“Peek-o-matic”

Jeff Trawick, WildPackets Professional Services

It’s an age old problem with network analysis and troubleshooting – the problem never occurs when you’re there to see it! Fortunately, Peek analyzers facilitate the automation of captures so that they can start and/or stop even when you’re not there. In this tip, we’ll focus on a little-known and rarely-used automation feature of the Peek products.

If you have used Peek analyzers for any amount of time, you probably appreciate the power of Triggers, which enable you to start or stop captures based on time or filters conditions. The wonderful thing about triggers is triggers are wonderful things! (If you don’t get that one, you were never a kid or never watched kids’ movies! :-)) You may also love the convenience of Capture Templates, which “remember” your capture options and apply those options to future captures. Creating Auto Captures is another Peek analyzer advantage that specifies not only a Capture Template, but also saves and forwards the captured packets via email or FTP. We’ll talk more about some of these functions in a future tip.

While these features are impressive, I was reminded the other day of a related, but often overlooked, feature that can start the Peek captures from the command prompt. (Ooh, aah!) This feature is so neglected because many folks don’t know about it, and most of us rarely visit the command prompt any more unless we’re forced to do so. But maybe – just maybe – I can draw you back to the dark ages of the command prompt with this feature. Using OmniPeek as an example, there are three command line arguments than can used when starting the Peek application from the command line:

Syntax Purpose
opeek.exe <.wac file > Load and execute an AutoCapture file
opeek.exe /autoload < .ctf file(s) > Start OmniPeek and load one or more capture templates
Opeek.exe /autostart < .ctf file(s) > Start OmniPeek, load one or more capture templates, and begin captures based on the template(s)

If you place these command lines in a batch file, or call them from another script or application, you could have multiple captures starting based on a variety of criteria. All of this could even be initiated by an external application as part of a larger response process to some event.

For example, perhaps you have a helpdesk technician who is not versed in the use of the Peek analyzer. Late one night, this technician receives a call about a recurring issue that you’ve never managed to observe. Only this time, you have created a template or autocapture session. The technician is able to run OmniPeek and start a template-based capture via the desktop shortcut to the batch file you so prudently created.

In another case, perhaps your network management system automatically kicks off a script to start a capture based on key performance metrics. The automated capture could, in turn, send SNMP traps back to the network management system as the capture progressed.

The sky’s the limit on this one! Just think of all the ways you could be a more productive network analyst by working smarter, not harder. Let the Peek analysis platform help. After all, it’s “Peek-o-matic!”