Manualshelf

System information

ManualsBrandsProxim ManualsComputer equipmentHarmony 802.11a Network Adapter 802.11a
281282283284285286287288289290
282
Real-Time Expert
Expert Summary—a collection of critical events from the various Expert Events
sections, as well as a display of non-TCP based events (e.g., a CRC or alignment
error).
Expert Events—break down the IP conversations into subprotocol groups of TCP,
UDP, and ICMP. In the case of TCP and UDP, the conversations are further broken
down by application. Each conversation is graded based on a user-defined threshold
for a number of conditions.
Expert Analysis—takes the analysis of Expert Events to the next level. A number of
different types of views can be displayed for each conversation displayed in the
Expert Events sections. Typically, these displays are accessed by right-clicking on the
conversation in question and choosing the form of analysis required.
Real-Time and Post-Capture Analysis
The Expert system within Observer can be used either in real-time or post-capture. Once
data has been captured, a number of different, related displays are available to help isolate
and identify problems.
Real-Time Analysis
Real-Time Expert Analysis can identify problems as they happen. In general, you would
run Observer’s Packet Capture and view the Expert Summary as the capture is taking
place. Since real-time processing can involve a tremendous amount of data, it is possible
that Observer may get behind in processing packets. It is important to know what
percentage of the packets have been processed; therefore, the Expert displays this
information on the display header.
The header shows the number of packets captured, the number of packets processed, and
the percent of packets processed. Expert Analysis of packets is done at a lower priority
than actual capture: Observer will first try to maintain full line rate capture, and then
process the Expert Analysis during lulls in the capture of data.
There are a number of considerations when doing real-time analysis. The first decision is
whether to use a circular or a static buffer. This decision should be based on the amount of
available RAM on your system that can be used for the Observer capture buffer. You will
also want to calculate whether the buffer will be large enough to capture the data required
to analyze the event.
If you have a large amount of RAM, you may want to assign the largest buffer possible
and run the Expert in real-time, collecting all packets and data. When using the Expert in
this situation, the Expert Summary, Expert Events, and Expert Analysis all will be
available.