Network Instruments GigaStor Portable Скачать руководство пользователя страница 1 | Manualshive

Страница: 1 / 115

background image

GigaStor™

User Guide

1
2
3
...
»

Содержание GigaStor Portable

Страница 1: ...GigaStor User Guide...

Страница 2: ...inks 23 Monitoring wireless traffic 24 Deciding where to place probes in your network 24 Ports used by Network Instruments products 26 Chapter 5 Packet Captures 27 Capturing packets with the GigaStor...

Страница 3: ...l Firm 59 Using Observer in financial firms 59 Analyzing FIX transactions 60 Configuring a FIX profile 61 Chapter 12 GigaStor RAID Maintenance 63 Monitoring and maintaining the GigaStor RAID array 63...

Страница 4: ...0 Troubleshooting your GigaStor configuration 91 GigaStor Control Panel option is grayed out 91 GigaStor is full or does not have the history you expect 91 TCP applications are not appearing in the Gi...

Страница 5: ...5 GigaStor Upgradeable...

Страница 6: ...in your network 2 The GigaStor uses probe instances and in particular a unique probe instance called an active instance Learn more about probe instances and why you want to use them in What is a probe...

Страница 7: ...in Using the GigaStor Control Panel page 8 to fine tune your GigaStor 10 Optional If you want to track physical ports individually ensure you enable Track statistics information per physical port See...

Страница 8: ...be configured as a local console for on site analysis Using the GigaStor Control Panel This section covers the GigaStor Control Panel its settings and its use when you choose Capture GigaStor Control...

Страница 9: ...tatistics section Now you can more easily work with and view reports and statistics for your selected time frame You can filter or select a specific area of interest such as HTTP Press the Analyze but...

Страница 10: ...Capture and analysis options What protocols are on your network Are they all standard protocols or do you have some custom or home grown protocols Other general GigaStor Control Panel options The Pack...

Страница 11: ...t recent 1000 The maximum allowable IP Pairs is 100 000 the default is 10 000 Capture and Analysis Options Enable intelligent TCP protocol determination Displays only known applications while hiding d...

Страница 12: ...ture and Analysis Options section on this tab Auto update GigaStor chart When selected causes the listed actions to have the same effect as clicking the Update Chart Statistics buttons Keep focus on G...

Страница 13: ...data Data must be collected with this option enabled for GigaStor reports to present the data correctly using the update reports button By clearing this option you ensure you get all protocol informat...

Страница 14: ...IP Stations tab you see your subnets and you can perform statistical analysis based on subnets When you analyze data from captures with index files without any subnets defined there will be no subnet...

Страница 15: ...Max Buffer Size an error dialog will be displayed indicating the minimum and maximum buffer size for your Observer or probe buffer Generating NetFlow records from the GigaStor s NetFlow Agent The Gig...

Страница 16: ...ch the buffer for the records that interest you Figure 3 shows how the Observer analyzer displays captured NetFlow records and what the NetFlow templates format is for that record See the Cisco docume...

Страница 17: ...asily as local networks eliminate the time and expense of traveling to remote sites and speed troubleshooting A probe is a hardware device on your network running Network Instruments probe instance so...

Страница 18: ...instance found on all non GigaStor probes Table 2 Active vs passive GigaStor instances and Observer probe GigaStor Active probe instance GigaStor Passive probe instance Observer Probe1 Better suited f...

Страница 19: ...probe instance should have as large of a RAM buffer as possible to cushion between the network throughput rate and the array write rate Like a passive probe instance it can also be used to mine data...

Страница 20: ...annot invest in dedicated hardware probes Network Instruments software probes provide a low cost monitoring option and are easy to install and configure Software probes support Ethernet Gigabit and wi...

Страница 21: ...d party hardware Ethernet Single probe 3rd party hardware Installed software Expert Probe Multi Probe Single Probe Sends entire buffer1 X X Alarms X X X Trending X X X Triggers X X X Wireless X X X En...

Страница 22: ...he probe is connected Most switches provide a function that mirrors all packets received or transmitted from either a single port of interest for instance a server or router or multiple ports of inter...

Страница 23: ...alysis are performed by distributed agents called probes which in turn send the packets or the analysis results e g bandwidth utilization statistics most active stations etc to analyzers for further p...

Страница 24: ...ed to connect to a standard NIC which allows them only one side of the full duplex link to transmit data A TAP however is designed to connect to a dual receive capture card By sending data on both sid...

