deep pcap trace file monitoring
network packet analysis at the next level
- dive deep into the contents of thousands of PCAP trace files in a single dashboard.
- using Shark syntax for enabling more than 100.000 protocolfields
- Masses of data easy to organize, aggregate, analyze and prioritize.
- Grouped into 3 main categories – application – connection or network
- allows quick assignment of errors and incidents
- data saved in Database – long history
IT Data is network data – network packets travel the whole IT delivery chain – and transport the information about status and performance between endpoints: DNS und LDAP codes and times, Network and Application Performance, Server Responsetimes & Return Codes, Frontend / Backend Performance – or any content of a readable packet.
If Application is slow, Service not reachable, Error codes — infos about these symptoms – and often about the causes – can be found in packets.
interTrace imports network packet data – and does provide required performance and status metrics conained in such packets.
interTrace is using pcap files generated everywhere in the network – in the cloud on servers, at user PCs, firewalls, capture appliances etc. and can aggregate distributed capture sources into a single monitoring pane.
It can create incidents for root cause analysis and incident correlation and forward those incidents into central event correlation systems.
InterTrac – at a glance
– longtime data – import realtime large numbers of pcap files for hours, days, weeks – created by various trace tools like Tcpdump, Tshark, or a capture appliance
– Auto-Analysis – analyze thousands of sequential files automatically on the fly by using customizable deep packet expert profiles – also per object – including custom metrics and thresholds
– Incidents – create incidents based on variable thresholds per object
– longtime perspective – visualize incidents and raw data in smart dashboards over hours, days , weeks or months
– Incident correlation – Export incidents into service management management, becoming part of correlation framework
– Automation – Automate the analysis workflows step by step – avoiding time and efforts for recurring tasks
Longtime monitoring – or single tracefile analysis ?
Just with a glance a user can understand:
- Are there any issues in my trace files
- To what category they belong too (network, application, connection)
- Which exact metric was causing that?
- What threshold was crossed
- Direct access to the trace file
- Drilldowns and category specific
- views (here application view) allow deep insights- continuously over time – for days, hours or seconds
With Deep analysis InterTrace is utilizing Wireshark display filters – which can do a lot more than most other analysis solutions. Thousands of protocol-dependent prefilters are defined, analysis expert exist for a wide range of protocols. By using each possible Wireshark-Display filter in IPAC-TM – user can pretty much use every byte in the packet flow – as monitoring and incident condition.
iPAC-TM Under the Hood
iPAC-TM Under the Hood
Analysis profiles are pre-configured customizable filter-and-threshold definitions which will be applied to a trace-analysis. A profile is a configuration of defined filters and symptoms – pretty much each byte in a packet or a Wireshark-expert-analysis (like tcp_out_of_order) can be configured as symptom. Files will be analyzed very deep according to these profiles – and symptom are generated based on the analysis. Eg. if SSL uses TLS1.2 can be defined as condition, an occurrence on non-TLS1.2 packets can be seen and defined as symptom. Same can be done with performance metrics like LDAP.time, DNS.Time, DNS. responseCodes, HTTP return codes etc. – which can be included in a specific profile and symptoms created if a threshold is exceeded.
Die Front-End- sowie Backend Server-Systeme werden aufgelistet bzw. in einem Architektur-Chart dargestellt.
Da die Service Discovery täglich durchgeführt wird, sind die Architektur Charts immer aktuell.
Änderungen innerhalb einer Service Kette, z.B. neue Server, werden erfasst und ausgewiesen.
User define their analysis objects and metrics as an analysis scenario:
- Object – What I need to analyze
- Conditions – filter conditions, time (backward or future)
- Data source – PCAP files, active Wireshark/tcpdump srtewam , capture appliance
- Options – for analysis purpose (like de-duplication, merging).
- Intelligence – What analysis profile should be used, which includes metrics thresholds etc.
Such a scenario gives the user the ability to start a longtime-monitoring process on a deepest level – focus on this scenario and create scenario-related incidents and events. Many scenarios can be defined and processed parallel – so one scenario can work on the web shop using deep SSL and HTTP metrics, another can monitor SAP services and another the DNS replies – same time.
Download iPAC Trace Manager facts sheet