the world those hits are coming from.

The Instant Messenger Plugin

This plugin displays conversations for the AIM, MSN, and Yahoo protocols in real-time, showing the screen names of the people chatting as well as the actual text. Individual screen names can be selected, showing only the conversations for that screen name.

Remote TCPDump Adapter

The Remote TCPDump Adapter for OmniPeek is a revolutionary new way to monitor network traffic remotely. With OmniPeek and the Remote TCPDump Adapter you can dramatically extend the reach of your network monitoring capabilities by turning virtually every Linux and Unix based machine on your network into a network probe, and you can do this without installing any new software on those remote machines.

SQLFilter Plug-in

The SQLFilter plug-in brings simple, powerful data mining to WildPackets' flagship network analyzers. The plug-in lets you perform Structured Query Language (SQL) searches across very large, user-defined sets of packet files from within OmniPeek.

NetFlow Analyzer Plug-ins

The NetFlow Analyzer Plug-ins for the OmniPeek Console and OmniEngine collect NetFlow traffic and display NetFlow statistics in OmniPeek.

Wireless Channel Aggregator

The WildPackets' Wireless Channel Aggregator captures wireless packets from multiple channels simultaneously (without scanning), measures vital statistics on each channel separately, and calculates the latency of devices roaming between access points.

Regular Expression Filter Plug-in

The FilterMe Plug-in allows the user to create and maintain a list of regular expressions that can be used as filters during real-time capture and file windows.

WatchMe Plug-in

The WatchMe and Browser Plug-ins displays web pages. The WatchMe Plug-in follows links in real-time that network users are surfing to, while the Browser Plug-in reassembles packets back into web pages.

FindMe Plug-in

The FindMe Plug-in adds a tab to the capture window that contains a list of text strings that are searched for each packet. As packets are being processed, the plug-in searches for each instance of each text entry in each packet and makes log entries when the text is found.

Latency Monitor

The Latency Monitor measures network and application latency. These are graphed together and can be easily compared to determine which one is the culprit. Alarms can also be set to inform you if latency thresholds are exceeded.

Is Your New Application a Network Killer?

By WildPackets on March 5, 2010 10:41 AM | No Comments | No TrackBacks

Whenever a new application is rolled out on the network, IT must be able to predict with confidence how it will perform for the business. Moreover, other mission-critical applications must not be negatively impacted. Solutions that provide network performance analysis capabilities should be able to provide immediate feedback on how new applications behave on the network and can predict the impact to existing, business-critical applications.

Here are three warning signs that a new application on the network is not performing well on the network and / or is negatively affecting other business-critical applications.

1) Performance in production doesn't match pre-deployment testing/analysis
Pre-deployment testing can take many forms, from a relatively simple set of tests followed by predictions of the network impact, to complete test networks that simulate the entire usage pattern of the application. While the latter approach can be complicated and time consuming, the former technique is simple to perform with a few basic tools. By installing the application and capturing some representation transactions with packet-based network analysis software, one can perform "what if" analysis that allows one to "scale" these representative transactions to the expected number of users of the application once in production. The resulting analysis provides a clear assessment as to the readiness of the network for the new application. Additionally, it will give the data needed to compare application performance once the application is in production. Any discrepancies are a red flag and should be addressed.

2) Network baselines change dramatically after deployment
Without network baseline data organizations are operating blind, whether it pertains to the specific issue of deploying a new application, or just general day-to-day network performance management. Baseline data should include long-term (weekly cycles work well) sets of network utilization data from key network interfaces; node, protocol and application utilization over time; and an assessment of the typical "noise floor" of the network - typical packet loss numbers, number of retransmissions, latency measurements for key applications, etc. After deploying a new application (and as part of the pre-deployment testing) a new set of baseline data should be generated and compared against data from before the rollout. Unexpected differences should be addressed.

