Research and Development


Xena Networks’ testing platforms have been built to test network components in laboratories and development environments. The world's leading network equipment manufacturers use Xena’s testers.

Function tests - Companies who develop new Gigabit Ethernet devices or technologies in their R&D labs require a solution with all the important functions to perform experiments and function tests on new devices and networks. Xena combines easy-to-use GUI-based software applications with a powerful yet simple CLI (Command Line Interface), which is why Xena Networks test solutions are used in development laboratories across the globe.


Conformance testing

Xena Networks and Veryx Technologies have created a test platform that combines Xena's extremely fast, powerful Ethernet test hardware with Veryx’s large portfolio of test suites for functional and conformance tests in IP and Ethernet environments. This results in a unique test platform, which allows network and device managers to carry out functional tests for a variety of network protocols, including Carrier Ethernet CE 2.0 (as well as MEF 9, MEF 14 and MEF 21), Carrier Ethernet OAM and Carrier Ethernet Ring Protection Switching, such as IPv6 Forum host and router conformance tests.



Xena's strong price/performance ratio is the best in the industry and allows R&D departments to test scenarios on large numbers of ports at a fraction of the cost of other test solutions. This includes tests on Ethernet speeds from 10Mbit/s to 100GBit/s as well as mass testing of OTN network components with a high number of ports.

Production and quality assurance

Testers who use Xena benefit from an indispensible precision, reliability, scalability and scripting capability for testing in manufacturing environments and quality assurance. Xena’s test equipment is used in production environments for testing telecommunication networks, optical transceivers and upgraded network devices for businesses and end users. Quality assurance - Standard test suites such as RFC 2544 are used to check systems and hardware and the test results can easily be documented for quality assurance purposes. Xena’s test suites can run in both GUI and script environments, which means that interleaved debugging is possible for both.

Manufacturing - Quality and yield statistics can be documented to test manufacturing performance, which helps to improve production. In automated production environments Xena provides powerful yet simple CLI (Command Line Interface) controls via scripting through languages such as TCL, Python, Perl, Java, and Visual Basic. Due to its simplicity and ease of use it has an excellent reputation in the industry.


Network tests

The demand for Xena’s devices is rising across the world along with the steady increase in Ethernet access and regional transmission networks. Users are deploying Ethernet transmission services of up to 100G between sites and aggregation points and using high-speed backhaul links for mobile technologies such as LTE.

Pre-deployment and component selection - This includes functional and conformance tests to MEF 2.0 standard for Carrier Ethernet and Ethernet Ring Protection Switching. Other pre-deployment and component validation applications include real-time chart-based analysis for different QoS/DSCP traffic types (jitter, latency, loss) as the network is loaded. There’s also a highly accurate analysis of the network’s convergence time following a line failure.

Service delivery

Network service providers use Xena Networks’ test devices to ensure that network performance meets their service level agreements (SLAs). They use standard test suites such as Y.1564 for testing mobile backhaul services, or to handle mass activation of Ethernet services for business customers at central and remote office locations. Other applications include RFC 2544, which determines suitable GFP mapping for Ethernet over SONET applications. Xena’s unique test suite can also be used to run automated Ethernet transparency tests. 

In-service tests: Network service providers use Xena to test the SLA compliance of Ethernet backhaul circuits for throughput, jitter, delay and burst using Y.1564. Xena applications offer flexibility through scripting which enables service providers to easily integrate tens to hundreds of tests or SLA checks into their automated network infrastructure at the same time as network maintenance is taking place.



Xena’s tools can be used to monitor performance in various ways, including long-term monitoring and logging throughput, packet loss in wireless connectivity, performance analysis in multicast video networks and precise real-time analysis of latency and jitter. Applications that aren’t related to performance monitoring include characterisation and analysis of OAM flows in networks.


Sales and customer support

Xena Networks testers are ideal for any customer who is trying out a new device and needs performance analysis. Demonstrations: Thanks for the light weight and compact nature of XenaCompact the products can be easily transported from the lab environment and technical sales and marketing staff can set up test scenarios from the R&D laboratory at fairs and other events. This includes, for example, Synchronous Ethernet (SyncE) demonstrations as laboratory feasibility studies. 

Site troubleshooting – Debugging network problems on a customer’s site can often require a tool with diverse functions for performance testing. Xena’s testers provide a cost-effective alternative to traditional testers for in-field troubleshooting.

