Observer Analyzer : Expert Probe Software : Using the Probe
Using the Probe
Page Contents
Using the Expert Probe software
VoIP Expert, Application Performance Analysis, and Application Transaction Analysis
Switching between the probe and analyzer user interfaces
Enabling Network Trending and setting which statistics are collected
Monitoring a wireless access point
Revised: 2016-03-07
The probe has two interfaces: the probe service and the analyzer user interfaces. You can switch between the two depending on what you want to accomplish. Also learn about monitoring a wireless access point (AP) and where to enable network trending.
Using the Expert Probe software
Learn how to create, configure, redirect, and delete both local and remote probe instances.
Prerequisite: Expert Probe
The Expert Probe is a step above the Multi Probe software and is the only probe software that runs on the GigaStor. The Expert Probe includes all the functionality of the Multi Probe, plus it displays remote expert analysis in real time for faster troubleshooting. If you are using the Expert Probe on a GigaStor(rather than a non-GigaStor probe) there are even more features available. Just like the Multi Probe, the Expert Probe has a number of tabs that allow you to control probe network connections and memory usage, administer probe security, and monitor probe activity.
Figure 76: Expert Probe on a GigaStor
An Expert Probe transfers decode data to an Observer only when you select the packet from the one-line summary pane, which is updated with packet header information in real time. This conserves network bandwidth by analyzing all data locally and sending only the results. This eliminates the need to transfer data packets over the wire. This differs from the Single Probe and Multi Probe because those probes send the entire buffer to the analyzer and the decoding and analysis happens on the analyzer.
Another feature exclusive to the Expert Probe is its ability to switch between being a probe or an analyzer. This can be very useful depending on your needs. This gives you flexibility in using the probe both remotely and on site.
VoIP Expert, Application Performance Analysis, and Application Transaction Analysis
Prerequisite: Expert Probe
The Expert Probe provides unique insight into your OSI Model Layer 7 applications that the Multi Probe and Single Probe cannot provide. This is especially true for VoIP.
There is nothing that you need to configure on the probe to enable these features, but this information is only available when viewing the probe instance of an Expert Probe.
To use and configure VoIP, ATA, or APA:
1. On the Home tab, in the Capture group, click Network Trending > Network Trending.
2. Use the General, Application Transaction Analysis, Application Performance Analysis, and VoIP tab to configure your options.
See Choosing your network trending types for details.
3. Click the Start button to begin monitoring.
4. After you have collected some data, click the Analysis button. The View Network Trending data dialog opens.
5. Choose “Transfer and view current day statistics” and click OK. This opens the Network Trending Viewer in a new tab where you can see your data.
Switching between the probe and analyzer user interfaces
Revised: 2016-12-09
Most probes can be run as either a Windows service or in application mode. Some settings can only be made when the probe is in application mode.
Prerequisite: Multi or Expert Probe.
Depending on how you want or need to use your Expert Probe, it can be either an Observer to help you view your network data or it can be a probe to capture data and to which other Observer can connect. The Expert Probe software cannot simultaneously be an analyzer and a probe.
To change the Expert Probe interface to load as a fully-featured Observer, click File and Options > Switch Interface. You must restart the application to see the change.
Note: For a GigaStor, the Expert Probe software is running as a Windows service. You must stop the Expert Probe service before you can change its interface.
1. Right-click the Probe Service Configuration Applet in the system tray and choose Open Probe Configuration.
Figure 77: Probe Service Configuration Applet
The Probe Administration window opens.
2. Choose Options > Probe Options.
3. Clear the option Run Probe as a Windows Service option, and click OK.
This removes the VIAVI Expert Probe service from Windows.
4. Start Observer.
5. Click the File tab, and click Options > Switch Interface.
6. Choose Observer, click OK, and click OK again when prompted.
This closes Observer.
7. Start Observer.
Observer is now set to use the analyzer interface.
When switching back to an Expert Probe on the GigaStor, you must reverse these steps and then you must manually start Expert Probe from the Windows Service Control Manager. It may take a moment before the service starts. You may need to restart the GigaStor for the setting changes to fully set.
Enabling Network Trending and setting which statistics are collected
A probe can provide many different statistics about your network, but you must enable the collection of those statistics. Network Trending does not capture packets, but collects statistics about the traffic on your network. Many reports in Observer use the trending information, and we recommend you enable Network Trending.
1. To turn on the collection of a specific statistic, in Observer choose Statistics > and then select the statistic you want to have the probe collect and report.
2. On the Home tab, in the Capture group, click Network Trending > Network Trending.
Monitoring a wireless access point
You can capture all wireless traffic with a wireless network card on a laptop or any system with a wireless network card if you use the VIAVI wireless driver. The default driver for your wireless card is not sufficient for Observer.
Standard network cards do not support “raw” wireless packets, nor do they enable “promiscuous” mode by default. Promiscuous mode captures all packets for the analyzer, not just those addressed to the network card. Both “raw” wireless packets and promiscuous mode are required by Observer. The VIAVI wireless driver enables these options.
When a network card is running in promiscuous mode, it cannot connect to a wireless access point. It can only capture traffic. If you are using a laptop and want to capture traffic and at the same time connect to a wireless access point, your laptop must have two wireless cards.
If you are using the probe software on your laptop, you need two network adapters. Typically, one adapter is an Ethernet card for communication and one wireless adapter for analysis. You could also use two wireless cards. You may also need special drivers.
If your wireless network uses an encryption key or specific wireless channels, you can specify that information for the wireless adapter.
Note: use private keys to authenticate with a RADIUS server, then dynamic keys are used to encrypt communication on a user by user basis, with no two users ending up with the same keys. Observer cannot decrypt the data from a site that implemented EAP/LEAP, but this does not mean Observer is not useful. Because all management and control packets are not encrypted, wireless troubleshooting is not affected even if you use EAP/LEAP. If you want to troubleshoot the actual data in the conversation, collect the data on the wired side where there is no encryption and all protocols can be decoded. Observer supports both wired topologies (i.e. Ethernet, Token Ring and FDDI) as well as wireless topologies to troubleshoot both sides of a conversation (wireless management+control AND full wired data) you only need one product.