Cisco Systems 5, NAM - page 176

4-16

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 4 Capturing and Decoding Packet Data

Files

• Name:

• Size:

• Date:

• State:

• Location:

If you are using a Cisco 2200 Series appliance, the NAM will create a xxx.pcap file. If you click on the

download button, a xxx.pcap file will be created regardless of whether you accept the download action

or cancel it (a xxx.pcap file will be created once the download button is clicked). This is why one capture

using an appliance could have an extra file compared with a capture from another NAM platform.

Tab l e 4-6 Buttons in the Capture Files Operations Window

Operation Description

Decode Display the packets in a file.

Download Download a file to your computer in .enc or .pcap file format.

Note Do not add a file suffix when you provide the filename. The suffix

.pcap is added automatically.

Note .capture to .pcap conversion will occur when you download a

capture file. You will need to manually delete the .pcap file when

it is done.

Rename Give the file a new name. A dialog box displays and asks you to enter the

new name for the selected capture file.

Merge or

Convert/Merge

Merge packets of files.(in chronological order). A dialog box displays and

asks you to enter the new name for the merged capture files. Enter a name

for the merged capture files and choose OK.

Note Merged files cannot exceed 2 GB.

On the Cisco NAM 2200 Series appliances, this button is called

“Convert/Merge.” This can be used to convert one .capture file to a .pcap

file, so the Error Scan and the Analyze functions can be performed on that

converted file. Otherwise, Analyze and Error Scan cannot be performed on

a .capture file which only shows up on appliances.

Delete Delete files.

Analyze View statistical analysis of the selected capture. See Analyzing Capture

Files, page 4-17.

Errors Scan View more information about the file (Packed ID, Protocol, Severity,

Group, and Description). From here you can also decode the packet. For

more information see Error Scan, page 4-17.

