Error

nChronos Study Guide Chapter 7 - Analysis Views & Drill-down Analysis

Tuesday, 18 October 2011 06:24 Colasoft
Print

Product Version: Since nChronos 3.0

Target Audience:

In last chapter we've learned:

From last chapter we understand that we first come to the trend chart and then select a time range we are interested in. Then we can have many types of traffic statistics on the analysis views below the trend chart. Go to User Interface Introduction chapter to see the introduction of each view. Each view has its own mission to provide a specific type of statistics. For example, the IP Address tab provides a list of the traffic statistics on all IP addresses of our selected time period on trend chart. In this view, we can see the top talkers of their traffic volume of bytes (sent/received), packet count (sent/received) and we can see their Geo location, etc.

Though the views provide different types of stats they have something in common, like short-cut buttons and context menus.

Short-cut Buttons

All views have some short-cut buttons above the column headers, each with different buttons. The functions of the short-cut buttons are listed below:

Button
Name
Function
Export Save all statistic records into a csv file.
Drill-down Drill-down to next level on your selected items.
Record rows Set the number of the records to be displayed in the view.
Download packets Download the packets related to your selected objects to a packet file.
Analyze packets Retrieve packets from the server and download them to the built-in analyzer.

Context Menu

If we right-click in the views, we will see a context menu with the following functions:

Item
Function
Drill-down Drill-down to next level on your selected items.
Columns Show or hide columns in the view.
Copy Copy the column text you right-clicked on to the clipboard.
Download packets Download the packets related to your selected objects to a packet file.
Analyze packets Retrieve packets from the server and download them to the built-in analyzer.

Search Items with Keywords

By default only the first 1,000 statistic items are showing in the views and sometimes a thousand items are still too many to find a specific item. In most of the views there is a search box. We can simply type in a keyword to search the item we want to locate no matter the keyword is in which column. For example, we can find an application by typing in its name and only the applications containing that keyword will be displayed on the screen.

Manage Columns

When we select a time span on the trend chart, the statistic views will retrieve columns of data from the server of than time span. These statistics enables us to sort, order and compare to help us when analyzing the network. Also we can choose to hide the columns that we don’t need. By default, only the necessary columns are displayed in the views and only the first 1,000 records of each column are showing under the columns. There are some abbreviations and conventions used in the column headers. The list below describes all the column abbreviations and conventions:

Abbr.
Description
Rx Received
Tx Transmitted
pps Packets per second
bps Bit per second
Bps Bytes per second
In Inbound (packets or bytes received from the Internet to a local host)
Out Outbound (packets or bytes sent from a local network host to the Internet)
S/R Sent/Received
I/O Inbound/Outbound

To hide or show a column, do one of the following:

The statistic items are sortable. We can click on all column headers to rearrange and resort the items in descending order or ascending order.

Drill-down Analysis

Now we've learnt the basic function, the buttons, context-menus and other components of each view. And we can start our real analysis right away. Once again, let’s go over again to remember the process of doing an analysis. First, we connect to an nChronos server, open a monitoring link. Set the time window for the trend chart, select a time period, and then look down to the views.

First we come to the Summary view, which gives us overall stats of the time window (left-side of the view). If we select a time period on the trend chart, the summary of the selection will be shown on the right side of the Summary view. Then we can come to other views, and use them to drill-down analysis. For example, in the Application view, there is a BitTorrent item and we want to know which IPs had bittorrent communications during the selected time period. We can double-click the bittorrent protocol item, and a new sub-view shows on the right side. In the sub-view, we can see the IPs that involved the bittorrent traffic. So by this way, we can drill-down to the conversation level (transport layer of OSI) which shows us the port number of the TCP and UDP conversations. And this is the deepest level that nChronos can get, what if we want to go down to packet level analysis? We are going to talk about downloading packets on nChronos server to our desktop in next chapter.

Last Updated on Wednesday, 28 November 2012 09:01