Excluding non-native packets from capture
By default, non-native packets—called expert information packets—are automatically added to your captures by Observer. These packets serve as reference points, time-stamping important network events and utilization rates in your captures. These packets help network administrators understand the context of the captures they share.
If you do not find expert information packets useful, disable them by completing the following steps:
1. On the Home tab, in the Capture group, click Configuration > Packet Capture.
2. Click the Settings button. The Packet Capture Settings window appears.
3. Ensure the Capture Options tab is selected.
4. Disable any or all settings in the Include Expert Information Packets area.
The disabled settings exclude the corresponding expert information packets from entering your future captures.
What are Expert Information Packets? Can I disable them? Do I need them?
When viewing a decode captured from an Expert Observer or Observer Suite, the capture contains Expert Information Packets.
What are Expert Information Packets?
Expert Information Packets are packets inserted into a capture to assist the Expert engine within Observer while processing packets. There are three types of Expert Information Packets:
Network Load
These packets are inserted every second into the capture. They include information about the number of packets and bytes seen during the previous second, along with the utilization seen. These figures are used while drawing the graph seen on the Network Load tab within the Expert screen.
Start/Stop Packet Capture
These packets are inserted whenever you click Start or Stop from either the Packet Capture or Decode Screen. They are used to help expert know that there are gaps of time between packets.
Wireless Channel Change
These packets are inserted when monitoring a wireless network adapter. They are inserted only if you are using the Channel Scan option. Each time Observer begins monitoring a new channel while in the Channel Scan mode, a new packet is inserted with the current channel being monitored.
Can I disable them?
Yes. These packets can each be disabled from within Packet Capture. From the Packet Capture screen, click Settings. (GigaStor users, can modify these settings from GigaStor). Clear those boxes beside the Expert Information Packets you do not want to have generated.
Do I need them?
Expert Information packets are not required for the Expert to work. The following describes the behavior you will see if these packets are disabled.
(Disabling Expert Load Packets) – Disabling these packets will cause Expert to draw the Summary graph based solely on those packets within the capture buffer. As an example assume 20,000 packets were seen during a one second period, also that there was 10,240,000 bytes and 10% utilization. With these packets enabled Expert would graph 20,000 packets and 10% utilization.
Now assume during this one second you used a filter and captured only five packets during that second, with these packets Observer would graph 20,000 packets and 10% utilization. If you had disabled the Network Load Packets, Observer would graph five packets and 0% utilization.
(Disabling Start/Stop Packet Capture) – Disabling these packets can cause Observer to produce invalid response times to packets seen as Observer does not know that the capture was stopped. It only sees gaps within a sequence of the data stream and assumes that the data was not sent or dropped and will, in the case of VoIP packet loss within calls, register calls that have not actually occurred.
(Disabling Wireless Channel Change) – When Expert is processing Wireless data, we need to understand when the adapter is looking at a different channel then when a packet in a conversation was originally seen. This allows Observer to know that though Expert was looking at a conversation on Channel 5, that the next set of packets is now looking at channel 6 or 7 and so on. This prevents Observer from believing data is missing from a conversation due to packets not being captured. If you disable these packets while using the Channel Scan option, your response times and other calculations within the Expert System may not be accurate.