OmniPeek_用户手册
omnipeek过滤命令
omnipeek过滤命令
Omnipeek是一款强大的网络分析工具,它可以帮助用户快速识别网络问题,并提供详细的报告和分析。
在使用Omnipeek时,过滤命令是非常有用的,它可以帮助用户根据各种条件过滤网络数据,以便更快地找到所需的信息。
以下是一些常用的Omnipeek过滤命令:
1. 过滤IP地址:可以使用“ip.addr == x.x.x.x”来过滤指定的IP地址;也可以使用“ip.src == x.x.x.x”或“ip.dst == x.x.x.x”来分别过滤源IP地址和目标IP地址。
2. 过滤协议:可以使用“tcp”、“udp”、“icmp”等关键字来过滤指定的协议。
3. 过滤端口:可以使用“tcp.port == xx”或“udp.port == xx”来过滤指定的端口。
4. 过滤MAC地址:可以使用“eth.addr == xx:xx:xx:xx:xx:xx”来过滤指定的MAC地址。
5. 过滤数据包大小:可以使用“frame.len == xx”来过滤指定大小的数据包。
以上是一些常用的Omnipeek过滤命令,但实际上还有很多其他的过滤条件可以使用。
掌握这些过滤命令可以使用户更轻松地处理和分析网络数据。
- 1 -。
Omnipeek高级网络分析技术解决方案
© WildPackets, Inc.
5
实时满意度衡量标准——APDEX
• Application Performance Index (Apdex) standard • 联盟成员(部分)
Juniper WildPackets F5 Packeteer Expand FineGround Akamai Netli
Omnipeek网络与应用分析 2016年高级技术解决方案
© WildPackets, Inc.
WildPackets公司简介
• 成立于1990年,总部位于美国加利福尼亚 • 全面的应用与网络分析解决方案提供商 • WiFi 联盟指定分析产品 - 支持802.11a/b/g/n • Apdex 联盟创始机构之一 • 数据分析与取证技术专利号:5787253(美国 1998年7月) • 覆盖金融、医疗、教育、电信、政府等多个行业
WildPackets Overview
PROPRIETARY AND CONFIDENTIAL
VMWare Virtual PC system
© WildPackets, Inc.
提供开放的扩展接口API满足客户化开发
基于WildPackets产品的二次开发可以进一步的满足用户的客户化需求,如:产 品界面定制、特定协议的解码、数据导出、对特定应用的分析等。 例如:通过Google Map,可以将网络中公网的节点信息展示在地图,并能标 记其IP 地址、地理位置、以及流量大小,直观了解公网应用服务的状况。
© WildPackets, Inc.
12
基于FLOW的可视化组合分析帮助故障界定
• 专家系统将海量分散的数据包按照业务应用关系进行关联,提供针对每一交互 流程的实时分析;
OmniPeek操作使用指导
OmniPeek操作使用指导
OmniPeek操作使用指导
从网上下载OmniPeek5.0软件,并按照提示正确安装。
当然并不是OmniPeek支持所有无线网卡,Intel 3945ABG网卡、Netgear ABG511等都支持。
下面我们就开始使用OmniPeek扫描无线网络。
第一步:通过“开始”->“程序”,找到wildpackets OmniPeek启动项,运行该选项开始扫描。
第二步:启动OmniPeek后首先我们选择建立一个新的捕获扫描事件——NEW Capture
第三步:OmniPeek支持有线网卡和无线网卡,我们只需要在捕获选项窗口中的左边选择“Adapter”适配器,然后指定对应的无线网络连接即可针对无线网卡进行扫描。
第四步:设置完毕后点右上角的绿色捕获按钮开始拦截和分析经过无线网卡的数据包,找到对应数据包后将根据时间顺序显示在主窗口中,我们可以看到对应数据包的源MAC地址,目标MAC地址,对应的BSSID信息等。
同样点右上角的红色按钮将停止捕获。
第五步:双击视图中的一个报文,相应的报文内部详细信息就显示出来了。
第六步:点击左边“Capture”下子视图“Filters”,进行过滤操作。
根据需要选择其中的项目,抓包过程中匹配的项目就会被存于抓包缓冲中。
第七步:无线抓包可以进行基于信道、BSSID以及ESSID的选择。
在“Capture Option”
中可以进行项目选择。
OmniPeek安装以及使用
OmniPeek使用技巧一直以来无线网络故障的排查和扫描都是比较麻烦的事情,和有线网络不同的是很少有无线网络下专门应用于无线数据包扫描的工具,这直接影响了用户检查网络的效果。
