Packet capture, Filtering – Network Instruments Observer User Manual

Getting Started with Observer Modes and Tools

12

Observer® Quick Start Manual

Packet Capture

Packet Capture is the mode in which Observer records all traffic in the

segment, storing the data in RAM or on disk for examination. As useful as

statistical and cumulative summaries are—such as those provided by

Network Trending, for example—it is sometimes necessary to look closely at

network packets themselves in order to diagnose a problem.

Filtering
While it is certainly possible for Observer to capture and save all the packets

on the local segment, that’s generally undesirable; wading through all the

network traffic looking for the specific problem or issue can be a prohibitively

time-consuming and annoying task. Fortunately, most often the network

administrator will have some idea of the source of the problem—and perhaps

of the protocols involved—and can choose to filter out much of the

extraneous data.

Click

Tools > Probe Filter Setup

or click on the

icon on the Observer

toolbar to begin configuring a filter.

Filtering is an important tool in the use of Observer, and while it can be
effectively used in many modes, it’s almost invariably useful in Packet
Capture.

Figure 6: Filtering