Observer Analyzer : Observer Analyzer : Decodes : Decoding network traffic
Decoding network traffic
The ability to decode and analyze network traffic is equally as important as the ability to collect it. This section describes how to decode and analyze packet captures, including advanced post-filtering techniques and other settings.
Observer can easily decode and analyze packet capture files, including multiple file formats. Even captures made using third-party tools can be analyzed in Observer, as long as they are based on Ethernet, Token Ring, or FDDI traffic. This section describes several methods for decoding network traffic using Observer.
The simplest method for decoding network traffic is to load a capture file—a saved file that is a complete, self-contained packet capture collected during an earlier time. If you do not have access to a capture file and need help creating one, see Capturing network traffic before continuing. Also, that section describes how to decode a real-time packet capture, while this section does not.
Note: If you are already comfortable loading capture files and decoding their contents, this section may not be useful to you. Advanced decoding methods are described in Preparing expert decoding techniques.
To decode network traffic stored in a capture file, complete the following steps:
1. Click the File tab, and click Open > Local Packet Captures > Load and Analyze.
2. Navigate to the capture file you want to load, and select it.
3. Click Open.
The capture file loads into Observer and you arrive at the Decode and Analysis tool. The Decode tab displays each captured packet that is stored in the file.
Tip! Are you seeing duplicate packets? See .
After completing this task:
See Using the Decode pane for more details.