然而现在这个问题已经应刃而解,最近笔者发现了一款不错的扫描软件,他不仅可以扫描有线网络下的数据包信息,还可以针对无线网卡进行监控和扫描。
通过该软件我们就可以更清晰更快捷的定位无线网络故障,根据扫描结果调整自己无线设备的位置和参数信息。
下面就请各位跟随笔者一起从OmniPeek 开始无线扫描吧。
一、OmniPeek能做什么?和其他sniffer工具一样OmniPeek可以针对自己网卡接收和发送的每个数据包进行分析和保存,另外还可以针对一些广播数据包进行分析,结合各种过滤规则可以让我们更清楚的了解当前网络中存在的问题。
当然和其他sniffer工具不同的是OmniPeek可以针对无线网卡进行监控,通过对无线数据包的分析了解无线网络的运行状况,让用户可以清楚的知道无线网络使用的频段,信号强弱,SSID信息等内容。
二、安装OmniPeek软件:笔者以OmniPeek 5.0为例进行介绍,首先我们到https:///evals/eval.php?id=58055386地址下载主程序。
第一步:下载后运行主程序将进行自解压操作,我们指定一个路径点“unzip”解压按钮即可。
第二步:到解压缩目录中找到可执行安装程序,运行后选择第一行的install OmniPeek。
第三步:出现OmniPeek安装向导,我们点“NEXT”按钮继续操作。
第四步:经过注册步骤后同意安装许可协议。
一直以来无线网络故障的排查和扫描都是比较麻烦的事情,和有线网络不同的是很少有无线网络下专门应用于无线数据包扫描的工具,这直接影响了用户检查网络的效果。
然而现在这个问题已经应刃而解,最近笔者发现了一款不错的扫描软件,他不仅可以扫描有线网络下的数据包信息,还可以针对无线网卡进行监控和扫描。
OmniPeek安装以及使用
OmniPeek使用技巧一直以来无线网络故障的排查和扫描都是比较麻烦的事情,和有线网络不同的是很少有无线网络下专门应用于无线数据包扫描的工具,这直接影响了用户检查网络的效果。
然而现在这个问题已经应刃而解,最近笔者发现了一款不错的扫描软件,他不仅可以扫描有线网络下的数据包信息,还可以针对无线网卡进行监控和扫描。
通过该软件我们就可以更清晰更快捷的定位无线网络故障,根据扫描结果调整自己无线设备的位置和参数信息。
下面就请各位跟随笔者一起从OmniPeek 开始无线扫描吧。
一、OmniPeek能做什么?和其他sniffer工具一样OmniPeek可以针对自己网卡接收和发送的每个数据包进行分析和保存,另外还可以针对一些广播数据包进行分析,结合各种过滤规则可以让我们更清楚的了解当前网络中存在的问题。
当然和其他sniffer工具不同的是OmniPeek可以针对无线网卡进行监控,通过对无线数据包的分析了解无线网络的运行状况,让用户可以清楚的知道无线网络使用的频段,信号强弱,SSID信息等内容。
二、安装OmniPeek软件:笔者以OmniPeek 5.0为例进行介绍,首先我们到https:///evals/eval.php?id=58055386地址下载主程序。
第一步:下载后运行主程序将进行自解压操作,我们指定一个路径点“unzip”解压按钮即可。
第二步:到解压缩目录中找到可执行安装程序,运行后选择第一行的install OmniPeek。
第三步:出现OmniPeek安装向导,我们点“NEXT”按钮继续操作。
第四步:经过注册步骤后同意安装许可协议。
一直以来无线网络故障的排查和扫描都是比较麻烦的事情,和有线网络不同的是很少有无线网络下专门应用于无线数据包扫描的工具,这直接影响了用户检查网络的效果。
然而现在这个问题已经应刃而解,最近笔者发现了一款不错的扫描软件,他不仅可以扫描有线网络下的数据包信息,还可以针对无线网卡进行监控和扫描。
2.1-纽曼泰克说明书-中文
无锡纽曼泰克气源净化设备有限公司 地址:无锡高新技术开发区珠江路36号 邮编:214028 电话:0510-85211442 传真:0510-85217869 网址:
2008 再版
PNEUMATECH air ideas
ENGINEERED TO WORK
总括
干燥系统是为除去压缩空气中的水份而设计。 如果安装合适,本设备基本不需要维修或调节。 附后的表格为备件清单。
OM-A-75 REV-2-C
无锡纽曼泰克气源净化设备有限公司
WUXI PNEUMATECH AIR/GAS PURITY EQUIPMENT CO.LTD
再生式干燥机
REGENERATIVE AIR/GAS DRYERS
安装 INSTALLATION 操作 OPERATION 调试 START-UP 维护 MAINTENANCE 说明书/零件手册 MANUAL/PARTS LIST
六、工作时序:
无热再生式干燥机是按照下面的时序来工作的. 这个 时序是自动运行的,是通过固化的时间模块或者由 PLC控制器来控制的.
当时间为6秒时: 右塔再生阀打开,使右塔开始降
压,然后右塔进入再生循环.
