Network Instruments GigaStor 114ff User Manual

Configuring the GigaStor through the Control Panel

Chapter 4 GigaStor Control Panel

65

rev. 1

Table 5 GigaStor Options tab

Field

Description

Capture Buffer size

Allows you to set the amount of Windows memory that Observer
will dedicate to the capture buffer cache for this instance. Values
are in megabytes. This configuration value has been pre-set for
optimum performance given a single GigaStor collection instance.

The factory settings also allow enough memory to set up a number
of passive or virtual instances, which will allow multiple users to
view the analysis results while avoiding redundant processing,
memory, and disk storage consumption.

If you wish to run multiple collection instances to monitor multiple
links or networks, you can decrease the capture buffer size
dedicated to GigaStor collection which will release some memory
for creating other probe collection instances, but be careful.
Inadequate memory allocation to GigaStor collection can affect
performance and result in dropped packets during high load
periods.

A GigaStor Instance can be as large as the physical memory
installed on your system after subtracting the memory dedicated
to Windows and other probe Instances.

To change the allocation for this probe instance, click the Configure
button, which will display the probe Instance, Memory and Security
Administration dialog.

In all cases, the actual buffer size (Max Buffer Size) is also reduced
by 7% for memory management purposes. Should you try to
exceed the Max Buffer Size an error dialog will be displayed
indicating the minimum and maximum buffer size for your
Observer (or probe) buffer.

Do not include traffic from Observer/
Probe local MAC address

Excludes packets sent and received from the station running
Observer or probe (the MAC address of the station from which you
are capturing packets).

Capture partial packets

By default, Observer will capture the entire packet. This option
allows you to define a specific amount of each packet to capture to
the buffer. For example, a setting of 64 bytes will result in Observer
only capturing the first 64 bytes of every packet.

Most of the pertinent information about the packet (as opposed to
the information contained in the packet) is at the beginning of the
packet, so this option allows you to collect more packets for a
specific buffer size by only collecting the first part of the packet. In
some forensic situations, a warrant may only allow an officer/agent
to collect, for example, e-mail headers.

Also, if the system is having trouble keeping up with bandwidth
spikes, collecting partial packets can resolve the issue. To change
the number of bytes captured in each packet, click the Change
Size...

Note that this setting affects all consoles that connect to this probe.
You cannot change this setting unless you have administrative
privileges to do so.

Network Load

When checked, Observer will not strip out the informational
markers used by Expert Time Interval and What If analysis modes.
Leave this box unchecked unless you intend to use these modes.