3) A change in network "health"
Network health ties into the aforementioned "network noise floor", but changes in network health can usually be seen much more quickly than comparing long-term baseline data. Enterprise-quality network analysis software will constantly monitor the vital signs of the network by performing background expert analysis, and it will send alerts when vital signs begin to drift. For example, if an organization deploys a new application and its network analysis software begins sending alerts that there are too many TCP retransmissions, this is a strong indication that this new application has tipped a balance. (even without even knowing the network's current threshold for TCP retransmissions).

No matter what solution an organization selects for analyzing how a new application behaves on a network, it must meet the following criteria ...

1) Provides detailed information through all seven layers of the OSI model

2) Enables collection of key network data over meaningful time cycles (like a week) to develop high quality network baseline data

3) Quickly identifies if the network is being stressed and where

4) Offers "What If" capabilities for analyzing the impact of new developments and implementations

10 Cool Things You Can Do With OmniPeek

By WildPackets on February 10, 2010 10:12 AM | No Comments | No TrackBacks

By Joe Habib, WildPackets Director of Global Services

OmniPeek is the first protocol analyzer to offer both expert diagnostics and frame decoding in real time, during capture. WildPackets' OmniPeek has been carefully designed to help IT Professionals analyze and diagnose increasingly diverse volumes of network data, providing precise, contemporary analysis of the problems facing today's networks.

Here are ten cool things you can do today with OmniPeek!

Main window of OmniPeek, showing the Expert view

1. Capture and view packets

Though you can see global network statistics without capturing packets, for most analysis sessions you'll want to capture packets. One of OmniPeek's many strengths is in its flexibility. This is immediately apparent in the packet list display, where you can easily customize the display.

1. Click the New Capture button on the Start Page, or pull down File...New from the menu bar. Click OK in the Capture Options Dialog, then click the Start Capture button.

2. OmniPeek provides several ways to customize your view of traffic with a single click.

a. The auto scroll option (Ctrl-K) allows you to see packets as they come in, which is useful if you're looking for particular information in the Summary or Expert columns.

b. The Show Packet List, Show Decode View, and Show Hex View buttons allow you to pick the content you want to see in real-time. Most other analyzers show all three (and not usually in real time) and do not allow you to toggle between the different views.

c. Right-click on one of the columns in the packet list to customize the column display.

2. Capture filtering the easy way

OmniPeek ships with a set of common, pre-defined filters, but its real power is in the ease with which you can create your own filters.

1. As packets are coming in, choose something you might want to filter on, such as a protocol or source IP address. Right click on that packet (stop the scrolling, if necessary, by keying Ctrl-K).

2. Click on Make Filter - notice that the information on the packet you chose is already set up in the Edit Filter dialog for you.

3. 3. Name the filter and make modifications. You may wish to restrict the data to only one attribute, for example, source IP address or protocol.

4. 4. Click OK to save the filter.

5. 5. Click on the Filters tab and find your new filter in the list. Check the box next to the filter. You will now be capturing only packets that meet the criteria of that filter. (Alternatively, you can reject only those packets matching the filter criteria by clicking on the Reject Matching button.)

6. 6. Go back to the packet list in the Packets view. You should only be seeing packets that meet your filter criteria. Notice the packet counts differ in the upper left corner (Packets Received vs. Packets Filtered)

3. Advanced filtering

OmniPeek's advanced filtering is easier to use than most analyzers' simple filtering. Filtering on specific protocol decode fields, for example, can be accomplished in just a couple of mouse clicks. Suppose you wanted to view all packets with a Time To Live (TTL) of under 128. A packet with a TTL of less than 128 indicates the packet has most likely traversed a router. When dealing with network slowdowns, it's interesting to understand where the packet came from and where it's going. TTL helps us understand the packet's path. Here's how to build the filter:

1. Click on the Packet List Tab.

2. Choose any IP packet and double-click to open the decode view.

3. Right click on the TTL field under the IP Header section and select k.

4. An advanced filter is already made for you!

5. Double click on the Value box.

6. Change the Operator to '<' (other LAN analyzers do not have this capability).

7. Name the filter and click OK.

8. Go to the Filters Tab and click on the filter you just created. Packets will then be filtered on the fly!

9. The same filter can be used for post capture analysis, too. OmniPeek doesn't force you to define filters in multiple places.

