nChronos Study Guide Chapter 3 - Start Monitoring Session

Product Version: Since nChronos 3.0

Target Audience:

  • All nChronos users (including Evaluation users)

In last tutorial we’ve learned:

  1. What are the components of Colasoft nChronos
  2. How and where to install nChronos Server and Console software
  3. How to initialize nChronos Server
  4. How to login and activate nChronos Server

Before heading into this chapter, please make sure you’ve fully got the answers to these questions. If you have doubts about them, you are recommended to go back to take a look at last chapter first, or you can turn to us for help on your specific case.

In this chapter we’ll learn how to start a monitoring mission. First we should take a look at this term – Network Link. A network link is defined as a logical link which collects network packets from one or multiple NICs then analyze all of them. If it’s hard to understand we can easily think network link as Project. Now let’s see how to create a network link to start an analysis mission.

  1. Click Network Link on the left panel.
  2. Click Add New Link button on the right side.
  3. Enter link name, such as Core Switch.
  4. Choose the traffic source type (where to capture traffic). If nChronos server is connected with a standard tap, you’ll need two NICs to separately capture the inbound and outbound packets from two of the monitor ports of the tap. But if to capture from an aggregation tap or switch’s SPAN, we need only one capture NIC. Note that we don’t mention another NIC that we’ll use if we want to remotely use nChronos Console to connect the server, so it requires additional NIC.
  5. Click Next, select the adapters that we want to use for packet capture.
  6. Check Calculate inbound & outbound traffic volume option. This option checked, we can see the inbound and outbound statistics on the charts of nChronos console; otherwise, we can only get total utilization or output there. So this is always the option that we should keep it checked.
  7. Enter the IP segment value to identify your Intranet IP addresses. This textbox is used to help nChronos server identify which IPs are our local hosts and what traffic are internal traffic. The IPs not included in our inputs will be recognized as foreign hosts.
  8. Check Calculate inbound & outbound utilization. This option has almost the same meaning as the option in item 6. We’d better keep it check either.
  9. Enter Inbound Bandwidth and Outbound Bandwidth. If we want to see bandwidth chart on nChronos console, we need to define what our bandwidths are, inbound and outbound. For example, in our 1,000M LAN, we have both 1,000 Mbps uplink and 1,000 Mbps downlink. So we input 1000 in both of the textbox. Be careful of the values because the utilization that nChronos works out is based on these two values. If it’s a 100 Mbps network, and we mistype in 1000, the utilization will be 10 times small that what it should be.
  10. Click Save to finish settings.
  11. The last step, click Start button to start the link monitoring session.

Now the link is running and capturing packets from the NIC we choose. Every captured packet will be analyzed and stored to hard disk, and analysis statistics are also saved on the server. Now we can close the web browser and the monitoring mission will run continuously and there is no worry that the capture will be stopped accidently because nChronos server is able to automatically recover when it finds a link status goes down abnormally. And even rebooting the server, nChronos server will also automatically recover to continue packet capture.