Contents

Main Page CONTENTS Page Page Page Page Page Page Page About This Guide Chapter Overview Audience Conventions Notices Obtaining Documentation and Submitting a Service Request Page Overview Introducing NAM Traffic Analyzer 5.0 Dashboards Logical Site New Application Classification Architecture Standards-Based NBI NetFlow v9 Data Export Historical Analysis SNMP v3 Support -- NAM to Router/Switch Support Overview of the NAM Platforms Logging In Navigating the User Interface Common Navigation and Control Elements Menu Bar Detailed Views Context Menus Quick Capture Interactive Report Chart View / Grid View Mouse-Over for Details Zoom/Pan Charts Page Context-Sensitive Online Help Understanding How the NAM Works Page Understanding How the NAM Uses SPAN Understanding How the NAM Uses VACLs Understanding How the NAM Uses NDE Understanding How the NAM Uses WAAS Configuration Overview Page Configuring and Viewing Data Cisco WAAS NAM Virtual Service Blade Setting Up The NAM Traffic Analyzer Default Functions Traffic Analysis Application Response Time Metrics Voice Signaling/RTP Stream Monitoring Traffic Usage Statistics Traffic SPAN About SPAN Sessions Page Page Creating a SPAN Session Page Editing a SPAN Session Deleting a SPAN Session Data Sources SPAN ERSPAN Enabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Enabling Auto-Creation of ERSPAN Data Sources Using the CLI Disabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Disabling Auto-Creation of ERSPAN Data Sources Using the CLI Creating ERSPAN Data Sources Using the Web GUI Creating ERSPAN Data Sources Using the CLI Deleting ERSPAN Data Sources Using the Web GUI Deleting ERSPAN Data Sources Using the CLI Configuring ERSPAN on Devices VACL Configuring VACL on a WAN Interface Configuring VACL on a LAN VLAN NetFlow Understanding NetFlow Interfaces Understanding NetFlow Flow Records Managing NetFlow Data Sources Configuring NetFlow on Devices Page Enabling Auto-Creation of NetFlow Data Sources Using the Web GUI Enabling Auto-Creation of NetFlow Data Sources Using the CLI Disabling Auto-Creation of NetFlow Data Sources Using the Web GUI Disabling Auto-Creation of NetFlow Data Sources Using the CLI Creating NetFlow Data Sources Using the Web GUI Page Creating NetFlow Data Sources Using the CLI 2-26 assigned to the new device, you will need it to create the data source! shown here: Step 8 Enter ? to see all the command options available, as in the example below: Step 9 Enter the device ID from Step 4 (required): Deleting NetFlow Data Sources Using the Web GUI Deleting NetFlow Data Sources Using the CLI Testing NetFlow Devices WAAS Understanding WAAS Response Time Monitoring from WAAS Data Sources Monitoring Client Data Sources Monitoring WAN Data Sources Monitoring Server Data Sources Deployment Scenarios Managing WAAS Devices Adding Data Sources for New WAAS Device Editing WAAS Data Sources Deleting a WAAS Data Source Auto Create of New WAAS Devices Hardware Deduplication Alarms Alarm Actions Alarm Action Configuration Editing Alarm Actions Deleting Alarm Actions Thresholds Setting Host Thresholds Setting Conversation Thresholds Setting Application Thresholds Setting Response Time Thresholds Setting DSCP Thresholds Setting RTP Stream Thresholds Setting Voice Signaling Thresholds Setting NDE Interface Thresholds Editing an Alarm Threshold Deleting a NAM Threshold User Scenario Data Export NetFlow Viewing Configured NetFlow Exports Configuring NetFlow Data Export Page Editing NetFlow Data Export Scheduled Exports Editing a Scheduled Export Deleting a Scheduled Export Custom Export Managed Device Device Information Page NBAR Protocol Discovery Network Sites Definition Rules Specifying a Site Using Subnets Specifying a Site Using WAE devices (WAAS Data Sources) Specifying a Site Using Multiple Rules Resolving Ambiguity (Overlapping Site Definitions) Viewing Defined Sites Defining a Site Page Subnet Detection Editing a Site NDE Interface Capacity Creating an NDE Interface DSCP Groups Creating a DSCP Group Editing a DSCP Group Deleting a DSCP Group Classification Applications Creating a New Application Editing an Application Deleting a Protocol Application Groups Creating an Application Group Editing an Application Group Deleting an Application Group URL-based Applications Example Editing a URL-Based Application Deleting a URL-based Application Encapsulations Monitoring Aggregation Intervals Response Time Voice RTP Filter URL Enabling a URL Collection Changing a URL Collection Disabling a URL Collection WAAS Monitored Servers Adding a WAAS Monitored Server Deleting a WAAS Monitored Server Monitoring and Analysis Navigation Context Menus Interactive Report Saving Filter Parameters Traffic Summary Response Time Summary Site Summary Alarm Summary Page Analyzing Traffic Application Hosts Detail Host Applications Detail NDE Interface Traffic Analysis Viewing Interface Details DSCP Detail DSCP Application Groups Detail URL Hits Viewing Collected URLs Filtering a URL Collection List Host Conversations Network Conversation Top Application Traffic Page Application Traffic By Host WAN Optimization Top Talkers Detail Application Performance Analysis Transaction Time (Client Experience) Traffic Volume and Compression Ratio Average Concurrent Connections (Optimized vs. Passthru) Multi-Segment Network Time (Client LAN - WAN - Server LAN) Response Time Page Page Application Response Time Network Response Time Server Response Time Client Response Time Client-Server Response Time Server Application Responses Server Application Transactions Server Network Responses Client-Server Application Responses Client-Server Application Transactions Client-Server Network Responses Managed Device Interface Interfaces Stats Table Interface Statistics Over Time Health Switch Health Chassis Health Chassis Information Crossbar Switching Fabric Ternary Content Addressable Memory Information Router Health Router Health Router Information NBAR Media RTP Streams Purpose Monitoring RTP Streams Voice Call Statistics Calls Table Page RTP Conversation Page Page Capturing and Decoding Packet Data Sessions Viewing Capture Sessions Configuring Capture Sessions Page Page Software Filters Creating a Software Filter Page Page Editing a Software Capture Filter Hardware Assisted Filters Configuring a Hardware Filter VLAN VLAN and IP IP IP and TCP/UDP IP and Payload Data Payload Data Files Page Analyzing Capture Files Error Scan Downloading Capture Files Deleting a Capture File Deleting Multiple Files Viewing Packet Decode Information Browsing Packets in the Packet Decoder Filtering Packets Displayed in the Packet Decoder Viewing Detailed Protocol Decode Information Using Alarm-Triggered Captures Custom Display Filters Creating Custom Display Filters Page Tips for Creating Custom Decode Filter Expressions Editing Custom Display Filters Deleting Custom Display Filters Page User and System Administration System Administration Resources Network Parameters SNMP Agent Working with NAM Community Strings Creating NAM Community Strings Deleting NAM Community Strings Testing the Router Community Strings System Time Synchronizing the NAM System Time with the Switch or Router Synchronizing the NAM System Time Locally Configuring the NAM System Time with an NTP Server E-Mail Setting Web Data Publication Capture Data Storage Creating NFS Storage Locations Configuring the NFS Server Configuring the NFS Storage Location on the NAM Editing NFS Storage Locations Creating iSCSI Storage Locations Editing iSCSI Storage Locations Syslog Setting SNMP Trap Setting Creating a NAM Trap Destination Editing a NAM Trap Destination Deleting a NAM Trap Destination Preferences Diagnostics System Alerts Audit Trail Tech Support User Administration Local Database Recovering Passwords Changing Predefined NAM User Accounts on the Switch or Router Creating a New User Editing a User Deleting a User Establishing TACACS+ Authentication and Authorization Configuring a TACACS+ Server to Support NAM Authentication and Authorization Configuring a Cisco ACS TACACS+ Server Adding a NAM User or User Group Configuring a Generic TACACS+ Server Current User Sessions NAM Traffic Analyzer 5.0 Usage Scenarios Deployment Deploying NAMs in the Branch Deploying NAMs for Voice/Video applications Deploying NAMs for WAN Optimization Deploying Multi-NAM Consolidation Autodiscovery Capabilities of NAM Creating Custom Applications Utilizing Sites to Create a Geographically Familiar Deployment Integrating NAM with Third Party Reporting Tools Integrating NAM with LMS Monitoring Understanding Traffic Patterns at the Network Layer Understanding Traffic patterns for DiffServ-Enabled Networks Using NAM to Evaluate Application-Level Performance Monitoring for TCP-Interactive Applications Using NAM to Evaluate Application-Level Performance Monitoring for UDP Realtime Applications Troubleshooting Using NAM for Problem Isolation Using NAM for SmartGrid Visibility APPENDIX A Troubleshooting General NAM Issues Error Messages Packet Drops NAM Not Responding NAM Behavior WAAS Troubleshooting Page APPENDIX B Supported MIB Objects Supported MIBs Page Page Page INDEX A C D E F G H I M O P R S T U V W