547
edits
Back-in-Time functionality: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 31: | Line 31: | ||
Note that even in '''back-in-time''' mode, the device still measures every packet going through it so you will not miss any data. | Note that even in '''back-in-time''' mode, the device still measures every packet going through it so you will not miss any data. | ||
=== Difference Live and Back-In-Time Mode === | |||
One notable difference between Live and Back-In-Time mode is the presentation of numerical counters. Counters in live mode are always from start of measurement (or last reset), while counters in back-in-time mode a relative counters within the active time interval. | |||
That means that regardless of the zoom level, in live mode the counters are always the shown since start of the measurement, not start of the zoom level interval. | |||
{| class="wikitable" | |||
|+ | |||
! | |||
!LIVE | |||
!Back-In-Time | |||
|- | |||
|Traffic counter | |||
|Total counter from start or last reset | |||
Example: "packets" are packets since start | |||
|Relative counters during time interval | |||
Example: "packets" are number of packets in interval | |||
|- | |||
|Graph data | |||
|Traffic data within time interval | |||
|Traffic data within time interval | |||
|- | |||
|Capturing | |||
|Data source is live traffic (no need for ring buffer). | |||
Exception: Manual time range override in capture dialog | |||
|Date source is ring buffer | |||
|} | |||
==== Use cases: ==== | |||
# Task: Check the traffic within the last hour of the IP addresses with the most traffic overall. Solution: Choose "1 hour live" display and sort the IP table for bytes. The first IP is the IP with the most bytes overall. The graph contains the activity within the last one hour. Use case: you want to check if multiple backup servers which usually have a lot of traffic had activity within the last hour. Sort for bytes is an easy way to identify those and with live view you can still see the activity within that interval. | |||
# Task: Which IP had the most traffic within the last hour? Solution: Choose "Last hour" display and sort the IP table for bytes. The first IP is the IP with the most bytes within the last one hour. | |||
=== Data not available in back-in-time mode === | === Data not available in back-in-time mode === | ||