Capture control
IOTA 10 CORE can capture out-of-band traffic incoming from TAPs, Network Packet Brokers, and switch SPAN ports. The unit has six interfaces:
- 2 x RJ45 100M/1G
- 2 x RJ45 1G/10G
- 2 x SFP+ 10G
The unit can capture traffic from any four of these interfaces at the same time.
The Capture page displays the state of the six capture interfaces and the list of capture sessions.
Capture sessions are used to control the capture state and analysis of one or multiple ports at the same time. This facility makes possible to define correlation between traffic incoming on different ports.
You can create a new capture session by clicking the [+] button in the top right-hand corner of the screen. You will be prompted to give it a name. Ports can then be added to this capture session.
Clicking a port opens a card which displays information about this port, and allows you to assign it to an existing capture session. It also allows you to start a capture on this port if it isn't already associated to a capture session, which will create a new capture session containing this interface.
Clicking a capture session opens a card which displays the ports it contains, the capture status, and provides controls for starting and stopping the capture, changing the capture session's color, changing its name, deleting it, as well as controlling the following traffic analysis options:
- Enable Advanced traffic analysis: This option enables advanced traffic analysis for VoIP, TLS and other dashboards. If this advanced analysis is not necessary, it can be disabled, which will increase overall traffic analysis performance.
- Use VLAN/MPLS to correlate traffic flows: If enabled, VLAN tags and MPLS labels will be used to identify traffic flows. If disabled, they will be ignored.
- Enable packet reordering: Force TCP packet reordering. This will improve application detection, but it may degrade accuracy of flow performance evaluation.
The use of capture sessions will allow to join traffic incoming from different sources in a single metadata domain, enabling the use of the device at the core of your visibility infrastructure.
A typical example use case for capture sessions is when IOTA 10 CORE is connected directly to a TAP receiving two traffic links. These can be joined in a single capture session to make sure that bidirectional traffic is processed correctly.