Multi-Segment Analysis - Omnipeek

Omnipeek Getting Started
ft:locale
en-US
Product name
Omnipeek

About Multi-Segment Analysis

Multi-Segment Analysis (MSA) in Omnipeek allows you to quickly and easily locate, visualize, and analyze one or more flows as they traverse several capture points on your network from end-to-end. MSA provides visibility and analysis of application flows across multiple network segments, including network delay, packet loss, and retransmissions.

MSA can quickly pinpoint problems and their root causes across multiple segments, bring problematic flows together, and create an analysis session, report anomalies, and provide graphical visualization of multiple segments across the network.

An easy to use MSA wizard allows you to create MSA projects from either multiple Capture Engines located on your network, or from multiple existing capture packet files. Additionally, MSA projects can be created by right-clicking various views from the navigation pane of a capture window.

Important: The time it takes for Omnipeek to build and display an MSA project is dependent on the number of segments, the number of flows, and the number of packets in each flow. MSA includes a limit of 100,000 packets per flow (modifiable from Multi-Segment Analysis Options), but there is no hard limit to the number of segments or flows that can be included in a project. Be selective when choosing data for your MSA projects. If you find that an MSA project is taking too long to build, you can cancel out and reduce your data set.

In order to facilitate the creation of MSA projects based on forensic searches, the following best practices are suggested:

  • Each Capture Engine should have a unique name. This can be done via the Capture Engine Manager, or the Capture Engine Wizard.
  • Make sure the time is accurate on all of the Capture Engines. If possible, configure the Capture Engine to use an NTP server.
  • Give each capture a unique name. For instance, name the captures based on the network segments.
  • Once an MSA project (.msa file) has been created, you may want to save the packet files that were used to create the MSA project for the following reasons:
    • The packet files will be needed again if you want to add another segment to the MSA project.
    • You may want to open a trace file related to a particular segment, to see different Omnipeek views, such as the Packets or Flows view.
    • It may be necessary to rebuild MSA projects to take advantage of new MSA features in future versions of Omnipeek.

In addition, the following Capture Option settings must be enabled for MSA-based forensic searches:

  • ‘Capture to disk’
  • ‘Timeline Stats’ (on Classic Capture Engines only)
Note: MSA-based forensic searches require Timeline Stats. Classic Capture Engines support Timeline Stats starting with version 6.8.