Chapter 5: Packet Captures; Capturing Packets With The Gigastor; Setting A Schedule For When Data Captures Should Occur - Network Instruments GigaStor User Manual

Chapter 5: Packet Captures

Capturing packets with the GigaStor

A GigaStor can accumulate terabytes of stored network traffic. To manage the sheer volume of data, the
GigaStor probe indexes the data. You use theGigaStor Control Panel within the Observer analyzer to manage the
capture, indexing, and storage of large numbers of packets over long periods of time. While the GigaStor Control
Panel is active, standard packet captures are unavailable for that probe instance. You cannot run the two types
of captures simultaneously.
While actively capturing packets, the GigaStor Control Panel tracks network statistics and indexes them by time
as it saves the packets to disk. This allows you to quickly scan the traffic for interesting activity and create filters
to focus on specific traffic using the slider controls and constraint options.
The GigaStor Control Panel also automates storage management by deleting the oldest data before storage runs
out. This maintains a multi-terabyte "sliding windows" of time within which you can review and decode traffic.
It also allows for passive (in other words, virtual) probe instances, which allow users to have their own instances
(and security credentials) without duplicating data collection or storage.
You can view the sliding window as a time line chart. Depending on what constraint are in effect and your
display options determine what appears on the chart. By using time selection sliders and other options, you can
quickly acquire and analyze the packets by clicking the Analyze button. This opens the standard packet decode
and analysis window. From there you can view packets, save them, and perform further filtering if desired.

Setting a schedule for when data captures should occur

One way to ensure you always have timely packet captures is to schedule them. For example, you may want to
automatically start a packet capture at the beginning of business hours each day; you can accomplish this by
scheduling your packet captures accordingly.
Scheduled packet captures only tell Observer when to automatically begin and end a packet capture. The true
length of capture time still depends on the size of your capture buffer; after it fills, you are no longer capturing
packets. In effect, all scheduled packet captures automatically end in one of two ways: the capture buffer
becomes full or the capture ends at the scheduled time.
To schedule packet captures to begin at preset times, complete the following steps:
1. Choose Capture > GigaStor Control Panel.
2. Click the Settings button. The GigaStor Settings window appears.
Packet Captures | 27