Menu
Resources
  • Wireless Drivers
  • Product Tips & Tricks
  • Video How-To's
  • Free Utilities
  • LiveAction Blog

    • Pump Up The Volume

    Jeff Trawick, WildPackets Professional Services

    If you are using WildPackets® OmniEngine or WildPackets® Omnipliance, chances are you are interested in collecting, storing, and analyzing very large volumes of packet data. The key word here is VOLUME! On highly utilized gigabit or 10 gigabit links, hundreds of thousands, or even millions, of packets can be collected in just a few seconds. Processing that many packets takes a lot of horsepower, and OmniEngine is strong enough to handle the flow in most cases. However, every computer system has its limits, so you need to know how to maximize the packet volume that OmniEngine can accommodate. Here are some best practices to consider when setting up your capture options:

    1. Be aware of memory limitations. Although Omnipliance may have up to 8 GB of RAM, Windows will only recognize 2 GB, and Linux will only use 4 GB per application, so OmniEngine can only access a finite amount of memory. This limits the size of capture buffers, especially when running multiple concurrent captures. Each session reserves its own capture buffer, which depletes system memory.
    2. Precisely define the purpose of the capture. Then, instead of filling precious buffer and disk space with irrelevant data, use capture filters to conserve space and to ease and focus your analysis. You might also consider using hardware filters if using one of WildPackets’ Gigabit Analysis Cards (GACs). We’ll look at that topic more in future tips.
    3. Use packet slicing to specify how many bytes from each packet will be collected. For example, data payload is often worthless when analyzing a binary file transfer. Packets might be over 1500 bytes in length, but you don’t need to read the file content, so why fill the buffer with it? Instead, you may determine that the packet’s headers only occupy the first 64 bytes of the packet. You could then tell OmniEngine to “slice” the packets at 64 bytes, giving you the headers you need, but throwing out the useless, bulky payload.
    4. For extremely high volume captures, watch the “Dropped Packets” metric in Summary Statistics. If OmniEngine is dropping packets, due to incoming packet volume, you can help it to focus more resources on capturing by disabling unneeded analysis views. For example, you might want to disable Wireless or Voice Statistics if you are not capturing those traffic types.
    5. Remember that resources required by multiple users and multiple captures are additive. Three users, each running a capture with a 100 MB buffer, will use 300 MB of RAM on OmniEngine. When intensive analysis tasks need to occur, cooperative scheduling of activities for multiple users will help to optimize critical captures.

    In future tips, we will examine some other ideas for maximizing the performance of your OmniEngine or Omnipliance. By following these tips, you can pump up your packet volume to its maximum level. In addition, your OmniEngine will be more fine-tuned toward the analysis goal you are trying to achieve.