Technical support offices-The unique price/performance ratio of Xena’s test equipment means they’re the ideal solution for remote applications and customer support offices.

XC trans straight web

The best price in relation to performance - modular 100Gbps solutions


Xena Networks provides a new class of professional Gigabit Ethernet testers which set new standards when it comes to price vs. performance including load and functional tests on Ethernet devices and networks.

Suppliers of Ethernet network devices and service providers will benefit from the fact that Xena Network’s test platform is easy to use, cost efficient, interoperable and scalable. It’s also the world’s best test port since it has the highest density and lowest power consumption, providing a test platform that’s fit for the future. Developers, systems integrators and those who provide solutions for Ethernet network equipment can implement Xena Network’s test platform along with, or as a substitute for, test equipment by Ixia and Spirent. The price offered beats developing in-house test solutions.

High-precision, stream-based, wire-speed traffic is generated and analysed to test network devices under specific predetermined conditions including errors, different loads and random events. Packet formats are defined through individual packet bytes, packet spacing, transmission rates and bursts, which are measured with byte and Kbps accuracy. Manufacturers of network equipment and service providers can prove their guarantee of triple play QoE for the end user when faced with network congestion. This is achieved by generating traffic loads that mimic tens of thousands of individual users.

For ad-hoc testing, a free Windows interface is included (XenaManager). In addition, remote management is provided for test equipment in different locations as well as GUI clients for automated testing for RFC 2544 (known as Xena2544) and Y.1564 (using Xena1564). Users can automate testing in any software environment thanks to an open TCP/IP-based text API and convert both to and from generic Xena's Command Line Interface (CLI) using Perl, VBA, Tcl, Java wrappers and Python. The Xena Networks test platform offers a full suite of copper and optical Gigabit Ethernet products as well as 10/40/100 Gigabit Ethernet modules. The 10/40/100 Gigabit Ethernet interfaces include optical SFP+, XFP, SR4, LR4, and SR10. The Gigabit Ethernet interfaces include 10/100/1000M copper Ethernet and optical 100/1000M Ethernet.


Test Components

Xena Networks has developed a flexible layer 2-3 testing platform with a high port density, which can easily be used alongside test software from third parties, including Veryx ATTEST. The clients are connected to the test platform by means of Gigabit Ethernet interfaces and this method supports remote access through IP addressing. Xena’s wire-speed test module comes in two highly compact versions, which are 1U (XenaCompact) and 4U (XenaBay). These provide full support in multi-user environments for GUI and automated test sessions.


Data stream-oriented traffic generation

A user can generate hundreds of transmit/receive streams, each with their own traffic profiles. Each data stream can produce up to 100,000 individual traffic flows using programmable packet field modifiers for incremental or randomly generated field values, such as MAC addresses, IP addresses or VLAN identifiers. This helps you to scale your tests based on the maximum parameters of your device or network.

Users can specify the stream rate to reflect a certain percentage of the total line rate. The stream rate can also be set according to bit rate and frames per second. Data packets can be introduced as a one-off packet shot or as multiple packets based on duration in terms of time. Continuous mode is also an option. Users can set traffic profiles that are either uniform or run in bursts. A graphic field editor processes individual packets and using predefined packet templates, various packet formats can be created for Ethernet, Ethernet II, ARP, VLAN, IPv4, IPv6, UDP, LLC, TCP, GTP, SNAP, MPLS, ICMP, STP, SCTP, RTP, RTCP, PBB, FCoE and IGMPv2/3. The user is also able to specify their own format.

Analyzes and reports in real time

Flow statistics are produced per stream or based on user-defined filters, which can be specified to use different combinations of programmable field values. Automatic test payload fields can be optionally inserted to identify incoming packet streams. Analysis of traffic latency, throughput, jitter, sequence, loss and request errors are created for each stream of realtime data with an accuracy of 16/32 ns. This depends on the type of interface and whether it's optical or electrical. Users can record the wire-speed of packets for analysis from any port and export using the Hotbutton to Wireshark or OmnniPeek analysis tools. The latter offers unique opportunities to identify and isolate performance problems associated with event triggering and programmable filters.

API scripting from any tool environment with XenaScripting-XenaScripting is a free and open API specification of a Command Line Interface (CLI) and users can create scripts so that tests are automated regardless of the scripting environment or tool used. The only condition is that the scripting environment must support text and line-based TCP/IP communications. Changes made using XenaScripting are automatically displayed in the user interface. Users can log in to Xena's test platform from any scripting environment including local and commercial settings thanks to Xena's user-friendly unique scripting that can be used anywhere. The scripting environment uses languages such as Tcl, Python, Perl, VBA and Java. Wrappers are used to convert existing script APIs into the generic Xena API. 

