Pcap analysis module
The pcap analysis module allows analyzing pcap files by sending them to the device. After analyzing the pcap, the web interface shows all the metadata as if the packets are live traffic at the time of the pcap recording.
Web Interface
Notes
Starting pcap analyze will stop the network ports and thus the normal packet processing and forwarding is disabled. The network connections of the devices connected to the Allegro Network Multimeter will stop working.
Start new Upload
To select a file to analyze, simply drag a file from your file manager to the drop zone. The second option is to click into the drop zone. After a click, a file selection dialog will open. After selecting a file, the name and the size of the pcap will be displayed in the drop zone box.
To proceed, press the Upload and analyze pcap button. A modal dialog will open.
- A warning will be shown if the device is in bridge mode, since no more packets will be forwarded when starting pcap analyze mode.
- If a storage device is active, it is possible to buffer the packets on it. This allows simple extraction of packets as in live packet processing.
The pcap file itself will not be stored on the storage of the Allegro Network Multimeter (except in the packet ring buffer, if activated in the upload modal dialog).
Analysis profiles
Profiles allow for some processing relevant settings to be changed on an per analysis level. If no analysis profile is selected those settings will be equal to the globally configured settings of the multimeter.
Currently profiles influence the following settings:
- Complex ingress filter
- Packet length accounting
- Tunnel view mode
- VLAN handling
- External timestamps
- Detail of traffic analysis
- Graph detail settings
- Interface speeds for Burst analysis
Useres without admin privileges can not edit or create analysis profiles but can select and see which settings they change.
PCAP analysis statistics
After the upload started, a progress section will be displayed. This includes a progress bar and the time of the last processed packet. When viewing the progress bar on a different tab or on a different browser, the progress bar will not show the correct value.
Viewing the pcap metadata
During and after the upload of the file, all modules will show the metadata produced by analyzing the packets in the pcap file.
Resuming normal operation
After finishing the analysis, the processing can be set back to live mode by clicking the Resume normal operation button at the bottom of the page.