吸附式干燥机的干燥剂 装填及更换步骤
纽曼泰克所有标准型号的干燥机中采用A级活性氧化铝,处理气量为5SCFM到500SCFM的干燥 机,采用直径为3.2mm的氧化铝颗粒。处理气量大于500SCFM的(14m3/min以上),用占总量20% 的直径为6.35mm的氧化铝颗粒,这样有助于压缩空气通过干燥塔时的气流分布。
填料口
过滤网 塔体
10% 6~8mm氧化铝 80% 3~5mm氧化铝
注意
正确充入量的干燥剂可能会也可能不会充填至塔 体的顶部
GEA Omni控制面板产品说明书
OmniViewEnergy Sequencer CondenserCompressor EvaporatorThe intuitive touch for refrigeration,heating and gas compression controlGEA Omni control panelGEA Omni offers what operators expect from a control panel: maximum efficiency and reliable operation of their system. This advanced, industrial control panel integrates and optimally coordinates all required system components, resulting in a demand- d riven and highly energy-efficient facility operation.High-definition, easy-to-use HMIFeaturing a 15.6-inch, high-definition (1366 x 768 pixels) colordisplay, the GEA Omni h uman-machine interface (HMI) provides clear visualization of drawings, images, and text. Furthermore, GEA Omni incorporates single- and multiple-finger gestures used in many modern consumer electronics,adding an instinctive aspect to paging through selections and zooming documents or historical graphs. An intuitive menu system, where the information you need remains only a touch or two away, ensures routine functions are easy to perform by non-technical personnel. On-screen buttons and c ommands required for daily operations have been clearly and logically grouped and includes Omni’s QR code function, which creates a quick operating data report by simply scanning the QR code on the main compressor screen. The GEA Omni HMI makes membrane keypads and tedious navigation obsolete.One solutionGEA Omni has been designed as an open system. As a result, it can monitor and c ontrol not only the relevant components from GEA, but also those from other companies.C onfiguration of the control system and the operation modes takes place initially at the GEA factory and then may be adjusted during commissioning on-site, directly at the GEA Omni. The system openness makes it an all-inclusive command center, e liminating the need for auxiliary control systems. GEA Omni shows operating states not only for main components, but also for ancillary equipment. Whether it be monitoring and managing the position of a valve or the operation of a pump, the entire refrigeration, heating or gas compression system can be controlled from one panel.The “Classic” view gives operators essential information that’s easy to check at a glance, even from a distance.Live operating data can be captured using the QR-code scanner from a mobile device.3GEA Omni Sketch provides graphical representations showing real-time operating data. Featuring multi-page availability, this data can be shown on illustrations of your choice, i.e. floor plan, 3D drawing, PFD, photo. Colors add visual emphasis. OmniSketch provides the illustrations our customers use the most, without the need for an additional SCADA system.Authorized maintenance staff and service companies can access GEA Omni from remote locations.This OmniSketch example illustrates a typical refrigeration systemlayout with key status information.In addition to its visually stunning and intuitive HMI, the GEA Omni control panel a ppeals to not only operators but system integrators as well. As it comes from the f actory, GEA Omni satisfies typical industrial communication standards (Modbus TCP, EtherNet/IP, Modbus RTU, Allen-Bradley DF1 and standard options Profibus-DP and Profinet) for purposes of data exchange with auxiliary, supervisory control and data acquisition (SCADA) and building managment systems.Moreover, a standard Ethernet interface is provided that enables the use of wireless technology and smart phone or tablet viewing capability. Use a VNC viewer app on your smart device to easily connect to the IP address of your GEA Omni panel. Combined with a secure connection, you have 24/7 access to your system. Authorized service staff and service companies can access the control system remotely. GEA Omni also sends email and text message notifications to on-site and off-site personnel, ensuring proactive response to system conditions that need immediate attention.Instructional videos add a dynamic, visual element to the Documentation section.Digital contentDrawings, manuals, reports and videos are easily accessible for on-screen viewing, which can prove to be i nvaluable during new system commissioning, day-to-day operation, maintenance and troubleshooting. Every GEA Omni includes supporting documentation from the factory. In addition, users can create or provide their own videos and PDF documents that can easily be stored and retrieved via the USB port in the panel door, or via an Ethernet connection using OmniLink, for example:• Operating manuals• Process Safety Management documents (PSM)• Electrical wiring diagrams• Piping and instrumentation diagrams • Mechanical drawings • Component specifications• Standard Operating Procedures (SOPs)• Logic diagrams• Service and maintenance reports • Videos in AVI, MP4, or WMV formatAll important documents, such as wiring, piping & instrumentation diagrams andmanuals, are a finger tap away.5High-definition display15.6" display with 1,366 x 768 resolutionUnique user setup and auditing Create 25 unique users and monitor usage/actionsGEA OmniLinkRemotely view, manage andautomatically backup all dataConfigurable communication Read and write information to and from othercontrollers without additional wiringProjective-capacitive,multi-touch technologyNatural and intuitive operationMonitor the present – analyze the pastIntegrated apps keep you in touch with your equipmentGEA OmniLinkIncluded with every GEA Omni control panel is GEA OmniLink – a stand-alone M icrosoft Windows © operating system application designed to automatically find GEA Omni p anels on the same Ethernet network, read panel status, perform automatic data backup and reporting and view the present panel screen as ifv iewing the panel on-site. This application provides a convenient means of t ransferring configurations, programs, historical data, and parameters over an E thernet network without the need to insert a USB memory device into the panel.Enjoy remote access to your entire GEA control system via GEA OmniLink. Pictured are four compressor tiles with visual indication of current operating statuses.The IT security and data protection can be and must be adjusted as per customer’s needs under customer’s responsibility. GEA Omni control panel, including its various software applications, does not warrant any particular needs or customer’s level of IT security or data protection. The level of data protection and/or IT security for