Microsoft Excel provides another option for the user to configure and run tests as well as produce reports. This is an alternative to GUI and other test scripts and allows a user to configure, use and log statistics through the familiar Excel application. Xena provides templates for MS Excel using VBA to communicate with the test environment. This is achieved using Xena TCP/IP settings and anyone who’s familiar with MS Excel will find it’s a powerful way to operate.

XB trans straight

Data stream method and network flow
transfer method

  • Overlapping or sequential data stream
  • Generation of bursts or continuous sending of a fixed packet number of 1 to 4 billion packets
  • Latency measurement over several ports with an accuracy of 16/32 ns, depending on the interface type (optical/electrical)
  • Constant (100% uniform) as well as distributions in bursts
  • Loads can be set to be a percentage of the line rate, frames per second or Megabytes per second
  • Burst parameters are defined in the packet header by burst length and density
  • Specified by the user or Ethernet, Ethernet II, ARP, VLAN, UDP, IPv4, IPv6, TCP, SNAP, LLC, GTP, RTP, RTCP, ICMP, STP, SCTP, PBB, MPLS, IGMPv2/3, FCoE 
  • Any field within the packet template can be set to invalid values for negative tests
  • Incremental 8-bit pattern
  • PRBS-31
  • Automatic fill with a user defined pattern
  • Up to five field modifiers can be applied within the packet for each stream. The modifiers can be chained together.
  • A field modifier can be set to increase incrementally or decrease to a random value within a specific range. For example, incremental VLAN ID and traversing the IP ToS field. 
  • Fixed - sämtliche Frames des Datenstroms werden mit derselben Länge gesendet
  • Incremental increase/decrease - from a specified minimum and maximum length
  • Random - random selection from a range between a specified minimum and maximum length
  • Butterfly - uniform selection from a range between a specified minimum and maximum length
  • MIX - approximation of Internet traffic with typical packet lengths from 56-1518 Bytes



There’s an option to automatically set up a proprietary test load in packet form. This allows the test platform to show packet loss per stream, min/max/average latency, load integrity, sequence errors and incorrect request statistics.

Checksum calculations

The FCS and CRC values of packet templates can be calculated automatically or set to incorrect values.


Statistics per port

  • Packets/octets per port, FCS errors, packets/octets for traffic with and without a test load
  • Packets/octets for up to six custom traffic filters which are fully user-definable, using up to six individual patterns and length comparison values 
  • Technical specifications during equipment tests can be changed, even if packets are received with different encapsulations or with modified content
  • Test packets/octets, sequence errors, packets that are requested incorrectly, load integrity, minimum and maximum latency, average latency, minimum noise, average noise, maximum interference

Packet Capture

  • Triggers and filters can be set so that they are triggered in the event of certain events and tap into packets that meet specific criteria
  • Using AND/OR expressions more criteria can be specified
  • The criteria can be completely user-defined or determined by using a predetermined filter
  • Export via Hotbutton to the Wireshark analysis tool

Capture criteria

  • Any combination of custom multiple packet field values
  • Packets with FCS errors 
  • Packets belonging to a specific data stream
  • Packets that meet user-defined filter criteria, for example, IPv4, IPv6, VLAN, UDP 

Capture Triggers

  • Jeder empfangene Frame
  • Packets that meet user-defined filter criteria, for example, IPv4, IPv6, VLAN, UDP
  • Packets with FCS errors

Lab Tests

Xena Networks’ test platform is designed to carry out hardware tests and negative tests in development environments. This allows tests can be carried out across multiple ports at a fraction of the cost of existing test solutions. In the past, manufacturers made commercial test platforms with internally-built PC/FPGA platforms and the Xena Networks solution is an ideal replacement for these. For network devices with a lower capacity of only 1 or 2 Gbit or 10Gbit Ethernet ports, a single 1U is enough for the Xena test system to generate wire-speed tests and analysis. Key features include wire-speed generation of traffic and analysis, a GUI framework, an open protocol for TCP/IP scripts and integration with a wide range of function and conformity tests.