Страница 25: ...links that connect servers or server farms to core switches will give you complete visibility into all traffic between servers and their clients Connecting additional half duplex probe appliances to S...

Страница 26: ...u open inbound and outbound TCP UDP 25901 through 25905 on your firewalls for its products This table lists more specifically what ports are used by your product Ports Functionality TCP 25901 Observer...

Страница 27: ...d security credentials without duplicating data collection or storage You can view the sliding window as a time line chart Depending on what constraint are in effect and your display options determine...

Страница 28: ...sult is a partial packet capture Some benefits of partial packet captures include Smaller capture sizes More overall storage space for packet captures Greatly increases the effective storage size of a...

Страница 29: ...eral tab to a fixed sampling ratio of 1 100 or whatever you wish Using dynamic sampling allows the GigaStor to make decisions about how sampling for statistics should be accomplished The GigaStor make...

Страница 30: ...he SYN SYN ACK ACK to ever index data For more details about indexing in the GigaStor continue reading the rest of this section Every 15 seconds the GigaStor writes indexed statistical data into a Gig...

Страница 31: ...which options are enabled and disabled the GigaStor may completely ignore 10 0 0 1 on 8080 from being indexed Exporting GigaStor data for archiving You can export your GigaStor collected data on a sc...

Страница 32: ...tely as it is seen by the capture card interface and then passed to the capture buffer This ensures the most accurate timestamp Table 3 GigaStor Analysis Options This option Allow you to do this Analy...

Страница 33: ...ter before starting analysis Allows you to view the filter before Observer begins analyzing the packet capture For example you might choose this option if you have already used the filter and the outp...

Страница 34: ...ly calculate metrics about the quality of the feed for the endpoints such as MDI by providing the Delay Factor and Media Loss Rate information 4G LTE analysis Analyzes the captured 4G LTE traffic from...

Страница 35: ...jump to that time by right clicking the Detail Chart and choosing Go to Specific Time The FIFO sampling cpu gauge on the right side tracks how well GigaStor s disk hardware is keeping up with the cur...

Страница 36: ...that is shown on the Detail Graph You can do so with the filters section of the GigaStor Control Panel You can filter data from MAC Stations tab IP Stations tab IP Pairs tab and more One example wher...

Страница 37: ...ters from the GigaStor Control Panel 2 After you have a filtered chart click the Analyze button The GigaStor Analysis Options window opens 3 Because you are analyzing data with checked GigaStor entrie...

Страница 38: ...or that instance is open and try again 5 Click Update Reports to start combining index data 6 After the process completes the currently open GigaStor Control Panel is showing a real time aggregate of...

Страница 39: ...etail Chart and shows you all of the traffic from the address 4 You can further filter the chart and reports by selecting specific traffic types for example HTTP SMTP Telnet and so on 5 Analyze the da...

Страница 40: ...ence calls and conference video where multiple endpoints are present And endpoint could be a person holding a handset wearing a headset or a line that is open for hold music or for recording To extrac...

Страница 41: ...analyze 4G LTE traffic from your GigaStor You can isolate subscribers by IMSI or IMEI across eNodeB SGW or PWG using various communication paths such as S1 MME S1 U S11 S5 or X2 Prerequisite s You mu...

Страница 42: ...each session including subscriber service area cell site network element handset type error codes and session status you will have excellent insight into your LTE network status Long Term Evolution LT...

Страница 43: ...s of individual subscriber activities and session irregularities as well as bandwidth utilization for each interface Obtain metrics and visibility for all important interfaces within your LTE environm...

Страница 44: ...ersion of Observer is a powerful tool for scanning high volume packet captures for intrusion signatures and other traffic patterns that can be specified using the familiar Snort rule syntax You can ob...

Страница 45: ...ick menu lets you examine the rule that triggered the alert if applicable It also lets you jump to web based threat references such asbugtraq for further information about the alert These references m...

Страница 46: ...lassification must both be enabled for that rule to be processed For example suppose you want to enable all policy violation rules simply right click on the rule list choose Enable all rules and then...

Страница 47: ...essor to the log Maximum active TCP streams tracked If this value is set too high given the size of the buffer being analyzed performance can suffer because of memory consumption If this value is set...

Страница 48: ...e characters This preprocessor includes options to circumvent the most common evasion techniques To match patterns against the normalized URIs rather than the unconverted strings captured from the wir...

Страница 49: ...ce maintains its own copy called the ARP cache which is updated whenever the device receives an ARP Reply Hackers use cache poisoning to launch man in the middle and denial of service DoS attacks The...

