Network Instruments GigaStor User Manual page 33

This option...
4G LTE Device by IMSI
VoIP and
Videoconferencing calls
by SIP tag
Reorder and filter based
on trailer timestamp
Include Expert
information in analysis
filter
Display selected filter
before starting analysis
Analysis Type
Expert analysis and
decode
Decode without expert
analysis
FIX analysis
Forensic analysis
Allow you to do this...
IP Stations, IP Pairs or any of the other tabs in the GigaStor Control Panel. See
Analyzing data by combining GigaStor Control Panel and Observer filters (page
37)
Takes all packets in the selected time from on the Detail Chart and allows you to
choose the Device IMSI and whether control plane and user plane packets are
included in the analysis.
Takes all of the packets in the selected time frame on the Detail Chart and allows
you to extract VoIP and videoconferencing calls based on a SIP tag. For further
details about the Settings, see
GigaStor (page 40).
Some switch aggregators add their own timestamp to packets and can cause
packets to have a different order than they were actually seen by the GigaStor.
If selected, Observer reorders and filters packets based on the timestamp
information from the switch aggregator you chose from the list instead of from
the GigaStor. This is limited to post capture analysis only, and does not affect
real-time analysis, triggers and alarms, or trending analysis. If you save a packet
capture after it has been reordered using this option, the packets are saved in the
reordered series. If you load a saved, reordered packet capture, then analysis is
based on the reordered time frames and not the time stamps from the GigaStor.
Expert Information packets provide context of network conditions during the
time that the traffic was captured. The expert frames may provide you insight
into what was happening that may have influenced a condition within a packet
capture you are analyzing.
Allows you to view the filter before Observer begins analyzing the packet capture.
For example, you might choose this option if you have already used the filter and
the output is has excluded traffic you were expecting. By displaying the filter, you
can inspect it to see why it may excluding the traffic.
Along with the packet decode, this provides Observer's advanced expert analysis,
such as protocol analysis, top talkers, Internet Observer, Application Transaction
Analysis, VLAN information, and Forensic Analysis using Snort. Use this option if
you want to deep dive into the packets with ability to view common services and
applications, response performance by severity, port-based protocols with slow
response, network and application problems with local traffic and WAN/Internet
traffic distinction, and more.
Provides a packet decode without any of the insight of expert features listed
above.
Used in conjunction with a FIX analysis profile, the results are displayed on the
FIX Analysis tab in the GigaStor Control Panel. See
(page 60). Use this option if you need to see the raw FIX protocol packets and
headers, highlight just the FIX data, filter a trade by order ID for further analysis,
or to validate a specific transaction.
Allows you to choose a profile where you have defined which Snort rules you
want to use. The results are displayed on the Forensic Analysis tab in the GigaStor
Control Panel. If you chose "Expert analysis and decode" and decided you also
wanted to do forensic analysis, you could do that by clicking the Forensic Analysis
tab, which prompts you for a profile. Use this option if you need to scan high-
volume packet captures for intrusion signatures and other traffic patterns that
can be specified using the familiar Snort rule syntax. You can enforce your
"acceptable use" policies, fight industrial espionage, and assist with government
How to extract VoIP and video calls from your
Analyzing FIX transactions
Mining data from your GigaStor | 33