Network infrastructure testing

Ethernet access, aggregation and regional transmission networks are increasingly used all over the world. Many operators already use anything from 1 to 10 Gbit/s Ethernet transmissions between sites and aggregation points. To remain competitive, network service providers must check their network performance SLAs according to peak times. This will help to determine what can be guaranteed to the end user in various network scenarios. Xena Network’s test platform promotes efficient remote IP management, compact form factor and wire-speed Layer 2-3 stress tests to help the transmission link or network to work at full capacity. This is achieved by sending hundreds of Gbit/s of test traffic through multiple network access points.

The highest level of service quality for your wireless network

Increasingly mobile professionals expect their wireless network to provide the same quality of service that they’re accustomed to from cable networks. Mobile networks, however, place very specific demands on network analysis. Access points may be static and users aren’t guaranteed, moving from one access point to another and expecting services to continue to run seamlessly. So what happens when this isn’t the case? You can’t continue to analyse data on a single AP, or even on a single channel, because your network uses a variety of non-overlapping channels to avoid interference from AP to AP (co-channel).

Multichannel analysis

Savvius is currently the only manufacturer on the market to provide a solution to handle this type of complexity. Savvius provides multiple APs and channels with complex analysis to quickly identify problem areas - all in real time. Wireless clients move from AP to AP and from channel to channel without any user awareness. This can happen even if the user remains at the same location and a busy AP can reject a user, so the wireless client moves to another channel to go through to another AP. To detect such events, your network analysis tool must simultaneously record all data on all affected channels. Traditional solutions scan from channel to channel, creating large data gaps. For example, if you use a typical scanning tool for the three non-overlapping channels 1, 6 and 11, about two-thirds of all data is overlooked since the scan is on a channel to channel basis. How do you expect mobile users to live with this solution in today’s world? Savvius OmniPeek’s Wi-Fi adapter captures network traffic simultaneously across multiple channels and the application data is analysed to reflect what’s really happening, recording and analysing all data on all channels in real time.

Roaming Analysis

Roaming is one of the main reasons why users encounter problems in wireless networks. Excessively long roaming hours can be held responsible for the poor quality of voice-over-Wi-Fi (VoFi), leading to calls being dropped and data connections interrupted. Roaming analysis needs data to be collected and compressed in real time across multiple channels and APs. The aim is to produce an integrated analysis delivered in a simple report detailing who’s using the roaming facility, how much time individual events take and how high average AP values are. The bottom line is simple but the process is complex. OmniPeek Enterprise automates the entire task and generates a simple report that contains all the data you need.

Maximum flexibility

OmniPeek and OmniEngine offer maximum flexibility and configurability when supported by our inexpensive WLAN analysis adapters. You can record various wireless traffic on different channels in different places within the company, for example, in a warehouse or from any other place across the world. This provides an affordable way to carry out remote recording and analysis of various channels and roaming. The benefit is maximum flexibility in configuring and extending your network analysis according to your needs. In conjunction with the script-based automation of recordings, these attributes are the ones which make OmniPeek and OmniEngine the ideal platform for building extendable and scalable solutions that fulfil the specific functional analysis requirements of your wireless network today and in the future.

Quickly identify and solve problems in your wireless network

Service and support technicians can be sent out at any minute to customers in remote or temporary locations to analyse and resolve performance problems in wireless networks. When looking over the customer’s shoulder, it’s important to have the right tool to solve the problem immediately and this is the only way to show you know exactly what to do. OmniPeek provides your company notebook with the most powerful portable solution to analyse wireless networks and, in using it, you can carry out wireless network analysis, quickly react to problems in the field, and solve them. OmniPeek, together with the Savvius WLAN Adapter, is the ideal rapid response to wireless network problems with a view to finding their solutions. The OmniPeek network analyser enables you to:

  • Quickly recognise performance and network connectivity problems;
  • Run and implement new technologies or services in the production environment or before roll-out;
  • Monitor wireless networks and quickly identify those devices that present problems.

OmniPeek provides the best capacity for mobile wireless network analysis when needed on an ad-hoc basis, either at the customer’s site, in the field, or at a remote site. Software is provided for mobile analysis, fault detection and rapid isolation of errors on laptops in wireless networks.

Channel aggregators

Out in the field, you can never be sure exactly where to find the cause of a problem so you need a solution that provides the greatest level of wireless network transparency possible across all channels used. Only then can you rule out that you’re not losing any part of the data when working out a solution. OmniPeek enables you to collect data simultaneously on all channels used so you can create an exact image whole WLAN with 100% accuracy and quickly find the point of failure. You can find everything you need to do this in a supported WLAN adapter, for example, our Omni Wi-Fi adapter together with the OmniPeek-Software.