access, handling and transmission of data remains the customer’s sole responsibility. Specific security measures or requirements defined by the customer may be supported and provided by GEA upon request and after consultation and agreement.89Analyze past operating data, such ascompressor pressures and temperatures,with GEA OmniHistorian.GEA OmniHistorianGEA OmniHistorian is a M icrosoft Windows© operating systemapplication used to view and a nalyze historical data. GEA Omnistores years of operating information at a u ser- d efined samplingrate. This information consists of input/output (I/O) data, eventlogs, parameters, energy analysis, maintenance, revisions, andannunciations, which can be easily transferred over E thernetusing GEA OmniLink. Furthermore, GEA OmniHistorian cancreate custom reports, and viewable data can be printed orexported to XLS-formatted files.Secure – right out of the boxUp to 25 unique users can be created, each with a customizable view of operating data. Each unique user’s login history and actions are recorded in the panel for auditing purposes. Control parameters may be adjusted only within allowable limits, andall changes are logged in the panel’s history for security and administrative review. As a result, GEA Omni helps to minimize operator mistakes and system failure. GEA Omni provides three levels of security – Operator, Service, and Administrator.Operator level can:• Monitor parameters and equipment status• Select operational modes and personalize data views • Analyze historical data• Observe and manage annunciations and error reports • Change language and engineering unitsIn addition, the Service level can:• Modify all parameters and settings• Download program and configuration updates• Define operator- and service-level users• Troubleshoot I/O system with advanced on-screendiagnostic tools• Display real-time status of customized program logicIn addition, the Administrator level can:• Modify control system configuration• Securely access GEA Omni with an encrypted file,eliminating the use of a common password• Change the compressor selection and control optionsThe panel interior is designed toprovide clear and easy installationand serviceability. 10Reliable hardwareGEA Omni is a modular design, featuring a robust I/O system of standard industrial components. The compact space utilization of this I/O system allows for more devices to be controlled in a single panel. In addition, the Ethernet-based design allows for flexibility of remote I/O in separate enclosures, all of which are inter c onnected using standard Ethernet cabling.Layout and wiringThe interior of the GEA Omni exhibits well-organized separation of high- and low- v oltage sections, providing safe and simple wiring. Uniform connection design, clear labeling, and color coding contribute to easy installation. All control wiring to field d evices is terminated in a dedicated panel section. Thanks to the flexible methodof i nterconnecting I/O system components, wiring is kept to a minimum. These features allow fast inspectionand commissioning.Field configurabilityDoes the screw compressor have an economizer solenoid that was not accounted for in the panel configuration?Is the oil pump operation different than preconfigured on the control panel? These common issues during a retrofit panel installation will no longer require a ssistance from the factory. GEA Omni offers authorized personnel thefl exibility to modify the configuration and reassignthe I/O system to suit the needs of the a pplication.Energy ManagementEnergy costs are typically a facility’s largest operating expense. But with the GEA Omni control panel’s abundant capabilities, which include the effective management of energy usage, that operating expense can be significantly reduced. GEA Omni’s Energy functions are designed to enable users to effectively reduce operating costs by finely controlling key aspects of their process to utilizethe minimal amount of energy required. In addition, Omni’s Recipe functionality makes it fast and easy to change multiple parameters, based on time and date,to optimize running conditions.Through a fine-tuned approach to compressor control and sequencing, condenser control and sequencing, refrigerant vessel and pump control, evaporator control and a myriad of reactive and proactive energy management techniques, GEA Omni’s Energy functions deliver where it counts most – on the bottom line – and contributes to the achievement of companies’ sustainability-related goals by reducing their carbon footprints.In addition, GEA Omni’s Smart Sequencer option automatically prioritizes the compressors with the best part-load performance, ensuring high energy efficiency. Variable-speed-driven compressors can be grouped and speed synchronized, reducing energy consumptionand extending the lifetime of the equipment.One global product – GEA peace of mind Manufactured in North America, Europe, and Asia,GEA Omni meets the needs of a global customerbase. Preconfigured in more than 30 languages,GEA Omni carries the benefit of global salesand support. Rest easy knowing your facilityis controlled by a product that is invented, manufactured and supported by a globalleader in refrigeration, heating and gascompression control panel technology.GEA Omni’s Energy Management function allows operators toevaluate system energy usage and adjust to reduce operating costs.11G E A -R T -O M N I 7757-3000-001 (p k g o f 20) (r e v . 10-21) © G E A S y s t e m s N o r t h A m e r i c a L L C . A l l r i g h t s r e s e r v e d . S u b j e c t t o m o d i fi c a t i o n . P r i n t e d i n t h e U S A . T h e i n f o r m a t i o n c o n t a i n e d i n t h i s b r o c h u r e m e r e l y s e r v e s a s a n o n -b i n d i n g d e s c r i p t i o n o f o u r p r o d u c t s a n d i s w i t h o u t g u a r a n t e e . B i n d i n g i n f o r m a t i o n , i n p a r t i c u l a r r e l a t i n g t o c a p a c i t y d a t a a n d s u i t a b i l i t y f o r s p e c i fi c a p p l i c a t i o n s , c a n o n l y b e p r o v i d e d w i t h i n t h e f r a m e w o r k o f c o n c r e t e i n q u i r i e s .“Engineering for a better world” is the driving and energizing principle connecting GEA ’s workforce. As one of the largest systems suppliers, GEA makes an important contribution to a sustainable future with its solutions and services, particularly in the food, beverage and pharmaceutical sectors. Across the globe, GEA ’s plants, processes and components contribute significantly to the reduction of CO2 emissions, plastic use as well as food waste in production.GEA is listed on the German MDAX and the STOXX ® Europe 600 Index and also included in the DAX 50 ESG and MSCI Global Sustainability indexes.We live our values.Excellence • Passion • Integrity • Responsibility • GEA-versityGEA Refrigeration Technologies GEA Systems North America LLC 3475 Board Road York, PA 17406Tel717 767 6411**********************************************/refrigeration。
