|
|
||
|
|
||
|
|
||
|
|
||
|
OmniPeek Enterprise
OmniEngine Enterprise
OmniPeek Professional
OmniPeek Basic
OmniEngine Desktop
OmniVirtual
Omnipliance
Omni Wireless Sensor
|
To view details or purchase maintenance and support for OmniPeek Personal, please visit: http://www.omnipeek.com/support.php.
Currently, web view reassembly is only supported on the console.
If the system running Omni 5 becomes overburdened, and the view takes longer than ½ the refresh rate to update. then the Web or VoIP view will switch from a 1 second refresh, to a Manual refresh. You should see the following message; “Update interval set to manual; updates for this view are too slow for automatic update.”
The web views currently have a limit to the number of requests it will display; ¼ the expert flow limit. By default, the expert flow limit is set to 10,000, so the web views will only display the first 2500 requests.
It shows a timeline of the selected request, its duration, its packets, and its phases. With it, you can see the timing and location of packets in a request or requests. This will allow you to determine what request is slowing down a page load. The timeline column is essentially a mini representation of the timeline tab.
Capturing of 802.11n packets
At the present time, we support the Buffalo Nfiniti, Model # WLI-CB-AG300N adapter using the Marvell driver that is supplied with Omni 5.
This is because Omni 5 is reporting the actual speed of the adapter’s connection, not its maximum data rate.
We apologize for any inconvenience. These channels will be added to the Network Policy screen in a subsequent version of OmniPeek.
Since all WildPackets products make use of the underlying Operating System for all time computations, no patch will be necessary for our products to operate correctly with the new Daylight Saving Time Change. Important Vista Note: Vista Operating System has a facility for dynamic Daylight Saving Time calculations that takes into account the fact that different years may have different DST dates. The next release of the OmniPeek Product Family (available end of Jan. 2007) will include the code to use this new operating system facility. The end result is that everything will work correctly with Vista, but if a user has XP with the DST hotfix installed, the duration of captures that span the actual time change in past years may be incorrect since XP does not have the facility to understand that different years may have different DST dates. Yes, but keep in mind that OmniPeek will only support Centrino adapters that use the 3945 chipset. At the present time, that is the only Centrino chipset that is supported. If you have an older Centrino chipset, you will need to use an adapter that utilizes our custom driver. Although many manufacturers are using this Intel Centrino chipset for the built-in WLAN adapters in their laptops, the drivers used may vary both in version and design. Please review the items below which are the WildPackets tested conditions for supporting the Intel 3945 Chipset:
Wireless capture for the Centrino 3945 adapter is not yet supported with Vista. This will be supported in a future version of OmniPeek. For now, you will need to use a wireless adapter that utilizes our Atheros driver instead. OmniPeek now has the ability to identify Management frames transmitted by 802.11n devices, such as beacons and probe responses. We can identify the following High Throughput Information Elements: HT Capability Info (Element ID = 45) We expect to fully support standards-compliant 802.11n wireless adapters in the OmniPeek Product Family shortly after the standard is ratified and standards-based hardware is available. According to the IEEE 802.11 Working Group Project Timelines, the 802.11n standard is due for final approval by July 2008. Although all of our testing was done using the Business Edition of Vista, OmniPeek should install and run fine on the other editions as well, such as Home Basic, Home Premium and Ultimate. OmniPeek with the Enhanced Media Option is not supported under Windows Vista at the present time. Capture from the WAC PCI T1 or E1 adapter is not supported under Windows Vista at the present time. OmniPeek will load and run on 64 bit operating systems in 32 bit compatibility mode and supports AMD and Intel x86 processors including the 64 bit capable Pentium and Xeon processors. Yes, OmniPeek has fully integrated the Application Performance Index (Apdex). Apdex is an attempt to represent user satisfaction with application performance as a numeric score from 0.00 (horrible) to 1.00 (perfect). Calculations are based on how long it takes to complete each measured task. Each individual task gets an Apdex score of 1.00, 0.50, or 0.00, depending on task duration relative to a user-defined threshold duration "T": If an individual task completes within a user-defined threshold duration, the user is considered "satisfied" with application performance, and the task gets an Apdex score of 1.00. If an individual task takes between one and four times the user-defined threshold duration, the user is considered "tolerating" application performance, and the task gets an Apdex score of 0.50. If an individual task takes more than four times the user-defined threshold duration, the user is considered "frustrated" with application performance, and the task gets an Apdex score of 0.00. For example, if you set the threshold for web applications at 3 seconds, then any time you can completely load a web page within 3 seconds, you are "satisfied" and score 1.00. If it takes more than 3 seconds, but no more than 12 seconds (4 times 3 seconds), you are merely "tolerating" performance, and score 0.50. If it ever takes more than 12 seconds, you are frustrated, and get an Apdex score of 0.00.
