Archive

Posts Tagged ‘nChronos’

How to Use Multi-Segment Analysis to Troubleshoot Network Delay and Packet Loss

October 8th, 2015 No comments

Troubleshooting network problems can be a very intensive and challenging process. Intermittent network problems are even more difficult to troubleshoot as the problem occurs at random timeswith a random duration, making it very hard to capture the necessary information, perform troubleshooting, identify and resolve the network problem.

While Network Analyzers help reveal problems in a network data flow, they are limited to examining usually only one network link at a time, thus seriously limiting the ability to examine multiple network segments continuously.

Colasoft’s nChronos is equipped with a neat feature called multi-segment analysis, providing an easy way for IT network engineers and administrators to compare the performance between different links. IT network engineers can improve network performance by enhancing the capacity of the link according to the comparison.

Let’s take a look how we can use Colasoft nChronos’s multi-segment analysis feature to help us detect and deal effectively with our network problems.

Multi-segment analysis provides concurrent analysis for conversations across different links, from which we can extract valuable information on packet loss, network delay, data retransmission and more.

To being, we open nChronos Console and select a portion of the trend chart in the Link Analysis window, then from the Summary window below, we right-click one conversation under the IP Conversation or TCP Conversation tab. From the pop-up menu, selectMulti-Segment Analysis to open the Multi-Segment Analysis window:

Figure 1. Launching Multi-Segment Analysis in nChronos

In the Multi-Segment Analysis window, select a minimum of two and maximum of three links, then choose the stream of interest for multi-segment analysis:

Figure 2. Selecting a stream for multi-segment analysis in nChronos

When choosing a conversation for multi-segment analysis, if any of the other selected network links has the same conversation, it will be selected and highlighted automatically. In our example, the second selected link does not have the same data from the primary selected conversation and therefore there is no data to display in the lower section of the analysis window.

Next, Click Start to Analyze to open the Multi-Segment Detail Analysis window, as shown in the figure below:

Figure 3. Performing Multi-Segment analysis in nChronos

The Multi-Segment Detail Analysis section on the left provides a plethora of parameter statistics (analyzed below), a time sequence chart, and there’s a packet decoding pane on the lower right section of the window.

The left pane provides statistics on uplink and downlink packet loss, uplink and downlink network delay, uplink and downlink retransmission, uplink and downlink TCP flags, and much more.

The time sequence chart located at the top, graphically displays the packet transmission between the network links, with the conversation time displayed on the horizontal axis.

When you click on a packet on the time sequence chart, the packet decoding pane will display the detailed decoding information for that packet.

Using the Multi-Segment Analysis feature, Colasoft’s nChronos allows us to quickly compare the performance between two or morenetwork links. If you’re a network administrator, engineer or IT manager, we strongly suggest you try out nChronos today and see how easy you can discover and deal with network problems.

from: http://www.firewall.cx/general-topics-reviews/colasoft/nchronos-forensic-analysis/1105-network-troubleshooting-multi-segment-analysis-with-nchronos.html

 

Colasoft Delivers nChronos v4.3 with Multi-Segment Analysis

November 23rd, 2014 No comments

Colasoft Delivers nChronos v4.3 with Multi-Segment Analysis

Tulsa, OK – November 19, 2014– Colasoft LLC (www.colasoft.com), an innovative provider of network analysis solutions, today announced a new version of its flagship product, nChronos Forensic Network Analysis Application. The multi-segment analysis leverages the packets recorded by nChronos to make it easier and quicker for network professionals to analyze the root cause of distributed application performance issues.

Most IT managers are have similar difficulty in diagnosing and solving application performance issues. It’s difficult to determine if the fault is in the network, the application, the server, or something else that is unknown. Hours or days are wasted in “finger pointing”. There are many components involved and troubleshooting a multi-segment network is difficult at best. In the past, IT professionals had to capture traffic separately from different points and manually merge the information into a single trace file to determine the root cause. nChronos will now automatically discover which packets and applications were seen at multiple points in the network. nChronos packet data recorder uses advanced algorithms to match data packets across the network. With nChronos v4.3, network problems such as latency, application errors, network anomalies or slow response can be tamed with greater ease and expediency.

nChronos v4.3 provides an even greater user experience with new and useful functionality and improvements. Below are some of the highlights of these new features included in nChronos v4.3:

  1. New views are added including a VLAN View, a MPLS VPN View, a Service Access View and a Port View.
  2. Provides millisecond-level traffic statistics and alarms for network links.
  3. Storage filter is available and packets can be stored with specified length.
  4. Application transaction alarms and application transaction alarm logs are now available.
  5. Packets can be downloaded from multiple network links.
  6. Combination analysis for IPv4 and IPv6 is available.
  7. The packets can now be stamped with switch time.