Device Roaming

Wireless networks are designed for mobility and this is precisely what your users need today when equipped with high-speed Wi-Fi technology on their mobile devices. However, mobility in wireless networks creates a unique problem found in roaming. Wireless access points (APs) only have a limited range and, once users move, they have to change their AP. While this is an invisible process for the user, it can be a significant source of performance or connectivity problems because the user must be passed from one AP to the next. It's your job to identify and solve these problems. If you’re roaming and want to perform adequate troubleshooting, you need to be able to record data on all WLAN channels used so you can see exactly what happens when the user selects their AP and changes channel.

OmniPeek’s function for channel aggregation allows you to collect all the data required to ensure OmniPeek can perform a roaming analysis, identifying each roaming step per client or AP and reporting important metrics, such as the time required to complete a roaming step.

Analyses for experts

OmniPeek performs ongoing analysis, during which each packet is collected with all analyses available for you to retrieve as and when you need to. OmniPeek can track more than 60 different performance and security problems typically found in wireless networks. A simple click on one of the problems shows you exactly where your network problem is, from connectivity problems to wireless network attacks. OmniPeek’s expert function provides clear WLAN analysis and leaves no room for speculation.

Advanced packet & decodeanalysis

OmniPeek can perform a detailed analysis that allows you to view the respective packets and decode each of them. OmniPeek supports 802.11 a/b/g/n and ac as well as almost any other 802.11 standard. This is essential if you want to analyse advanced wireless networks that are standard in today’s world.

New Gigabit wireless technologies require new monitoring solutions


Wireless networks are used everywhere and the number of connected devices is growing exponentially. A quick Google search reveals that, every day, billions of devices are tethered. If you depart from the "Internet of Things", these estimates are too small.

We’re also experiencing another Wi-Fi revolution in terms of the speed and capacity of wireless network infrastructures. With the introduction of 802.11ac, WLANs are now moving in Gigabit speed range and introducing new versions of 802.11ac should easily see data rates up to 6,93Gbit/s.

Wireless users are excited about this new transmission speed but the rapid expansion of WLANs causes considerable difficulties for those who are responsible for managing Wireless Local Area Networks (WLAN). The solutions and methods that worked for 208.11a/b/g networks with 54Mb/s are out of date and can't be adapted to today's Wi-Fi technology. New solutions and methods must be found to ensure the performance and safety of 802.11ac networks.


OmniPeek for Wireless performs, is easy to use and flexible

OmniPeek’s WildPackets WiFi analysis solution takes into account the demands of today's wireless infrastructure. It was specially developed to capture data in high-speed networks and can even work in its entirety within the fastest 802.11ac network environment. The award winning user interface simplifies WLAN analysis and enables network engineers to quickly solve problems. Flexible solutions for data analysis and storage enables administrators to work with OmniPeek in the way that suits them best - be it mobile, dispersed or remote. Wireless forensics can be used for business-critical applications to record wireless data for subsequent detailed analysis and examinations.


OmniPeek provides the most advanced technology currently available for the analysis of Wi-Fi infrastructure and is:

  • The first solution to support the capture and analysis of 802.11ac traffic
  • The only solution to support portable analysis of 802.11n 3-stream (450Mbps) traffic
  • The most comprehensive analysis of VoFi (voice over wireless)
  • The only solution that supports the recording of remote data for commercial enterprise APs
  • Perfect for 24x7 real-time remote analysis in distributed network environments
  • The only solution to evaluate even non-technical data packets
  • A solution for analysing and monitoring wired and wireless networks
  • The most complete solution equipped with an industry-leading UI, making troubleshooting easy


Flexible data collection in high-speed networks

Mobile Analysis
Mobile analysis has been a common approach for wireless analysis for the last two years. OmniPeek’s WLAN analysis software can be switched to listening mode along with special wireless adapters to simultaneously analyse data packets on multiple channels. Field engineers and IT consultants greatly value this type of software since mobility is one of the most important requirements.

Remote Analysis
The number of wireless networks is increasing constantly and managers need reliable 24x7 monitoring solutions for WLAN environments. If you use remote analysis, on-site troubleshooting is superfluous and you can easily evaluate errors together with other important safety aspects regardless of your location. OmniPeek's remote analysis uses the existing network infrastructure to evaluate wireless data through the analytical processor. Using the remote capture process, information needed to monitor the access point via the existing LAN infrastructure can be forwarded to the appropriate administrator’s PC. This approach is always useful if the problem isn’t located in your immediate vicinity.


