Creating a packet capture to diagnose a network malfunction
Using Allegro Network Multimeter to create a download of the diagnosis packet capture
It’s very easy to use the Allegro Network Multimeter to create a Packet Capture (pcap) of a network error. Apart from our Multimeter, all you need is internal or external data storage. You can then activate the ‘Capture Buffer’ feature, which stores all your network traffic for a certain time. How many days you can look back in the past depends on your level of traffic. In our office, a 1.5TB hard drive allows us to look back 28 days.
Once these requirements have been met, you can easily obtain a Packet Capture recording a past event. There are two ways to choose the time interval. You can select it by clicking on the network traffic history graph and ‘zooming’ to the desired time. Alternatively, choose from suggested intervals via the calendar symbol at the top of the user interface or set any interval you like using ‘Select Range’.
As soon as a time interval has been selected, the green ‘LIVE view’ display at the top of the user interface changes to show a time interval with a red background. Clicking on the time interval will take you back to the live view.
By selecting a specific time interval and activating the ‘Capture Buffer’ feature, all the statistics and graphs displayed in the user interface will refer to this period. Similarly, whenever you press the pcap download button, a dialogue box will also appear reminding you that all the statistics etc. relate to this period.
Our use case provides for the traffic of a specific IP address from a period of time in the past to be obtained as a pcap. Using the ‘IP Statistics’ view under the ‘IP addresses’ tab, you can quickly search for an IP address in the full-text search by entering the exact address or a DNS or DHCP name. Clicking on the address found will take you to the overview page for this IP address.
Advantages at a glance:
- Exactly defined packet capture
- Pre-filtering for Wireshark
- Packet Capture for downloading
- Fast and clearly displayed network analysis
- Historical packet capture extraction
Creating a predefined packet capture
The graphs shown here can easily be used to select the period for packet capture. To start recording, click the ‘Live PCAP of’ button. As soon as the packet has been captured, the download will be made available to you.
You can define the packets to be captured more precisely by selecting the tabs ‘Protocols’, ‘Peers’ or ‘Connections’ beforehand. Your packet capture will then only contain the traffic that the IP address exchanged with a specific other IP address during the selected period.
All in all, the functions of the Allegro Packet Multimeter provide fast and above all clear access for the analysis of network malfunctions. If a packet capture has been created which only contains the selected part of the network traffic, a detailed analysis can be substantially accelerated with tools such as Wireshark and the Webshark integrated in the Allegro Network Multimeter.