Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
How Adaptive Processing Works EARLY FIELD TRIAL Chapter 7 144 Sniffer Adaptive Application Analyzer Adaptive Session processing works differently than traditional packet capture, condensing packet data in to Adaptive Session Packets (ASPs) and recording end-to-end session metrics in Adaptive Session Records (ASRs). This section summarizes how Adaptive processing works, as well as how the results are presented (Figure 7-2). Adaptive Packet Processing in the Adaptive Decode View Packets with an ASI protocol interpreter are condensed into Adaptive Session Packets (ASPs). ASPs include compressed packet headers through the transport layer and an intelligently “derived” payload rather than the actual payload. ASPs are much smaller than their raw counterparts and can be stored and analyzed much more efficiently. The exact fields preserved in an ASP vary by protocol but include compressed MAC/ IP headers and key data fields (for example, SQL calls embedded in the data portion of an HTTP packet). TCP/UDP v4 packets without an ASI protocol interpreter are captured with compressed headers and a raw application payload (with an optional slice size starting after the TCP/UDP header). Generic session data is also available for these packets. Other IP packets (including IPv6) can be captured as raw packets with an optional slice size. No session data is available for these packets. Sniffer Adaptive Application Analyzer presents ASPs in the Adaptive Decode view. ASPs are also correlated with their parent ASRs for drillup analysis. Adaptive Session Processing in the Adaptive Session View In addition to condensing packets into ASPs, Sniffer Adaptive Application Analyzer also records flow-based metadata in Adaptive Session Records (ASRs) for session analysis. Session analysis for flows with an ASI protocol interpreter include application-specific metrics in addition to standard transaction metrics, including: Source/Destination Identifiers Session start/end times Latency metrics, success/failure codes, and error messages.
EARLY FIELD TRIAL Adaptive Session Analysis Sniffer Adaptive Application Analyzer also provides session analysis for TCP/UDP v4 flows without an ASI protocol interpreter, providing transaction metrics under GENERIC entries in the Session Decode view. Sniffer Adaptive Application Analyzer presents ASRs in the Adaptive Session view. ASRs are also correlated with their underlying ASPs for drilldown analysis. Figure 7-2. Postcapture Views for Adaptive Mode Adaptive capture produces session statistics. Here we see flow statistics for an FTP session. Use the Adaptive Packet Drill Down command to view the underlying packet events. Packet events are available for viewing in the Adaptive Decode view. Standard Summary and Detail panes let you browse through the events. Here we see one of the FTP packets associated with the session listed above. Use the Open ASR command to drill up to the session file containing the parent flow. User’s Guide 145
- Page 93 and 94: EARLY FIELD TRIAL Working with the
- Page 95 and 96: EARLY FIELD TRIAL Using the Statist
- Page 97 and 98: EARLY FIELD TRIAL Refreshing Statis
- Page 99 and 100: EARLY FIELD TRIAL Using the Statist
- Page 101 and 102: EARLY FIELD TRIAL Showing and Hidin
- Page 103 and 104: EARLY FIELD TRIAL Resolving DNS Nam
- Page 105 and 106: EARLY FIELD TRIAL Table 4-1. New Co
- Page 107 and 108: EARLY FIELD TRIAL SECTION 2 Capturi
- Page 109 and 110: EARLY FIELD TRIAL Capturing and Min
- Page 111 and 112: EARLY FIELD TRIAL Configuring and S
- Page 113 and 114: EARLY FIELD TRIAL Capture Mode Adap
- Page 115 and 116: EARLY FIELD TRIAL Mining Packet Dat
- Page 117 and 118: EARLY FIELD TRIAL Capturing and Min
- Page 119 and 120: EARLY FIELD TRIAL Using Filters in
- Page 121 and 122: EARLY FIELD TRIAL Reusable Filters
- Page 123 and 124: EARLY FIELD TRIAL Figure 6-2. Apply
- Page 125 and 126: EARLY FIELD TRIAL Working with Auto
- Page 127 and 128: EARLY FIELD TRIAL Table 6-3. Filter
- Page 129 and 130: EARLY FIELD TRIAL Using Filters in
- Page 131 and 132: EARLY FIELD TRIAL Using Pattern Mat
- Page 133 and 134: EARLY FIELD TRIAL Applying Mining F
