Display the packets in a file, Delete files | Cisco Systems 5, NAM

Chapter 4 Capturing and Decoding Packet Data

Files

•Name:

•Size:

•Date:

•State:

•Location:

If you are using a Cisco 2200 Series appliance, the NAM will create a xxx.pcap file. If you click on the download button, a xxx.pcap file will be created regardless of whether you accept the download action or cancel it (a xxx.pcap file will be created once the download button is clicked). This is why one capture using an appliance could have an extra file compared with a capture from another NAM platform.

Table 4-6	Buttons in the Capture Files Operations Window

Operation			Description

Decode			Display the packets in a file.

Download			Download a file to your computer in .enc or .pcap file format.

			Note		Do not add a file suffix when you provide the filename. The suffix
					.pcap is added automatically.


			Note		.capture to .pcap conversion will occur when you download a
					capture file. You will need to manually delete the .pcap file when
					it is done.


Rename			Give the file a new name. A dialog box displays and asks you to enter the
			new name for the selected capture file.

Merge or			Merge packets of files.(in chronological order). A dialog box displays and
Convert/Merge			asks you to enter the new name for the merged capture files. Enter a name
			for the merged capture files and choose OK.

			Note		Merged files cannot exceed 2 GB.

			On the Cisco NAM 2200 Series appliances, this button is called
			“Convert/Merge.” This can be used to convert one .capture file to a .pcap
			file, so the Error Scan and the Analyze functions can be performed on that
			converted file. Otherwise, Analyze and Error Scan cannot be performed on
			a .capture file which only shows up on appliances.

Delete			Delete files.

Analyze			View statistical analysis of the selected capture. See Analyzing Capture
			Files, page 4-17.

Errors Scan			View more information about the file (Packed ID, Protocol, Severity,
			Group, and Description). From here you can also decode the packet. For
			more information see Error Scan, page 4-17.

