MSA Project Window - Omnipeek

Omnipeek Getting Started
ft:locale
en-US
Product name
Omnipeek

Once configured and created using the MSA wizard, an MSA project window is displayed as shown below. The MSA project window consists of the following parts: Flow List, Flow Map, and Ladder.

Note: When calculating the delay values for the flow map and ladder, MSA assumes that the client is on the left, and the server is on the right. If you create MSA projects that include multiple flows, all of the flows in the project should be initiated from the same direction. For example, flows initiated by two nodes on the private side of a firewall would be suitable to include in a single MSA project. Flows initiated by a node on the private side of a firewall, and flows initiated by a node on the public side of a firewall would not be suitable to include in a single MSA project.

MSA Project window

Flow List

The flow list displays a hierarchical list of flows for each capture source, including relevant information for each flow (client/server addresses and ports, protocols, packet counts, etc.) The flow list is hierarchical, with flows at the top level, and capture segments listed below the flow. Each capture segment includes statistics for that flow. Selecting the check box next to a flow displays that flow in the flow map and ladder diagram below.

Note: For any MSA project that has multiple flows, only one flow at a time can be selected in the flow list. The flow that is selected is displayed in the flow map and ladder diagram.

Flow list
  • Column header: Displays the column headings currently selected. Right-click the column header to enable/disable columns. Here are the available columns:
    • Flow/Segment: The name of the flow or segment.
    • Client Addr: The address of the client for the flow.
    • Client Port: The port on which the Client or Client Addr was communicating in the flow.
    • Server Addr: The address of the Server or Server Addr for the flow.
    • Server Port: The port on which the Server or Server Addr was communicating in the flow.
    • Protocol: The protocol under which the packets in the flow were exchanged.
    • Packets: The number of packets in the selected flow.
    • Client Packets: The total number packets sent from the Client or Client Addr in the flow.
    • Server Packets: The total number of packets sent from the Server or Server Addr in the flow.
    • Packets Analyzed: The total number of packets in the flow that were analyzed by Omnipeek’s MSA component. ‘Packets Analyzed’ will be the same as ‘Packets,’ unless the number of packets in the flow exceeds the packet limit, as configured in MSA options.
    • Packets Lost: The number of packets missing in the segment. Packets which are identified as ‘lost’ in a particular segment appeared in an least one other segment in the MSA project.
    • Client Packets Lost: The number of packets lost in the client direction.
    • Server Packets Lost: The number of packets lost in the server direction.
    • Client Retransmissions: The number of TCP retransmissions sent by the client.
    • Server Retransmissions: The number TCP retransmissions sent by the server.
    • Start: The timestamp of the first packet in the flow.
    • Finish: The timestamp of the final packet in the flow.
    • Duration: The elapsed time, from the first to the last packet in the flow.
    • TCP Status: Notes whether the TCP session is open or closed.
    • Columns…: Displays a dialog that lets you enable/disable and organize columns.
    • Show All Columns: Displays all available columns.

Flow Map

The flow map displays a graphical representation of the segments of the selected flow. Each segment in the flow is displayed from end-to-end (client on the left and the server on the right), along with timing statistics (average delay, minimum delay, and maximum delay) between each segment. Additionally, the hop count between each segment is also displayed (the little number inside the cloud between the segments).

Flow map

Here are some useful tips when viewing the data inside the flow map:

  • Hover over segments names and clouds to view tooltips displaying more data.
  • Press the Ctrl key and use your scroll wheel (Ctrl+Wheel) to change segment widths.
  • Arrows show the direction in which data flows.
  • The client and server arrows use the same colors as from Client/Server Colors (Tools > Options).
  • The number in the clouds are hop counts, as determined by the Time to Live (TTL) values within the packets. If there is one number in the cloud, then both the client and server hops are the same. If there are two numbers in the cloud, then the client and server hops are different, indicating that the client and server paths are different. If there are multiple paths in one direction, no hop count is displayed for this direction. Hop counts greater than one are displayed in red. The TTL of each packet can be displayed in the Ladder diagram.

Ladder

The ladder diagram displays the flow of packets amongst the segments represented by the capture sources, along with information such as timing.


Ladder

Here are some useful tips when viewing the data inside the ladder diagram:

  • Hover over packet boxes to view tooltips displaying more data.
  • Arrows show the direction in which data flows.
  • Green boxes are the packets that open the flow (SYN and SYN-ACK).
  • Black boxes are packets with non-zero payload (packets that carry data).
  • Gray boxes are packets that have zero payload (probably just ACK packets).
  • Red boxes are packets that close the connection (FIN or RST).
  • Right-click inside the diagram to show/hide additional statistics, or to adjust the time scale of the ladder.
  • The following keyboard/scroll wheel shortcuts are available from the ladder display:
    • Wheel+Ctrl: Changes the time scale.
    • Wheel+Ctrl+Shift: Zoom the time scale.
    • Wheel+Ctrl+Shift+Alt: Change the segment width.
    • Ctrl+Alt+Shift+F9: Save ladder display to text.