Sniffer® Portable Professional User's Guide - NetScout
Sniffer® Portable Professional User's Guide - NetScout Sniffer® Portable Professional User's Guide - NetScout
Chapter 5 98 Sniffer Portable Professional Adding Custom Protocols to the ART Display If your network uses non-standard TCP or UDP ports for different upper layer protocols, or if you want to add a custom protocol running over TCP or UDP, you can still get ART analysis (and analysis from all other Monitor applications, too) by specifying the correct port number for different upper layer protocols in the Protocols tab of the Options dialog box (accessed by selecting the Options command from the Tools menu). Keep in mind, however, that if you do change the port numbers, you will need to stop and restart collection for your changes to take effect. You can do this using the Reset command in the File menu. See Adding Custom Protocols to the ART Display on page 108 for details. Not Seeing ART Data? If the ART displays are not populating with data, make sure that Sniffer Portable Professional is connected to the network in such a way that it is seeing both sides of a conversation – requests and responses. For example, if Sniffer Portable Professional is connected to a designated mirror port on a switch, make sure you that you have set up port mirroring in a way that ensures both inbound and outbound packets are being sent to the mirror port. IMPORTANT: Keep in mind that setting up port mirroring in this way will occasionally cause duplicate packets to appear in the Decode window. ART – The Tabular View The ART application’s Tabular view lists each detected application layer connection with the addresses of both the server and the client, detailed statistics for the response times on the connection, and overall traffic statistics for the connection (server bytes, client octets, retries, and timeouts). ART organizes connections by protocol. Each protocol you have enabled in the Display Protocols tab of the ART Options dialog box (accessed by clicking the Properties button in the ART window) has its own tab at the bottom of the ART window. You can view connections using different protocols by clicking on the appropriate tab at the bottom of the window. The Tabular View provides the statistics in the following table:
Table 5-9. ART Statistics in the Tabular View Statistic Description Monitoring Your Network Server Address The address of the Server taking part in this connection. Client Address The address of the Client taking part in this connection. AvgRsp The average time (in milliseconds) of all responses observed on this connection. 90% Rsp 90% of all responses observed for this client-server pair were faster than the indicated response time. MinRsp The time (in milliseconds) of the fastest response observed on this connection. MaxRsp The time (in milliseconds) of the slowest response observed on this connection. TotRsp The total number of responses observed on this connection. 0-25, 26-51…801-1600 The number of responses on this connection in each of seven different time windows. For example, the number of responses to requests on this connection that took between 0 and 24 milliseconds to be sent, the number of responses to requests on this connection that took between 25 and 49 milliseconds to be sent, and so on. Server Octets The total number of bytes sent from the Server to the Client on this connection. Client Octets The total number of bytes sent from the Client to the Server on this connection. Retries The total number of retries observed on this connection. Retries are counted when the Sniffer Distributed sees a request made with the same sequence number as a previous request, indicating that it is a retransmission. Retries only apply to TCP-oriented protocols since UDP is "connectionless" and does not use sequence numbers. Timeouts The total number of timeouts observed on this connection. Timeouts are counted either when no response is seen to a request by the time the maximum value of the highest time window has expired (by default, 5000 milliseconds), or when no response is seen at all. Note that timeouts are also used to generate ART alarms whenever the specified thresholds are crossed. User’s Guide 99
- Page 48 and 49: Chapter 4 Setting the General Tab O
- Page 50 and 51: Chapter 4 50 Sniffer Portable Profe
- Page 52 and 53: Chapter 4 Setting the App Threshold
- Page 54 and 55: Chapter 4 Setting Tools > Wireless
- Page 56 and 57: Chapter 4 Configuring Wireless Encr
- Page 58 and 59: Chapter 4 58 Sniffer Portable Profe