“We continue to provide an increase in value with additional functionality without sacrificing our easy to use interface. With the addition of multi-segment analysis, as well as the improved Alarm and Reporting function, nChronos now automates the previously tedious process of troubleshooting distributed network issues, with greater efficiency and ease.”, said Brandon Lewis, Director of Customer Support at Colasoft ”.

The evaluation version of nChronos 4.3 is now available on the Colasoft website www.colasoft.com.

From: http://www.colasoft.com/company/news_2014.php

Migrating Configuration Files from nChronos Evaluation to an nChronos Licensed Version

November 7th, 2014 No comments

Migrating configuration files on the same machine

The following steps will allow you to migrate configuration files from an nChronos Evaluation to an nChronos Licensed version on the same machine.

  1. When uninstalling nChronos Evaluation program please click “Yes” when following box pops up:
  2. Install the nChronos Licensed version. By clicking this uninstall “Save” action all configurations and captured data files will be saved automatically.

Migrating configuration files to a different machine

Follow the following steps if you installed the nChronos Evaluation version on one machine and now want to migrate the files to an nChronos Licensed version on a different machine,

  1. Export the configurations from nChronos Evaluation. Login to the nChronos Server web portal then go to the Server Management page and click Export Config button to save the configurations:
  2. Install and activate the new licensed version of nChronos. Login to the nChronos Server web portal, go to the Server Management page, and click the Import Config button to import the saved file in step 1.
  3. After the import is complete the nChronos service will automatically restart. After the restart, the configuration files will now be migrated.

Download Capsa

nChronos How-to: Migrating Configuration Files from nChronos Evaluation to an nChronos Licensed Version

July 8th, 2014 No comments

Migrating configuration files on the same machine

The following steps will allow you to migrate configuration files from an nChronos Evaluation to an nChronos Licensed version on the same machine.

  1. When uninstalling nChronos Evaluation program please click “Yes” when following box pops up:
  2. Install the nChronos Licensed version. By clicking this uninstall “Save” action all configurations and captured data files will be saved automatically.

Migrating configuration files to a different machine

Follow the following steps if you installed the nChronos Evaluation version on one machine and now want to migrate the files to an nChronos Licensed version on a different machine,

  1. Export the configurations from nChronos Evaluation. Login to the nChronos Server web portal then go to the Server Management page and click Export Config button to save the configurations:
  2. Install and activate the new licensed version of nChronos. Login to the nChronos Server web portal, go to the Server Management page, and click the Import Config button to import the saved file in step 1.
  3. After the import is complete the nChronos service will automatically restart. After the restart, the configuration files will now be migrated.

Download Capsa

source: colasoft.com

Categories: Tips & How-tos Tags: ,

nChronos How-to: Define and Customize a Report

June 3rd, 2014 No comments

Colasoft nChronos provides twelve system reports, and users can define new reports according to need.

To define a report,,

1. On the Report window, first click the node User-Defined Reports, and then click to open the New Report dialog box:

2. Enter the report name and the description.

3. Select the report scope.

  • If you want to create a report for all network objects, click Global, which means the report statistics are calculated based on all network objects.
  • If you want to create a report for a specific network object, click Limited to open the Report Scope dialog box:

    The scope could be IP addresses, MAC addresses, network segment, or a user-defined application, which means the report statistics are calculated based on selected scope.

4. Click the report modules you are interested and then click Add to add the interested report modules to the new report. Different report scope is provided with different report modules. The Global scope is provided with all report modules. For some modules, you can set the number of statistical objects.

5. Click OK to save the definitions. You can view the new report under the node User-Defined Reports.

Besides defining new reports, you can customize the company name, company logo, author, report title prefix, whether to show create time, and all these settings can be done on the Report Notification page from Server web portal:

Download Capsa

 

From www.colasoft.com

Colasoft nChronos How-to: Define and Customize a Report

May 30th, 2014 No comments

Colasoft nChronos provides twelve system reports, and users can define new reports according to need.

