The multi-tap capture log file contains relevant " Tap" member information and identity for historical multi-tap decode analysis. A multi-tap capture log file will also be produced by merging all multi-tap member log files. Each individual " Tap" member capture file will normally be deleted after the merge by the " Multi-Tap Merge Manager" unless an option was selected to disable removal of these files. Once all " dumpcap" processes have been terminated, all " Tap" member capture files will then be merged using the Wireshark " mergecap" utility resulting with a multi-tap capture file. Duration, File Size or Packet Count) that has been satisfied is the usual reason for a " dumpcap" process to terminate. If any one multi-tap member " dumpcap" process terminates, the " Multi-Tap Merge Manager" will terminate all other " dumpcap" processes associated with the multi-tap capture session. The " Multi-Tap Merge Manager" is responsible for monitoring each separate " dumpcap" process during the course of the multi-tap capture session. Each " dumpcap" process can be configured to have a separate " Capture Filter" and other associated options.Ī " Multi-Tap Merge Manager" process is also started when the multi-tap capture session is commenced. Each enabled " Tap" interface will run a separate " dumpcap" process when the multi-tap capture session is started. The Wireshark light-weight network packet capture tool: " dumpcap" is used as the capture engine. The NST WUI provides convenient access for the creation of either one of these file systems during multi-tap capture setup. The Linux " RAMFS" or " TMPFS" file systems make excellent choices. One should consider using a " RAM-based" file system for packet storage while capturing data packets on high traffic network segments. This allows one to apply a different " Capture Filter" for the same network interface during packet capture.Ī " Capture Data Directory" must also be selected for the resultant merged multi-tap capture file, multi-tap log file and if chosen, the individual tap member capture files. One can also associate the same network interface to multiple " Tap" interfaces. By assigning a separate network interface to each " Tap", it is possible to perform a network capture as packets flow across a networking device (e.g., router or firewall). A " Tap" interface is independent of any registered network interface on the NST probe. Up to 4 " Tap" interfaces can be enabled. Prior to commencing a multi-tap capture session, each enabled " Network Interface Tap" interface must be associated with a registered network interface on the NST probe. This document was written using v1.5.0 through v2.13.0 release of the NST WUI. Multiple layered protocol decode analysis pages are provided based on both PSML and PDML generated output. Essentially this implementation provides a web-based Packet Sniffer for capturing network traffic and supports the use of up to 4 concurrent network interfaces. NST uses the Wireshark network protocol analyzer suite for network packet capture and decode. Multi-segment network packet capture and decode analysis can be performed. The NST WUI Network Packet Capture implementation supports simultaneous packet capture on up to 4 network interfaces (Quad Tap) per multi-tap capture session. This section will demonstrate the use of Multi-Tap Network Packet Capture with NST.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |