Validating traffic capture on a Collector

The Real User Collector component captures traffic passing between your web applications and end users. When web application traffic is captured by the Cloud Probe and sent to a Collector, it arrives in the form of network packets. The Collector then parses the traffic, decrypts HTTPS transactions, and prepares the network data for further processing by a Real User Analyzer. (For more information about traffic capture, see End-user experience traffic data capture and segmentation.)

Perform the following tasks to validate that traffic capture is occurring and is successful:

To ensure that the Collector is receiving TCP/IP traffic

  1. Log on to the Collector with an Administrator account.
  2. Select Administration > Device status > Traffic capture statistics.
  3. In the Traffic section, check the percentage values for IP traffic, TCP traffic, and HTTP traffic. 

    If the values are near 0 (zero), then the incorrect network traffic is being sent to the Collector. Check with your network administrator group to correct the issue.

  4. In the SYN / ACK ratio section, verify the percentage of each part of the three-way handshake (Client SYN, Server SYN-ACK, Client ACK) is similar for the TCP session. 

    If the Overall Ratio is higher than 30%, your network traffic might be subject to packet loss, or the network traffic is not getting copied to the Collector correctly. If one of the ratios on the right side is higher than 30%, then you might have unidirectional traffic in the received traffic. Running the packettrace CLI command might provide further information. Please contact BMC Customer Support for more details.

For additional information about traffic capture statistics, see Monitoring traffic capture status and statistics on a Collector.

To ensure that the Collector is receiving the expected HTTP/HTTPS traffic

After you validate that the Collector is receiving HTTP/HTTPS traffic, use can use Reference lists to verify that the traffic data you are receiving is what you expect. Reference lists return recently observed values for many system fields in the traffic data.

  1. Log on to the Collector.
  2. Click Reference lists.

  3. In the Popular section, click Host only
    1. After the list shows up, click Top N in the list header. 

      This will show the most popular host names requested in the traffic that the Collector receives. 

    2. Ensure that the top 10 host names correspond to your expectations. If not, you might need to ask for a correction to the copied traffic.
  4. In the Popular section, click Server IP.

    The Server IP list returns the IP address of HTTP request endpoints. If you are copying traffic to the Collector from a point in your network that is logically in front of the load balancer, then the Server IP address should show the IP address of the load balancer. Otherwise, you might see the IP addresses of the web server pools. For information about deployment scenarios for traffic capture, see Traffic capture and tapping points. Traffic capture and tapping points for BMC Real End user Experience Monitoring Software Edition.

For additional information about Reference lists, see Getting current traffic values from a filter reference list.

Contributed by Baophac Do

Was this page helpful? Yes No Submitting... Thank you