Traffic packets passing through the network device, can be mirrored to a port of the same device for inspection. Also multiple ( WAN/LAN /Uplink) port traffic can be mirrored and set for inspection. In case you wish to inspect packets from multiple devices, You can save the mirrored packets and upload it to NetFlow Analyzer server. Real time packet capture works only when NetFlow Analyzer server is directly connected to the mirrored port.
In the above diagram, ports 1, 2, 7 & 8 are mirrored for monitoring to the last port (port 24) of device . Here all the mirrored network packets reaches the OpManager server as it is directly connected.
Note : If you want to monitor multiple devices, You need to save the mirrored packets individually and import it to opmanager to generate offline reports.
Port mirroring commands vary from vendor to vendor. You can check with the respective device vendor for commands.
Below is an example for port mirroring on a HP Switch.
Below is the detailed cmd structure to mirror all the 23 ports to the last 24th port.
With these recieved network packets ManageEngine will analyze the captured packets and generate reports.
As Initial phase, ManageEngine has introduced analysis for TCP packets even though it captures all packets. Rest will be supported in future. Using the DPI feature, we can calculate Application Response Time (ART), Network Response Time (NRT), url's used and traffic utilization (productive\non-productive).
With these reports a network administrator can have a clear picture of what is consuming the bandwidth at what time and so, he can regulate it cost efficiently.
In DPI we get information about ART,NRT and URLs
NRT : Network Response Time is the time difference between TCP_SYN packet and its ACK (acknowledgement).
ART : Application Response Time is the time difference between TCP_DATA packet and its ACK (acknowledgement flag).
URL : URL details contained in data packets.