Table 5 GigaStor Options tab

Field

Description

Capture Buffer size

Allows you to set the amount of Windows memory that Observer

 

will dedicate to the capture buffer cache for this instance. Values

 

are in megabytes. This configuration value has been pre-set for

 

optimum performance given a single GigaStor collection instance.

 

The factory settings also allow enough memory to set up a number

 

of passive or virtual instances, which will allow multiple users to

 

view the analysis results while avoiding redundant processing,

 

memory, and disk storage consumption.

 

If you wish to run multiple collection instances to monitor multiple

 

links or networks, you can decrease the capture buffer size

 

dedicated to GigaStor collection which will release some memory

 

for creating other probe collection instances, but be careful.

 

Inadequate memory allocation to GigaStor collection can affect

 

performance and result in dropped packets during high load

 

periods.

 

A GigaStor Instance can be as large as the physical memory

 

installed on your system after subtracting the memory dedicated

 

to Windows and other probe Instances.

 

To change the allocation for this probe instance, click the Configure

 

button, which will display the probe Instance, Memory and Security

 

Administration dialog.

 

In all cases, the actual buffer size (Max Buffer Size) is also reduced

 

by 7% for memory management purposes. Should you try to

 

exceed the Max Buffer Size an error dialog will be displayed

 

indicating the minimum and maximum buffer size for your

 

Observer (or probe) buffer.

Do not include traffic from Observer/

Excludes packets sent and received from the station running

Probe local MAC address

Observer or probe (the MAC address of the station from which you

 

are capturing packets).

 

 

Capture partial packets

By default, Observer will capture the entire packet. This option

 

allows you to define a specific amount of each packet to capture to

 

the buffer. For example, a setting of 64 bytes will result in Observer

 

only capturing the first 64 bytes of every packet.

 

Most of the pertinent information about the packet (as opposed to

 

the information contained in the packet) is at the beginning of the

 

packet, so this option allows you to collect more packets for a

 

specific buffer size by only collecting the first part of the packet. In

 

some forensic situations, a warrant may only allow an officer/agent

 

to collect, for example, e-mail headers.

 

Also, if the system is having trouble keeping up with bandwidth

 

spikes, collecting partial packets can resolve the issue. To change

 

the number of bytes captured in each packet, click the Change

 

Size...

 

Note that this setting affects all consoles that connect to this probe.

 

You cannot change this setting unless you have administrative

 

privileges to do so.

Network Load

When checked, Observer will not strip out the informational

 

markers used by Expert Time Interval and What If analysis modes.

 

Leave this box unchecked unless you intend to use these modes.

 

Configuring the GigaStor through the Control Panel

rev. 1

Chapter 4 GigaStor Control Panel

65

Page 64 Page 66
Page 65
Image 65
Network Instruments 114ff Capture Buffer size, Memory, and disk storage consumption, Periods, Administration dialog, Size
Page 64 Page 66

114ff specifications

Network Instruments 114ff is a sophisticated platform designed to enhance network visibility and performance management. This state-of-the-art device is aimed at network professionals who require a deep insight into their network’s behavior and performance metrics. One of its main features is its ability to provide real-time monitoring and analytics, which is crucial for quick decision-making in IT environments.

With a robust set of technologies embedded in its architecture, Network Instruments 114ff leverages advanced packet capture and analysis capabilities. It employs deep packet inspection (DPI) technology to evaluate data packets as they traverse the network. This functionality allows administrators to dissect various layers of network traffic, enabling them to identify anomalies and troubleshoot issues effectively. The 114ff can analyze both encrypted and unencrypted traffic, an asset as organizations increasingly adopt encryption protocols.

Another prominent feature of the Network Instruments 114ff is its customizable dashboard, which can be tailored to present the most relevant metrics at a glance. Users can visualize their network performance through a variety of graphs, charts, and alerts signaling potential performance degradation. This feature aids network managers in assessing key performance indicators (KPIs) and helps ensure that service level agreements (SLAs) are met.

The device is equipped with extensive reporting capabilities, allowing users to generate historical reports for analysis and compliance purposes. This function is essential for businesses that must comply with regulatory standards, as it enables them to maintain records of network performance and security incidents.

Furthermore, Network Instruments 114ff supports a variety of network protocols, ensuring compatibility with existing infrastructure. Its scalable architecture means organizations can adapt the device to cater to growing network demands without the need for significant overhauls. The integration capability with other Network Monitoring Systems (NMS) positions it as a flexible solution suited for diverse environments.

In summary, Network Instruments 114ff stands out as an essential tool for IT professionals looking to optimize network performance. With features such as real-time monitoring, deep packet inspection, customizable dashboards, and robust reporting capabilities, it delivers a comprehensive solution to manage and enhance network infrastructures effectively.
Top Page Image Contents