	User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0
4-16	OL-22617-01

Image 176

Cisco Systems 5, NAM manual Display the packets in a file, Delete files

Contents

Americas Headquarters Text Part Number OL-22617-01Page N T E N T S Span Network Sites URL Nbar System Administration Resources Audit Trail Understanding Traffic Patterns at the Network Layer About This Guide Chapter Overview Audience ConventionsConvention Boldface font Obtaining Documentation and Submitting a Service Request Xiv Introducing NAM Traffic Analyzer A P T E R Dashboards Logical Site New Application Classification Architecture Standards-Based NBI NetFlow v9 Data Export Historical Analysis Snmp v3 Support -- NAM to Router/Switch Support Overview of the NAM PlatformsWS-SVC-NAM-1-250S WS-SVC-NAM-2-250S Cisco Branch Routers Logging Navigating the User InterfaceCommon Navigation and Control Elements Menu Bar Detailed Views Context Menus Quick Capture Chart View / Grid View Interactive Report Zoom/Pan Charts Mouse-Over for Details Statistics Sort GridBytes / Packets Understanding How the NAM Works Context-Sensitive Online Help Ports VLANs Configuration/guide/span.htmlConfiguration/guide/nde.html Understanding How the NAM Uses Span Understanding How the NAM Uses VACLsModule Cisco IOS Software Guide/span.html Understanding How the NAM Uses NDE Guide/vacl.html Understanding How the NAM Uses Waas Configuration Overview Action Description GUI Location User Guide Location Administration System Setup Data ExportSetup Network Sites Setup Alarms Actions Configuring and Viewing Data Administration UsersCapture Packet Capture/Decode Cisco Waas NAM Virtual Service Blade Default Functions Traffic Analysis Analyze Media Voice Call Statistics Voice Signaling/RTP Stream MonitoringApplication Response Time Metrics Traffic Traffic Usage StatisticsAbout Span Sessions SPAN, Data Sources, Hardware Deduplication, Switch CLI Method Usage NotesNAM Traffic Analyzer the NAM GUI Supervisor portCopyTable Snmp Column Description Creating a Span Session State Description Field Description Dialog Box Choose Setup Traffic Span SessionsEditing a Span Session SPAN, ERSPAN, VACL, NetFlow, WAAS, Data SourcesDeleting a Span Session Router or switch or WAE device Or DisabledFields are explained in -7, NAM Data Sources Data Port if it is a local physical port, or the IP address Enabling Auto-Creation of Erspan Data Sources Using the CLI Click Setup Traffic NAM Data Sources Disabling Auto-Creation of Erspan Data Sources Using the CLI Creating Erspan Data Sources Using the Web GUI Creating Erspan Data Sources Using the CLI Enter the name you would like for the data source required Deleting Erspan Data Sources Using the Web GUIEnter the device ID from Step Click the Delete button along the bottom of the window Deleting Erspan Data Sources Using the CLIUse the no data-sourcecommand to delete the data source Configuring Erspan on Devices Use the no device command to delete the deviceSample Configuration of Erspan Source Sample Configuration of Erspan Destination Configuring Vacl on a WAN Interface Sample Configuration Configuring Vacl on a LAN Vlan NetFlow Understanding NetFlow Interfaces Understanding NetFlow Flow Records Output Interface Are Flows Reported? Configuring NetFlow on DevicesManaging NetFlow Data Sources For Devices Running Cisco IOS For NAMs Located in a Device Slot Enabling Auto-Creation of NetFlow Data Sources Using the CLI Creating NetFlow Data Sources Using the Web GUI Snmp Credentials Creating NetFlow Data Sources Using the CLI Security Level Deleting NetFlow Data Sources Using the Web GUI Deleting NetFlow Data Sources Using the CLI Testing NetFlow Devices Snmp read test result. For the local device only Understanding WaasContact information for the device Setting Description Configure a Client data sourcePoint, configure a Client WAN data source Configure a Server WAN data source Monitoring Client Data Sources Monitoring WAN Data SourcesMonitoring Server Data Sources Server data source Deployment Scenario Managing Waas DevicesDeployment Scenarios Choose Setup Traffic NAM Data Sources Adding Data Sources for New Waas Device Editing Waas Data Sources Deleting a Waas Data Source Auto Create of New Waas Devices Choose Setup Traffic Hardware DeduplicationHardware Deduplication Alarm Actions, Thresholds, User Scenario, AlarmsAlarm Actions Alarm Action Configuration Choose Setup Alarms Actions Editing Alarm ActionsDeleting Alarm Actions Thresholds Name of the thresholdApplication associated with this threshold Site associated with this threshold Setting Host Thresholds Alarm Summary dashboard Monitor Overview Alarm SummaryChoose Setup Alarms Thresholds Field Setting Conversation Thresholds Setting Application Thresholds Dashboard Monitor Overview Alarm Summary , where you Setting Response Time Thresholds Setting Dscp Thresholds Give the Dscp Alarm Threshold a nameDashboard Monitor Overview Alarm Summary, where you Chose a Dscp value from the list Setting RTP Stream Thresholds Give the RTP Streams Alarm Threshold a nameHigh, Low, or High and Low alarms Alarm actions Setting Voice Signaling Thresholds Setting NDE Interface Thresholds Dashboard Monitor Overview Alarm Summary , where you canGive the NDE Interface Alarm Threshold a name Choose a data source from the list Editing an Alarm Threshold Deleting a NAM Threshold Data Export User ScenarioNetFlow NetFlow, Scheduled Exports, Custom Export, NetFlow Exports screen appears shown in Figure Viewing Configured NetFlow ExportsChoose Setup Data Export NetFlow Configuring NetFlow Data Export Description of the NetFlow ExportPort number of the device to be exported to Valid