Network Packet Capturing Management & Status

From NST Wiki
Jump to navigationJump to search

Overview

This section will demonstrate the operational use of the NST WUI "Network Packet Capture Management & Status" implementation. This implementation provides a means to manage a large number of network packet captures that can be generated by either the NST WUI "Single-Tap Network Packet Capture" or the "Multi-Tap Network Packet Capture" interface. Previous or pending network packet captures located on a NST probe will appear in the "Available Network Packet Captures" table depending on the "Location Mode" setting. A complement of Actions or Search Criteria are provided for managing or locating each network packet capture file.

Moving your mouse cursor pointer over each field in the "Available Network Packet Captures" table will pop-up a comprehensive packet capture information window. One can also upload previously saved network captures and logs to the NST probe using the "Upload Network Capture Files & Logs" section.

This implementation also handles the ability to Save/Load all "Network Packet Capture Filters & Options" located on a NST probe.


Packet Capture Available View

An example network packet capture view of available captures for a NST probe is shown below. Only network packet captures that have satisfied the current search criteria that is in effect, have their status state enabled and have not been restricted by a display limit will be presented.

The display is broken up into 2 sections, one for the "Single-Tap Captures" and one for the "Multi-Tap Captures". The status state for each capture is shown in a different color text: "Completed Capture", "Archive Capture" and a "Pending Capture". A network packet capture for each status state can be found below.

The total number of available network packet capture files is always presented for a given "Location Mode". The location mode can be "Global" or "Session" based. Any network packet capture files found using the "Global" based location mode will be made available to All web browser client sessions. Any network packet capture files found using the "Session" based location mode will be made available Only to that specific web browser client session. The example below shows a total of "15" available network packet capture files which includes both "Single-Tap" and "Multi-Tap" captures that have been located. Typically, the total number of network packet captures found when the "Global" based location mode is in effect is equivalent to the actual number of captures located on the NST probe. The "Session" based location mode can be used to focus on capture files located from a top level directory that are specific to a type of capture work you are currently performing.

Network Packet Capture Management & Status - View 1


Each capture has an associated set of management "Actions". The available "Actions" for the capture depends on the state of the capture. The management functionality for each "Action" is described below in the "Action Description Details" portion of the caption. This entire caption is embedded within the NST WUI "Network Packet Capture Management & Status" page for use as a reference guide.

Network Packet Capture Management & Status States And Action Legend


Hovering your mouse pointer over each table cell for a given capture will reveal additional comprehensive information. The depiction below shows detailed network packet capture status information for the multi-tap capture session that completed on: "Sun Jul 27 22:12:24 EDT 2008" containing: "2,409" packets. This was a quad-tap capture that lasted for a period of "23" seconds.

Network Packet Capture Management & Status - Multi-Tap Capture Status Pop-Up View 2

Select/Scan/Filter/Search For Packet Capture Files

Network Packet Capture Management & Status - Select/Scan/Filter/Search Form


Search Results For Packet Capture Files

Network Packet Capture Management & Status - DNS Capture File Search Results