Observer Analyzer : Expert Probe Software : Configuring a probe’s name and other probe options
   
Configuring a probe’s name and other probe options
 
Page Contents
Customizing statistics and capture buffers for probe instances
Configuring probes to collect data even when not connected to an analyzer
Setting the probe’s time clock synchronization settings
Configuring connections to multiple NICs or Observer
Setting the total system memory reserved for probes
Configuring the probe’s adapter speed, ToS/QoS precedence, and statistics sampling
Probe Properties field-level descriptions
Revised: 2016-12-09
Set the probe network adapter speed, reserve system memory for probes, configure connections to multiple network adapters, set “always on” traffic capture, customize statistic and capture buffers, and more.
These steps assume you are viewing the probe interface, which is the only choice when using Expert Probe software. But if you are using a GigaStor, ensure that you are viewing the probe interface.
The probe has many options that you can configure.
1. Choose Options > Probe Options. The Probe Options dialog opens, which lets you configure the probe.
2. Use this table to complete the settings.
Setting
Description
Probe name
Allows you to specify a name for the probe which appears in Observer probe list. The default name is a random mix of numbers and letters. We suggest renaming the probe to something meaningful to you. The name may be its physical location or any other standard you choose. The probe name is not the same as the probe instance name, although with a Single Probe you only have one probe instance. You define the probe instance name elsewhere. See Creating a probe instance.
Network Trending folder
Allows you to specify where the network trending data is saved. The default is C:\Program Files\Observer\NetworkTrending. Unless you have a specific reason to use another directory, we suggest using the default.
Folder for GigaStor
Allows you to specify where the GigaStor and network packet data will be saved. The default is C:\Program Files\Observer\Data if a software install or non-GigaStor probe or D:\Data if a GigaStor hardware appliance. Unless you have a specific reason to use another directory, we suggest using the default.
Maximum IP DNS resolution entries
Defines the maximum number of DNS entries the probe should maintain. The probe will keep up to the number of entries defined or what the probe can maintain in 10 MB of storage space, whichever is less. The probe keeps the first 10,000 entries (or whatever amount you define) it sees; it does not keep a rolling list of the last 10,000. After the limit is reached, no more entries are kept. They are discarded.
Run Probe as Windows Service
Select this option if you want to run the probe as a Windows service. This allows the probe to start without requiring a user to log in and start the probe. The probe starts whenever the system starts, which can be especially important for a remote probe. The change takes effect on the next system restart.
When running the probe as a Windows service, some options are available to you that you do not have when running the probe as an application. Specifically, you can set Networking Trending and see CPU load of each probe instance. In both modes, you can configure memory management, configure security for each probe instance, reserve Windows memory for the probe, adjust for time drifts through clock synchronization, and enable the probe to be a virtual TAP.
View certificates from other Observer assets
Click the Certificates button to view trusted, untrusted, and pending trust, certificates that allow secure asset-to-asset communication. See Understanding the certificate trust model for details.
 
 
Customizing statistics and capture buffers for probe instances
Prerequisite: Multi or Expert Probe.
Before changing any of the buffer sizes, you should understand how any changes you make affects the probe. See How a probe uses RAM.
To change memory allocation for probe instances, see Running Observer with reserved memory.
To fine-tune the Statistics Memory Configuration, see How to adjust the statistical buffer.
Configuring probes to collect data even when not connected to an analyzer
Probes (and probe instances) can be configured to collect data only when you tell it to—including manually starting/stopping the collection, having collection always running, or based on a schedule. The schedule and settings are saved with the probe instance. This means if you choose to have packet capture always running or running on a schedule that the probe instance does not need to be connected to an Observer.
To configure when packet capture should run, complete these steps:
1. In Observer, select a probe instance in the Probes list.
2. On the Home tab, in the Capture group, click Configuration > Packet Capture.
3. Click the Settings button. The Packet Capture Settings window opens.
4. Click the Schedule tab.
5. Choose the schedule you want (Always, daily, or specific days).
6. If you want to control the capture buffer’s size, click the Capture Options tab. The data is saved on the probe in C:\Program Files\Observer\Data.
 
