iTM Trace Monitoring - be precise !

a packet analysis solution for deep dive into content of thousands of PCAP trace files in one single dashboard
mass of data is easy organised, aggregated, analysed, prioritised and grouped into 3 main categories:
Application, Connection, or Network.

why iTM

Trace data can cover the whole IT delivery chain - DNS und LDAP codes and times, Network Transfer and Application Performance, Server Responsetimes & Return Codes, Frontend / Backend Performance - or any content of a readable packet.
Packet Tracing could create incidents for root cause analysis and incident correlation
it can cover more than 1000 protocols, including industrial protocols, custom applications and more than 250.000 metrics
With i/TM all those protocol and metrics can be monitored and analysed, organised and displayed and become be part of a incident management infrastructure .

iTM - at a glance

- longtime data - import realtime large numbers of pcap files for hours, days, weeks - created by various trace tools like Tcpdump, Tshark, or a capture appliance
- Auto-Analysis - analyze thousands of sequential files automatically on the fly by using customizable deep packet expert profiles - also per object - including custom metrics and thresholds
- Incidents - create incidents based on variable thresholds per object
- longtime perspective - visualize incidents and raw data in smart dashboards over hours, days , weeks or months
- Incident correlation - Export incidents into service management management, becoming part of correlation framework
- Automation - Automate the analysis workflows step by step - avoiding time and efforts for recurring tasks

Longtime monitoring - or single tracefile analysis ?

Tracefiles are usually manually analysed in single steps – just one at a time, covering a few minutes. For hours multiple files must be generated – for a day 100 or 1000 of files. This can not be done manually. with iTM user can import a large number of files from servers, cloud or datacenter appliances – assign an analysis profiles including the relevant metrics - and iTM creates required statistics and over the whole span of time - just monitoring.

  smart Dashboards

Just with a glance a user can understand:
  • Are there any issues in my trace files
  • To what category they belong too (network, application, connection)
  • Which exact metric was causing that?
  • What threshold was crossed
  • Direct access to the trace file
  • Drilldowns and category specific
  • views (here application view) allow deep insights- continuously over time - for days, hours or seconds

  Deep Analysis

With Deep analysis iPAC-TraceMonitor is utilizing Wireshark display filters – which can do a lot more than most other analysis solutions. Thousands of protocol-dependent prefilters are defined, analysis expert exist for a wide range of protocols. By using each possible Wireshark-Display filter in IPAC-TM - user can pretty much use every byte in the packet flow – as monitoring and incident condition.

  iPAC-TM Under the Hood

  Analysis Profiles

Analysis profiles are pre-configured filter-and-threshold definitions which will be applied to a trace-analysis. A profile is a configuration of defined filters and symptoms – pretty much each byte in a packet or a Wireshark-expert-analysis (like tcp_out_of_order) can be configured as symptom. Files will be analyzed very deep according to these profiles – and symptom are generated based on the analysis. Eg. if SSL uses TLS1.2 can be defined as condition, an occurrence on non-TLS1.2 packets can be seen and defined as symptom. Same can be done with performance metrics like LDAP.time, DNS.Time, DNS. responseCodes, HTTP return codes etc. – which can be included in a specific profile and symptoms created if a threshold is exceeded.


User have a certain defined request to analyze deeply and constantly, like an application, a security behavior, a server or service - etc. and defines his request as an analysis scenario. A typical analysis workflow starts with a definition of a scenario:

  • Object - What I need to analyze.
  • Conditions - filter conditions.
  • Data source - the traces source (files, active Wireshark/tcpdump, capture appliance).
  • Options - if treated for analysis purpose (like de-duplication, merging).
  • Saving location - (scenario specific directory).
  • Intelligence - What analysis profile should be used.
  • Such a scenario gives the user the ability to start a longtime-monitoring process on a deepest level – focus on this scenario and create scenario-related incidents and events. Many scenarios can be defined and processed parallel – so one scenario can work on the web shop using deep SSL and HTTP metrics, another can monitor SAP services and another the DNS replies – same time.


Trace-based events can be correlated with other existing management data, if coming from Network, Systems, Logfiles or security devices in a single dashboard- like SLIC Correlation insight. They can create the significant data – which can feed a service management platform with the intelligence to create complete cause & effect chains for complex IT-services.
Download iPAC Trace Manager facts sheet