4. Who are the Top Talkers?

Top Talkers is a common troubleshooting statistic. The network is slow, for example, and you may want to see which stations are using the most bandwidth.

1. Click on the Nodes Tab. By default, the View Type is Hierarchical, where logical addresses and symbolic names are nested beneath their physical addresses along with their transmit and receive statistics. However, you can easily change the default view to one showing the Top Talkers.

2. Pull down IP from the View Type, then click on a column to sort on Bytes or Packets sent or received. Right click on the columns to customize the display.

3. To view a subset of the talkers, choose a value in the Display Top drop down.

4. Note that you can see the top 5 or 10 or 100, etc. Double click on a host to view its protocols in Detail Statistics.

Make a filter, build an alarm, or construct a graph for any of these hosts with just a click of the mouse. OmniPeek provides you with an amazing amount of flexibility. Other analyzers decide for you what statistics will be displayed.

5. What protocols are on your network?

Perhaps, instead of wanting to know what users are using the most bandwidth, you want to know what applications are using up bandwidth. Are any protocol ratios too high? Are there any protocols that shouldn't be on the wire?

1. To see which applications are on your network, click on the Protocols Tab.

2. Double click on a protocol to see the % of usage by each host.

3. Return to the Protocols Tab, right click on a protocol, and Select Related Packets. This is a two-click method of choosing all the packets in the packet list that are talking this protocol. Select Related is available throughout the program: the nodes stats, expert problems, Peer Map, etc.

6. Make multiple graphs

OmniPeek's extensive graphing ability enables you to correlate useful statistics. For example, are broadcast packets a significant portion of your utilization?

1. Click on the Summary Tab.

2. Right click on Total Broadcast, and choose Graph... Name the graph in the Graph Data Options dialog and click OK.

3. Right click on Average Utilization and choose Graph... Name the graph in the Graph

Data Options dialog and click OK.

4. Minimize the capture window and then choose Window...Tile Horizontally. (OmniPeek is one of the few analyzers that complies with MS Windows conventions, which is certainly helpful here!)

7. Find problem packets through "Select Related"

OmniPeek Expert Tab is by far the easiest to use and most up-to-date on the market. Problems are arranged by conversation, rather than by OSI model level. ProblemFinder tests and settings are just one right click away, as are problem descriptions and possible remedies. Other analyzers force you to hunt and peck for the information you need. OmniPeek delivers this information to you automatically. It pinpoints the packets related to a network communications issue, tells you why it's probably happening, and suggests ways to fix the problem.

1. Click on the Expert Tab.

2. Right click on the first host, and choose Expand All.

3. Scroll down until you find a particular problem you'd like to look at.

4. Right click and choose Select Related Packets by Source and Destination or by

Conversation.

5. Alternatively, you can go straight to the Problem Summary Log and select all packets related to a particular problem. Note how the conversations having this issue are highlighted when you return to the Packets view.

8. Determine Application Response Time

Application Response Time is available via the Expert Tab, where detailed round trip analysis of command-response packets is available, showing you the best, worst, and average delay. In a similar fashion, throughput is also analyzed.

1. Click on the Expert Tab

2. Click on the Node Details tab.

3. Right click on the first host in the conversation tree, and choose Expand All.

4. Walk down the tree until you see an interesting analysis in the Delay and Throughput

Analysis display in the lower right.

9. Visualize your network with expert mapping

The Peer Map is a great way to get a visual perspective of your network. Not only can you select related packets from hosts on the map, but you can easily create ad hoc filters or look at Top Talkers.

1. Click on the Peer Map.

Con the Peer Map

2. Choose IP Map from the Map Type pull down in the upper right hand corner.

3. In the Node Visibility Criteria area just below, you can choose Top Talkers via absolute number or, say, top 10%.

The amount of traffic through a node is represented by the size of a dot. If there is one host, such as a mail server or a web server that is skewing the results you are looking for, you can drag that node into the Hidden Node field.

