用户手册
通过网络设备的流量数据包,可以镜像到同一设备的端口进行检查。此外,还可以镜像多个(WAN/LAN/上行链路)端口流量并设置以供检查。如果您希望检查来自多个设备的数据包,您可以保存镜像的数据包并将其上传到NetFlow Analyzer服务器。只有当NetFlow Analyzer服务器直接连接到镜像端口时,实时数据包捕获才有效。
In the above diagram, ports 1, 2, 7 & 8 are mirrored for monitoring to the last port (port 24) of device . Here all the mirrored network packets reaches the OpManager server as it is directly connected.
Note : If you want to monitor multiple devices, You need to save the mirrored packets individually and import it to opmanager to generate offline reports.
Port mirroring commands vary from vendor to vendor. You can check with the respective device vendor for commands.
Below is an example for port mirroring on a HP Switch.
Below is the detailed cmd structure to mirror all the 23 ports to the last 24th port.
With these recieved network packets ManageEngine will analyze the captured packets and generate reports.
As Initial phase, ManageEngine has introduced analysis for TCP packets even though it captures all packets. Rest will be supported in future. Using the DPI feature, we can calculate Application Response Time (ART), Network Response Time (NRT), url's used and traffic utilization (productive\non-productive).
With these reports a network administrator can have a clear picture of what is consuming the bandwidth at what time and so, he can regulate it cost efficiently.
In DPI we get information about ART,NRT and URLs
NRT : Network Response Time is the time difference between TCP_SYN packet and its ACK (acknowledgement).
ART : Application Response Time is the time difference between TCP_DATA packet and its ACK (acknowledgement flag).
URL : URL details contained in data packets.