Observer - "Hidden Gems"
While Observer 13 includes numerous new features and enhancements, here are just a few of their "hidden Observer gems" that you may not be aware of.
Stateful Packet Inspection
In the realm of application performance monitoring, stateful packet inspection allows you to accurately identify protocols or activities traversing a specific port through in-depth packet inspection. Use it to verify that application traffic flowing across port 80 is legitimate HTTP-based activity rather than unauthorized BitTorrent use.
Location: Options > Protocol Definitions and Server Application Discovery
Eliminating Duplicate Packets
When you're loading a packet capture involving more than one source, the potential for capturing the same transaction twice increases. Observer can now load captures and automatically remove duplicate packets using a comprehensive multi-check process.
Location: File Menu > Load and Analyze Observer Capture Buffer (Skip Duplicates)
Observer Status Dashboard
Easily monitor the health and status of all your Network Instruments probes from a single dashboard, including managing probe status, modes, and memory set. In addition to making it easier to manage multiple probe instances, you can tell at a glance whether probes are properly configured to provide trending and reports, packet capture, etc.
Location: View Menu > Navigate Observer Features and Status Dashboard
Conversation-Based Searches
You can now search IP/Port conversations inside decodes for specific search strings. The conversation-based searches expand Observer's search capabilities, making it easier to look across conversations. To identify conversations involving visits to a specific site like Yahoo!, you would search for all IP/Port conversations containing the keyword "Yahoo." Rather than clicking Next to view each instance of Yahoo from packet to packet, a list of the conversations containing the keyword Yahoo is now produced, from which you can select the specific conversation to view.
Location: Decode and Analysis Decode Tab >Tools > Find Packet > Find All Conversations Containing Search Sequence
Schedule Triggers and Alarms
You can now schedule and control when alarms are triggered, whether during certain hours or days during the week. For example, you could set low-priority alarms to alert you during office hours, so that you only receive high-priority alarms during off hours.
Location: Triggers and Alarms Settings > Schedule Tab
Conclusion
These are just some of the new Observer 13 features you can leverage to speed troubleshooting and gain greater diagnostic accuracy.
Connection Dynamics Search
Learn how to search automatically for specific error codes and interframe gaps within Connection Dynamics. In a conversation containing thousands of packets, you can't overstate the time savings, as Observer 13 takes you right to the error packet.
- Within TCP Events, right-click on the conversation of interest and select Connection Dynamics.
- In Connection Dynamics, click Tools in the overhead menu and select Find Packet from the drop-down menu.
- In the Find Packet window, you can search for specific error packets and interframe gaps. We're going to look for a specific error packet. Select Error packet. As you can see in screenshot below, the neighboring drop-down box then allows you to search for specific error types, including resent, out of order, zero windows, and rerouted packets.
- By default, the search feature scans both segments of the conversation. You can use the drop-down box below the Search In text to select a specific side of the conversation. From the screen shot below, you can see we are looking for any error on either side of the conversation.
- Press Search Down to find the next error meeting your search criteria. Observer highlights the found error code in blue, distinguishing it from the other packets.
Network Instruments Observer Software: