|

Omnipeek v11.1

November 2, 2017

What’s New

2 | © Savvius, Inc. Confidential

Marketed features:

• Improved CTD performance on Omnipliance and Ultra

• Faster forensic search

• Improved VoIP Reporting

• New RTP Graph Displaying VoIP Jitter and Quality Statistics

• Playback Support for DTMF Tones

• New Network and Application Latency Values for Experts

• Support for NetFlow v9 and IPFIX in the NetFlow Adapter

• New decodes

Not marketed:

• Compass 11.1 Enhancements

• Remove Windows 32-bit code

• Update 3rd Party Libraries

• Features removed from Omni 11.1

Why Upgrade to v11.1?

3 | © Savvius, Inc. Confidential

• Significantly improved CTD performance- Faster, “flatter”, CTD performance

• Find the packets you need faster - Improved forensic search analysis

• New VoIP reporting- Two new PDF reports for single and all calls

• Better VoIP graphing- A new RTP tab on the Voice & Video Flow Visualizer displays jitter and quality graphs

for one or more VoIP calls

• Improved Expert stats- See network and application latency as columns in Expert table

Product/Version v2.0.1 v10.1.1 v11.0 v11.1

Vigil ✓

Insight ✓

Capture Engine for Windows ✓

Spotlight Appliance ✓

Omnipeek ✓

Omnipliance ✓

Omnipliance Ultra ✓

Omnipliance WiFi ✓

Product Versions

4 | © Savvius, Inc. Confidential

Improved CTD Performance on

Omnipliance and Ultra

What’s Possible

6 | © Savvius, Inc. Confidential

RAID 0 First 2TB (Best) Last 2TB (Worst)

Raw 19.73Gbps 9.69Gbps

XFS 19.72Gbps 9.68Gbps

EXT-4 18.79Gbps 9.59Gbps

RAID 6 First 2TB (Best) Last 2TB (Worst)

Raw 16.65Gbps 8.28Gbps

XFS 16.62Gbps 8.27Gbps

Improved CTD Performance on Omnipliance and Ultra

7 | © Savvius, Inc. Confidential

• Flattened out and improved overall CTD performance by:- Switching file systems – from EXT-4 to XFS

- Using the existing Capture Options to- Limit allocated disk space to 60% of the total

- Increase file size (improvement is minor)

• Using a lower disk % can provide even better performance

8 | © Savvius, Inc. Confidential

42/72TB (60%) Wrap Test (6+ Hours) at 15GbpsRAID 0

124TB (72+72TB) Wrap Test (15+ Hours) at 20Gbps (Aggregate) and RAID 0

9 | © Savvius, Inc. Confidential

Faster Forensic Search

Faster Forensic Search

11 | © Savvius, Inc. Confidential

• Fix application classification with filters enabled

• Add a "preparation" stage to pre-calculate as much information as possible that might be needed by other stages (such as protocol layers, IP addresses, etc.)

• Open the forensic search window immediately

• Avoid checking file format

• Minor performance improvements- Faster checking for TCP/UDP ports in Protospecs- Optimizations for storing Expert Events- Optimizations for node, protocol, and node/protocol detail

statistics- Remove unnecessary packet processing for application

response time statistics

- Remove some overhead in packet segment processing- Remove conversation statistics from Graphs - NOTE: These improvements are unlikely to show any

decreased processing time if Expert or VoIP analysis is

enabled

Test Condition v10.1.3 V11.1 (XFS) Improvement

Forensics Capture

~14Gbps, IP PFI

~ 30 min ~10 min 3x

Forensics Capture:

~14Gbps, IP PFI

Monitoring Capture:

~100Mbps

~ 8 hours ~ 30 min 16x

Conditions:

- No PFI

- 512MB file size

- 30min capture: 2.1B packets, 1.2TB CTD, 2912 files

- Search: 10min, 881M packets, 614GB CTD, 1228

files

Improved VoIP Reporting

Improved VoIP ReportingAll Calls Report

13 | © Savvius, Inc. Confidential

• Create a Voice & Video report for all calls from Calls view by right-clicking a call in the list and choosing All Calls Report

• Reports elements include:• Summary: shows essential statistics for all calls from the

Voice & Video section of Summary Statistics

• Call Quality Distribution: summary chart of call quality from the Voice & Video Dashboard

• Quality Overview: shows a graph of call quality over time, similar to the Call Quality graph on the Forensics tab - this is new data and the Voice & Video Dashboard now also includes this widget

• QoS Overview: a graph showing various QoS statistics over time, and the associated data

• Event Summary: Shows a summary of Expert events (similar to the Event Summary tab in the Expert views)

Improved VoIP ReportingSingle Call Report

14 | © Savvius, Inc. Confidential

• Create a Voice & Video report for a single call from the Calls view by right-clicking a call in the list and choosing Single Call Report

• Reports elements include:- Call Summary: Call ID, Caller, Callee, Start/Finish/Duration,

MOS-Low, Setup Time

- Call Details: shows all information for the call

- Event Summary: shows summary counts of Expert events relating to the call

- Events: shows the Expert events relating to the call - 100 entry limit (or it shows "Too many events”)

- Media Flows: shows a table of essential information for each each media flow

- Media Details: shows all the information for each media flow for the call - each section includes a graph of Jitter and a quality graph

Improved VoIP ReportingVoice and Video Dashboard

15 | © Savvius, Inc. Confidential

• Call Summary Widget additions:- Call Counters: Average call duration - the

average call duration (of all calls)

- Closed Call Statistics: MOS-CQ, MOS-A, MOS-V - the average of those scores amongst all closed calls

• Dashboard:- A new widget that display call quality over

time for calls classified as good, fair, poor, bad and unknown, similar to the graph of the same name in the Forensics tab for an engine

Improved VoIP ReportingOther Enhancements

16 | © Savvius, Inc. Confidential

• Voice and Video Views:- Search for calls based on MOS-Low in the Calls view Search UI

- The Media view includes a new DSCP column that records a single DSCP value for an entire media flow

- Selecting an event from the Event Summary tab or Event Log tab shall highlight all calls or media flows to which those events apply

• The Voice and Video Forensic Search Template now includes (for reports):- Enable Expert

- Enable Graphs

- Enable Traffic History Statistics

- Enable the QoS Analysis Module

• VoIP call playback shall include DTMF tones as extracted from RTP Events and SIP info

New RTP Graph Displaying VoIP

Jitter and Quality Statistics

New RTP Tab and Graph

18 | © Savvius, Inc. Confidential

Network and Application

Latency Values in Expert

Network and Application Latency in Expert

20 | © Savvius, Inc. Confidential

• Add Network Latency and Application Latency values to Expert- Network Latency is defined as the time difference between a request packet and its

first response packet

- Application Latency is defined as the time difference between a request packet and

its first response packet with data minus the Network Latency

Other

More New Features

22 | © Savvius, Inc. Confidential

• Added NetFlow v9 and IPFIX to our NetFlow Adapter support

More New Features

23 | © Savvius, Inc. Confidential

• Added NetFlow v9 and IPFIX to our NetFlow Adapter support• New decodes and protospecs enhancements

- Decoder for Universal Alcatel over UDP (UA/UDP)

- Protospec for Universal Alcatel over UDP (UA/UDP)

- Decode DTMF keypress events in SIP INFO packets

- Decoder for Access Node Control Protocol (ANCP)

- Protospec for Access Node Control Protocol (ANCP)

- Decoder for Organization-Specific Slow Protocol (OSSP)

- Protospec for Organization-Specific Slow Protocol (OSSP)

- Decode AP Name in 802.11 Beacon Symbol Proprietary IEs

- Protospec for VN-Tags tunneling

- Decoder for DNSSEC

- Protospec for NetFlow

Improved VoIP ReportingNew V&V Summary Stats

24 | © Savvius, Inc. Confidential

Thank you very much!