Страница 50: ...attacks During the same time frame and unknown to the IPS IDS a brute force attack occurred and was successful against the default Admin account on your VPN concentrator After they were beyond your pe...

Страница 51: ...reates a filter 3 Click Update Chart This updates the Detail Chart and shows you all of the traffic from the address 4 You can further filter the chart and reports by selecting specific traffic types...

Страница 52: ...or for a financial company as the primary audience but any network administrator interested in microbursts should find the information useful You might have microburst issues if your latency is creepi...

Страница 53: ...you when microbursts occur Customize your triggers and actions and choose Microbursts from the Alarms list Using the Microburst Analysis tab is the easiest way to analyze large chunks of time for micr...

Страница 54: ...charts the bars may not appear to change If you look closely you will notice that the numbers on the vertical axis change as does the title of the chart To enable microburst analysis and define what o...

Страница 55: ...ort on the capture card is considered independently from all others The traffic is never combined between ports to meet a threshold If you have a 4 port 1 Gb capture card you have four independent 1 G...

Страница 56: ...0005 000 0005 000 000 Bytes sec in Interval 309 672 12 338 304 61 688 484 617 826 617 826 617 826 617 826 617 826 617 826 Bytes sec in Interval with IFG 319 500 12 500 000 625 000 000 625 000 625 000...

Страница 57: ...you want for the Detail Chart GigaStor Outline This tab lets you choose the appearance colors and scale of the Outline Chart The Outline chart is the bottom graph in the upper portion of the GigaStor...

Страница 58: ...n pixels Graph Times allows you to set how the X axis will be displayed Clock time will show times using a 24 hour clock i e the current time Relative time will display times from the start of the act...

Страница 59: ...markably accurate timing without concern for clock drift gain or loss Trading Multicast analytics Multicast is used in trading firms to deliver information on pricing volume and more Getting this info...

Страница 60: ...the trading what the order ID is Observer has full decode support for FIX 4 2 4 4 along with support for all of the most significant FIX commands If you need extended capabilities for monitoring FIX b...

Страница 61: ...performs in depth application analysis of each request or type of request by examining important information within the payload This information typically involves massive amounts of data often best...

Страница 62: ...k If it is not you may increase or decrease it By increasing the amount of requests the amount of system resources needed to analyze the requests is also increased which means the analysis will take l...

Страница 63: ...D array is failing Clean up disks to maintain performance Monitoring the RAID drives through e mail notifications The RAID array is built at the factory and then the drives are removed and packaged se...

Страница 64: ...s web server 3 Type the user name and password The default user name is admin There is no default password Click OK to open the browser In the browser you can see the RAID set IDE channels Volume and...

Страница 65: ...system level disk fragmentation utility you can automatically delete all of the data files that store probe instance data When disk writes begin again on a clean disk the files are written contiguous...

Страница 66: ...Stor RAID array 1 Select the active probe instance and then choose Capture GigaStor Control Panel You cannot clean the array from a passive probe instance 2 Choose Tools Delete All Instance Capture Da...

Страница 67: ...for the probe not even the operating system may access it even when Observer is closed By having RAM reserved specifically for the Observer probe you ensure that the probe has the memory necessary to...

Страница 68: ...al information is passed to the statistical memory All packets in both the packet capture memory and the statistical queue buffer stay in memory until the buffer is full and the oldest packets are rep...

Страница 69: ...layed indicating the minimum and maximum buffer size for your Observer or probe buffer For passive probe instances which are most often used for troubleshooting the default settings should be sufficie...

Страница 70: ...Windows operating system Single Probes unlike Multi Probes and Expert Probes cannot use reserved memory because of their design 1 Click the Memory Management tab to display the list of probe instance...

Страница 71: ...statistics queue Reserving memory allows Observer to allocate RAM for its exclusive use This ensures that Observer has the necessary memory to store packets for statistical analysis or for capturing l...

Страница 72: ...memory 4 Click View to see the different types of networks and how the memory is allocated to the numerous statistics collected by Observer See Tweaking the statistics memory configuration for detail...

Страница 73: ...er and the packet capture buffer passes the information to the RAID A few notes about how some buffers are used Packets received by the statistics queue buffer are processed and put in the collected s...

Страница 74: ...Gen2 card The Gen2 card is only available in hardware products from Network Instruments There are additional requirements and considerations if you are using a GigaStor A GigaStor may have one of seve...

