Cisco Systems 5, NAM Analyzing Capture Files

4-17

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 4 Capturing and Decoding Packet Data

Files

Note Capture files on the NAM 2200 Series appliances are stored in native NAM format. You can convert the

capture file format to .pcap using the Convert/Rename/Merge button on the Capture > Packet

Capture/Decode > Files window.

Analyzing Capture Files

The Capture Files window (Capture > Packet Capture/Decode > Files) enables you to obtain various

statistics including traffic rate (bytes/second) over a capture period, lists of hosts, conversations, and

applications associated with network traffic.

This window also enables you to drill-down for a more detailed look at a particular set of network traffic.

The pane above the Traffic over Time graph displays the time shown in the graph in the From: and To:

fields. It also provides fields for Protocol and Host/subnet, and a Drill-Down button.

Note After clicking the Drill-Down button, the Host Statistics results table will display both source and

destination hosts, if either the source or destination host of the traffic belongs to the Host/Subnet that

you had specified.

Each slice in the Traffic over Time graph displays the amount of traffic for the amount of time set in

the Granularity of the capture file.

You can view more detail about a specific time frame by entering the time in the From: and To: fields

and choosing Drill-Down. You can also drill-down on a specific Protocol or Host/subnet address.

Table 4-7 describes the different areas of the capture analysis window.

Note This feature is available for .pcap files, but not for .capture files.

The Capture Errors and Warnings Information screen shows warnings and errors, and packet

irregularities. From this screen, you can launch the Packet Decode Window, where you can drill-down

to packet details (select a row in the table and click the Decode Packet button).

To get to the Capture Errors and Warnings Information screen, choose Capture > Packet

Capture/Decode > Files. Highlight a file and click the Errors scan button.

Tab l e 4-7 Capture Analysis Window Fields

Field Description

Capture Overview Provides a summary of the displayed capture including number of packets

captured, bytes captured, average packet size, capture start time, duration of

capture, and data transfer rate (both bytes and bits per second)

Traffic over Time Displays a graphic image of network traffic (KB/second)

Protocol Statistics Displays packets and bytes transferred for each protocol

Hosts Statistics Displays packets and bytes transferred for each host address