Hi,

I am new to PTRG (v13) and would like to ask the following questions.

  1. Do I need two network card to run packet sniffer sensor ? (one for the management IP)
  2. Do I need a IP address assigned to the NIC that the traffic from the mirrored port is coming?
  3. Is it possible to have multiply packet sniffer sensor from the same IP subnet? For example I would like to have one that is for the whole subnet, one from IP x.x.x.1 to x.x.x.20 and the third from IP x.x.x.21-x.x.x.254.

Thanks.

Regards.

Article Comments

Hello,

thank you for the KB-Post.

  1. If one NIC is connected to a mirror port then yes, this is usually necessary (to have two NICs).
  2. Yes, an IP is necessary for the sniffer driver to "find" the NIC.
  3. Yes, that is also possible, just use multiple Sniffer Sensors with different Filters.

best regards.


Jul, 2013 - Permalink

Hi,

Thanks. I notice that the Toplist is shown on screen by default at 15min interval. Would it be possible to aggregate it to generate over a period of time since the data is already stored in the database?.


Jul, 2013 - Permalink

Hi,

I have managed to create a few Packet Sensor as per your advise and that works as advertised. I understand from reading your Blog and KB that you do no provide any timeline on product features or Roadmap.

I have a request that I think is quite reasonable and that some users has requested for is to enable historical reporting over a period range for the TopList. From my perspective the data is already stored by PRTG and it is just the reporting that is missing.

I have evaluated numerous product and PTRG has almost match much of my expectation and needs and the last thing I need is the Toplist report. Please do indicate if this feature is going to happen this year or soon. Thanks.


Jul, 2013 - Permalink

I am very sorry, I cannot name an ETA for potential "Toplist Reports". Please be aware, it's not so easy that " data is already stored in the database". Like the name suggests, the "Toplists" only use very few Top (by default 100) connections, in a Toplist Interval. The rest of connections and their data is thrown away and not available for later processing. So a report here would only be over, say the top 10 % of what really happen, and could give entirely misleading results.


Jul, 2013 - Permalink

Hi,

Thanks for the reply. I know that the Toplist does not store all records of all the packet flow. As long as the aggregate report can show the total traffic flow volume (bytes) plus shows the top 100 flow that would be ok.

This will then allow the user to create additional filter to zoom in on the problem area where single protocol or IP is utilizing large bandwidth. For example if the Top 100 of an aggregate report represents like 1% or less then I can tell the client that the traffic is very diverse and no single IP or App is utilizing large bandwidth.

I really hope that Toplist aggregate report can be given a bit more priority and make it into the product soon. I really love the Toplist Graphics. Hope that Paessler can give it more love. Thanks.


Jul, 2013 - Permalink

It's not possible to "zoom into" data that has been thrown away. And setting additional filters then for more details, will only be effective in the next period (of the Toplist Report), where traffic can, and most likely will) "look" differently.
Nevertheless, we do of course appreciate your feedback, and counted your vote!


Jul, 2013 - Permalink

Hi,

With Packet Sniffer Sensor, Would it be possible to do Layer 7 decode of the protocols. May I know how protocols can be decoded with the current version? Thanks.

Regards,


Jul, 2013 - Permalink

This is purely based on (destination)-ports. You can add your own protocol definitions then in a Custom Packet Sniffer Sensor.


Jul, 2013 - Permalink