Deep Packet Inspection

    Network Packet Sensor combines the dual functions of NetFlow Generator and Deep Packet Inspection (DPI). In Network Packet Sensor's DPI feature, mirrored packets will get captured and analyzed by Network Packet Sensor (when configured as DPI Engine) to determine which element is at fault, whether it is the application server or the network itself. With deep packet inspection tool, you can monitor Application Response Time (ART) and Network Response Time (NRT). While ART helps you determine whether the problem is with bandwidth or the application itself, NRT will help you measure the time taken for the packets to reach the destination.

    To learn how to install Network Packet Sensor, click here.

    Dashboard

    DPI Dashboard in NetFlow Analyzer gives detailed information of all the top activities happening in the network. With overview dashboard, it displays the top N applications, top N URLs, and top N conversations computed both by NRT and ART, along with Speed and Volume. Also, DPI Dashboard provides options to edit and select DPI engines for a different view.

    DPI Inventory

    Once mirrored packets are captured and analyzed by Network Packet Sensor while configured as Deep Packet Inspection, it displays TCP's Average NRTs, ARTs, and Volume for applications, URLs, and conversations for every minute. For UDP, the agent will display only the average volume of traffic for applications, Source IPs, and Destination IPs.

    URL drill down

    With TCP, the agent will display all three types of data: Application Response Time, Network Response Time, and traffic volume of URLs.

    Application

    The Application tab displays all the application traffic of the selected DPI Engine with its Average NRT, Average ART, and the data based on volume, speed, and packets.

    Drill down based on Source/Destination IP address

    Source

    The Source tab shows Network Response Time, Application Response Time, and Volume of the traffic generated by bandwidth consumption of Source IPs.

    Destination

    The Destination tab will show Network Response Time, Application Response Time, and Volume of traffic generated by bandwidth consumption of Destination IPs.

    Conversations based on UDP

    The Conversation tab shows top conversations contributing to traffic in the selected time frame. The conversation lists sources, destinations, application, volume of traffic, and number of packets received.

    Conversations based on TCP

    In the Conversation tab for TCP, the agent will show Application Response Time, Network Response Time, and volume for URLs, applications, conversations, etc.

    DPI Reports

    The forensics link lets you set criteria and view specific details about the traffic across a DPI engine. It is configured under Reports > DPI. To generate the report, select the configured DPI Engine to generate the report and Select Protocol for either TCP, UDP, or All.

    Under Define Criteria enter the criteria on which the traffic needs to be filtered. The Time Period lets you choose custom time periods for the report.

    Once you select all the desired criteria, click Generate Report. All corresponding traffic, Applications, URLs, Average ART and NRT, SourceDestination, and Conversations can be reported.

    For reports, you can export each view in CSV (Excel format), PDF, or email them.