10. Find that slow web server fast

With OmniPeeks' Expert System, you can easily spot slow servers. Here's an example of how to troubleshoot a slow web server.

1. Start a new capture.

2. OmniPeek ships with many standard filters, including HTTP. Click on the Filters Tab

and check the HTTP filter to immediately activate it.

3. Go back to the Packets view. Enable Scrolling (Ctrl-K) so you can see incoming packets. Verify that they are HTTP packets.

4. You may see HTTP access from web traffic not associated with your web server, so you will need to add a new filter. Open a browser and go to your web server. You should see your web server in the packet list display. Create a filter by right-clicking on that packet and choosing Make Filter.

5. Go to the Filters Tab and enable the filter you just created.

6. Now go to the Expert Tab. Click the Problem Summary pane and check for TCP Resets

or HTTP Slow Response time diagnoses.

7. The Problem Log pane provides more detail, including actual time delay between specific packets (e.g. 13 seconds from Packet 908).

8. Right click and select related packets by See Packet.

9. Go to the Packets view and your problem packet is highlighted!

10. From there, try and figure out what sort of packet it is. Does it say Data in the Summary Column? What is this packet in response to? Click through the packets that preceded the bad packet.

Unlike other analyzers, OmniPeek's expert system ignores the ACKs when determining the HTTP Slow Response diagnosis. Look to see if the ACK was received right away. If so, and it was the data packet that triggered the diagnosis, you know it was the web server that was slow and not the network.

---------------------

Joe Habib

Director of Global Services

I like to follow the KISS principal (KEEP IT SIMPLE STUPID) and welcome problems as they provide me with daily challenges.

Beyond Network Monitoring - Root-Cause Analysis

By WildPackets on December 15, 2009 12:04 AM | No Comments | No TrackBacks

Many network monitoring tools are available. All will give you the health of the network, and most will alert you when a problem occurs. However, not all network monitor products provide enough actionable information to really drill down to the root cause of network bottlenecks - that is, network monitoring and root-cause analysis in the same product.

The ability to quickly pinpoint the origin of a problem, thus reducing mean-time-to-recovery (MTTR), is an important business benefit for an increasingly mobile workforce. Additionally, by speeding up the identification of rogue wireless devices - whether a rogue access point or rogue peer (end user computer that has bridging and wireless enabled) - root-cause analysis serves to protect confidential data and critical assets. Overall, it simply improves the user experience.

To do root-cause analysis, you first need to choose a network monitoring approach that collects the appropriate data. As WildPackets' Jay Botelho wrote in October, there are three primary data sources for network monitoring solutions: Simple Network Management Protocol (SNMP), Flow Records, and the Packet themselves. Regardless of which approach you chose, you're going to have to make compromises. Two metrics that are useful when making those compromises are data granularity and data accuracy. The compromises you make here determine whether or not you're able to do root-cause analysis.

For example, a help desk may receive a call where a particular user is having a problem with a particular application. This might go unnoticed with a flow record-based approach, as the high-level alerts that have been configured may not flag this for attention. In this circumstance, having the packets and the payload can be important. As all packets are captured (unlike flow records, which rely on statistical sampling), packet-based network monitoring provides information that is 100 percent accurate for each flow. As Botelho notes in his article,

"Generally speaking, you want to use the appropriate monitoring technology for the appropriate need. If you just need to check the status of a device, then SNMP may be all you need...If you are interested in sampled high-level information about who is talking to whom, approximately how much traffic they are generating or receiving, then flow-based analysis may be fine...Lastly, if you need all the detail about what is happening on the network, as well as possibly being able to go back in time to prove what happened on the network, then a packet-based solution would be best."

By planning appropriately and considering issues like data granularity and data accuracy, organizations can move beyond network monitoring and set themselves up for root cause analysis with an approach and solution that best fits their needs.

