Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
EARLY FIELD TRIAL Chapter 7 No ASPs for Session? 152 Sniffer Adaptive Application Analyzer Sessions do not always start and end neatly within the specified mining window. Because of this, it’s possible that the Adaptive Session view will show sessions that are continuations of ongoing sessions that started earlier than the specified mining window. In cases like these, Adaptive Packet Drill Down will not produce any packets. You can address this by refining the mining request to start at an earlier time. About the ASR File Format The Adaptive Session View is populated using Adaptive Session Records. These records are saved in .asr files. Each .asr file has a companion Adaptive Session Packet (.asp) file where the packet-level details are stored. When you mine data captured in Adaptive mode, Sniffer Adaptive Application Analyzer automatically creates temporary .asr/.asp files for the mining request and stores them in the Sniffer Adaptive Application Analyzer program directory under \bin\Local-x. You can use standard File > Open commands to open .asr/.asp files. You must use File > Save As to save any mined Adaptive trace files permanently. IMPORTANT: The exact name of the folder varies according to the number of NICs/agents in the PC – Sniffer Adaptive Application Analyzer uses separate \Local-x folders for each local agent. IMPORTANT: The .asr/.asp files are paired – make sure you don’t delete one half of the pair and expect to perform full analysis on the other. For example, if you delete an .asp file, you will not be able to drill down to adaptive session packets from the companion Session (.asr) file.
EARLY FIELD TRIAL Adaptive Decode View a b Adaptive Session Analysis The Adaptive Decode View (Figure 7-7) provides line-by-line protocol decodes for data captured in Adaptive mode. You can display the Adaptive Decode View in either of the following ways: Drill down from the Adaptive Session view using the Adaptive Packet Drill Down command (refer to Drilling Down to Adaptive Session Packets on page 151 for details on how to do this). Drilling down from the Session View opens just those ASPs associated with flow selected in the Session view. Open an Adaptive Session Packet (.asp) file directly using File > Open. Depending on how the ASP file was saved, this could produce just those ASPs retrieved during a drilldown, or, if you open the full ASP file automatically saved during mining, all packet data in the time selection, including raw packets. Refer to Opening ASP Files on page 155 for more information on opening ASP files. Adaptive Decode View Mechanics The mechanics of the Adaptive Decode View will be familiar to anyone accustomed to traditional Sniffer decodes – individual ASPs are listed line-by-line in a Summary pane (a) at the top of the window. Selecting an ASP in the Summary pane populates the lower Detail pane (b) with the Adaptive decode for the selected packet. In contrast to the traditional, tri-pane Sniffer decode window, the Hex pane is not present. Figure 7-7. Adaptive Decode View User’s Guide 153
- Page 101 and 102: EARLY FIELD TRIAL Showing and Hidin
- Page 103 and 104: EARLY FIELD TRIAL Resolving DNS Nam
- Page 105 and 106: EARLY FIELD TRIAL Table 4-1. New Co
- Page 107 and 108: EARLY FIELD TRIAL SECTION 2 Capturi
- Page 109 and 110: EARLY FIELD TRIAL Capturing and Min
- Page 111 and 112: EARLY FIELD TRIAL Configuring and S
- Page 113 and 114: EARLY FIELD TRIAL Capture Mode Adap
- Page 115 and 116: EARLY FIELD TRIAL Mining Packet Dat
- Page 117 and 118: EARLY FIELD TRIAL Capturing and Min
- Page 119 and 120: EARLY FIELD TRIAL Using Filters in
- Page 121 and 122: EARLY FIELD TRIAL Reusable Filters
- Page 123 and 124: EARLY FIELD TRIAL Figure 6-2. Apply
- Page 125 and 126: EARLY FIELD TRIAL Working with Auto
- Page 127 and 128: EARLY FIELD TRIAL Table 6-3. Filter
- Page 129 and 130: EARLY FIELD TRIAL Using Filters in
- Page 131 and 132: EARLY FIELD TRIAL Using Pattern Mat
