These diagnostics provide two categories of issues that affect successful secure traffic performance analysis: missing server key and session decryption failure. We assume user-defined software services have been created and the corresponding SSL keys have been applied to the NAM Probe.
- On the NAM Server, select Tools ► Diagnostics ► Traffic diagnostics
- Click the Secure traffic diagnostics tab
- Select a device in the Attached NAM Probes list
- Click the Servers with missing keys tile and open the report
If you see no statistics, you probably haven't selected a device yet. To select a device, click the device address in the Attached NAM Probes list and select it.
Secure traffic diagnostics are useful only when you have create and monitor user-defined software services with the SSL Decrypted analyzer. Otherwise, the report will be empty.
To create a software service:
- Apply the server keys (SSL) on the NAM Probe or your SSL accelerator (if used with the NAM Probe).
- Open NAM Server ► Reports ► Explore ► Traffic discovery ► Discovery - Services ► Software services overview or NAM Server ► Reports ► Explore ► Software services.
- Click a discovered service (HTTPS) and, in the pop-up menu, click Configure User Defined Software Service to create a new user-defined software service based on the SSL Decrypted analyzer. Then your SSL-based software service will be included in the secure traffic diagnostics.
It is normal (and desirable) to not see all of the statistics listed here. A statistic is displayed only if it crosses a certain threshold. You should concentrate on the statistics that are displayed, and not worry about the statistics that are not displayed (because they are within normal limits).
The statistics on this report are generally prioritized from top to bottom. Resolve issues starting from the top of the list, like it's a sequential procedure.
Attached NAM Probes
Click and select the address of the NAM Probe you want to analyze.
If the list is long, use the Find box to narrow the displayed list to one or more devices that match your search string.
Click a device address and then click the Capture packets on NAM Probe link to capture a sample of traffic on the selected device. For more information, see Capturing packets on NAM Probe.
Status of sniffing interfaces
If this list is empty, you probably haven't selected a device yet. To select a device, click the device address.
After you select a device, this table lists the following interface information about all sniffing interfaces detected on that device:
Sniffing ifc name
The name of the interface.
The state of the interface.
The amount of traffic received on the interface.
These are cumulative values that should be increasing if your NAM Probe is receiving traffic on these sniffing ports. If a port does not increase with screen updates, you may have a SPAN configuration problem on that port.
Statistics are generally sorted from most to least important, top to bottom, starting with traffic volume.
Whether a given statistic is actually displayed on your report depends on whether that statistic has exceeded the display threshold.
Click any point on a chart to see a numerical value for that point on the chart.
These are statistics for the Time range and Resolution specified at the top of the report.
All possible statistics that could be displayed on this report:
Graphs total volume of bytes received.
Graphs secure traffic volume (number of SSL sessions).
Troubleshooting secure traffic issues can be difficult, as it requires that SSL server keys be properly installed on the NAM Probe and the existence of user-defined software services based on the “SSL Decrypted” decode.
Servers with missing keys
A simple count of the servers with missing keys. If this is not 0, you know that this many servers using encryption have no matching key. For each of them, you should install the missing keys on the NAM Probe so it can decrypt secure traffic.
Click the tile to list the servers (in the pop-up window, click the report link). For more information, see Servers with missing keys report.
Percentage of encrypted sessions that were impossible to decrypt. If this is not 0, you know that this percent of the secure traffic sessions were not decrypted for any of multiple possible reasons.
NAM offers a detailed diagnosis of decryption failures that can be used to pinpoint the root cause of the problem. However, in the vast majority of cases, secure traffic decryption issues are directly caused by traffic acquisition problems, so solving them first is crucial to the overall success of performance monitoring.
Click the tile to list the servers (in the pop-up window, click the report link). For more information, see Servers with failed sessions report.