Pcap analysis module

From Allegro Network Multimeter Manual
Jump to navigation Jump to search

The pcap analysis module allows analyzing pcap files by sending them to the device. After analyzing the pcap, the web interface shows all the metadata as if the packets are live traffic at the time of the pcap recording.

Web Interface

Pcap.png

Notes

Starting pcap analyze will stop the network ports and thus the normal packet processing and forwarding is disabled. The network connections of the devices connected to the Allegro Network Multimeter will stop working.

Start new Upload

To select a file to analyze, simply drag a file from your file manager to the drop zone. The second option is to click into the drop zone. After a click, a file selection dialog will open. After selecting a file, the name and the size of the pcap will be displayed in the drop zone box.

To proceed, press the Upload and analyze pcap button. A modal dialog will open.

  • A warning will be shown if the device is in bridge mode, since no more packets will be forwarded when starting pcap analyze mode.
  • If a storage device is active, it is possible to buffer the packets on it. This allows simple extraction of packets as in live packet processing.

The pcap file itself will not be stored on the storage of the Allegro Network Multimeter (except in the packet ring buffer, if activated in the upload modal dialog).

Analysis profiles

Profiles allow for some processing relevant settings to be changed on an per analysis level. If no analysis profile is selected those settings will be equal to the globally configured settings of the multimeter.

Select an analysis profile for your pcap analysis

Currently profiles influence the following settings:

Useres without admin privileges can not edit or create analysis profiles but can select and see which settings they change.

View analysis profile

PCAP analysis statistics

After the upload started, a progress section will be displayed. This includes a progress bar and the time of the last processed packet. When viewing the progress bar on a different tab or on a different browser, the progress bar will not show the correct value.

Viewing the pcap metadata

During and after the upload of the file, all modules will show the metadata produced by analyzing the packets in the pcap file.

Resuming normal operation

After finishing the analysis, the processing can be set back to live mode by clicking the Resume normal operation button at the bottom of the page.