OMNI 操作指导手册
Create PDF with GO2PDF for free, if you wish to remove this line, click here to buy Virtual PDF Printer
1OMNI流量计算机概述
OMNI3000 和 OMNI6000 系列流量计算机具有安全可靠、操作简便、适用于各种流量测 量仪表。可用于单回路或多回路油气计量场合。测量的介质有:天然气、液化天然气、液化 石油气、乙烯、丙烯、和其它特殊气体,例如氧气、氮气、氢气、二氧化碳和水、原油、成 品油。OMNI 流量计算机,结构紧凑、外壳坚固、易于操作、功能超强,满足各种用户的 不同需要。实际上,这完全可以减少或避免添加其他辅助设备。OMNI3000 和 OMNI6000 系 列流量计算机已广泛应用于全球各地的石油和天然气公司。执行 API、IP、ASA 和 ISO 测 量标准,提供美制和国际制的单位。可扩展模块式设计,方便与各种计量系统联机。可以直 接与质量流量计、超声波流量计、气体色谱仪和数字式变送器联机。下图是 OMNI3000 和 6000 型流量计算机:
8
Create PDF with GO2PDF for free, if you wish to remove this line, click here to buy Virtual PDF Printer
3.1.2流量计设置
将光标移至 Meter Run Setup ,点击 Enter 进入流量计的设置。依次输入流量计的 ID, 气体流代码,然后就是流量的高低限报警。高低限应依据流量计的标识牌上所示。
在 Config Meter n 处输入:1+【Display】;n 为流量计的标号,即 1 则为第一个流量计。 该条目的大部分设置可以在软件中实现。只有 SV port 这项需要在面板上设置。如果按 照上面接线图的方法接线,那么可以此项设置可以设置成 1 或者 2。1 对应着 SV 电路板的 1 端口(TBn 的 1 和 2)。2 则对应着 SV 电路板的 2 端口(TBn 的 3 和 4)。其余配置可以在 软件操作中说明。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
OmniAnalysis™PlatformGetting Started GuideG e t t i n g S t a r t e d G u i d eCopyright © 2006, WildPackets, Inc. All rights reserved. Information in this document is subject to change withoutnotice. No part of this document may be reproduced or transmitted in any form, or by any means, electronic ormechanical, including photocopying, for any purpose, without the express written permission of WildPackets, Inc.AiroPeek SE, AiroPeek NX, AiroPeek VX, EtherPeek SE, EtherPeek NX, EtherPeek VX, Gigabit Analyzer Card (GAC),GigaPeek NX, iNetTools, NAX, NetDoppler, NetSense, Network Calculator, Omni³, Omni Capture Engine, OmniDesktop Engine, Omni DNX Engine, OmniEngine Desktop, OmniEngine Enterprise, OmniEngine Workgroup,Omni Management Console, Omni PacketGrabber, OmniPeek, OmniPeek Enterprise, OmniPeek Enterprise Connect,OmniPeek Personal, OmniPeek Workgroup, OmniPeek Workgroup Pro, OmniPeek Personal, Omnipliance,OmniSpectrum, PacketGrabber, Peek DNX, ProConvert, ProtoSpecs, RFGrabber, RMONGrabber, WAN AnalyzerCard (WAC), WANPeek NX, WildPackets, WildPackets Academy, and WildPackets OmniAnalysis Platform aretrademarks of WildPackets, Inc. All other trademarks are the property of their respective holders.The material in this document is for information purposes only and is subject to change without notice. Whilereasonable efforts have been made in the preparation of this document to assure its accuracy, WildPackets, Inc.assumes no liability resulting from errors or omissions in this document, nor from the use of the informationcontained herein.WildPackets, Inc. reserves the right to make changes in the product design without reservation and withoutnotification to its users.Contacting WildPacketsMailing AddressWildPackets, Inc.1340 Treat Blvd., Suite 500Walnut Creek, CA 94597Voice/Fax8 AM - 5 PM (PST)(925) 937-3200(800) 466-2447 (US only)Fax: (925) 937-3211info@Salessales@WebTechnical Support/supportResourcesSee /support/additional_resources/white_papers for white papers, tutorials, technicalbriefs and more.iiT raining and CertificationWildPackets Academy offers the most effective and comprehensive network and protocol analysis training available, meeting the professional requirements of corporate, educational, government, and private network managers. Our instructional methodology is centered on practical applications of protocol analysis techniques.See /services for course catalog, current public course scheduling, web-delivered courses,and consulting services.WildPackets Academy(800) 466-2447training@Product Support and MaintenanceWildPackets Product Maintenance Programs ensure that you grow along with our products as new features and enhancements to existing features are added. All WildPackets customers are entitled to technical support for the life oftheir purchased product(s).Enhanced support services are available through our Premium Maintenance Programs. Premium Maintenance offers Remote Trace File Analysis assistance and free seats in our WildPackets Academy Training courses, in addition to our standard maintenance services.Standard or Premium Maintenance can be purchased by contacting sales@.About WildPackets, Inc.Since 1990, WildPackets has been delivering real-time fault analysis solutions that enable the world's leading organizations to keep their networks running securely and reliably, day after day. From the desktop to the datacenter,from wireless LANs to Gigabyte backbones, on local segments and across distributed networks, WildPackets products enable IT organizations to quickly find and fix problems affecting mission-critical network services. WildPackets products are sold in over 60 countries through a broad network of channel and strategic partners. More than 5,000 customers, spanning all industrial sectors and including 80% of the Fortune 1000, use WildPackets products daily to troubleshoot networks and maximize network uptime. WildPackets customers include Agilent, Cisco Systems, Comcast, EDS, Microsoft, Siemens AG, Qualcomm, Unisys, Motorola, and Deutsche Bank. Strategic partners include Aruba, Atheros, Cisco, 3Com, Intel and Symbol Technologies. For further information, please visit.20060410-E-OP40_d4iiiContentsChapter 1Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Installing the OmniPeek console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Installing an OmniEngine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Main program window and Start Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Displaying the Remote Engines window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Connecting to a remote engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Chapter 2Capturing Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Capturing packets into a Capture window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Capturing packets on a remote engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Chapter 3Viewing Decoded Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17The packet decode window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 4Forensics Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Creating forensic captures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Using the remote engine files tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Chapter 5Monitoring the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Displaying Monitor statistics on the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Baselining with summary statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Using the remote monitoring capture template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 6Creating Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating a graph from a console Capture window. . