Top 8 Packet Capture Uses
Packet Captures have always been a part of the network engineer’s tool set. Continue reading to delve deeper into packet captures and, but here are the top reasons people use them.
What is Packet Capture?
Solarwinds defines Pocket Capture as “a networking practice involving the interception of data packets travelling over a network. Once the packets are captured, they can be stored by IT teams for further analysis. The inspection of these packets allows IT teams to identify issues and solve network problems affecting daily operations.”
Full Packet Capture
Entire packets or specific portions of a packet can be captured. A full data packet consists of two parts: a payload and a header. The payload segment contains the packet’s actual contents and the header segment contains information including the packet’s source and destination addresses.
Packet Capture Use Cases
1. Utilization – Accurately!
There are many ways to get utilization figures but most are SNMP based which are not very accurate, averaging the numbers over several minutes.
If you need to really know the utilization, including bursts and micro bursts then a packet capture is very useful tool.
It’s these short bursts of high utilization that cause buffer overruns and lost packets which people can’t see with other monitoring tools.
This Burst Analysis table shows you down to 1ms how many times you have (briefly) hit 100% utilization.
2. Slow Response Times
The most frustrating thing in networking is slow response problems when the network is not busy. Packet captures contain the information you need to see how long it’s taking the data to get from one end to the other, usually by looking at the TCP response times.
Better tools can help out with bounce charts and tables to make this easier to read.
In this next graph we compare the network response times (in yellow) to the time it takes the server to react with a data frame (in blue).
3. Who’s talking to who? Migrating sites and servers
Knowing who (or what) is taking up your bandwidth is always a popular piece of information.
Use cases we have seen include monitoring remote sites and old servers getting ready for migration and prepping firewall rules for such moves.
4. What Protocols are out there?
The mix of protocols on your network will always surprise you. Sometimes it’s the percentage of social media content, other times its things you had never considered or forgotten about.
This information is key to keeping control of the work / life / security balance in the LAN and WAN.
Here we are displaying the top 10 protocols and their profiles over time.
5. Is it an Application Issue?
Working out how the application is communicating can give you solid information on how its responding and whether it’s waiting on back-end services to fulfil the user’s requests.
One of the great ways to see this is with a bounce chart.
6. Poor Quality Voice and Video
We rely on good quality voice and video now, whether at work or at the home office, so when call quality becomes an issue we need to see where in the system things have gone wrong.
The image shows two different call set up issues identified and can drill in to see the IP addresses involved.
7. Finding IPs / Protocols / Errors that you want / don’t want to see
Once you have the capture data you can mine it for more detailed information you need to know.
Below is an example of the options for searching for TCP errors in a capture.
8. Network Security
Captures have always been something security teams fall back on. Most modern solutions will monitor for log events and “threats” and then reference the part of the capture that contains the details they need to see.
In this example we are checking that SSL certificates are valid and not about to expire.
Recommended Packet Capture Appliances
The above screenshots are from Allegro - who offer a range of Network Multimeter appliances - great for monitoring traffic and filtering down into the detail. The appliances can be deployed in less than 60 seconds and no set up is required.