To define a report,,

1. On the Report window, first click the node User-Defined Reports, and then click to open the New Report dialog box:

2. Enter the report name and the description.

3. Select the report scope.

  • If you want to create a report for all network objects, click Global, which means the report statistics are calculated based on all network objects.
  • If you want to create a report for a specific network object, click Limited to open the Report Scope dialog box:The scope could be IP addresses, MAC addresses, network segment, or a user-defined application, which means the report statistics are calculated based on selected scope.

4. Click the report modules you are interested and then click Add to add the interested report modules to the new report. Different report scope is provided with different report modules. The Global scope is provided with all report modules. For some modules, you can set the number of statistical objects.

5. Click OK to save the definitions. You can view the new report under the node User-Defined Reports.

Besides defining new reports, you can customize the company name, company logo, author, report title prefix, whether to show create time, and all these settings can be done on the Report Notification page from Server web portal:

Download Capsa

 

Read more…

Colasoft nChronos How-to: How to Display IP Addresses as Host Names

May 28th, 2014 No comments

How to Display IP Addresses as Host Names

If you use nChronos to monitor traffic on a core switch you will see lots of internal IP addresses, and also the Internet IP addresses. You can find that most of the Internet IP addresses are shown as their domain name, such as www.colasoft.com, and www.google.com, etc. Wouldn’t it be great if nChronos shows host names of our local machines, because they are much easier to understand, rather than just IP addresses? This tips article will show you how to use Name Table to display IP and MAC addresses as host names.

Download Capsa

Suppose that there is a user, Steve, whose laptop has this IP address, 192.168.8.25, and you want nChronos to show his IP address as the text – Steve’s Laptop. First you run nChronos Console, connect to the server, right-click on the server name, and clickSettings from the context menu. Then select Name Table on the Server Settingswindow.

Then click the Add… button on the right side, you see a new dialog box. On this dialog box, input the IP address, 192.168.8.25, and input Steve’s Laptop in the Alias textbox. You can even choose the font color for this name if you like. Then click OK.

There is a little trick that you can input the IP address and click Resolve Address to find the host name automatically. It uses NetBIOS protocol and it’s able to retrieve the host name from that system. Or you can click Resolve Name button to translate the host name into IP address.

Download Capsa

The names you add will be saved on nChronos server, so you see them from every nChronos console. And besides IP addresses, you can still give names to MAC addresses, only that you cannot use name resolution function for MAC addresses.

You’ll find that you cannot click the Edit and Delete buttons sometimes. That’s because you have link window open, and the window uses the names for display. So it doesn’t allow any changes to the names if a link window is open. So you just close all link windows of that nChronos server, and you’ll find the buttons are clickable now.

Colasoft nChronos How-to: How to Connect to nChronos Server

May 26th, 2014 No comments

How to Connect to nChronos Server

Based on the architecture that nChronos stores all data on nChronos Server while nChronos Console works like a display, users who want to view network data have to connect to nChronos Server first.

To connect to nChronos Server, you should first add nChronos Server to nChronos Console.

To add nChronos Server,

1.On the Server Explorer, clickto open the Add Server dialog box:

2. Complete the dialog box. See the following list of each label for more information.

  • Host: The IP address of the management interface on nChronos Server.
  • Port: The port number for connecting to Server. It is 3000 by default.
  • Name: A readable name for identifying the Server, for example, Marketing Dept. It will be the same as the IP address if you don’t enter one.
  • Username: The account for logging the Server.
  • Password: The password for the account.
  • SSL encryption: Applies SSL encryption when transmitting data from the Server to the Console.
  • Data compression: Compresses the data in the transmission from the Server to the Console.

Click OK to save the settings. Then the added server will display under the Server Group on the Server Explorer.

After adding nChronos Server, on the Server Explorer double-click it to make the connection, and then you will see the network link. Double-click Link Monitor and you will view real-time network traffic status.

Download Capsa

Source: colasoft.com

How to Baseline Network Throughput and Performance

May 22nd, 2014 No comments

How to Baseline Network Throughput and Performance

What is network baseline?

Do you know what your normal network throughput volume is, what types of traffic are most used in your network? If you can’t answer these questions then you should baseline your network. Network baseline is very important to network management because the data will tell you what it’s like when everything goes all right.