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating a top ten protocols graph on a remote engine. . . . . . . . . . . . . . . . . . . . . . . 35 Chapter 7Wireless Statistics in Capture Windows . . . . . . . . . . . . . . . . . . 37The WLAN view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37The Channels view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39The Signal view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40vContentsvi Chapter 8Troubleshooting with the Expert . . . . . . . . . . . . . . . . . . . . . . . . 41 The Expert view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41Using the Expert EventFinder Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Using the Visual Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Chapter 9Creating Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Enabling a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Creating filters with the Make Filter command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Creating a simple filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Chapter 10Using the Peer Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 The Peer Map view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Chapter 11Using VoIP Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 The V oIP view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Analyzing a single call or channel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Appendix A Keyboard Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63C H A P T E R1 IntroductionWelcome to OmniPeek, the software console for distributed network analysis fromWildPackets!The OmniPeek console provides centralized expert analysis for 10/100 Ethernet, full-duplexGigabit Ethernet, 802.11 WLAN, and WAN networks by managing and interacting withremotely installed OmniEngines. With OmniPeek’s intuitive user interface, network engineerscan quickly troubleshoot problems on remote segments, drill down through multiple layers ofanalysis, and pinpoint problems that need correction.Important!The OmniPeek console and the OmniEngines are described here in their full-featuredversions. Please visit our web site at for details about how toorder the Omni features and media types that precisely fit the needs of your distributednetwork.System requirementsThe system requirements for the OmniPeek console are:●Windows XP Professional (SP2), Windows 2000 (SP4) or Windows Server 2003 (SP1)●Internet Explorer 6.0 (SP1)●Microsoft .NET Framework 2.0Note OmniPeek with Enhanced Voice Option does not support Windows Server 2003.OmniPeek supports most rack mount, desktop and portable computers as long as the basicsystem requirements to run the supported operating systems are met. Depending on trafficand the particular usage of OmniPeek, the requirements may be substantially higher.The following system is recommended for OmniPeek:1Chapter 1: Introduction 2System requirements●P4 2 GHz Processor (P4 2.4 GHz Processor for OmniPeek with Enhanced Voice Analysis)●512 MB RAM (1 GB RAM for OmniPeek with Enhanced Voice Analysis)●10 GB Available Hard Disk Space (20 GB Available Hard Disk Space for OmniPeek withEnhanced Voice Analysis)Factors that contribute towards superior performance include high speed CPU, dual CPUs, two or more GB of RAM, high performance disk storage subsystem (RAID 0), and as much additional hard disk space as is required to save the trace files that you plan to manage.Note Supported operating systems require users to have “Administrator” level privileges in order toload and unload device drivers, or to select a network adapter for the program’s use incapturing packets.For more information, please see our web site at /products.Optional hardware requirementsTo analyze wireless, Gigabit, WAN, or traffic, a supported network analyzer card (GAC orWAC) or wireless LAN adapter is required for OmniPeek:●Full-duplex capture of Gigabit Ethernet networks : requires a WildPackets GigabitAnalyzer Card (GAC).Note Capture on Gigabit Ethernet networks is also possible using other supported Gigabit Ethernetinterfaces, but not in full-duplex mode.●Capture from T1/E1 WAN links : requires a WildPackets WAN Analyzer Card (WAC).●Capture from T3/E3 WAN links : requires a WildPackets WAN Analyzer Card (WAC).For more information, refer to the documentation that ships with the product or visit ourwebsite at /products .For information on configuring wireless, Gigabit, and WAN analyzer cards, please refer to the OmniPeek User Guide or online help.Network connectivity and driversOmniPeek and the OmniEngines communicate over TCP/IP through port 6367, the default port for the WildPackets DNX proprietary protocol.OmniPeek Getting Started Guide WildPackets has developed a set of driver APIs for 802.11 WLAN cards, the Gigabit AnalyzerCards, and the WAN Analyzer Cards. OmniPeek and the OmniEngines ship with a number ofdrivers that support the WildPackets APIs.For the most recent information on network adapter cards and drivers, please visit http:///support/product_support/overview.Installing the OmniPeek consoleTo install the OmniPeek console, follow these steps:1.Uninstall any earlier versions of OmniPeek.2.Insert the OmniPeek Installer CD into your CD or DVD drive.3.Follow the installation instructions that appear on the screen.During installation you are asked to enter a valid Activation Key. When prompted, youcan select Automatic or Manual:●Automatic: The installer uses your Internet connection to send an encrypted messageto an activation server, which retrieves and displays your Activation Key. Please writedown the Activation Key for future reference.●Manual: The installer allows you to enter the Activation Key manually. You canobtain an Activation Key in the following ways: Go to a computer with an Internetconnection and web browser and complete the request form, or call WildPacketsTechnical Support.For more information about the product activation process, please see our website at:/activation.4.When the Installer has finished installing the program files, you can choose to view theReadme or launch the program.Installing an OmniEngineFor complete instructions on how to install, configure, and update settings for anOmniEngine, See the Getting Started Guide that ships with the OmniEngine or the online helpin the Omni Management Console application.Installing the OmniPeek console3Chapter 1: Introduction4Main program window and Start Page Main program window and Start PageTo start OmniPeek:●Choose Start > All Programs > WildPackets OmniPeek .The main program window and Start Page appears. The parts of the main program window are described below.