- Page 133 and 134: EARLY FIELD TRIAL Applying Mining F
- Page 135 and 136: EARLY FIELD TRIAL Using Filters in
- Page 137 and 138: EARLY FIELD TRIAL Adaptive Display
- Page 139 and 140: EARLY FIELD TRIAL SECTION 3 Analyzi
- Page 141 and 142: EARLY FIELD TRIAL Adaptive Session
- Page 143 and 144: EARLY FIELD TRIAL Adaptive Mode Pos
- Page 145 and 146: EARLY FIELD TRIAL Adaptive Session
- Page 147 and 148: EARLY FIELD TRIAL Adaptive Session
- Page 149 and 150: EARLY FIELD TRIAL Session Overview
- Page 151: EARLY FIELD TRIAL Drilling Down to
- Page 155 and 156: EARLY FIELD TRIAL Opening ASP Files
- Page 157 and 158: EARLY FIELD TRIAL Figure 7-9. Openi
- Page 159 and 160: EARLY FIELD TRIAL Using Filters wit
- Page 161 and 162: EARLY FIELD TRIAL Raw Capture Mode
- Page 163 and 164: EARLY FIELD TRIAL Table 8-1. Postca
- Page 165 and 166: EARLY FIELD TRIAL Introducing the P
- Page 167 and 168: EARLY FIELD TRIAL Granularity in De
- Page 169 and 170: EARLY FIELD TRIAL Packet Status Fla
- Page 171 and 172: EARLY FIELD TRIAL Table 8-5. Decode
- Page 173 and 174: EARLY FIELD TRIAL Types of Display
- Page 175 and 176: EARLY FIELD TRIAL Raw Capture Mode
- Page 177 and 178: EARLY FIELD TRIAL a The “Apply on
- Page 179 and 180: EARLY FIELD TRIAL Raw Capture Mode
- Page 181 and 182: EARLY FIELD TRIAL Raw Capture Mode
- Page 183 and 184: EARLY FIELD TRIAL Raw Capture Mode
- Page 185 and 186: EARLY FIELD TRIAL Using the Manual
- Page 187 and 188: EARLY FIELD TRIAL 5 Click OK. Figur
- Page 189 and 190: EARLY FIELD TRIAL Raw Capture Mode
- Page 191 and 192: EARLY FIELD TRIAL Setting Display S
- Page 193 and 194: EARLY FIELD TRIAL Raw Capture Mode
- Page 195 and 196: EARLY FIELD TRIAL Table 8-9. Summar
- Page 197 and 198: EARLY FIELD TRIAL Raw Capture Mode
- Page 199 and 200: EARLY FIELD TRIAL Searching for Fra
- Page 201 and 202: EARLY FIELD TRIAL Raw Capture Mode
EARLY FIELD TRIAL Chapter 7<br />
No ASPs for Session?<br />
152 <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong> <strong>Analyzer</strong><br />
Sessions do not always start and end neatly within the specified mining<br />
window. Because of this, it’s possible that the <strong>Adaptive</strong> Session view will<br />
show sessions that are continuations of ongoing sessions that started<br />
earlier than the specified mining window. In cases like these, <strong>Adaptive</strong><br />
Packet Drill Down will not produce any packets. You can address this by<br />
refining the mining request to start at an earlier time.<br />
About the ASR File Format<br />
The <strong>Adaptive</strong> Session View is populated using <strong>Adaptive</strong> Session Records.<br />
These records are saved in .asr files. Each .asr file has a companion<br />
<strong>Adaptive</strong> Session Packet (.asp) file where the packet-level details are<br />
stored.<br />
When you mine data captured in <strong>Adaptive</strong> mode, <strong>Sniffer</strong> <strong>Adaptive</strong><br />
<strong>Application</strong> <strong>Analyzer</strong> automatically creates temporary .asr/.asp files for<br />
the mining request and stores them in the <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong><br />
<strong>Analyzer</strong> program directory under \bin\Local-x. You can use standard<br />
File > Open commands to open .asr/.asp files. You must use File ><br />
Save As to save any mined <strong>Adaptive</strong> trace files permanently.<br />
IMPORTANT: The exact name of the folder varies according to the<br />
number of NICs/agents in the PC – <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong> <strong>Analyzer</strong><br />
uses separate \Local-x folders for each local agent.<br />
IMPORTANT: The .asr/.asp files are paired – make sure you don’t<br />
delete one half of the pair and expect to perform full analysis on the<br />
other. For example, if you delete an .asp file, you will not be able to drill<br />
down to adaptive session packets from the companion Session (.asr) file.