Smart Packet Capture

Smart Packet Capture helps you analyze and diagnose the cause of a known and observed network problem by examining detailed packet trace data captured on the NAM Server. After a monitoring system has detected a network problem, you can drill down to the root cause of the issue.

To support this, NAM provides not only near-real-time performance monitoring, but also convenient and efficient access to historical packet level data (also referred to as back-in-time data). When a subtle or intermittent problem occurs, network administrators can quickly go back in time to discover the root cause. This verification process typically involves checking the end user's recent network activity and looking up any operations recently run by that host to discover, for example, why the network is slow for that user, or what is causing high RTT, or what is causing packet drop.

Components involved

NAM enables network and infrastructure operators to immediately isolate faults that affect application performance and end-user experience across web, middleware, database, and network tiers. This end-to-end view encompassing detailed network, client, and server fault domains streamlines the process of identifying and isolating a problem's root cause, and is now supplemented by the ability to initiate, collect, and analyze packet trace data in the context of APM reports.

After you capture traffic, you can use Trace Trimmer to focus the trace on the problem at hand and then analyze the trace in DNA, or you can open the trace in another application such as Wireshark.

Using the Endace high-speed lossless data acquisition architecture, you can automate the collection, retrieval, and display of trace file level data from both the EndaceProbe and NAM Probe by selecting the relevant user as reported in the NAM Server reports and analyzing the trace data in Dynatrace Network Analyzer (DNA) or in third-party analyzers such as Wireshark.

Feature summary

The Smart Packet Capture subsystem features automated multi-point collection, high-capacity continuous capture, and the ability to view and analyze results.

  • Automated multi-point collection
    • Takes data from multiple sources (NAM Probe & EndaceProbe)
    • Automatically captures & displays trace
  • High-capacity continuous capture
    • High-speed interface access
    • Lossless capture architecture
    • Storage scale from minutes to days
  • View and analyze capabilities
    • Contextual views from the NAM Server to DNA
    • Expert capabilities in DNA
    • Available as capture file for third-party analyzers
    • Real-time capture
    • Back-in-time analysis (on EndaceProbe)