Troubleshooting Network and Packet Analyzer Issues
This appendix addresses some common issues you might encounter while using Cisco Security Packet Analyzer Software as well as how to use Packet Analyzer to troubleshoot Packet Analyzer network connection issues.
This appendix contains the following topics:
Resolving Typical Packet Analyzer Issues
Q. I see a notification message No data for selected time interval
on my dashboard reports. What should I do?
You may have created a filter that needs to be changed in order to see data. Use the Interactive Report Filter to do any or all of the following actions until your data displays:
– Change the site filters
– Change the application filter
– Incrementally expand the time range from the default to a greater time range
Review the following question for additional details if this does not resolve your issue.
Q. I am sending traffic to the Packet Analyzer but nothing comes up on the default monitoring page. What could be wrong?
There are two typical issues that are seen when first setting up traffic to the Packet Analyzer:
– Wait for at least five minutes after traffic is sent to the Packet Analyzer. Packet Analyzer collects and displays information at intervals and traffic may not display in charts immediately.
– Ensure the client time is synchronized with the Packet Analyzer time. Typically this means setting your NTP server to synchronize your Packet Analyzer time. For details, see Synchronizing Your System Time.
Q. What information should I collect and what else should I do when the Packet Analyzer is not responding?
Determine the answers to the following questions and gather the following information:
- Does session from the switch/router CLI work?
- Does ping over EOBC (127 subnet) work?
- Does ping to the management IP address work?
- Collect output of show tech-support command from both the Packet Analyzer and the switch or router.
- Collect core files.
- Check if Packet Analyzer hardware is seated correctly in chassis
Perform the following tasks to troubleshoot your issue:
- Reset Packet Analyzer
- Reset into maintenance image or helper
- Clear the configuration
- Reinstall the application image (using the -- reformat option)
Q. How can I view Packet Analyzer log files and send them to TAC for review?
From the GUI, go to Administration -> Diagnostics -> Tech Support. After the support screen dump is complete, click Download log files. Save the files to your local disk. You can analyze the files locally or, if requested forward on to your technical support team for review.
Troubleshooting Login Issues
Log into the Packet Analyzer by using the username and password that the Packet Analyzer administrator provided you, and click the Login button. If you are having problems logging in:
- Make sure you are using a browser that is currently supported for use with Packet Analyzer:
Mozilla Firefox ESR 38 or Microsoft Internet Explorer 11 (Microsoft Internet Explorer 7 is not supported)
- Make sure you are using a platform that is currently supported for use with Packet Analyzer:
Microsoft Windows XP or Microsoft Windows 7. The Macintosh platform is not supported on this release.
- Clear the browser cache and restart the browser (not necessary if installing Packet Analyzer for the first time).
- Make sure cookies are enabled in your browser.
- If you see the following message: “Initializing database. Please wait until initialization process finishes,” you must wait until the process finishes.
- Make sure your username and password does not use any special characters.
- If your platform requires licensing, make sure you accepted the license agreement and that the license has not expired.
To view the full documentation set (including the User Guide and Release Notes) for the Cisco Packet Analyzer software, go to the Packet Analyzer software Technical Documentation area on Cisco.com:
Understanding Typical Error Messages
Q. I’m waiting for the graphical data to populate on a dashboard. What does this red error “Request Error -- Please Try Again” mean?
This means an internal error has occurred, or the login session may have timed out.
Q. I’m waiting for the graphical data to populate on a dashboard. What does this red error “Query resulted in no data” mean?
The Packet Analyzer does not have any data for the specified time frame and specified filter. Go to the Interactive Report (the pane on the left side of the window) and click the Filter button to check the filter settings and data sources to make sure the Packet Analyzer is getting data. You can also check the Overview page to ensure the traffic is reaching the Packet Analyzer. If no traffic appears, check your data sources and SPAN session configuration.
Q. What does the message “Client or Packet Analyzer time is incorrect” mean?
The browser or client time and the Packet Analyzer time must be synchronized to avoid this error. See Synchronizing Your System Time.