- Page 135 and 136: EARLY FIELD TRIAL Using Filters in
- Page 137 and 138: EARLY FIELD TRIAL Adaptive Display
- Page 139 and 140: EARLY FIELD TRIAL SECTION 3 Analyzi
- Page 141 and 142: EARLY FIELD TRIAL Adaptive Session
- Page 143: EARLY FIELD TRIAL Adaptive Mode Pos
- Page 147 and 148: EARLY FIELD TRIAL Adaptive Session
- Page 149 and 150: EARLY FIELD TRIAL Session Overview
- Page 151 and 152: EARLY FIELD TRIAL Drilling Down to
- Page 153 and 154: EARLY FIELD TRIAL Adaptive Decode V
- Page 155 and 156: EARLY FIELD TRIAL Opening ASP Files
- Page 157 and 158: EARLY FIELD TRIAL Figure 7-9. Openi
- Page 159 and 160: EARLY FIELD TRIAL Using Filters wit
- Page 161 and 162: EARLY FIELD TRIAL Raw Capture Mode
- Page 163 and 164: EARLY FIELD TRIAL Table 8-1. Postca
- Page 165 and 166: EARLY FIELD TRIAL Introducing the P
- Page 167 and 168: EARLY FIELD TRIAL Granularity in De
- Page 169 and 170: EARLY FIELD TRIAL Packet Status Fla
- Page 171 and 172: EARLY FIELD TRIAL Table 8-5. Decode
- Page 173 and 174: EARLY FIELD TRIAL Types of Display
- Page 175 and 176: EARLY FIELD TRIAL Raw Capture Mode
- Page 177 and 178: EARLY FIELD TRIAL a The “Apply on
- Page 179 and 180: EARLY FIELD TRIAL Raw Capture Mode
- Page 181 and 182: EARLY FIELD TRIAL Raw Capture Mode
- Page 183 and 184: EARLY FIELD TRIAL Raw Capture Mode
- Page 185 and 186: EARLY FIELD TRIAL Using the Manual
- Page 187 and 188: EARLY FIELD TRIAL 5 Click OK. Figur
- Page 189 and 190: EARLY FIELD TRIAL Raw Capture Mode
- Page 191 and 192: EARLY FIELD TRIAL Setting Display S
- Page 193 and 194: EARLY FIELD TRIAL Raw Capture Mode
How <strong>Adaptive</strong> Processing Works<br />
EARLY FIELD TRIAL Chapter 7<br />
144 <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong> <strong>Analyzer</strong><br />
<strong>Adaptive</strong> Session processing works differently than traditional packet<br />
capture, condensing packet data in to <strong>Adaptive</strong> Session Packets (ASPs)<br />
and recording end-to-end session metrics in <strong>Adaptive</strong> Session Records<br />
(ASRs). This section summarizes how <strong>Adaptive</strong> processing works, as<br />
well as how the results are presented (Figure 7-2).<br />
<strong>Adaptive</strong> Packet Processing in the <strong>Adaptive</strong> Decode View<br />
Packets with an ASI protocol interpreter are condensed into<br />
<strong>Adaptive</strong> Session Packets (ASPs).<br />
ASPs include compressed packet headers through the transport<br />
layer and an intelligently “derived” payload rather than the actual<br />
payload. ASPs are much smaller than their raw counterparts and<br />
can be stored and analyzed much more efficiently. The exact fields<br />
preserved in an ASP vary by protocol but include compressed MAC/<br />
IP headers and key data fields (for example, SQL calls embedded<br />
in the data portion of an HTTP packet).<br />
TCP/UDP v4 packets without an ASI protocol interpreter are<br />
captured with compressed headers and a raw application payload<br />
(with an optional slice size starting after the TCP/UDP header).<br />
Generic session data is also available for these packets.<br />
Other IP packets (including IPv6) can be captured as raw packets<br />
with an optional slice size. No session data is available for these<br />
packets.<br />
<strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong> <strong>Analyzer</strong> presents ASPs in the <strong>Adaptive</strong><br />
Decode view. ASPs are also correlated with their parent ASRs for drillup<br />
analysis.<br />
<strong>Adaptive</strong> Session Processing in the <strong>Adaptive</strong> Session View<br />
In addition to condensing packets into ASPs, <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong><br />
<strong>Analyzer</strong> also records flow-based metadata in <strong>Adaptive</strong> Session<br />
Records (ASRs) for session analysis.<br />
Session analysis for flows with an ASI protocol interpreter include<br />
application-specific metrics in addition to standard transaction<br />
metrics, including:<br />
Source/Destination Identifiers<br />
Session start/end times<br />
Latency metrics, success/failure codes, and error messages.