 
Setting the probe’s time clock synchronization settings
At times your capture card drivers time clock may drift. They can be synchronized with the system clock, if you wish. Unless you notice a reason to enable this feature, we recommend that you do not synchronize your capture card’s time clock.
Some Other things to consider:
The capture card synchronizes itself with the system clock at when the system starts.
Generally, you are interested in relative time between packets, not the actual time a packet was seen.
1. Do one of the following:
On the probe: Click the Synchronization tab.
In Observer: Select a probe instance, right-click and choose Administer Selected Probe. Then click the Synchronization tab.
2. Click the Edit Schedule button.
3. Choose when and how you want the capture card’s time clock to synchronize with the system clock and click OK.
 
 
Configuring connections to multiple NICs or Observer
Prerequisite: Multi or Expert Probe.
With a Multi Probe, you can configure the probe to view multiple networks if multiple NICs are installed on the local system and to provide multiple Observer with views of the local network interfaces.
The probe accomplishes these capabilities by allowing multiple instances of itself. A probe instance is a virtual probe with attributes that define:
Which network interface on the local system to capture data from.
Which Observer (local or remote) to direct the data to.
Setting the total system memory reserved for probes
Prerequisite: Multi or Expert Probe.
Memory use is an important and vital part of using an Observer probe successfully. Before changing any of the reserved memory, you should understand how any changes you make affects the probe.
Configuring the probe’s adapter speed, ToS/QoS precedence, and statistics sampling
After connecting the probe instance to Observer Analyzer, there still may be some additional configuration that you must do. This is completely dependent on your network environment and your needs.
This section applies to all probes and all versions of them, including Single Probe, Multi Probe, and Expert Probe on VIAVI or third party hardware.
In Observer :
1. Select a probe instance in the Probes list.
2. Right-click and choose Probe or Device Properties.
3. Use the following tabs to further configure the probe for your environment. Not all of these tabs are present at all times. What tabs are visible depends on the type of probe you are configuring. For instance, the Gigabit tab is only visible when you are configuring a Gigabit Probe. For details about the fields on each tab, see the Configuring a probe’s name and other probe options.
Tab
Description
General
Set the statistics sampling divider and MPLS settings. For field descriptions, see Probe Properties field-level descriptions.
Adapter speed
Verify that the adapter speed is registering correctly. Change the adapter speed if necessary. Changing the adapter speed here may be useful and necessary, because statistics, graphs, and reports generated by Observer are set using the adapter speed as the maximum. If, for some reason,Observer is not able to correctly identify your adapter speed your reports may be inaccurate. For field descriptions, see Probe Properties field-level descriptions.
ToS/QoS
Ensure these settings match your needs paying particular attention to the IP precedence bit for the ToS/QoS of your network. What you set here affects how the Observer analyzer displays information about VoIP, NetFlow, sFlow, and capture decodes. For field descriptions, see Probe Properties field-level descriptions.
Gigabit
Define the maximum frame size for your network. The default is 1514 bytes (excluding the frame checksum), which is appropriate for standard Ethernet. If the network link you are analyzing is configured to support jumbo frames (frames larger than 1514 bytes), you may want to change this setting to match the frame size of the Gigabit network, up to a maximum size of 9014 bytes. Observer will then discard frames that exceed this maximum frame size, generating a “Frame too large” error.
Wireless 802.11
Define what channels you want to monitor, what antenna you use for the wireless card, and your wireless encryption key if you use one for your network. See Monitoring a wireless access point. For field descriptions, see Probe Properties field-level descriptions.
D3/E3/HSSI
Choose your WAN type, then choose the frame check sequence standard. You must set encapsulation to match the frame relay settings on the CSU/CDU. If ATM or LAPB is selected, you must also choose a subprotocol. Set the bandwidth to match the channel settings of the fractionalized HSSI link. For field descriptions, see Probe Properties field-level descriptions.
T1/E1
Choose your WAN type, then set encapsulation to match the frame relay settings on the frame relay router. If ATM or LAPB is selected, you must also choose a subprotocol. Pick a line frame that matches your network. If your link is fractionalized, select that option. For field descriptions, see Probe Properties field-level descriptions.
Virtual adapters
Packet Broker Integration
 
Your probe instance is now configured. You can begin collecting network traffic and statistics using it. Typically, this is done in Observer by choosing Capture > Packet Capture and clicking the Start button. See Configuring probes to collect data even when not connected to an analyzer for details. You do not, however, need to start a packet capture to see statistics. See the list of statistics available under the Statistics menu in Observer.
If you are using a GigaStor probe, see .
 
