37/44
S Verifying Monitored Network Traffic
This appendix describes how you can use the TCP diagnostic facility to verify that RUEI checks all required network traffic. It is recommended that a network engineer within your organization validates collected network traffic after network changes.
S.1 Introduction
The TCP diagnostics utility allows you to create 1-minute snapshots of the network traffic seen by a selected Collector. This snapshot can then be used to help determine whether there are gaps in the expected traffic flow. For example, there could be unconfigured port numbers, or an incorrectly specified VLAN ID.
The TCP traffic can be analyzed across client and server IP and MAC address, as well as port number and VLAN ID. Each snapshot's scope in terms of network traffic information is shown in Figure S-1.
S.2 Creating Traffic Snapshots
To create a TCP traffic snapshot, do the following:
- Within the Configuration facility, click the Show Collector status icon. Alternatively, select System, then Status, and then Collector status. The Network data Collectors window shown in Figure S-2 appears.
- Click the required Collector. The System (localhost) item refers to the Collector instance running on the Reporter system. Other Collectors within the network are represented by their IP address.
- Click the TCP diagnostics tab. A panel similar to the one shown in Figure S-3 appears.
- Click the New snapshot icon in the toolbar. The dialog shown in Figure S-4 appears.
- Use the Apply filters check box to specify whether the create traffic snapshot should be created to report all traffic seen by the selected Collector, or only that traffic that fits the Collector's currently defined filters (see Defining Network Filters). These are shown in the lower part of the dialog. You can also view them by clicking the View snapshot filters icon on the toolbar. Click Create snapshot.
Note:
The maximum number of traffic snapshots across all Collector systems in your RUEI installation is 15. When this maximum is reached, the oldest snapshot is automatically replaced by the newly created snapshot.
- There is a 1-minute delay while the snapshot is created. Upon completion, an overview of the newly created snapshot's details is presented. An example is shown in Figure S-5.
S.3 Analyzing Traffic Information
To analysis a created snapshot, do the following:
- Select the required snapshot from the snapshot menu, or click it via the TCP diagnostics main panel (shown in Figure S-3). Snapshots created with applied filters are indicated with a tick character in the Filtered column. You can view the applied filters by clicking the tick character.
- An overview of the selected snapshot (similar to the one shown in Figure S-5) appears. Click a selectable item to filter on it. For example, the list of reported items should be restricted to those that include a particular server IP address. You can remove a filter by clicking the Remove icon beside it in the filters section of the panel.
Optionally, use the sort menu (shown in Figure S-6) to the right of the snapshot menu to select the primary column used for the displayed items.
- The Status column shown in Figure S-5 indicates whether a possible problem may exist with the TCP traffic monitored during the snapshot. In the event of a fail status being reported, you can mouse over the status icon to see additional information. Possible identified problems are explained in Table S-1.