Element 1
Element 2


Distributed WLAN analysis
For distributed WLAN analysis in distributed and larger WLAN environments, data to be captured for analysis can be easily forwarded through WLAN Controllers to the Omnipliance Wi-Fi solution in just a few steps. Continuous and uninterrupted Wi-Fi analysis takes place locally within Omnipliance. This approach is particularly recommended for networks with a large volume of Wi-Fi data and in dispersed operating environments.
WLAN Forensics
Omnipliance’s dispersed WLAN analysis enables you to carry out uninterrupted continuous Wi-Fi traffic recording. You can then analyse wireless problems in real time or through the process known as WLAN forensics. Using wireless forensics, you can shorten your response times to service shortfalls and failures, which helps to increase availability while saving IT costs. WLAN forensics is of great benefit in mission-critical environments and also enables security analyses to be carried out.


The advantages of OmniPeek professional wireless

WLAN capture from any location – independent of technology
WiFi networks are widely dispersed. In most cases, it’s almost impossible to be there on the spot when the problem has been reported. You must be able to remotely collect and analyse data with what's out there and record wireless traffic over the latest wireless devices, including 802.11ac 3-stream and 4-stream. OmniPeek provides just the right support that you need to do this. No other product offers this level of flexibility.

Display who is connected and the APs used
Before beginning an analysis, you first need to get an overview. The wireless aspect in OmniPeek helps you to display all available networks, including which APs are supplying which networks and which clients are connected through which APs. You can also see in detail all associated configuration information (bands, channels, security settings, signals, noise, data rates, etc.).

Detailed analyses, suitable for any situation
Using its unrivalled fully fledged analytical skills, OmniPeek can trace the cause of any problem in your WLAN. OmniPeek’s applications range from dealing with problems such as poor availability or complete loss of an AP, to complex problems such as intermittent dropouts for individual BYOD devices.

Multichannel analysis - transparency for all Wi-Fi traffic
Most WLANs are operated on several channels to prevent each AP from interfering with the others. Analysis solutions that only consider individual channels don’t provide the level of detail essential for analysis and troubleshooting. Your WLAN analysis solution must be able to record all data simultaneously on several channels with no gaps and this is exactly what OmniPeek does!

Expert events - alarms when wireless problems occur
What use is WLAN network analysis when you need to spend all your time sitting in front of it? A solution that's efficient, runs around the clock and performs the complete analyses for you leaves you free to attend to other important things. When problems occur, you’re notified immediately and can then take action quickly. OmniPeek provides more than 50 different wireless-specific expert analysis functions that continuously monitor and analyse your WLAN for you.

Roaming analysis - analyse past events as if they had just happened
Wireless networks are designed for mobile applications and this infrastructure is becoming increasingly important for users because it now also runs business-critical applications. As analysts, we know that we're dealing with a broad range of problems, which we’ve never come across in traditional LANs. Once users connect to a wireless network, roaming will be "the" problem that has the greatest impact on user satisfaction. Passing from AP to AP (known as hand-off) takes time. Although a variety of 802.11 standards and enhancements have been introduced, this can cause serious problems for the user, such as bad VoFi (voice over Wi-Fi) quality due to falling VPN connections. OmniPeek’s permanent and 24/7 WLAN analysis identifies and records all roaming activities, whether these are from AP to AP, from channel to channel, or both. It reports on the roaming times from clients and APs and, with just a single click, displays detailed and transparent roaming activity with accuracy to the millisecond.

Filters only the relevant data
The Network Analyser captures large amounts of data very quickly. OmniPeek is obviously capable of this but, when it comes to analysing the data, smaller datasets can be much easier to manage, especially when you know exactly where to find what you’re looking for. OmniPeek allows you to set filters before you start recording so the data collected will be reduced or temporarily filtered out so it can be shown more easily. The collected data remains completely unaffected, so you can change the filter if necessary to find exactly what you’re looking for.

OmniPeek provides over 100 built-in filters, of which about half are specially designed for WLANs. Custom filters can be easily created using a graphical kit and integrated immediately.

Manage BYOD using rogue detection
Given the rapid development of BYOD (Bring Your Own Device) distinguishing friend and foe in your WLAN is an essential task. OmniPeek helps you to do this by using independent device classification. Once you’ve classified a device, it’s stored in the OmniPeek name table and is always recognised and classified in the same manner. Devices can be trustworthy (Trusted), known (Known) or unknown (Unknown). Trusted devices are usually your own or those over which you have control. Known devices may be, for example, neighbouring APs in that you know they're there, but have no control over them. Unknown devices should always be examined because these could include prohibited or malicious IEDs (rogue devices).

Network Monitoring switches reduce the data load placed on the analyser and distribute data evenly among the monitoring tools.
Garland Technology’s FAB device is a network packet broker with filtering, aggregation and load balancing features, helping you to efficiently manage large data streams for monitoring purposes. Traditional network monitoring methods often connect analysers directly to data lines. This means the data is received unfiltered then processed by the monitoring systems. This carries certain risks since when data volumes increase the tools’ performance suffers and analysis systems can no longer detect data accurately. SPAN ports are still frequently used to gather data but they aren’t suitable for permanent monitoring. Even Cisco points out the risks of SPAN ports to their users.

For more information, please see our article about Network Taps.

Today, networks must be monitored for various reasons, including intrusion detection, classic error analysis, monitoring web performance and measuring application performance. The results are used for forensic analysis, compliance and security purposes.

It’s particularly important that monitoring systems only receive data from the network that’s needed for relevant analysis. If the data is forwarded unfiltered, then the analysis tool must accept any incoming data packets and process these, which is CPU intensive. This process requires expensive resources and negatively affects performance and analysis results.

Using a network packet broker you can switch to another layer between the network and the monitoring system and can filter relevant network packets from data streams. This method means the analysis systems get less data and can concentrate fully on analysing relevant information. So, for example, all non-DNS packets are removed from the data streams to analyse DNA performance, resulting in a lighter load on the tools, which optimises the use of resources. This simple and precise method allows you to remove data packets from large data streams or filter them out, which results in improved monitoring quality.

Another feature of data monitoring switches like these is their dynamic and intelligent redistribution of data streams according to the load. The network packet broker gathers centrally collected data in its entirety and redistributes it evenly between the connected tools. For this purpose a monitoring group is set up and network data is sent to the group according to the criteria that’s specified. So, for example, if 4 tools are assigned to a group, each will get about 25% of the total volume of data from the system. This also means you can map high availability scenarios. If any one tool fails the remaining 3 monitoring systems get 33% of the traffic and your network data remains in complete view. For load distribution to work automatically without any external intervention, the FAB network flows or sessions must recognise this, otherwise the connected monitoring systems would only receive fragmented information and analysis wouldn’t work.

In order to recognise sessions, Garland Technology’s data monitoring switch is equipped with very advanced features, as you can see in the image below. In this case the network packet broker identifies flows based on the following criteria; Source IP, Destination IP, Source Port, Destination Port, MPLS labels and IPv6 addresses.

Load Balancing Criteria

A Load balancing scenario

Depending on the configuration and filter settings, all traffic is evenly distributed to load balancing group 1. The network packet broker makes sure that each tool gets the same amount of data, and in the example below, each monitoring tool would receive 25% of the data traffic. The session table and traffic volume are evaluated to ensure an equitable distribution.

If a monitoring tool from the load-balanced group is removed for maintenance purposes by the switch, the network packet broker distributes the data according to the remaining tools. In this example, active analysis systems would each get approximately 33,3% of the traffic. Once the failed system is back online, normal load distribution is restored to all 4 tools. You’re proactively informed about such events through SNMP or Syslog and load balancing takes place automatically without any intervention needed.

Of course, you can create multiple load balancing groups and redistribute network traffic according to your interests. Another option is the Network Packet Broker, which allows you to sort out all traffic at the input port and / or at the output port with filter rules. Thus, you might want a certain portion of your network traffic, e.g. Database traffic for analysis to load balancing group 1 and everything else to LB group 2. It is also possible to distribute the complete data to both LB groups at the same time. If you have 10G or 40G lines but the data volume is less than 5G, you can easily distribute your entire data traffic redundantly to 1G analysis tools. If your total traffic is larger than 10G, and you still want to monitor it with 1G Tools, you have the option to cut the payload by packet slicing or filter the data by filter first. The Network Packet Broker is very flexible and allows a lot of configurations, which we would be happy to show you on the spot or also remote.

You can, of course, create multiple load balancing groups and redistribute the network traffic you’re interested in. Using a network packet broker you can also sort all traffic from the input and/or output ports using specific filter criteria. You can then allocate a certain portion of your network traffic, for example, sending database traffic for analysis to load-balancing group 1 and everything else to load balancing group 2. You can also evenly distribute complete data across both load balancing groups. If you have 10G or 40G lines but your data volume is smaller than 5G, you can easily send your entire traffic to 1G analysis tools. If your total traffic is larger than 10G but you still want to monitor it with 1G tools you have the option to cut the payload by packet slicing or to sort the data in advance using filters. A network packet broker is very flexible and permits many different configurations. We’d like to show you how it works by either visiting your site or by giving you a remote demonstration. 

You will find more information in our article Network Taps.

Networks today need to be monitored for various reasons, whether it is to detect intrusion attempts, classic fault analysis, web performance monitoring, application performance, forensic analysis, compliance, or other security purposes.

At this point it is particularly important that the monitoring systems receive only the data from the network, which are also necessary for the corresponding analysis. If the data is passed unfiltered, the analysis tool must accept all incoming data packages and process the data intensively. This process consumes expensive resources and has a negative impact on the performance and therefore the result of the analysis.

Instead, a further layer is switched between the network and the monitoring system, and the network packets that are of interest are filtered out using network packets from the data streams. By this method the analysis systems get less data and can concentrate completely on the evaluation of the relevant information. Thus, e.g. For an analysis of the DNS performance, all non-DNS packets are removed from the data streams, resulting in a load reduction on the tools and optimizing the resource usage. This method allows simple and targeted removal of data packets from giant data streams, which can lead to an improvement in monitoring quality.

A further feature of such a data monitoring switch is the dynamic and intelligent redistribution of the data streams based on the utilization. Here, the entire network data is also centralized at the Network Packet Broker and redistributed from here to the connected tools. For this purpose, a monitoring group is created and the network data are sent to the group according to the rules. For example, 4 tools assigned to this group, each system receives about 25% of the total data volume. High-availability scenarios can also be depicted. If a tool fails, the remaining 3 monitoring systems get 33% of the data traffic and you always have an overview of your network data. In order for such a load distribution to work automatically without external intervention, the FAB network must recognize flows or sessions, since otherwise the connected monitoring systems would only receive fragmented information and thus an analysis would not be possible.

For the recognition of sessions, the Data Monitoring Switch from Garland Technology is equipped with extensive functions, as you can see in the picture below. The Network Packet Broker can identify the flows using the following criteria; Source IP, destination IP, source port, destination port, MPLS labels and IPv6 addresses.

Load-balancing criteria

Load-balancing scenario

Depending on the configuration and filter policy, the entire data traffic is evenly distributed to the load balancing group 1. The Network Packet Broker ensures that each tool receives the same amount of data and, in the example below, would forward 25% of the data traffic to each monitoring tool. The session table and the volume of data traffic are evaluated for a fair distribution.

If a monitoring tool is removed from the load balancing group or is removed from the switch for maintenance purposes, the Network Packet Broker distributes the data accordingly to the remaining tools. In our example here, the still active analysis systems would each get about 31.3% of the data traffic. As soon as the failed system is online again, the usual load distribution takes place on all 4 tools. With SNMP or Syslog, you are informed proactively about such events. Load balancing takes place automatically without intervention.

Of course, you can create multiple load balancing groups and redistribute network traffic according to your interests. Another option is the Network Packet Broker, which allows you to sort out all traffic at the input port and / or at the output port with filter rules. Thus, you might want a certain portion of your network traffic, e.g. Database traffic for analysis to load balancing group 1 and everything else to LB group 2. It is also possible to distribute the complete data to both LB groups at the same time. If you have 10G or 40G lines but the data volume is less than 5G, you can easily distribute your entire data traffic redundantly to 1G analysis tools. If your total traffic is larger than 10G, and you still want to monitor it with 1G Tools, you have the option to cut the payload by packet slicing or filter the data by filter first. The Network Packet Broker is very flexible and allows a lot of configurations, which we would be happy to show you on the spot or also remote.

NEOX - Location

Our partners

IT Security made in Germany TeleTrusT Quality Seal

Contact Details

Otto-Hahn Strasse 8
63225 Langen / Frankfurt am Main
Tel: +49 6103 37 215 910
Fax: +49 6103 37 215 919
Your route to us >>