Viewing Packet Data#
You can view the contents of an individual packet in the Event Detail and Hex Dump editor panes. These display packet data in decoded format and raw bytes, respectively. For example, Network Analyzer shows the Association Request data for Event 16 in the following figure.
Filtering Captured Data
By default, the Events pane displays all session events. You can build and apply filters that constrain Network Analyzer to show only events that are of interest. By filtering events, you can analyze results more efficiently.
Setting Filters
Each capture session has its own filter settings. When you change a session's filters, Network Analyzer immediately refreshes the display. When you exit Network Analyzer, all session filters are cleared and must be reapplied when you restart. Network Analyzer provides two ways to edit filters:
Filter Manager: Maintains a set of saved filters that you can review and edit. You can also add new filters. You specify any of the saved filters for display on the Filters menu, where they are accessible for use in one or more sessions.
Filter Bar: An editor that attaches to a given session, where you can enter one or more filter expressions on the fly. Network Analyzer discards filter bar expressions for all sessions when it exits.
Quick Filters
Network Analyzer also provides several preset context-sensitive quick filters that are available from the Transactions and Events editor panes. You access these filters by right-clicking an event or transaction and choosing a context menu option.
The quick filter options that are available depend on the transaction or event you select. You can specify to hide all events/transactions of the selected type, or to show only that type. Further, if you select an event such as a neighbor exchange that has a source and/or destination address, the context menu also contains options that let you filter events according to that address. This lets you isolate data for a given node.
Filtering Message Types
It is often useful to hide messages that are not relevant to the current analysis. For example, you typically don't need to view neighbor exchanges-stack-level messages that are exchanged among nodes. By default, the Filters menu has a single saved filter option, Hide Neighbor Exchange, which the Filter Manager defines as follows:
!isPresent(neighborExchange)
By choosing this option, Network Analyzer hides all neighbor exchange messages from the Events pane. You can customize the Filters menu to include other saved filters. You can also set filters manually in the filter bar.
Isolating Node Data
You might want to isolate all messages for a given node, for one of the following reasons:
Evaluate the amount of traffic between it and other nodes.
Analyze traffic pattern anomalies.
Determine whether and when it stopped sending or receiving messages.
To show only traffic for a given node:
Right-click a message that specifies a source and destination.
From the context menu, select one of the following options:
Show only destination: node-short-ID
Show only source: node-short-ID
For example, to view only events from node AE12, as shown in the following figure:
Right-click on transaction 30.
From the context menu, select Show only source AE12.
The filter bar shows a filter expression like this:
fifteenFour.source == 44562
You can further refine the filter by ANDing it with other conditions. For example, you can specify to hide all neighbor exchange messages from this node by choosing the menu option Filters | Hide Neighbor Exchange, as shown in the following figure.
By doing this, you can determine node-specific data, such as how many non-neighbor exchange events originate from that node and the intervals between them. After analyzing data for that node, you can clear all current filters and set filters on other nodes, to compile their data and activity.
Note: Filters are helpful for isolating network issues, such as quickly ascertaining when a node stops sending data. However, to analyze an event in the context of network operations, you must clear all filters.