iTM Trace Monitoring

iTM - a comprehensive packet analysis solution – enabling the user to view the content of thousands of pcap-trace files in a dashboard - aggregated, analysed, threshold compared, prioritised and grouped into main categories: Application, connection, network.

why iTM

Data Packet Analysis solutions should allow the user to create with any data which is important for the user.
many solutions provide a great set of such data -based on that is usually needed - and can confer the requirements for many protocols - and applications - but not all.
industrial protocols, custom applications, rare applications - are not part of this "generic" monitoring.
with i/TM any protocol which is readable can be monioted, analysed, compared, evaluated, and by this be part of a comprehensive incident chain.

Thousands of files – Constant analysis




A user can import a large number of files – 1000ds and more- and provide a constant statistic over time – like any other monitoring solution.

  User friendly Dashboards

Just with a glance a user can understand:
  • Are there any issues in my trace files
  • To what category they belong too (network, application, connection)
  • Which exact metric was causing that?
  • What threshold was crossed
  • Direct access to the trace file
  • Drilldowns and category specific
  • views (here application view) allow deep insights- continuously over time - for days, hours or seconds

  Deep Analysis


With Deep analysis iPAC-TraceMonitor is utilizing Wireshark display filters – which can do a lot more than most other analysis solutions. Thousands of protocol-dependent prefilters are defined, analysis expert exist for a wide range of protocols. By using each possible Wireshark-Display filter in IPAC-TM - user can pretty much use every byte in the packet flow – as monitoring and incident condition.

  iPAC-TM Under the Hood

  Analysis Profiles

Analysis profiles are pre-configured filter-and-threshold definitions which will be applied to a trace-analysis. A profile is a configuration of defined filters and symptoms – pretty much each byte in a packet or a Wireshark-expert-analysis (like tcp_out_of_order) can be configured as symptom. Files will be analyzed very deep according to these profiles – and symptom are generated based on the analysis. Eg. if SSL uses TLS1.2 can be defined as condition, an occurrence on non-TLS1.2 packets can be seen and defined as symptom. Same can be done with performance metrics like LDAP.time, DNS.Time, DNS. responseCodes, HTTP return codes etc. – which can be included in a specific profile and symptoms created if a threshold is exceeded.

 Scenarios

User have a certain defined request to analyze deeply and constantly, like an application, a security behavior, a server or service - etc. and defines his request as an analysis scenario. A typical analysis workflow starts with a definition of a scenario:

  • Object - What I need to analyze.
  • Conditions - filter conditions.
  • Data source - the traces source (files, active Wireshark/tcpdump, capture appliance).
  • Options - if treated for analysis purpose (like de-duplication, merging).
  • Saving location - (scenario specific directory).
  • Intelligence - What analysis profile should be used.
  • Such a scenario gives the user the ability to start a longtime-monitoring process on a deepest level – focus on this scenario and create scenario-related incidents and events. Many scenarios can be defined and processed parallel – so one scenario can work on the web shop using deep SSL and HTTP metrics, another can monitor SAP services and another the DNS replies – same time.

  Correlation



Trace-based events can be correlated with other existing management data, if coming from Network, Systems, Logfiles or security devices in a single dashboard- like SLIC Correlation insight. They can create the significant data – which can feed a service management platform with the intelligence to create complete cause & effect chains for complex IT-services.
Download iPAC Trace Manager facts sheet