The IT industry is increasingly recognizing and leveraging the value and utility of packet-level analysis— also called deep packet inspection or just packet analysis—for quickly and accurately identifying the true source and nature of network and application reliability and performance problems. Join Jim Baxter, PacketIQ performance analyst and certified Wireshark® network analyst, and Rob Hock, SolarWinds product manager in Quality of Experience Monitoring with Deep Packet Inspection and Analysis from SolarWinds. In this webcast, you’ll learn about the history and current state of packet analysis, the information it can provide, and how SolarWinds Network Performance Monitor can use that information to monitor the most critical factors that may affect end-user application performance.

1. Using Packet Analysis for Quality of
Experience Monitoring
is it the application or the network?
August, 2014
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

2. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
A Few Notes About Today’s Session
* Today’s content will cover using
packet analysis for quality of
experience monitoring
* Ask questions!!!
º No attendee left behind
º Ask questions using the chat box and
we will do our best to cover them
all
* Today’s session is being recorded
º Solarwinds.com
º Slideshare.com
2
Jim Baxter
Performance Analyst &
Wireshark® Certified Network
analyst
PacketIQ®
Rob Hock
SolarWinds Product Manager

3. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Agenda
* What is Deep Packet analysis?
* How is it Done?
* How can it be used?
* SolarWinds® Network Performance Monitor and Deep Packet
Inspection
* Q&A
3

4. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Deep Packet Analysis
* Also known as Deep packet
Inspection (DPI)
* Capturing (by making a copy of)
and analyzing the contents of
network packets that flow
between clients & servers
* Packets are typically captured
using a ‘TAP’ or switch port
‘mirroring’ or ‘spanning’
4

5. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Manual Packet Analysis
* Packet analyzers (or sniffers) are
typically moved around and used
as needed to troubleshoot specific
problems – no continual
inspection
* Requires a highly skilled user to
configure, perform captures, and
analyze the packet flows
* A number of vendors offer high
throughput DPI appliances, but
these can become very pricey
5

6. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Wireshark®
* Current industry standard analyzer
* Sophisticated capture & display filtering
* Specialized analysis & data screens
* Expert info window
* Support for over 1000 protocols
6

7. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
What you can do with Packet Analysis
7
* Network response time can be measured
* Application response time can be obtained
* Application traffic can be identified and categorized by ip addresses,
ports, protocols, or urls
* Is it the Application or the Network?

8. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Network response time
* Speed of light propagation delay
* Network routing & geographical
distance
* Serialization delay (wan links)
* Queuing delays (qos)
8

9. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Measuring network response time
9
* TCP 3-Way Handshake
* Client sends server a ‘SYN’
Packet
* Server responds with a ‘SYN
ACK’ packet
* Clients returns an ‘ACK’
packet

10. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Measuring application response time
* TIME TO FIRST BYTE
* Client sends a ‘GET’ request
to server
* Server ‘ACKs’ the request
* Some Amount of time goes by
while server processes the
request and responds
* Server sends first data packet
10

11. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
MANUAL CAPTURE SEQUENCE
NETWORK RTT = 69MS (FRAME #1 TO
FRAME #2 DELTA
11
Client sends ‘get’ request
Client receives ‘ack’ in 263ms
Client receives first data packet in 1.163
seconds
Total server response time ~ 1.4 seconds

12. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Traffic distribution analysis
* Categorization &
measurement of network
traffic types based on IP
addresses, ports and
protocols
* Identify business vs. non-
business and potentially
malicious traffic
12

13. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SolarWinds Network Performance Monitor (NPM)
* Fault, Availability, Performance, &
Deep Packet Inspection
º Speeds troubleshooting, increases service
levels, and reduces downtime
º Monitors & displays response time,
availability and performance of network
devices
º Analyze user quality of experience using
deep packet inspection and analysis
º Improves operational efficiency with out-
of-the-box dashboards, alerts, and reports
º Automatically discovers network devices
and typically deploys in less than an hour
13

14. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Deep packet Inspection & Quality of Experience
* New in NPM version 11
* Easy-to-deploy software deep packet inspection and analysis sensors
* Quality of Experience dashboard for a quick summary of network and
application performance metrics
º Visual presentation of over 1200 application (i.e. Skype®, SQL, facebook®, etc…)
response times, classification (messaging, database, social, etc…), categorization
(business vs. non-business), and risk profile
º Visual presentation of network response time
º Graphical display of traffic volume and transaction count
14

15. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Demo
15

16. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Summary
* Deep packet inspection and analysis has a number of benefits
º Network response time can be measured
º Application response time can be obtained
º Application traffic can be identified and categorized by ip addresses, ports,
protocols, or urls
º SolarWinds NPM provides affordable, easy-to-deploy DPI along with a
visual presentation of key application and network performance metrics
º You can finally answer the question: “Is it the Application or the
Network?”
16

17. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Thanks for your attention!
Download a FREE fully functional 30-day trial or
SolarWinds Network Performance Monitor
www.solarwinds.com
Join our community of 150,000+ IT pros at www.thwack.com
Thank you for attending!
17

18. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds
Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds trademarks, service marks, and logos
may be common law marks, registered or pending registration in the United States or in other
countries. All other trademarks mentioned herein are used for identification purposes only and
may be or are trademarks or registered trademarks of their respective companies.

19. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.