Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
EARLY FIELD TRIAL<br />
Opening ASP Files<br />
<strong>Adaptive</strong> Session Analysis<br />
The <strong>Adaptive</strong> Decode View is populated using <strong>Adaptive</strong> Session Packets.<br />
These packets are saved in .asp files. Each .asp file has a companion<br />
<strong>Adaptive</strong> Session Record (.asr) file where the session-level metadata is<br />
stored.<br />
When you mine data captured in <strong>Adaptive</strong> mode, <strong>Sniffer</strong> <strong>Adaptive</strong><br />
<strong>Application</strong> <strong>Analyzer</strong> automatically creates temporary .asr/.asp files for<br />
the mining request and stores them in the <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong><br />
<strong>Analyzer</strong> program directory under \bin\Local-x. You can use standard<br />
File > Open commands to open .asr/.asp files.<br />
IMPORTANT: The exact name of the folder varies according to the<br />
number of NICs/agents in the PC – <strong>Sniffer</strong> <strong>Adaptive</strong> <strong>Application</strong> <strong>Analyzer</strong><br />
uses separate \Local-x folders for each local agent.<br />
IMPORTANT: The .asr/.asp files are paired – make sure you don’t<br />
delete one half of the pair and expect to perform full analysis on the<br />
other. For example, if you delete an .asr file, you will not be able to drill<br />
up to session metadata from the companion ASP file.<br />
Opening ASP Files Directly vs. Drilling Down<br />
Keep in mind that the <strong>Adaptive</strong> Decode View will show different results<br />
when drilling down from the Session View vs. opening an ASP file<br />
directly:<br />
When you drill down from the Session View, <strong>Sniffer</strong> <strong>Adaptive</strong><br />
<strong>Application</strong> <strong>Analyzer</strong> displays just those ASPs belonging to the<br />
selected session. This generally results in an ASP view with only a<br />
few events shown, all of which are ASPs.<br />
In contrast, when you open an ASP file directly using File > Open,<br />
you see all captured ASPs in the mined time selection. This includes<br />
ASPs with an ASI Protocol Interpreter and those without.<br />
So, for example, where a drill down to ASPs may show only a few FTP<br />
ASPs, opening an ASP file directly will typically produce a wide variety of<br />
packet data, including raw packets and packets without an ASP protocol<br />
interpreter. Note the following in Figure 7-9:<br />
The total number of ASPs shown in the title bar of the Session View<br />
is far greater when opening an ASP file directly.<br />
The directly-opened ASP file includes packets without an IP layer<br />
(ARP and BPDUCONFIG) captured as raw packets.<br />
User’s Guide 155