$200 Million Says Plenty about the Network Monitoring and Performance Market

By WildPackets on September 17, 2009 7:00 AM | No Comments | No TrackBacks

If anyone had doubts about the strength of the network monitoring/reporting/troubleshooting market, this week's news should put those doubts to rest. Of course we're referring to the announced purchase of NetQoS by CA for $200M in cash. This is a multiplier of approximately 4 over the reported 2008 annual revenue of $56M from NetQoS. Not a bad deal indeed for the current economic climate.

Though not sexy, and often considered commoditized, the network monitoring/reporting/troubleshooting market may be just the opposite. At the core of this market is packets. Yes, I said packets. Geeky, techie, call it what you want but we're back to basics on this one. Accumulating statistics on the basis of packets, whether through direct, deep packet inspection or through the use of flow-based technology available in most contemporary routers and switches, is proving to be a highly valuable capability, especially as networks grow and IT staffs shrink.

For years it seems the industry tried to steer clear of packets, looking to higher-level solutions like SNMP, but in the end it's becoming clear that packets never lie, and to obtain reliable network data one must start with network packets.

Now, I think we're going to come full circle on this one. Even the solution from NetQoS - which relies on flow-based information from routers and switches - can't provide the level of detail compared to complete packet inspection. And this technique provides no capability of unequivocally determining a root-cause for reported problems. It merely shows network trends and alerts when thresholds are exceeded - it does not allow for detailed analysis as the offending data has already passed through the network. That's why NetQoS partnered with Network Instruments and OEM'd their Gigastor solution. With that partnership, NetQoS could provide the full monty - network reporting, monitoring, and troubleshooting. Or, as I see it, coming full circle back to packet capture and deep packet inspection -- the only way to truly identify network issues.

The purchase of NetQoS by CA provides validation that the network monitoring/reporting/troubleshooting market is not only alive and well, it is thriving. The traditional, "full-featured" network management solutions (like CA) are realizing that quality network monitoring, reporting, and troubleshooting are key features, and that they need capabilities like flow-based monitoring and deep packet inspection to continue to claim that their solutions are complete. The value of these types of solutions continues to rise, and the "big boys" have only two options, start developing fast or acquire. And with the head start many of us have with our network monitoring/reporting/troubleshooting solutions acquisition is by far the better alternative.

Automation for Efficient Network Monitoring and Performance Analysis

By WildPackets on June 2, 2009 5:30 PM | No Comments | No TrackBacks

OmniPeek is a tool, like a hammer, but not just any hammer.   It is like Thor's hammer, and when you wield the OmniPeek hammer, you are like Thor, the God of Thunder.    You save mortal men every day. You monitor and troubleshoot their networks, you solve their problems.   You make life better for everyone. Yes, with OmniPeek, you are a superhero.

And if you are like me, you probably use OmniPeek in some form or another every day for network monitoring, VoIP analysis, network performance analysis, network security, or any of the other capabilities of this analyzer.   And before that, you used EtherPeek, and probably AiroPeek as well.   These products have always been easy to use, provided you with powerful analysis capabilities, and of course the UI looks great.    But as a superhero, you have a lot to do these days.   You either have to many products to test, or more than one network to monitor at the same time.

As a result, you may find yourself performing the same functions over and over again.   And you may ask yourself, how do I work this?   And you may ask yourself, where is that large automobile?   ;-) Ok, maybe not, but although you may have the test or monitoring process down to an exact science, and a precise number of clicks, you are still not making the best use of your time.

Sometimes it can be difficult to recognize this, or admit that it is true. But that is ok, and that is why we are here.   We want to help you help yourself, by introducing you to the amazing world of automation.   Through automation, you can save lots of time and money.   'Nuff said, it is worth it.    To take advantage of automation, you do not have to be a programmer either.   It can definitely help, but we have developed some command line utilities that do the scripting for you.

But, there is a catch.   In order to get the most out of automation, you first need to upgrade your OmniPeek Console to an OmniEngine, if you have not already.    That is the ante, and you will be pleasantly surprised by how little it costs to upgrade.    Yes, you can automate the OmniPeek Console, and if that is your only option, I would highly recommend it.   There are lots of benefits.