characters 1-9. Length Min 1, Max Record types supported by NAM for NetFlow are ApplicationHost ART Client Server Application Click Scheduled ExportsEditing NetFlow Data Export Deleting a Scheduled Export Choose Setup Data Export Scheduled ExportsEditing a Scheduled Export Device Information Managed DeviceCustom Export Choose Setup Managed Device Device Information Total time the switch has been runningName of the network administrator for the router Name of the Snmp read-write community string configured on Nbar Protocol Discovery Network SitesField / Operation Description Sites, NDE Interface Capacity, Dscp Groups, Definition Rules Specifying a Site Using SubnetsSpecifying a Site Using WAE devices Waas Data Sources Resolving Ambiguity Overlapping Site Definitions Specifying a Site Using Multiple RulesViewing Defined Sites Shows if the site is Enabled or Disabled Defining a SiteName of the site Description of what the site includes See -7for an example Unique text string for naming a siteOptional text string for describing site Subnet Detection Enter an IPv4 or IPv6 address Editing a SiteSubnet Detection Creating an NDE Interface NDE Interface CapacityDscp Groups Choose Setup Network Dscp Groups Creating a Dscp GroupField Description Usage Notes Through Dscp AF/EF/CS Format Bit Field Format Deleting a Dscp Group ClassificationEditing a Dscp Group Applications 8shows an example of what the screen may look like Choose Setup Classification Applications Creating a New Application Repeat through as many times as desired Editing an ApplicationThat list, highlight it and click the left arrow Choose Setup Classification Application Groups Application GroupsDeleting a Protocol Creating an Application Group URL-based Applications Editing an Application GroupDeleting an Application Group To edit an application group Choose Setup Classification URL-based Applications Example Editing a URL-Based Application Deleting a URL-based Application Choose Setup Classification Encapsulations MonitoringEncapsulations Aggregation Intervals, Response Time, Voice, RTP Filter, URL, Waas Monitored Servers, Choose Setup Monitoring Aggregation IntervalsAggregation Intervals Choose Setup Monitoring Response Time Response TimeShort-Term Long-Term Normal Minimum Choose Setup Monitoring Voice Monitor Setup WindowVoice Field Appliance Choose Setup Monitoring RTP Filter RTP Filter10,000 500 1,750 000 1,000 250 Enabling a URL Collection Changing a URL Collection Disabling a URL Collection Choose Setup Monitoring URLEnabling a URL Collection Changing a URL Collection Element Description Usage NotesTo change a URL collection URL page -10displays Choose Setup Monitoring URL Collection Waas Monitored ServersDisabling a URL Collection Adding a Waas Monitored Server To delete a Waas monitored server data source Choose Setup Monitoring Waas ServersDeleting a Waas Monitored Server Analyze Navigation,Monitor Navigation Interactive Report Saving Filter Parameters Saving Filter Information Traffic Summary Response Time Summary Alarm Summary Site Summary Top N Sites by Alarm Count Top N Hosts by Site and Alarm CountTop N Applications by Alarm Count Top N Applications by Site and Alarm Count Analyzing Traffic Application Hosts Detail Host Applications Detail NDE Interface Traffic Analysis Application group set of applications that can beMonitored as a whole Traffic rate number of bytes per second Dscp value Viewing Interface DetailsDscp Detail Application Groups Detail Applicable site or Unassigned if no site URL Hits Viewing Collected URLsFiltering a URL Collection List Viewing Collected URLs Filtering a URL Collection List Top Application Traffic Host ConversationsNetwork Conversation Top Application Traffic Top Talkers Detail WAN OptimizationApplication Traffic By Host Application Performance Analysis Conversation Multi-Segments Response Time NAM Application Response Time Measurements 7lists and describes the ART metrics measured by NAM Metric Description Metric Description Network Application Response TimeNetwork Response Time Server Response Time Client Response TimeClient-Server Response Time Server Application Responses Server Application Transactions Detailed Views Server Application Transactions Server Network Responses Client-Server Application Responses Client-Server Application Transactions Packet as observed at NAM probing point Client-Server Network ResponsesServer-response packet, excluding retransmission time Interface, Health, NBAR, InterfaceInterfaces Stats Table Interface Statistics Over Time Switch HealthHealth Chassis Health Chassis InformationCPU usage Backplane Utilization Crossbar Switching Fabric Ternary Content Addressable Memory Information Router Health Router Health Router Information Information on how to contact this person Current state of the power supply being instrumentedMedia Time in hundredths of a second since the network management RTP Streams PurposeRTP Stream Information RTP Stream Stats Summary RTP Stream Stats Details Voice Call StatisticsMonitoring RTP Streams Calls Table Calling number as it appears in the signaling protocolCalled number as it appears in the signaling protocol From inspecting the call signaling protocol Inspecting call signaling protocolTime when the call was detected to start Time when the call was detected to end RTP Conversation Field Purpose Synchronization source number as it appear in the RTP HeaderNAM calculated score that takes into account Duration of the stream OL-22617-01 Capturing and Decoding Packet Data Quick Capture Sessions Viewing Capture Sessions Name of the capture sessionMany times as necessary Size of the session Choose