Pcap analysis module

From Allegro Packets Product Wiki
Jump to navigation Jump to search

The pcap analysis module allows analyzing pcap files by sending them to the device. After analyzing the pcap, the web interface shows all the metadata as if the packets are live traffic at the time of the pcap recording.

Web Interface



Starting pcap analyze will stop the network ports and thus the normal packet processing and forwarding is disabled. The network connections of the devices connected to the Multimeter will stop working.

Start new Upload

To select a file to analyze, simply drag a file from your file manager to the drop zone. The second option is to click into the drop zone. After a click, a file selection dialog will open. After selecting a file, the name and the size of the pcap will be displayed in the drop zone box.

To proceed, press the Upload and analyze pcap button. A modal dialog will open.

  • A warning will be shown if the device is in bridge mode, since no more packets will be forwarded when starting pcap analyze mode.
  • If a storage device is active, it is possible to buffer the packets on it. This allows simple extraction of packets as in live packet processing.

The pcap file itself will not be stored on the storage of the Multimeter (except in the packet ring buffer, if activated in the upload modal dialog).

PCAP analysis statistics

After the upload started, a progress section will be displayed. This includes a progress bar and the time of the last processed packet. When viewing the progress bar on a different tab or on a different browser, the progress bar will not show the correct value.

Viewing the pcap metadata

During and after the upload of the file, all modules will show the metadata produced by analyzing the packets in the pcap file.

Resuming normal operation

After finishing the analysis, the processing can be set back to live mode by clicking the Resume normal operation button at the bottom of the page.