Probe Properties field-level descriptions
 
This section include details about many of the fields and options for a probe.
Table 36. General tab
Option
Description
Communication timeout
Allows you to define how long Observer will wait for the Probe to communicate before it assumes the connection is lost. Values are from 2 to 60 seconds.
Probe report period or local Observer information refresh time
Allows you to set how often the Probe sends a refresh packet or how often the local Observer’s dialogs are refreshed. This value has a minimum of 2 seconds with no maximum.
Statistics report (refresh) period
Allows you to set the statistics display refresh period. This value has a minimum of three seconds with no maximum.
Vital signs report (refresh) period
Allows you to set the Network Vital Signs refresh period. Values are from 10 to 600 seconds.
Sampling Divider
On probes with less processing power, high traffic rates (such as those typical of gigabit connections) can overwhelm the probe’s ability to keep up. A sampling divider tells Observer to only consider one of every n packets when calculating statistical displays, where n is the sampling divider. This setting only affects statistical displays such as Top Talkers, Internet Observer, etc. (packet captures are unaffected). A sampling divider of 2 registers every other packet; a sampling divider of 10 registers every tenth packet. Some statistical displays consider every packet regardless of this setting. Bandwidth Utilization looks at traffic as whole, so does Wireless Site Survey.
Encapsulated Traffic Analysis
GRE (Generic Routing Encapsulation) and GTP (GPRS Tunneling Protocol) are two encapsulation protocols that may have been deployed on your network. To show the encapsulation IP addresses, leave the box unchecked; to show the nested IP addresses, check the box. This setting also applies to L2TP and IPv4.
Nortel OEL2 Metro Ethernet Analysis Settings
Choose if frame headers should be analyzed as OEL2 headers.
MPLS Analysis Settings
Choose whether Observer should auto determine IPv4 and IPv6, what all other traffic is (ATM or Mac Header), and whether to use a four byte pseudowire word. Also choose whether to use the MAC addresses from encapsulated MPLS header.
Table 37. Parameters tab
Option
Description
Network type
Displays the probe’s network topology, such as Ethernet, Token Ring, wireless, and WAN.
Network speed
Displays the network speed. The distinction here is between the actual, measured speed of the network and the speed that the NIC card, possibly incorrectly, reads from its connection. For example, a 10/100Mb NIC card on a 10/100Mb connection to a switch on a network where all the other stations are running at 10Mb will report the network speed as 100Mb. This item is the actual number that the NIC card driver sends Observer, so 10Mb Ethernet will be reported as 10,000,000. 100Mb Ethernet will be reported as 100,000,000.
NIC card name
Displays the name of the card as reported by the NDIS driver to the registry.
Probe version
Displays the probe version used by the local Observer or probe.
Number of adapters
Displays the number of cards the local Observer or probe has configured.
Instance memory (MB) and Capture Buffer (MB)
Displays the amount of RAM the instance or probe has available for statistics and capture buffer. Observer has no limitations on the amount of RAM that can be used for a buffer. The maximum allowable buffer size is displayed in the Options > Selected Probe or SNMP Device Properties > Probe Parameters tab.
View Probe Instance Memory Allocation
Lets you view and edit how the memory used for statistics is allocated for this probe instance.
Network errors Supported by the NIC NDIS driver
Displays the aggregate errors that your NDIS driver provides statistics for.
Table 38. Adapter Speed tab
Option
Description
Current Network Speed
Your current speed reported by the network card.
Network Adapter Speed
Choose to let Observer and the NIC automatically determine the network speed, or to select from various values (in megabits per second) for the network speed to be used for calculations.
The primary use of this is to correct a mistaken NIC’s impression of overall network speed. A network card connected to a 10 megabit hub on a gigabit network will think that the entire network is only 1% as fast as it actually is.
Table 39. Autoupgrade tab
Option
Description
Autoupgrade probe within minor version release
Activates the autoupdate feature for minor version (i.e., point) releases (which do not require a new license).