Capture Packet/Capture Decode Sessions Configuring Capture SessionsOperation Description Configure Capture Session Window Name of the capture Enter a capture name Maximum Session NAM Platform Size Administration System Capture Data StorageMaximum Capture Session Sizes for NAM Platforms Software Filters Maximum SessionNAM Platform Size 300 MB Software Filter Dialog -4 displays Creating a Software FilterChoose Capture Packet Capture/Decode Sessions IPv4 address in dotted-quad format n.n.n.n, where n is 0 to Default if blank isFor MAC address, enter hh hh hh hh hh hh, where hh is a Hexadecimal number from 0 to 9 or a to f. The default is Choose GTP.IPv6 for IPV6 address for tunneled packet over Editing a Software Capture Filter To edit software capture filters Configuring a Hardware Filter To cancel the changes, click CancelHardware Assisted Filters Vlan and IP IP and TCP/UDP IP and Payload Data Vlan and IP List is also shown in Figure IP and TCP/UDP IP and Payload Data Files Payload Data Display the packets in a file Delete files Error Scan Analyzing Capture FilesDisplays a graphic image of network traffic KB/second Displays packets and bytes transferred for each protocol Downloading Capture Files Choose Capture Packet Capture/Decode Files Deleting a Capture File Deleting Multiple Files Viewing Packet Decode Information Stop packet loadingLoad and decode the previous block of packets from the NAM Load and decode the next block of packets from the NAM Choose a Filter Mode Browsing Packets in the Packet DecoderFiltering Packets Displayed in the Packet Decoder Choose an Address Filter Viewing Detailed Protocol Decode Information Define a Protocol Filter Using Alarm-Triggered Captures Custom Display FiltersCreating Custom Display Filters To create custom display filters Custom Decode Filter Dialog Box Tips for Creating Custom Decode Filter Expressions See Tips for Creating Custom Decode Filter ExpressionsOperator Meaning Format Editing Custom Display Filters Field Filter By FormatExamples of Custom Decode Filter Expressions Choose Capture Packet Capture/Decode Display Filters Deleting Custom Display Filters To delete custom display filters OL-22617-01 User and System Administration System Administration Network Parameters Choose Administration System Network ParametersResources Snmp Agent Choose Administration System Snmp Agent Working with NAM Community StringsCreating NAM Community Strings Snmp Agent Dialog Box displays Testing the Router Community Strings System TimeDeleting NAM Community Strings To delete the NAM community strings Synchronizing the NAM System Time with the Switch or Router Choose Administration System System TimeSynchronizing the NAM System Time Locally Clock set hhmmss mm/dd/yyyy Choose Administration System E-Mail Setting Mail SettingConfiguring the NAM System Time with an NTP Server To enable Web Data Publishing Choose Administration System Web Data PublicationWeb Data Publication Capture Data Storage Creating NFS Storage Locations Configuring the NFS ServerConfiguring the NFS Storage Location on the NAM Editing NFS Storage Locations ISCSI target name configured on the remote iSCSI server Creating iSCSI Storage LocationsEditing iSCSI Storage Locations Name of the remote storage entry Syslog Setting Snmp Trap SettingChoose Administration System Syslog Setting Choose Administration System Snmp Trap Setting Deleting a NAM Trap Destination PreferencesEditing a NAM Trap Destination Diagnostics System AlertsAudit Trail System Alerts, Audit Trail, Tech Support, Choose Administration Diagnostics Audit Trail Choose Administration Diagnostics Tech SupportTech Support Downloading Core Files User Administration Recovering PasswordsPrivilege Access Level Local Database To create a new user Choose Administration Users Local DatabaseCreating a New User Deleting a User Choose the Administration Users Local DatabaseEditing a User Establishing TACACS+ Authentication and Authorization Field Usage Notes Configuring a Cisco ACS TACACS+ Server Click Network Configuration Click Add EntryFor Windows NT and 2000 Systems Click Submit/Restart Configuring a Generic TACACS+ Server Adding a NAM User or User Group Current User Sessions Parameter Enter NAM Traffic Analyzer 5.0 Usage Scenarios Deployment Deploying NAMs in the BranchDeploying NAMs for Voice/Video applications Deploying NAMs for WAN Optimization Integrating NAM with Third Party Reporting Tools Autodiscovery Capabilities of NAMCreating Custom Applications Integrating NAM with LMS Understanding Traffic Patterns at the Network LayerSee Dscp Groups, See Application Response Time, See Thresholds, Troubleshooting Using NAM for Problem Isolation Using NAM for SmartGrid Visibility Troubleshooting General NAM Issues Error Messages Does the session from the switch/router work?Packet Drops NAM Not Responding Waas Troubleshooting NAM Behavior OL-19530-02 Supported MIBs Module Object Identifier OID and Description Source Mib-21.rmon16.tokenRing10.ringStationConfig RFC Objects10 Power, Temperature and Fan StatusMib-21.rmon16.tokenRing10.ringStation RFC Mib-21.rmon16.tokenRing10.ringStation RFC OrderTable3 Cisco9.workgroup5.ciscoStackMIB1.ciscoStatck CiscoMgmt9.ciscoCat6kCrossbarMIB217.ciscoCat6kXbarMIBObjects1 Crossbar statistics OL-22617-01 Capture settings, configuring Downloading to a fileCustom display filters Creating Configuring as datasource IN-2 Alarm thresholds Ipesp IPIP4 Creating Deleting Editing Spanning, directing traffic for IN-4 Authentication and authorization, establishing Server, configuring to support NAM Voice data Collecting Viewing Voice signaling thresholds See Virtual Switch Software Waas data sources