Страница 75: ...he list You must increase the number of stations that may be allocated This increases the memory requirements though If you have 8 500 stations on your network you will need at least 8 500 entries whi...

Страница 76: ...speeds The 40 Gb Gen2 card comes only in a two port model as seen in Figure 18 page 76 Figure 18 40 Gb Gen2 card two ports The Gen2 capture card is only available pre installed on probes from Network...

Страница 77: ...oid damaging components In addition you should be careful to avoid exposure to laser radiation from optical components by keeping the dust plugs installed until you are ready to install cables Support...

Страница 78: ...click Edit Port Type a useful description and click OK This description appears in the GigaStor Control Panel in Observer 9 Hardware acceleration for your virtual adapter is enabled by default General...

Страница 79: ...e board s ID or view the Gen2 card s properties 1 On the GigaStor system choose Start All Programs Accessories Windows Explorer Choose My Computer and right click and choose Manage The Computer Manage...

Страница 80: ...ically accurate to only within 30 milliseconds Even in the best cases NTP accuracy is only within 10 milliseconds Using the GPS Synchronization System once a second the device calibrates the oscillati...

Страница 81: ...re card synchronizes with the GPS System every second Should the GPS System lose power if you have a secondary power supply or UPS it will failover and continue functioning if you do not have a second...

Страница 82: ...82 GigaStor pub 25 Apr 2014 Figure 22 10 Gb Gen2 Advanced Properties...

Страница 83: ...GPS 83 Chapter 15 GPS...

Страница 84: ...ne where the problem is you can focus on that piece of the puzzle and you may be well on your way to solving the problem Second do not trust anyone or anything The only way to really know what your ha...

Страница 85: ...g Settings General tab In the Collection Settings section change the sampling divider A probe is not connecting to the analyzer or vice versa If the probe is not connecting it could be one of several...

Страница 86: ...onents to verify that the VMONI Protocol Analyzer is listed Then do one of the following If it is not installed skip to step 7 If the VMONI driver is listed remove it Select VMONI Protocol Analyzer an...

Страница 87: ...ID that shows up in the VLANs column in VLAN Statistics You are not seeing all VLANs you have on the network Causes To display VLAN Statistics Observer checks each packet for a VLAN tag if no tag is p...

Страница 88: ...gainst a Layer 3 Switch that uses VLANs you see only a limited number of MAC addresses which typically have multiple IP Addresses associated with them Causes Layer 3 Switches that have been configured...

Страница 89: ...ylight Savings Time is controlled by the operating system When the clock rolls backwards or forwards Observer rolls with it with one exception packet capture decode Packet capture provides nanosecond...

Страница 90: ...Console show interfaces gigabitethernet mod_mun port_num 3 To enable port negotiation should you remove the gigabit Observer product from the switch Console config interface gigabitethernet mod_mun po...

Страница 91: ...e filtering your captures Although this will provide more space for your captures by definition you are excluding some traffic The traffic you exclude may be just the traffic you need to analyze at so...

Страница 92: ...al we recommend that for every eight hard drives in your GigaStor probe that you have one replacement drive Unit Number of recommended spare drives Hours to rebuild array GigaStor 4T 8 drives 1 GigaSt...

Страница 93: ...and import them into the other GigaStor probes Import Use this button to import FIX profiles that was created and exported from another Observer analyzer Export Use this button to export a FIX profile...

Страница 94: ...should be completed on the GigaStor probe itself by having the software running in Observer analyzer mode rather than Expert Probe See This may require that you use Remote Desktop to access the syste...

Страница 95: ...SNMP C Program Files Observer SNMP This contains any custom MIBs compiled MIBs request files and SNMP trending data Back up if you have made SNMP changes or have SNMP trending data Use Options Observ...

Страница 96: ...r Restore USB drive having a matching serial number for that GigaStor For example if you have three GigaStor appliances to restore you must use three specific and separate GigaStor Restore USB drives...

Страница 97: ...em restore is complete Both the GigaStor probe software and Window operating system are already licensed That information was included on the USB drive You can begin using the probe Type your login cr...

Страница 98: ...r your probe Documentation and warranty information Keep this information in a safe accessible location Installing the GigaStor Upgradeable 5U Getting your probe installed is the first step to greater...

Страница 99: ...ou are using a switch s SPAN mirror port no TAP is required Simply plug any straight through Ethernet cable into the SPAN mirror port on the switch into the ports on the Gen2 capture card and skip TAP...