●T oolbar: Provides icons for frequently-used tasks in OmniPeek. The function of each iconappears at a tooltip. Choose View > Toolbars > Show Toolbars to toggle the display of the icons in this toolbar.●Status Bar: Shows brief context-sensitive messages on the left and the current monitoradapter on the right. Choose View > Status Bar under the menu to toggle the display of this status bar.●Start Page: Provides links to useful resources, both local and online. You can:●open recently saved Capture files (click Open Capture File button)●start a new OmniPeek console capture (click New Capture button)ToolbarStatus BarOmniPeek Getting Started Guide●start a new remote engine capture (click View Remote Engines button)●view the Readme file●open the HTML version of the Getting Started Guide●open PDF versions of related hardware documents●access online resources and technical support●Network Statistics Gauge:Shows network utilization as analog dials with correspondingdigital displays. Choose Monitor > Network to display.●OmniPeek Log: Records Start, Stop, and other OmniPeek events. Choose View > Log todisplay.Displaying the Remote Engines windowThe Remote Engines window is used for interaction between the OmniPeek console and theOmniEngines. The Remote Engine window allows you to perform many of the sameoperations on a remote engine that you can perform locally with OmniPeek.Do one of the following to display the Remote Engines window:●Choose View > Remote Engines.●Click the View Remote Engines button on the Start Page.The Remote Engines window appears.Insert Engine Discover EngineInsert Group DeleteConnectDisconnectDisplaying the Remote Engines window5Chapter 1: Introduction6Connecting to a remote engineConnecting to a remote engineIn order to view packets and data from a remote engine, you must first connect to the engine from the Remote Engines window.To connect to a remote engine:1.From the Remote Engines window, click the Insert Engine icon. The Connect dialogappears.plete the dialog:●Host: Enter the IP address of the OmniEngine that you want to connect to.●Port: Enter the TCP/IP Port used for communications. Port 6367 is the default portfor the WildPackets OmniEngine.●Authentication: Select the method used to authenticate the user. Typically, you wouldselect Default if you don’t use a third-party authentication server.●Domain: Type the Domain for login to the remote engine. If the remote engine is not a member of any Domain, leave this field blank.●Username: Type the Username for login to the remote engine.●Password: Type the Password for login to the remote engine.3.Click Connect . When the connection is established, the remote engine appears in theRemote Engines window.Connecting to a remote engine 7OmniPeek Getting Started GuideTip You can add multiple OmniEngines to the Remote Engines window by using the InsertEngine icon.4.Click the Insert Group icon to add a group of engines to the Remote Engines window.5.Select the engine group and click Insert Engine to add an engine to the group.Chapter 1: Introduction8Connecting to a remote engineDiscover OmniEnginesWhen you click the Discover button in the Remote Engines window, the Discover Engines dialog appears. This dialog lets you search for OmniEngines installed on the network. You can then select the specific OmniEngines that you want to display in the Remote Engines window.●Engines: Displays the OmniEngines found on the network. Select the check box of theOmniEngine that you want to display in the Remote Engines window.●Discover: Click to search for OmniEngines installed on the local segment of yournetwork. The box on the right will change from Listening... to Finished when all network-available OmniEngines are discovered.●Advanced Settings:●Listen time: Enter the number of seconds that the OMC will listen for responses tothe discovery request. You can enter a minimum of 2 and a maximum of 30 seconds.●Device backoff time: Enter the number of seconds that the devices will wait beforeresponding to a Discover request. The Device backoff time should always be less thanthe listen time. You can enter a minimum of 0 and a maximum of 10 seconds.Discover OmniEngines 9OmniPeek Getting Started GuideNote You will need to select an engine in the Remote Engines window and connect to it beforecapturing packets and analyzing data.Chapter 1: Introduction10Connecting to a remote engineC H A P T E R211Capturing Packets Packets are the units of data carried on the network and the basis for all higher level network analysis. The Packets view of a Capture window is where you can view information about the individual packets transmitted on your network.OmniPeek and the OmniEngines can capture packets in multiple configurable Capture windows, each with its own dedicated capture buffer and settings for filters, triggers, and statistics output. You can establish and view multiple Capture windows up to the limits of available system resources.Capture windows allow you to:●View and monitor network traffic in real time ●Use a different adapter for each Capture window, or use the same adapter for multiple Capture windows●Apply filters, both before and after capture●Start or stop capture based on network events or time settings●View statistics based on selected network traffic●View packet contents, raw and/or decoded●Save packets for post-capture analysis in Capture file windows Capturing packets into a Capture window Note For remote capture, see Capturing packets on a remote engine on page 14.To capture packets:1.To start a new capture, do one of the following:●Click the New Capture button on the Start Page ●Choose File > New…Chapter 2: Capturing Packets12Capturing packets into a Capture windowThe General view of the Capture Options dialog appears.2.Configure the options in the General view.3.Click the Adapter view to select the capture adapter.Note For information on configuring settings in the other views of the Capture Options dialog, seethe OmniPeek User Guide or online help.4.Click OK . A new Capture window appears.Capture window titleSave to disk options Continuous capture optionsPacket slicing optionsCapture buffer size“Show this dialog...”Capturing packets into a Capture window 13OmniPeek Getting Started Guide5.Click Start Capture to