The Expert requires at least 10 tasks before it can calculate an average score. The space shows you where protocol segments start and stop within conversations. The Profile tab lets you save Peer Map configurations settings into a single profile that controls the appearance and layout of the Peer Map. The Configuration tab lets you control what part of the traffic in the Capture window’s buffer is displayed in Peer Map. The Node Visibilities tab displays node counts, and nodes that are both shown and hidden in the Peer Map. For example, if this option is set to Always Hide, then all nodes that have not had their visibility assigned by the user will be hidden. This is useful if, during a live capture, the user doesn’t want new nodes to appear on the Peer Map as they are discovered. In the Capture/Monitor Options, select Performance. For peak performance, right click on one of the features and choose Disable All. This way, OmniPeek will function at peak performance, but the features are still available when needed. When you need a particular feature, you can always enable it. As you enable/disable individual features, the performance bar at the bottom of the Performance Options dialog will move to show you an estimate of the impact of each feature. Here are a few more tips to improve the performance of OmniPeek: Disable the Monitor adapter (Monitor/Select Monitor Adapter/None) Turn off scroll during capture. Control + K will start/stop scroll. Disable passive name resolution. Under Tools/Options/Name Resolution, uncheck enable passive name resolution. Turn off any automatic report production for monitor and/or capture. Under Monitor or Capture options, select Statistics Output. Uncheck Save statistics report. If you need one of the other features, you can enable it when you are actually viewing the capture file. Also if you're on a switched network, you can try using the switch's mirroring or monitoring capability to zero-in on the traffic you're looking for. Try only mirroring ports one by one to avoid overloading the analyzer with traffic. For more information, please see our whitepaper which also applies to the OmniPeek Analyzer products: Applying EtherPeek to Switched and Gigabit Ethernet Network Management. In order to capture wireless traffic with OmniPeek, you must install a custom WildPackets driver. A list of supported cards and the WildPackets drivers can be found here: Please find your card from the list and download the appropriate driver. ***First install and test the adapter with the OEM driver. Do not install the WildPackets driver until the adapter is functioning properly on your network using the OEM driver.*** Also, be sure to follow the ReadMe carefully; you must choose 'Don't search. I will choose the driver to install.' Yes, here’s how: OPeek.exe [/autoload |/autostart ] [template1] [templateN] The /autoload switch loads the specified Capture Template (*.ctf) file(s). The /autostart switch loads the specified template(s) and begins capture. Multiple templates may be listed, separated by a space. You can use the * (asterisk) character or the ? (question mark) character as wildcards in specifying template names, following standard Windows wildcard usage. In a default installation of OmniPeek, the command line would be started from: C:\Program Files\WildPackets\OmniPeek To automatically load template file capture1.ctf, for example, the command would be: opeek /autoload [template file location]\capture1.ctf Communications between nodes is indicated with line segments. The line between nodes can be color-coded to show which protocol is used. The thickness of the line indicates the volume of traffic between nodes. Monitor Statistics continuously accumulate while the program is running. Eight statistics are available under the Monitor menu. When Monitor Statistics are enabled, OmniPeek records information about the traffic on the segment. The buffer for Monitor statistics is not affected by any sort of filters, packet slicing or anything else; it is simply on or off. Capture statistics accumulate after opening a Capture window and starting the capture. Select one of the views of a Capture window to see the statistics. Also, the buffers for individual Capture windows or Packet File windows are different than the buffer for Monitor Statistics. Filters restrict which packets are accepted into the buffer of a Capture window. (Packet slicing, by capturing only a part of each packet, can limit the information available to OmniPeek.)
Peek *must* capture the complete (EAPOL) key exchange to successfully decrypt WPA-PSK encrypted traffic. This exchange consists of the 4 packet Pairwise Master key (PMK) and the 2 packet Group Temporal Key (GTK). The below is an example of a successful EAPOL capture.
Once an adapter is selected to capture or monitor, you can not create another capture using a different adapter. If you would like to switch adapters close all existing capture windows and turn off monitoring. To turn off monitoring go to Monitor -> Monitor Options -> Select None -> Click Ok. Only our Workgroup Pro and Enterprise products support multiple NICs. This error means that there are not enough memory/resources available to load the file. A solution would be our SQL filter plug-in. This plug-in creates a SQL database of packet headers from real-time captures or loaded file captures. Once installed, the SQL Filter plug-in will appear under the Tools view in OmniPeek, you will be able to select packets based on the results of queries that were entered. By using the SQL Filter Plug-in to index trace files into a database, files of any size can be read back into OmniPeek using SQL queries. The SQL Filter Plug-in is available to WPDN (WildPackets Developer Network) members; you can sign up for an account here:
Yes, this is possible with the SQL filter plug-in. This plug-in creates a SQL database of packet headers from real-time captures or loaded file captures. Once installed, the SQL Filter plug-in will appear under the Tools view in OmniPeek, you will be able to select packets based on the results of queries that were entered. The SQL Filter Plug-in is available to WPDN (WildPackets Developer Network) members; you can sign up for an account here:
The SQL Filter plug-in creates a SQL database of packet headers from real-time captures or loaded file captures this enables you to submit SQL queries to locate key data in packet captures. The SQL Filter Plug-in is available to WPDN (WildPackets Developer Network) members; you can sign up for an account here:
When WMM (802.11e) is enabled WPA-PSK decryption will fail, some adapters have an Advanced Settings Tab that will allow this feature to be disabled. If your adapter does not have this setting, disable the feature on the corresponding Access Point. Once you have disabled the feature on the client's adapter who is sending the traffic of interest or the AP, you should be able to decrypt the traffic completely. |
|
||||||||||
| COPYRIGHT © 2007 WILDPACKETS, INC - PRIVACY STATEMENT | CORPORATE | PRODUCTS | SOLUTIONS | SERVICES | SUPPORT | PARTNERS | BUY NOW |
|
All registered and unregistered trademarks are the sole property of their respective owners |
|