Autoupgrade probe for major version release
Activates the autoupdate feature for major version releases. You must supply an ID and license key to update probes with a major version release.
If the probe includes a capture card and the upgrade includes a Field Programmable Gate Array (FPGA) firmware update, the system must be manually shut down and restarted before the firmware update can take effect. A system restart will not complete the firmware upgrade (a shut down is required); however, the autoupgrade process will restart the probe system, thus completing the probe software upgrade. In most cases, the probe will still be operable with a software-only upgrade, but any of the benefits of the firmware update are not activated until you manually shut down and restart the probe.
Force Probe Autoupgrade to the current Observer version
This provides a manual mechanism for updating a probe.
Table 40. ToS/QoS tab
Option
Description
Collect Protocol Distribution by QoS
When enabled, QoS data is collected.
Use 802.11e Wireless TID/QoS
When enabled, QoS for wireless networks is collected.
IP ToS/QoS Standard
This tab is used for NetFlow and VoIP analysis. IPv4 supports the Type of Service (ToS) byte, also known as the Precedence byte. Different RFCs define different ways to interpret the byte:
Default (RFCs 1349, 1195, 1123, and 791)
OSPF V2 (RFCs 1248 and 1247)
DSCP (RFC 2474)
User Defined
The information on the right shows the bit assignments. User-defined interpretations are also allowed. for the currently selected option. The User defined option displays entry fields that allow you to define the meaning of each bit position in the ToS byte.
Table 41. Wireless 802.11 tab
Option
Description
Site Profile
Site profiles allows you to save and retrieve wireless parameters, rather than re-keying the parameters every time you change sites.
Monitor Wireless Traffic by
Choose one of the following:
Scan Channels—Click the Channel Map button and choose which channels you want to scan, then choose how often you want to scan them.
Scan Interval—Define the scan interval.
Fixed Channel—Pick a channel to monitor.
BSSID—Specify the Basic Service Set ID of the Access Point you want to monitor.
ESSID—Specify the Extended Service Set ID of the network you want to monitor.
Use encryption keys
If your wireless network is secured, you must provide an encryption key for Observer to be able to capture and decrypt the wireless traffic. Select the Edit Encryption Keys button and provide your wireless encryption key.
Antenna to use
The type of antenna connected to your system. Specify one of the following:
Antenna Diversity—Use the stronger signal from the two antenna ports. This is the recommended setting for the standard snap-on antenna.
Primary Antenna Only—If you are not using the standard snap on antenna, choose this option if the antenna you are using is connected to the primary antenna port (see your NIC manual for details).
Secondary Antenna Only—If you are not using the standard snap on antenna, choose this option if the antenna you are using is connected to the secondary antenna port (see your NIC manual for details).
Table 42. DS3/E3/HSSI tab
Setting
Explanation
WAN Type
Choose DS3 (T3), E3 or HSSI to match the type of link you are analyzing, then choose the frame check sequence (FCS) standard: CRC-16 (the default) or CRC-32.
Encapsulation
You must set this to match the settings on the frame relay CSU/DSU.
Subprotocol
If ATM or LAPB is the selected encapsulation method, you must choose the sub-protocols on the link.
Fractionalized
Check if your link is configured for fractionalized operation. Fractionalized DS3 and E3 are not supported.
Bandwidth (HSSI)
Set to match the bandwidth and channel settings of the fractionalized HSSI link under analysis.
Table 43. T1/E1 tab
Setting
Explanation
WAN/Frame Relay Type
Choose T1 or E1 to match the type of link you are analyzing.
Encapsulation
You must set this to match the settings on the frame relay CSU/DSU.
Subprotocol
If ATM or LAPB is the selected encapsulation method, you must choose the sub-projects on the link.
Link 1 and Link 2 Channel Settings (Note that for the link and settings to be activated, you must check the On check box for that link).
Fractionalized
Check if this link is configured for fractionalized operation.
Channel selector check boxes
Choose the channels you want to be included in the analysis.
Include in Util. Thermometer.
Check if you want to include statistics from this link in the Bandwidth Utilization Thermometer.