Introduction to protocol analyzers

An "analyzer" (sometimes called a "decode") is a software component that monitors, parses, and analyzes a network protocol detected in the monitored traffic.

Some analyzers monitor transactions: they can recognize exchanges of information where there is a recognizable question-and-answer dialog (a "transaction").

Read on for a brief introduction to NAM analyzers.

Note

The analyzers available to you on your NAM Probe depend on the licenses you have purchased.

Even if the NAM Probe monitors a specific protocol and you are able to configure the NAM Probe to monitor that protocol using a particular analyzer, the performance data for that protocol will not be generated by the NAM Probe if you do not have a license for that analyzer.

When there is no license present for a protocol, the NAM Console displays a warning message stating that the license for that particular analyzer is missing.

When there is no license present for a protocol, the NAM Console displays a warning message stating that the license for that particular analyzer is missing.

Read on for a brief introduction to NAM analyzers.

Generic TCP, MS RPC

  • Measures RTT, loss rate, and TCP-level response time for all applications

  • Measures server time versus network time breakdown

  • Measures availability of connection to the server, measures all TCP errors

  • Recognizes all IP clients and all servers

  • For MS RPC (not for generic TCP), it identifies services and users by name

NetFlow

  • Measures traffic volume of all applications’ traffic that flows through v5/v9/IPFIX NetFlow-enabled devices
  • Can report basic network performance statistics if devices provide them
  • Does not identify user names or transaction names

SMB/CIFS

  • Measures file access performance over SMB and CIFS protocols commonly used in file operations in an office (mainly Windows) environment
  • Measures file access performance per file server, network share, folder, file type, and selected individual files, by name, and by user name

Web

  • Measures web application performance on the level of pages (multi-hit, multi-site correlation of page elements)
  • Includes business transactions (sequences of operations, attribute values of web requests), user name identification, and full set of network characteristics, with sub-millisecond resolution

Oracle Forms

  • Measures Oracle EBS and Forms end-user experience, per Form operation and identified by user name and user-originated event (such as Button Press or Text field Item state change)
  • Reports performance along hierarchical structure that reflects the Forms application business hierarchy

VoIP

  • Monitors performance of call streams flowing between stations
  • Monitors call establishment process quality with call manager
  • Details MOS scores & performance evaluations for each call, in real time, including quality fluctuations during the call
  • Offers roll-up data by office location, node, or individual user

SAP

  • Monitors SAP T-Code and T-Code step performance
  • Measures usage and errors individually for each SAP GUI user identified by login name
  • Decrypts SNC traffic
  • Identifies server, network, and SAP GUI client delays
  • Measures network performance within the context of individual SAP transactions

SAP RFC

  • Measures SAP RFC middleware performance on transaction level
  • Measures usage and errors individually for each RFC call
  • Decrypts SNC traffic
  • Identifies server, network, and SAP RFC client delays
  • Measures network performance within the context of individual SAP transactions

XML/SOAP and WCF

  • Monitors performance and usage of web services and XML-enabled services for transactions identified by names and user names extracted from the monitored traffic

Note: XML and SOAP monitoring is handled by the HTTP analyzer.

WebSphere MQ and XML over MQ

  • Monitors MQ client-server and manager-to-manager transaction performance, as well as individual MQ operation performance
  • Correlates MQ PUT-GET sequences into complete transactions
  • Offers option of identifying transaction names by parsing XML-formatted content of MQ packets

Tuxedo Jolt

  • Captures all RPC calls of the Tuxedo JOLT stack
  • Identifies calls by object and method name
  • Reports on errors returned by Tuxedo JOLT server

Note: this analyzer does not monitor Tuxedo ATMI calls.

RMII – JBoss,T3, CORBA

  • Measures performance, usage, and errors of RMI transactions on the object, method, and method call parameter level,
  • Measures server versus network time and transaction errors
  • Identifies all RMI calls on the network, including all background traffic such as keep-alives
  • Monitors thick client java apps and server-to-server traffic

LDAP

  • Measures performance of LDAP services that are contacted by application servers as a part of the application architecture
  • Recognizes key LDAP operations, errors, and user names

Note: this analyzer does not measure Windows Active Directory performance or Windows desktop logon time

DRDA (DB2), Informix, TDS (MSSQL, Sybase), Oracle SQL*net, MySQL

  • Measures performance of SQL databases, from the database user perspective, for each query, RPC call, and statement
  • Automatically learns the top N queries in response time, frequency, server load categories
  • Masks sensitive query parts and applies transformations necessary to normalize reporting literals

HTTPS

  • Decrypts SSL 3.0/TLS 1.x traffic before it is analyzed by specific decodes.
  • Applies to Web (HTTPS), SOAP/XML, Citrix ICA, and WebSphere MQ (MQS)
  • Provides secure SSL key handling with support for FIPS 140 level 2 and 3 -compliant HSMs from nCipher and Cavium

SSL

Gives you insight into the performance of the SSL exchanges without actually decrypting the traffic. The analyzer provides the metrics of the SSL handshake timing and errors. We recommend to use it when you're not able to add your SSL keys to the NAM Probe or use a cipher we're not capable of decrypting, for example of the Diffie-Hellman based ciphers.

WAN optimization support

  • Measures efficiency of WAN optimization controllers – especially Riverbed Steelhead and Cisco WAAS – in terms of compression ratio, pass-through ratio, and application response time effect (application delivery channel delay), for all applications monitored by NAM.

Citrix ICA and TCAM thin client analysis module (Citrix & WTS)

  • Identifies applications published by Citrix servers, user names of Citrix logons, Citrix channels, and interference between channels (such as printing versus interactive screen updates)
  • Measures ICA command delivery time between server and clients
  • Measures end-to-end efficiency of Citrix application delivery
  • Ties together front-end and back-end of the Citrix server, so all back-end applications that Citrix contacts on behalf of users are tagged with actual Citrix login names
  • Adds Citrix system utilization metrics to end-to-end performance of Citrix delivery chain (CPU, RAM, disk, and active sessions).

Universal decode

  • Enriches the TCP transaction measurements with transaction, user, and error names picked up from the network packets payload
  • Provides a detailed user activity log down to the single transaction with execution time-stamped individually
  • Uses a simple scripting language to define how to pick up transaction, user, and error names, and to define how to mark the transaction boundaries