Страница 100: ...onent 2 U extension 2 8 32 flathead screws 8 10 32 panhead screws 4 1 Measure the length of your cabinet from front mounting post to rear mounting post 2 Remove the long rail component from the applia...

Страница 101: ...a weight on a GigaStor while it is in the cabinet There are locking mechanisms along both sides of the appliance that prevent it from inadvertantly sliding out Pull the appliance towards you then pres...

Страница 102: ...ion will result in poor read write performance until the RAID array volume is rebuilt Stickers on each drive identify which slot it should be installed in The drive labeled A1 must be installed in the...

Страница 103: ...e Confirm that it clicks into place Tug each drive slightly to ensure that it is properly seated It should not move or come out Additionally you may want to visually inspect all of the drives from the...

Страница 104: ...ful since most probes are in distant or physically secure locations At this point you have physically installed the hardware and connected all the cables Now you must turn on the probe and configure t...

Страница 105: ...k OK Click OK again to close the Local Area Connection Properties dialog Close the Network Connections window 7 Right click the Probe Service Configuration Applet in the system tray and choose Open Pr...

Страница 106: ...gardless of whether the probe is powered on If you want to use the Lights out Management features you must set the IP address for the LOM port in the probe s BIOS 1 Ensure the Lights out Management po...

Страница 107: ...the media drives and system controls Two keys are provided Contact Network Instruments for additional keys which are available for a small charge Front panel LED Temperature alarms that warn you when...

Страница 108: ...built at the factory and the drives are removed before being shipped to you The locations indicate where each drive should be installed Installing a drive in a location other than its preassigned slot...

Страница 109: ...2 4 8 and 12 ports Additional Hardware Includes Network TAPs and media kit s Topology Support Gigabit Key Remote Capabilities Web based management Graceful power shutdown startup and reboot Pager and...

Страница 110: ...media types Some products require an SFP module These are the supported media types 40 Gb QSFP Transceivers 40GBASE SR4 10 Gb Ethernet SFP Transceivers 10GBASE SR 10GBASE LR 10GBASE ER 1 Gb Ethernet S...

Страница 111: ...fer size 15 18 buffer statistics 68 buffer see capture buffer and statistics buffer 68 buffers 18 20 20 20 71 72 bugtraq 45 45 C cable length 80 cables 98 capture buffer 32 bit Windows 68 64 bit Windo...

Страница 112: ...abit 20 defining probe as 77 Gigabit copper 98 gigabytes 68 68 GigaStor 73 104 collision test 89 expansion units 98 104 getting started 6 hard drives installing 102 102 102 indexing 29 loss of data 63...

Страница 113: ...rotocol 80 network traffic 24 network trending 20 85 Network Trending 94 network visibility 23 NIC 20 missing 86 with packet analyzers 23 NIDS 44 NIMS 20 not connecting 85 NTP 80 O Observer ports used...

Страница 114: ...AM limitations 68 RAM needed for busy networks 73 Random Access Memory see also RAM 67 read performance 102 reassembling 45 recommendations 71 recovery 95 registry 94 Remote Desktop 104 reports 12 res...

Страница 115: ...84 probe connection 85 slow probe system 85 VLAN Statistics tool 87 87 VLAN visibility 88 troubleshooting SPAN port 81 U UDP 25903 26 90 Update Chart button 10 USB 95 user memory 67 users 20 85 simult...

Отзывы:

Нет отзывов

Похожие инструкции для GigaStor Portable

Бренд: Parr Instrument Company Страницы: 130

Бренд: jenway Страницы: 17

Бренд: F.W. Bell Страницы: 75

Network Card-MS

Бренд: Eaton Страницы: 26

Бренд: CA.MI Страницы: 68

Solicap M FTI55

Бренд: Endress+Hauser Страницы: 92

AccuPoint 2 ATP

Бренд: Neogen Corporation Страницы: 16

Бренд: GREISINGER Страницы: 20

Бренд: PCE Instruments Страницы: 6

Proline Promag 10D

Бренд: Endress+Hauser Страницы: 28

Бренд: Westfalia Страницы: 18

Бренд: Hanna Instruments Страницы: 28

Бренд: UEi Страницы: 16

Rainbow RTI-Nano Series

Бренд: Laserworld Страницы: 25

Lange ORBISPHERE 3100

Бренд: Hach Страницы: 47

Бренд: ATIM Страницы: 32

Бренд: Kobold Страницы: 27

Бренд: Level 1 Lasers Страницы: 8

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды