Did You Know? Snapshot provides a quick, simple view into your network traffic.
Network observability through the deployment of packet brokers is essential for keeping a network healthy and secure, but they present their own configuration and troubleshooting challenges.
Imagine you have connected your taps and/or SPAN ports to the packet broker. You have connected your storage and analytics tool. Unfortunately, there is more traffic on the network than your tools can consume. You need to filter the traffic.
But there is a problem—you aren’t sure what to filter on. What IP addresses are on these links? Which applications? Where do you start?
Or you have a different problem. The traffic is getting to the tools, but they aren’t showing the activity and applications they are supposed to show. Are you monitoring the correct network links? Have you set up your filters incorrectly? Is it a problem with the tool? This can be extra vexing when you are not the tool owner.
These are not one-time questions. Traffic patterns change for reasons both planned and unplanned, so periodically validating that tools are getting the right traffic and that the filters are being effective is good hygiene.
Fortunately, these need not be difficult questions to answer. All you need is a simple snapshot of the traffic—a quick glance of the actual packets on the wire and/or as they pass through your filters. This is distinct from needing long-term packet capture and storage. Those tools are great, but doing a quick check on the packet broker itself is really easy.
The Snapshot feature of the cVu NG/NGE product lines provide that quick-and-simple view into the traffic it is receiving, filtering, and sending to tools. It is a standard feature, but it can be disabled if dictated by your company’s data access policies. Snapshot is available on both ingress and egress ports, so you can isolate exactly what is being received from the network and sent to the tools.
You access Snapshot directly from the GUI with a single checkbox.
Snapshot gathers packets on the given port and Smart Filter for 10 seconds and then makes the .pcap file available for downloading. You can store multiple snapshots per port on the device or save an unlimited number offline. This allows you to track changes over time or take before-and-after snapshots and see the effect of changes in filter parameters and/or network configuration.
Because Snapshot is tied to each Smart Filter, you can verify immediately what traffic is passing through each filter and by exclusion, what traffic is being blocked. If a filter is no longer needed because traffic patterns have changed, you can free up that resource for other uses. If a newer, higher-capacity tool has been added, you can update the filter to block less traffic.
You do not have to create a separate filter in a separate part of the GUI. You do not have to wait for verification from or access to other tools. Snapshot is a quick, simple, self-service capability that saves time and makes your job easier.
