Filter
Top Products
Capturing Packets with the GigaStor
Chapter 3 Packet Capture or GigaStor Capture
54
rev. 1
Capturing Packets with the GigaStor
A GigaStor can accumulate terabytes of stored network traffic. To
manage the sheer volume of data, the GigaStor includes an
alternative, specialized capture and analysis control panel. The
GigaStor Control Panel manages the capture, indexing, and storage of
large numbers of packets over long periods of time. While the
GigaStor control panel is active, standard packets captures are
unavailable. You cannot run the two types of captures simultaneously.
While actively capturing packets, the GigaStor control tracks network
statistics and indexes them by time as it saves the packets to disk. This
allows you to quickly scan the traffic for interesting activity and create
filters to focus on specific traffic using the slider controls and
constraint options.
The GigaStor control panel also automates storage management by
deleting the oldest data before storage runs out. This maintains a
multi-terabyte “sliding windows” of time within which you can review
and decode traffic. It also allows for passive (in other words, virtual)
probe instances, which allow users to have their own instances (and
security credentials) without duplicating data collection or storage.
You can view the sliding window as a time line chart. Depending on
what constraint are in effect and your display options determine what
appears on the chart. By using time selection sliders and other options,
you can quickly acquire and analyze the packets by clicking the
Analyze button. This opens the standard packet decode and analysis
window. From there you can view packets, save them, and perform
further filtering if desired.
Packet capture buffer and statistics buffer
There are two kinds of buffers that a probe uses to store data in real-
time: capture buffers and statistical buffers. The capture buffer stores
the raw data captured from the network while the statistical buffer
stores data entries that are snapshots of a given statistical data point.
Selecting an appropriate capture buffer size given system resources is
all most users need to worry about; the default settings for the
statistical buffers work perfectly fine in the vast majority of
circumstances.