However, if you can upgrade to an OmniEngine, then do it.   Do it for all of the right reasons.   Do it for your girlfriend, or wife and children, who would like to see more of you.   Do it for your boss, who would like to save money.   But mostly, do it for yourself because you are not just a button pusher.   You are smart enough to know that if you put in a little time and effort up front, you can have a better life because of it.   And finally, do it because you can.   The fact is that the OmniEngine is the best platform for automating network monitoring and analysis processes.

The OmniEngine is extensible in a number of ways, and that is why we call it a platform. But today, we are focusing on automation.    At a high level, automating an OmniEngine consists of creating a capture, and analyzing the results.   But wow, talk about making a long story short. Captures have lots of settings, and filters, and adapters, and statistics, and on and on.   And then there are the results; fast vs. slow, up vs. down, pass vs. fail, and all of the analysis required to come to that conclusion.    But for for the processes you perform over and over again, you probably know the exact set of steps required to create the capture, configure the capture, how long to run the capture, and what analysis is required to determine the result.    With OmniScript and the OmniEngine command line utilities, you can automate most, if not at all, of these steps.

So what is OmniScript?   OmniScript is the remote API used by the OmniEngine Command Line Utilities.   With OmniScript you can write scripts that control the OmniEngine, and can virtually anything that the OmniPeek Console can do.    But with OmniScript, you can write these scripts in such a way that they can run by themselves from start to finish.    What we do here at WildPackets, is write command line utilities that can automate the OmniEngine in different ways, so you don't have to.   You just configure the utilities with all the right parameters, and integrate them right into your work flow.

The most important thing to understand about automation, is that it is not all or nothing .   Automation is something that you can add a little bit at a time, and every time you add some, your life gets better.   So go ahead, take the next step.   It's easy, just read more about automation, in our Automation Primer on MyPeek.   And then, when you are ready to take the red pill, download OmniScript and the OmniEngine Command Line.

---

My name is Chris Bloom (aka spacepacket), and I do wild and crazy things with OmniPeek. If you have any questions about automation, or any other questions about the extensibility of WildPackets products in general, please email me at bloom@wildpackets.com

Decoders and Protospecs: A Tale of Two Islands

By WildPackets on May 13, 2009 8:18 AM | No Comments | No TrackBacks

Protospecs are written in XML and executed for each packet when the packet is either captured or loaded from a file. All of the Protospecs are in the pspecs.xml file. This file is shipped with the product and can be extended with new protocols by the user as well as other third parties.This a story about the marriage of Protospecs and Decoders. It is a love story that begins as a tragedy and ends in harmonial bliss. The tragedy is that Protospecs and Decoders are separate subsystems that should be able to leverage each other, but until recently could not. The harmonial bliss is a way to write Decoders as a C Plug-in that can use Protospecs.

The result of the protospecs is the name of the highest known protocol layer and a unique ID that represents it. Protospecs are very fast. Internally, protospecs are represented as a highly optimized binary tree. From the user point of view, the Protospec is the protocol name displayed in the Protocol Column of the Packet List as well as the names of the protocols in the Protocols Tab. The protospec id for a packet is also used by virtually every other feature of the program. This is important, because it means that modifications and extensions made to protospecs are highly leveraged.

Decoders are written in a specialized language that is appropriately called The Decoder Language. It is a hybrid language, a melting pot if you will, consisting of legacy syntax resembling 68000 assembler as well as newer syntax that looks a lot like C++. Decoders are found in the decodes folder and are separated into files called .dcd files. When OmniPeek is run, all of the dcd files in the decode directory are loaded and compiled into binary form. Decoders are fast, but they are still interpreted and thus are slower than machine code.

From the user point of view, the decoder is the detailed break down of a packet in the Decode View of the Packets Tab as well as the Decode Column of the Packet List. The two technologies, Protospecs and Decoders, provide similar but different functions and thus many moons ago were implemented as completely different libraries without any connection or integration between the two. And that, my friends, is where our story of a tale of two islands begins.

For millennia, in fly years anyway, man has searched for magic to use the great knowledge of the protospecs from the decoders. It is believed by many wise men that if one knows the protospec of a packet while in a decoder, less work has to be exerted by the decoder programmer to write the decode. And of course doing less work is the holy grail of the programmer, making this an honorable and worthwhile journey. However, this quest has been made many times and has always ended in frustration, futility, and ultimately failure. Years have passed since the journey has been made.

But today we enter a new era, a Decoder Renaissance. Today, thanks to a premium developer support customer, a phone call for developer support was made and in the process a realization formed that there is a place in the universe where decoders and protospecs can meet. This place is the C Decoder Plugin where the decoder programmer has access to both the decoder functions and the packet, which includes the almighty powerful protospec id. It is in this special place, the "Protocoder", that the protospec id can be used to make important decisions about the decode without having to rewrite logic that the protospec library has already executed.

As the story goes, the customer had extended the pspecs.xml file to include a number of new application layer protocols. Their protocol types are figured out by looking at the IP address, not the protocol type. This is odd, but true, and they have their reasons. So now that they had worked so hard on the protospecs, it was time to write the decoder.

They were tired, for they had labored long and hard, and when they begun writing the decoder they did not want to work so hard again. They also, for other reasons, had decided to write their decoder as a C Decoder Plugin. And although it was not evident early on what the advantages would be, it was realized in a moment of great insight that by writing the decoder in C, the protospec along with other valuable information about the packet is passed into the C decoder function.

So believe it or not, that's how the story goes. And from that moment on it was realized that this special place in a plug-in where Protospecs and Decoders meet, could be used to enhance decoders in many other ways. Who knows, maybe those stories will be passed down through the ages as well.

The End.

*The feature described in this story is available in OmniPeek 4.0.2 and above.

For more information about Protospecs and Decoders, please visit the following URL:

https://mypeek.wildpackets.com/documentation/index.php

Chris Bloom

Customer Solutions Expert

WildPackets, Inc.

925-274-5443

Take control of latency - measure it actively

By WildPackets on November 24, 2008 4:08 PM | No Comments | No TrackBacks

Until recently, you've only been able to measure latency passively using WildPackets(R) OmniPeek(R) through our Latency Monitor extension. The disadvantage of this technique is that it relies on packets to go by. This means you're reacting to problems - you discover latency that exceeds acceptable thresholds after the packet is delayed, that is after a problem has occurred.

Our new Ping Latency Analyzer measures latency actively. This new extension generates traffic at a specified interval so that you can see potential problems as they're developing. Now your alarms can notify you of excessive latency before applications on the network start dropping packets. Additionally you can compare and correlate multiple servers or IP addresses in one graph for faster problem resolution - at a glance you can determine if the latency is due to the network or the application.

View image

With proactive latency monitoring you'll be able to detect and correct problems in the network and applications before your end users notice a slowdown.

Check out Chris Bloom's recent article in CommunicationsNews for additional tips on how to solve network latency issues.

Availability: Now on MyPeek

Cost: Free to OmniPeek(R) Professional and OmniPeek(R) Enterprise customers with current maintenance agreements

Latency & Your Bottom Line

By WildPackets on September 10, 2008 12:15 PM | No Comments

Introduction
Latency is a terrible thing and can cost companies a lot of money when systems fail because of it. Companies that depend on their networks to run business critical applications need to measure latency 24x7 and have plans in place to fix it before it is too late. However, not all latency is equally bad so latency monitoring applications need to be intelligent and flexible.

Enter the Latency Monitor. This add-on application, available now for Omni 3.0, provides an intelligent and flexible way to determine and react to latency. The Latency Monitor is designed to produce meaningful notifications about latency across groups of servers as well as specific applications. This type of high value notification can be used by a company to build procedures, both manual and automated, to react and fix problems before they occur. Being able to fix problems before they occur can result in saving money and making money depending on the type of company.