begin capturing packets. The Start Capture button changes to theStop Capture button and packets begin populating the Capture window.Note You can right-click a column heading to hide or display available column headings in thePackets tab.6.Click Stop Capture when you want to stop capturing packets.Start/Stop CaptureChapter 2: Capturing Packets14Capturing packets on a remote engine Tip To resume capturing from where you left off, hold down the Shift key and click the StartCapture button. To empty the capture buffer and start a new capture, simply click the Start Capture button again.Capturing packets on a remote engineTo capture packets on a remote engine, you must first be connected to a remote engine in the Remote Engines window. Please see Connecting to a remote engine on page 6.To capture packets on a remote engine:1.Select New Capture under Captures on the Home tab.Tip You can also click the Insert icon on the Captures tab, or select New Capture under the nameof the adapter you wish to use on the Adapters tab.The General view of the remote Capture Options dialog appears.2.Configure the options in the General view.3.Select an adapter in the Adapter view.Capture window titleSave to disk options Continuous captureoptionsPacket slicing optionsCapture buffer sizeSave as templateOpen capture windowStart capture immediatelyCapturing packets on a remote engine 15OmniPeek Getting Started GuideNote For information on configuring settings in the other views of the Capture Options dialog,please see the OmniPeek User Guide or online help.4.Click OK . A new remote engine Capture window appears.5.Click Start Capture to begin capturing packets. The Start Capture button changes toStop Capture and packets begin populating the capture window.Tip You can right-click a column heading to hide or display available column headings in thePackets view.6.Click Stop Capture when you want to stop collecting packets into the remote capturebuffer.Chapter 2: Capturing PacketsFor instructions about using the Forensics Capture template, see Creating forensic captures onpage 21. For instructions about using the Monitoring Capture template, see Using the remotemonitoring capture template on page 31.Note Users without permission to create or modify remote engine Capture windows will find features grayed out, missing, or receive an error message indicating the task is not allowed. Fordetails, see the OmniEngine Getting Started Guide or the online help in the OmniManagement Console application.16Capturing packets on a remote engineC H A P T E R317Viewing Decoded Packets Network problems are revealed more quickly by looking at the detailed information contained in individual packets. Looking into the packets can help you troubleshoot your network, track down a security breach, or examine protocol structure and compliance.The packet decode windowYou can view detailed information about each packet by viewing the packet’s decode.To view the decode of a packet:1.Double-click a packet in the Packets view of a Capture window. The Packet Decode window appears. The decoded packet data is presented in byte order from top to bottom.Window navigationDecoder options Information addedby OmniPeekWindow header Decode viewHex andASCII viewOffsetsChapter 3: Viewing Decoded Packets 18The packet decode windowTip You can open individual Packet Decode windows for up to 10 packets at once. When multiplepackets are selected in the active Packet List, click Enter to open them all.2.Click on the - minus or + plus signs in the margin to collapse or expand the view of anyheader section.●Window header:●Click the Decode Previous or Decode Next buttons at the top of the window tostep through the packets shown in the Packet List of the active Capture window.●Decode view:●The items in green at the top of the Decode view include information on theFlags , Status , Packet Length , and Timestamp of the packet. This information isnot in the packet itself, but is added by OmniPeek.●The body of the Decode view is laid out in the same order as it appears in thepacket. A quick glance at this section often reveals the source of trouble.Problems like a misconfigured client, or incompatible versions of the sameprotocol from different vendors can be easily understood when you can see andcompare the packets themselves. ●Hexadecimal view:●The Hex view at the bottom of the decode window shows the offset of the firstcharacter in each line, the raw packet data in hex, and the ASCII version of rawpacket data3.Highlight an item in one part of the window. The same bytes of the packet are highlightedin all the other views or panes as well. The highlight matches in the Decode, Hex, andASCII panes.Color coding is used to link the Decode view with the Hex view for both Hex and itsASCII equivalent. The Hex and ASCII views are in turn linked to the color of the protocol shown in the Protocols column of the Packet List.Tip Right-click and choose Show Colors to toggle display of colors.The packet decode window 19OmniPeek Getting Started GuideTip Use the Toggle Orientation icon in the toolbar to tile the Decode and Hex views vertically orhorizontally.Toggle OrientationHighlights match:DecodeHexASCIIChapter 3: Viewing Decoded Packets 20The packet decode windowC H A P T E R4 Forensics AnalysisData reduction is the key to network forensics. Using the remote engine Files tab, you canselect one or more Capture files on the remote engine and search them for the specific datayou wish to analyze.Creating forensic capturesOn a remote engine, you can create a new Capture window based on a pre-defined ForensicsCapture template configured with capture settings optimized for post capture forensicanalysis.Forensics captures are saved automatically to the OmniEngine. Their filenames are listed inthe Dashboard view of Capture windows and in the remote engine Files tab. From the Filestab, you can refine your search by start time, end time, any available filter, and specify whichCapture window views you want to display for further analysis.To start a Forensics Capture:1.On the Home tab, select New Forensics Capture under New Capture. The remoteCapture Options dialog appears with settings configured for a Forensics Capture, such asContinuous capture with save to disk.2.Click the Adapters view and select an adapter for the capture.3.Click the Performance view. Notice that all of the statistics are disabled in order tooptimize packet capture to disk.4.Click OK. A remote engine Capture window appears with capture already under way.5.Click the Dashboard view. The Files area displays the list of files saved to theOmniEngine computer as the user-defined buffer fills.21。