Capturing packets, Viewing captured packets – Network Instruments Observer User Manual

Page 20

background image

Getting Started with Observer Modes and Tools


Observer® Quick Start Manual

6. Choose a filter direction and include or exclude the address.
7. If you selected the Frame Relay option in step 3 and wish to monitor a

frame relay network, the “Use payload filter” checkbox will be selected

by default. If you do not wish to use the payload filter, uncheck the box.

8. Click on the Use Frame Relay DLCI Filter checkbox to enable the DLCI

textbox. You can type in an address or right-click on the checkbox to see

the list of available addresses.

9. To exclude a particular DLCI, check the “Exclude DLCI” checkbox.

Capturing Packets
After configuring a filter, the next step in Packet Capture is to actually begin

capturing packets for examination.
1. Click

Capture > Packet Capture

or click on the

icon on the

Observer toolbar to open Packet Capture mode.

2. Click

Mode Commands > Start Mode

or click the

icon on the Packet

Capture toolbar to begin capturing packets.

3. Click the

icon on the Packet Capture toolbar when finished capturing


Viewing Captured Packets
Without a way of decoding and viewing the captured packets, there would

hardly be any point in capturing them in the first place. Observer’s built-in

viewer is a highly sophisticated and flexible tool, capable of decoding,

processing, and manipulating captured packets in a variety of ways. For most

purposes, though, the network administrator will find that simply paging

through the captured buffer or searching for a specific packet will give a good

picture of what is going on in the specific conversation under examination.

Where the capture buffer is awkwardly large or it’s preferable to take a look

at a subset of the captured data, Observer has built-in post filter capabilities

allowing the network administrator to cut further through clutter to the root

of the problem. Post filter also enables a more experienced network

administrator consulting with a less experienced colleague to have the less

experienced network administrator simply capture and send along all