Menu
Resources
  • Wireless Drivers
  • Product Tips & Tricks
  • Video How-To's
  • Free Utilities
  • LiveAction Blog

    • Turn Down The Volume!

    By Jeff Trawick, WildPackets Professional Services

    One of the strengths of WildPackets® OmniEngine and WildPackets® Omnipliance is their ability to manage simultaneous captures from multiple network adapters. Yet, by using several adapters and creating multiple capture sessions, you may inadvertently ask the system to collect packets more rapidly than the CPU and system bus can process them, and more quickly than the hard drive controller can write them to disk. In the October Tip of the Month, we talked about maximizing the packet volume that OmniEngine can effectively capture and stream to disk, but there are many cases in which you may want to do the opposite. You may need to “turn down the volume” by limiting the number of packets that OmniEngine collects.

    The most common means of limiting the number of captured packets is filtering. If you have used OmniPeek or OmniEngine for any length of time, you’ve probably grown to know and love the power of filters. Of all the available filter conditions, one is often overlooked on OmniEngines by our customers who own our proprietary Gigabit Analysis Cards (GACs), which are designed for high-volume capture scenarios. GACs typically have four ports, each of which can be attached to a different network segment.

    By default, the GAC aggregates packets from all four ports into a single capture. In many cases, you don’t need all of those packets. Suppose you just want the packets from one or two of the four GAC ports. You can set that limit using the Channel filter condition. Here’s how it works…

    When using the Advanced Filter view to build or edit a filter, simply add an AND or OR condition, and select “Channel” from the popup menu. You’ll then see a dialog box that asks you to select a channel, as shown here.

    Using one Channel condition enables you to capture traffic from a specific GAC port, but you can also use OR conditions to capture from two or three GAC ports as shown below.

    Although using GACs to aggregate up to four data stream is a great capability, using Channel filters can help you unclutter the view when you only need to see traffic from one or two ports. More importantly, these filters can optimize the workload on your OmniEngine during captures from highly-utilized network segments. That leaves more capacity for additional captures or other analysis tasks. So turn down the volume, and get the most out of your OmniEngine or Omnipliance.