Saving Money
The example of using the Latency Monitor to save money is going to be the most common scenario. In this case a company uses the Latency Monitor on critical applications to ensure that Latency does not exceed an acceptable threshold. If Latency does exceed the threshold a notification is sent and the appropriate actions can be taken either automatically or manually to lower the latency. By lowering the latency before access to critical applications effects the users the company saves money in a number of ways. For one the users did not stop working which would have resulted in loss of revenue. And two, the IT department did not have to take calls from the users who would not have been able to access the applications. In other words, all of the time spent reacting to the problem, fixing the problem, and waiting for the problem to be fixed did not happen. This can save a company a lot of money.

Making Money
An example of using the Latency Monitor to make money is a company who charges for clicks to its web site. The more clicks the network can carry and the system can process, the more money the company will make. In the new age internet economy this is a very common business model. The Latency Monitor helps the company to make money by providing intelligent notifications about latency. These notifications give the company an opportunity to increase capacity before the system loses any hits. By increasing capacity more hits can be processed and more money is made.

Google Maps Mania

By WildPackets on June 12, 2008 12:18 PM | No Comments | No TrackBacks

Two years ago, WildPackets released the first version of the Google Map Plug-in for OmniPeek. It was an instant hit then, and continues to be the most downloaded plug-in on the WPDN.

The Google Map Plug-in is free, so that is a pretty good reason to at least try it. But more than that, it is a compelling mash-up of two very useful applications. Since then, WildPackets has released a virtual army of Google Map downloads, including two OmniPeek Google Map Plug-ins, a remote Google Map client for the OmniEngine called OmniMapper, and a very simple to use, standalone Google Map application called PlaceMap. Ok, so that's only 4. Still, it is more Google Map applications than most companies have.

In case you don't know, the OmniPeek Google Map Plug-in maps the locations of network devices to the Google Map. Different colored markers are used to represent network devices, where each marker has a color that specifies the amount of traffic from a device. By clicking on a marker, a balloon appears with more information about the IP address. In the balloon, there are also helpful links that will take you to websites with more information about that IP address. The websites include DShield, Whois, SpamCop, and SenderBase.

This week, WildPackets posted a new version of the Google Map Plug-in, as well as a new version of the PlaceMap application to the WPDN. The new Google Map Plug-in is sporting a new look, with a fancy tool bar, and much better marker drawing. PlaceMap has all of the new features of the plug-in, plus it runs all by itself. No OmniPeek necessary. Of course, running within OmniPeek provides much more information about the network. But for high level monitoring, PlaceMap is a good place to start.

The Google Map Plug-in is what we call the good map. It represents all network traffic, or at least the traffic that can be mapped from an IP address to GPS coordinates. This is great for some types of monitoring, but when it comes to network troubleshooting, most IT people are only interested in the bad map. This is the map that displays network devices that are experiencing unacceptable levels of latency. In OmniPeek, we call this an Application Performance Index or APDEX score, and when a users APDEX score exceeds a certain threshold, an event is generated. Sound interesting? Well, we wrote a song about it. Actually, it is a plug-in called the APDEX Google Map. It is the "bad map", and only maps nodes whose APDEX scores have exceeded the specified threshold.

But ah, you have an OmniEngine? Or even better, you have multiple OmniEngines, running at different sites? Hmmm, then you should try OmniMapper. OmniMapper is a standalone Windows client that aggregates nodes from multiple distributed OmniEngines, and maps them all to the same Google Map.

And this is just the tip-o-the-berg. Who knows what we will do next. Actually, I do. :-} But if you have any requests, please let us know.

« Network Managment | Main Index | Archives | Network Performance Management »

Recently in Network Monitoring Category

Top 10 OmniPeek Plug-ins

Is Your New Application a Network Killer?

10 Cool Things You Can Do With OmniPeek

Beyond Network Monitoring - Root-Cause Analysis

$200 Million Says Plenty about the Network Monitoring and Performance Market

Automation for Efficient Network Monitoring and Performance Analysis

Decoders and Protospecs: A Tale of Two Islands

Take control of latency - measure it actively

Latency & Your Bottom Line

Google Maps Mania

Search

About this Archive

Categories

Monthly Archives

Pages