Using universal decode to monitor TCP-based protocols

You can use the Universal Decode to analyze a variety of TCP-based protocols; each protocol is analyzed using a different Universal Decode script.

The Universal Decode is based on the TCP analysis of the monitored traffic, with the added capability of assigning meaningful names to the observed TCP operations. It associates descriptive names, related to the actual end-user experience, to TCP-level exchanges (request-response pairs). The names are taken from the content of the data packets exchanged between the client and the server.

Basic universal decode analysis

In the basic form, the Universal Decode observes operations which are single TCP request-response pairs occurring in a sequence, and seeks to associate them with meaningful names. The assumption, therefore, is that such meaningful, user-experience-related names can be added. For example, this would be the case for common text protocols such as HTTP or SMTP and many binary protocols such as Epic.

Monitoring more advanced application protocols

Many application protocols use more sophisticated signaling. The client and server may exchange unidirectional asynchronous messages using an application logic known to both that shows them how to tie the messages into transactions. Examples of such concepts include:

  • Multiplexation: A single client and server pair keep more than one logical session open and signal which request belongs to which session using some kind of correlation or message identifier.
  • Pipelining: The client sends multiple requests and then waits for multiple responses, not necessarily in the same order as requests.
  • Side switching: The client signals that now it assumes the role of the server and server would be sending requests to which the client will be responding (or vice versa). Then, on another signal, situation is reversed again.

Such messaging concepts are supported by the Universal Decode. However, you need to define the handling of the app-specific messages in the decode script. This means that the Universal Decode scripts may grow unexpe3ctedly complicated.

For examples of such advanced application protocol support, refer to Universal Decode GitHub repo - look for ISO 8583:1993 and SISNAPI scripts.

Our advice in such cases is to engage Dynatrace Expert Services consultants to help with decode script development.

Limitations of the universal decode

Universal Decode is not designed to correlate messages on multiple parallel TCP sessions into a single transaction. An example of such transaction model is a web page load, which usually has many hits that load in parallel on many TCP connections. It has to be measured together and only the combined measurement reflects the page load process. The Universal Decode does not seek to provide such analysis. This type of analysis will continue to be provided by the dedicated decodes such as the HTTP decode.

Universal decode scripts provided with NAM

Universal Decode scripts for specific protocol analysis are provided pre-loaded on the NAM Probe - JBoss, Corba. See Universal decode SDK.