F Verifying Monitored Network Traffic

This appendix describes how you can use the TCP diagnostic facility to verify that RUEI "sees" all required network traffic. It is strongly recommended that a network engineer within your organization validates collected network traffic after installation and configuration of RUEI.

F.1 Introduction

The TCP diagnostics utility allows you to create 1-minute snapshots of the network traffic seen by a selected Collector. This snapshot can then be used to help determine whether there are gaps in the expected traffic flow. For example, there could be unconfigured port numbers, or an incorrectly specified VLAN ID.

The TCP traffic can be analyzed across client and server IP and MAC address, as well as port number and VLAN ID. Each snapshot's scope in terms of network traffic information is shown in Figure F-1.

Figure F-1 Example Network Topology

Description of Figure F-1 follows
Description of "Figure F-1 Example Network Topology"

F.2 Creating Traffic Snapshots

To create a TCP traffic snapshot, do the following:

  1. Within the Configuration facility, click the Show Collector status icon. Alternatively, select System, then Status, and then Collector status. The Network data Collectors window shown in Figure F-2 opens. This is fully explained in the Oracle Real User Experience Insight User's Guide.

    Figure F-2 Network Data Collectors

    Description of Figure F-2 follows
    Description of "Figure F-2 Network Data Collectors"

  2. Click the required Collector. The System (localhost) item refers to the Collector instance running on the Reporter system. Other Collectors within the network are represented by their IP address.

  3. Click the TCP diagnostics tab. A panel similar to the one shown in Example F-0 appears.

    Figure F-3 TCP Diagnostics

    Description of Figure F-3 follows
    Description of "Figure F-3 TCP Diagnostics"

  4. Click the New snapshot icon in the toolbar. The dialog shown in Figure F-4 appears.

    Figure F-4 New TCP Traffic Snapshot Dialog

    Description of Figure F-4 follows
    Description of "Figure F-4 New TCP Traffic Snapshot Dialog"

  5. Use the Apply filters check box to specify whether the create traffic snapshot should be created to report all traffic seen by the selected Collector, or only that traffic that fits the Collector's currently defined filters (see the Oracle Real User Experience Insight User's Guide for more information). These are shown in the lower part of the dialog. Note that you can also view them by clicking the View snapshot filters icon on the toolbar. When ready, click Create snapshot.

    Note:

    The maximum number of traffic snapshots across all Collector systems in your RUEI installation is 15. When this maximum is reached, the oldest snapshot is automatically replaced by the newly created snapshot.
  6. There is a 1-minute delay while the snapshot is created. Upon completion, an overview of the newly created snapshot's details is presented. An example is shown in Figure F-5.

    Figure F-5 TCP Traffic Snapshot Overview

    Description of Figure F-5 follows
    Description of "Figure F-5 TCP Traffic Snapshot Overview"

F.3 Analyzing Traffic Information

To analysis a created snapshot, do the following:

  1. Select the required snapshot from the snapshot menu, or click it via the TCP diagnostics main panel (shown in Figure F-3). Snapshots created with applied filters are indicated with a tick character in the Filtered column. You can view the applied filters by clicking the tick character.

  2. An overview of the selected snapshot (similar to the one shown in Figure F-5) appears. Note that you can click a selectable item to filter on it. For example, the list of reported items should be restricted to those that include a particular server IP address. You can remove a filter by clicking the Remove icon beside it in the filters section of the panel.

    Optionally, use the sort menu (shown in Figure F-6) to the right of the snapshot menu to select the primary column used for the displayed items.

  3. The Status column shown in Figure F-5 indicates whether a possible problem may exist with the TCP traffic monitored during the snapshot. In the event of a fail status being reported, you can mouse over the status icon to see additional information. Possible identified problems are explained in Table F-1.

    Table F-1 Identify Problems and Possible Causes

    Status Description

    Client/server packet ratio is too high.

    The number of client packets compared to server packets seems to be unusually large. This could indicate that the Collector cannot see both directions of traffic due (or is seeing duplicate traffic in one direction), or there is a server-related issue (for example, it is switched off).

    Server/client packet ratio is too high.

    The number of server packets compared to client packets seems to be usually large. This could indicate that the Collector cannot see both directions of traffic due (or seeing duplicate traffic in one direction), or there is a client-related issue (for example, unacknowledged server packets).

    Insufficient number of server and client packets for analysis.

    There was insufficient traffic (TCP packets) to perform a reliable client/server ratio analysis. A minimum of 100 packets is required. This may because normal traffic levels to the server are low. Otherwise, it may indicate routing issues with RUEI being unable to see some portions of network traffic.

    Server VLAN ID does not match client VLAN ID.

    This would normally indicate a routing issue. For example, traffic from the client to the server is being routed via one VLAN, but the traffic back from the server to the client is being routed via another VLAN. Be aware that RUEI can only monitor traffic on one VLAN segment at a time.