- Page 60 and 61: Chapter 4 60 Sniffer Portable Profe
- Page 62 and 63: Chapter 4 62 Sniffer Portable Profe
- Page 64 and 65: Chapter 4 Adding Tools to the Tools
- Page 66 and 67: Chapter 4 66 Sniffer Portable Profe
- Page 68 and 69: Chapter 5 Monitoring Wireless Netwo
- Page 70 and 71: Chapter 5 Applying Monitor Filters
- Page 72 and 73: Chapter 5 Dashboard 72 Sniffer Port
- Page 74 and 75: Chapter 5 74 Sniffer Portable Profe
- Page 76 and 77: Chapter 5 The Dashboard Gauge Tab 7
- Page 78 and 79: Chapter 5 78 Sniffer Portable Profe
- Page 80 and 81: Chapter 5 80 Sniffer Portable Profe
- Page 82 and 83: Chapter 5 Host Table 82 Sniffer Por
- Page 84 and 85: Chapter 5 84 Sniffer Portable Profe
- Page 86 and 87: Chapter 5 86 Sniffer Portable Profe
- Page 88 and 89: Chapter 5 Viewing Access Points Onl
- Page 90 and 91: Chapter 5 90 Sniffer Portable Profe
- Page 92 and 93: Chapter 5 Selecting Wireless Host T
- Page 94 and 95: Chapter 5 94 Sniffer Portable Profe
- Page 96 and 97: Chapter 5 Setting Capture Filters f
- Page 100 and 101: Chapter 5 ART - The Server-Client R
- Page 102 and 103: Chapter 5 Show Options 102 Sniffer
- Page 104 and 105: Chapter 5 ART Options - Servers Onl
- Page 106 and 107: Chapter 5 106 Sniffer Portable Prof
- Page 108 and 109: Chapter 5 Adding Custom Protocols t
- Page 110 and 111: Chapter 5 History Samples Click to
- Page 112 and 113: Chapter 5 112 Sniffer Portable Prof
- Page 114 and 115: Chapter 5 Protocol Distribution 114
- Page 116 and 117: Chapter 5 Global Statistics 116 Sni
- Page 118 and 119: Chapter 5 118 Sniffer Portable Prof
- Page 120 and 121: Chapter 5 Monitor Alarms 120 Sniffe
- Page 122 and 123: Chapter 6 Capture Controls 122 Snif
- Page 124 and 125: Chapter 6 Capture Buffer 124 Sniffe
- Page 126 and 127: Chapter 6 Tips: 126 Sniffer Portabl
- Page 128 and 129: Chapter 6 Capturing from Specific S
- Page 130 and 131: Chapter 6 130 Sniffer Portable Prof
- Page 132 and 133: Chapter 7 132 Sniffer Portable Prof
- Page 134 and 135: Chapter 7 Setting Expert Options 13
- Page 136 and 137: Chapter 7 136 Sniffer Portable Prof
- Page 138 and 139: Chapter 7 Expert Subnet Mask Settin
- Page 140 and 141: Chapter 7 140 Sniffer Portable Prof
- Page 142 and 143: Chapter 7 142 Sniffer Portable Prof
- Page 144 and 145: Chapter 7 Discovered access points
- Page 146 and 147: Chapter 7 146 Sniffer Portable Prof
Table 5-9. ART Statistics in the Tabular View<br />
Statistic Description<br />
Monitoring Your Network<br />
Server Address The address of the Server taking part in this<br />
connection.<br />
Client Address The address of the Client taking part in this<br />
connection.<br />
AvgRsp The average time (in milliseconds) of all responses<br />
observed on this connection.<br />
90% Rsp 90% of all responses observed for this client-server<br />
pair were faster than the indicated response time.<br />
MinRsp The time (in milliseconds) of the fastest response<br />
observed on this connection.<br />
MaxRsp The time (in milliseconds) of the slowest response<br />
observed on this connection.<br />
TotRsp The total number of responses observed on this<br />
connection.<br />
0-25,<br />
26-51…801-1600<br />
The number of responses on this connection in<br />
each of seven different time windows. For example,<br />
the number of responses to requests on this<br />
connection that took between 0 and 24<br />
milliseconds to be sent, the number of responses to<br />
requests on this connection that took between 25<br />
and 49 milliseconds to be sent, and so on.<br />
Server Octets The total number of bytes sent from the Server to<br />
the Client on this connection.<br />
Client Octets The total number of bytes sent from the Client to<br />
the Server on this connection.<br />
Retries The total number of retries observed on this<br />
connection. Retries are counted when the Sniffer<br />
Distributed sees a request made with the same<br />
sequence number as a previous request, indicating<br />
that it is a retransmission. Retries only apply to<br />
TCP-oriented protocols since UDP is<br />
"connectionless" and does not use sequence<br />
numbers.<br />
Timeouts The total number of timeouts observed on this<br />
connection. Timeouts are counted either when no<br />
response is seen to a request by the time the<br />
maximum value of the highest time window has<br />
expired (by default, 5000 milliseconds), or when no<br />
response is seen at all. Note that timeouts are also<br />
used to generate ART alarms whenever the<br />
specified thresholds are crossed.<br />
User’s <strong>Guide</strong> 99