Menu
Extensibility Solutions
  • Plug-Ins
  • Tools
  • Filters
  • Scripts
    • Developer Documentation
  • OmniEngine Plugin API
  • OmniPeek Plugin API
  • OmniScript Reference
  • Peek COM API Reference
  • Decoder Language Reference
  • ProtoSpecs XML Guidelines
  • Peek Reporting Framework
  • Automation Primer
  • Plug-in Primer

    • Distributed Analysis Module Load Sequence

    A Distributed Analysis Module must be a member of the Category_PeekPlugin component category in order for the Omni Engine and Omnipeek console to locate it.

    Distributed Analysis Module Load Sequence on the Omni Engine

    This sequence of steps occurs when a remote capture is created.

    Distributed Analysis Module Load Sequence on Omnipeek

    This sequence of steps occurs when a packet list is viewed on Omnipeek.

    Distributed Analysis Module Unload Sequence

    Distributed Analysis Module Unload Sequence on the Omni Engine

    This sequence of steps occurs when a remote capture is deleted, either directly or indirectly (for instance when the engine is shut down).
    • IPeekPluginLoad::Unload is called if it exists.
    • The interfaces of the Distributed Analysis Module are released.
    • The Distributed Analysis Module object is destroyed when there are no more references to its interfaces.

    Distributed Analysis Module Unload Sequence on Omnipeek

    This sequence of steps occurs when a packet list is closed on Omnipeek.
    • IPeekPluginLoad::Unload is called if it exists.
    • The interfaces of the Distributed Analysis Module are released.
    • The Distributed Analysis Module object is destroyed when there are no more references to its interfaces.

    Distributed Analysis Module Operation on the Omni Engine

    If IResetProcessing::ResetProcessing exists, the interface is used when the capture is started.

    If IFilterPacket::FilterPacket exists and if the Distributed Analysis Module is used in a filter, the interface is used for every packet by the thread that moves packets from the Peek driver into the Omni Engine.

    If IUpdateSummaryStats::UpdateSummaryStats exists, the interface is used for every packet by the thread that is processing packets for statistics.

    If IProcessPacket::ProcessPacket exists, the interface is used for every packet by the thread that is processing packets for analysis.

    If IProcessTime::ProcessTime exists, the interface is used approximately once per second while the capture is active.

    Distributed Analysis Module Operation on Omnipeek

    The Distributed Analysis Module is only used for remote captures running in the Omni Engine, not for captures running locally in Omnipeek. The Peek Analysis Module SDK should be used to create an Analysis Module that works with Omnipeek local captures.

    If ISummarizePacket::SummarizePacket exists, the interface is used whenever a packet visually appears in the packet list.

    If IFilterPacket::FilterPacket exists, the interface is used if packets are selected according to a filter that is using the Distributed Analysis Module.

    Interfaces Available for Use by a Distributed Analysis Module

    • IFullDuplexPacket to access information about a packet that arrives on a full duplex network.
    • IMediaUtils to access information about the network media.
    • INotify to provide notifications to the user.
    • IPacket to access the packet data and also to access information about the packet.
    • IPacketLayers to access information about the layers in a packet.
    • IPacketSpecs to access information about the addresses and protocols in a packet.
    • IProtoSpecs to access information about the ProtoSpecs that correspond to the packet.

    Interfaces Provided by the Distributed Analysis Module

    The following interfaces are required and must be provided by the Distributed Analysis Module.

    • IPeekPlugin to provide basic information about the Distributed Analysis Module.

    The following interfaces are optional.

    • IFilterPacket to filter and/or slice packets captured by the engine.
    • IPeekPluginAbout to show information about the Distributed Analysis Module.
    • IPeekPluginLoad to provide setup when the Distributed Analysis Module is loaded.
    • IPeekPluginOptions to show information about the Distributed Analysis Module's options.
    • IProcessPacket to process packets, for example packet analysis processing, captured by the engine.
    • IProcessTime to allow Distributed Analysis Module code to run at regularly scheduled intervals.
    • IResetProcessing to reset internal variables.
    • ISummarizePacket to get information displayed in the Summary column of a packet list.
    • IUpdateSummaryStats to get information displayed in the Summary Statistics tab of a capture.