To baseline your network, you need software or hardware to listen on your network or a particular device. Both Colasoft nChronos and Capsa can be used to accomplish this task. Both of them are used to listen into packet data of a wire and generate all kinds of statistics on the network. To baseline a network, you need to use them to monitor the network traffic long enough, because a wider time span presents a more real picture of network traffic pattern. The use of network baseline is listed as follows:

  • Understand healthy network pattern and traffic trends.
  • Evaluate network management policies compliance.
  • Understand how the network resources are allocated.
  • Accelerate to troubleshoot network issues, i.e. abnormal traffic and spam traffic, etc.
  • Provide data on network and security management to support decision making.
  • Provide history statistics on network upgrade.

Download Capsa

How to baseline a network

Preparation

If you want to baseline a network, you can start from the tasks listed below:

1. Network diagram: draw the layout of the network structure, marking IP/MAC addresses, VLAN, and places of all routers, switches, firewalls, servers, management devices, and even the data flow directions.

2. Network management policy: helps you understand what services are allowed to run on the network, what traffic is forbidden, and what services should enjoy higher priority.

Scope & Objectives

When you are ready to start baselining your network, first you should think what to baseline because it’s hard or sometimes unnecessary to include all hosts, switches and routers of a big network into you baseline report. The suggestion is that you divide the network into several layers and only baseline the critical layers. For example, only baseline the services like ERP, Email, HTTP traffic and devices like core switches, routers and critical servers.

In addition to last point, different devices, hosts and links require different types of baseline data. For example, performance and security baseline is important to the servers, and network itself cares about throughput, utilization and types of traffic.

Collect baseline data

Generally speaking, a network baseline report contains these basic data: network utilization, traffic components, top protocols talkers, top hosts talkers, conversation statistics, address statistics, packet sizes, average packet length, and key server info, etc. Both nChronos and Capsa Network Analyzer provide these types of data (figure below).

To use nChronos or Capsa to baseline a network, you need run nChronos or Capsa and use an excel sheet to record statistics over each specific time period. The following figure shows a typical Excel network benchmark table.

Then you can use formula to work out the max, min, and average value of each data type. And if you keep recording long enough, you get a much precise baseline statistics.

The use of network baseline data

The baseline data is often used when the network is reported to be running improperly. For example, when the network performance drops, you can compare the real-time datacollected from the analyzer with the baseline data to help you spot where the anomalies are.

Download Capsa

Tips for network baselining

Update the baseline document in time

The baseline report is useful only when it provides accurate and up-to-date data. It requires that you update the data in time when there are any changes to the network. For example, when a new device is added, or a new application is implemented, the changes need to be marked on in the baseline report.

An IP/MAC database is necessary

If the network is full of desktops, laptops and switches, you should consider an IP/MAC database to record the user name and place of each individual IP and MAC address. It’s very helpful when you need figure out who is using the IP or MAC and where it is when you decide to give it an examination.

Baseline the critical devices only

Remember, you don’t have to maintain a baseline table which covers all your host computers, laptops, servers, switches, firewalls and routers. If you insist to do so, you’d better prepare enough time for it. You are suggested to only cover the mission-critical servers, such as email, web site, OA and CRM servers, and core switches and routers in your baseline report. And they’d better be organized in separate sheets to help you easily find what data you need.

Baseline over a long time period

It takes a long time to set up a network baseline because your network probably works in different patterns through Monday to Sunday. For example, on Monday morning, your email traffic could be higher than other days because there are lots of emails waiting to be processed after the weekend. On Friday afternoon after 4:00 PM, web traffic could be higher because some are browsing the web to find a place for the weekend. Therefore, your baseline report should cover the time period of a week at least, and you are suggested to extend to 2 ~ 4 weeks.

Keep baseline report easy to read

You should include all useful diagrams and illustrations in baseline report, the more the better, such as a network diagram, network policy, backups for switches and routers. The documents should be standardized with explanations and descriptions, especially for the technical terms. All of them are helpful when someone else is trying to access and read the documents.

Download Capsa

from: colasoft.com

How to View and Analyze Historical Network Traffic

May 21st, 2014 No comments

How to View and Analyze Historical Network Traffic

As a network forensic analysis application, nChronos allows users to view historical data just by a drag. Below is a screenshot of the Time Window, you can drag the trend charts back and forth to view the network traffic of any interested time period.

Download Capsa

You can click the Set Time Window button  to set which time period to show:

When you select a time slice on the Time Window, the analysis views will only show data related to that time slice, and this is very convenient to analyze a traffic spike. Just select the spike to view and analyze the top talkers in that spike. Furthermore, you can double-click a record item to drill down it:

Download Capsa

from: colasoft.com