Frequently Asked Questions about Packet Analyzer Behavior
Q. How does Packet Analyzer calculate network latency?
To calculate network latency, the software looks at each packet and associates it to a transaction. For example, Packet Analyzer looks at SYN and SYN-ACK and timestamps these packets to perform these calculations.
Q. How can Packet Analyzer be restricted to one tenant’s traffic when using SPAN or ERSPAN on a Nexus 1000V?
Packet Analyzer can be deployed per tenant so they each Packet Analyzer has their own portal. Packet Analyzer processes VxLAN, LISP, FabricPath, and OTV for multiple tenants.
Q. Why is the browser behaving strangely? It is displaying data for no apparent reason or is not displaying expected data.
Clear the browser cache, close the browser, and open a new session and try again. Also, make sure you are using a supported browser.
Q. Why is the Packet Analyzer performance lower than expected?
Disk capture will reduce the Packet Analyzer performance considerably. It is due to the disk input/output speed. You will see a warning in the top right corner of the window.
Q. Why won’t the system change the storage option for my capture session from disk to memory and then back to disk?
If you set up a capture session to disk and later modify the same packet session to save into memory, Packet Analyzer is unable to change the storage selection back to disk because it is in the in use state. You cannot delete the capture session to release the disk for capture. The workaround is to reboot the Packet Analyzer. This has been fixed in the latest patch (patch 5) on the Cisco software download web page.
Q. What MIBs do the Packet Analyzer support?
Table E-1 lists the MIB objects supported by Packet Analyzer.
Table E-1 Supported MIBs
|
|
MIB-II: All groups except Exterior Gateway Protocol (EGP) and transmission. |
RFC 1213 |
RMON2: trapDestTable only |
RFC 2021 |
CDP-MIB: Cisco Discovery Protocol |
|
EntityMIB |
RFC 2737 |
Q. Which platforms require MIBs?
Packet Analyzer does not require MIBs.
Troubleshooting WAAS Data Issues
Q. Why does Packet Analyzer display the status of WAAS devices as pending?
Packet Analyzer is unable to monitor WAAS traffic until you set up WAAS monitored servers. To change the pending status, you must set up WAAS monitored servers. See your product documentation for more details.
Q. Why is no WAAS data seen in the Monitor windows?
Perform the following steps:
- Use the Packet Analyzer GUI to verify that the Monitored Servers list is configured with the correct server IP addresses.
- Use the Packet Analyzer GUI to verify that WAAS data sources have data collection enabled for applicable segments.
- Use the WAAS CLI show statistics flow filters to verify that the servers have active traffic flows that are optimized and monitored.
- Use the WAAS CLI show statistics flow mon tcpstat to verify that WAAS Flow Agent exports flow data to the correct Packet Analyzer IP address.
Q. The WAAS is not sending data to the Packet Analyzer, and the reports are not showing any values.
The WAAS will not send data unless filtering is enabled on the Packet Analyzer. Enable filtering at Setup > Data Sources > WAAS > Monitored Servers, and check the “Filter Response Time for all Data Sources by Monitored Servers” check box.
Troubleshooting Video Streams
Use Packet Analyzer to monitor the network to ensure that the video quality is good. If quality issues appear, isolate and troubleshoot the problem rapidly as follows:
- Choose Analyze > Media to view the Video Streams. You can access this from the Video Streams Conversation table by clicking a specific stream or from the Video Channels Table window by clicking the stream that is associated with the video signaling stream. This chart indicates current video quality of all video streams that are being monitored. I/All frame loss rate are the main metrics to indicate the video quality. High loss rate indicates poor quality and low loss rate indicates excellent quality. Use the Top N Video Streams source and destination endpoints to view whether there are video streams in the poor range.
- To isolate video streams that have poor quality, scroll down to Top N Video streams and click the chart to drill down into the Video Stream details. You can examine the I/All frame loss rate together with other metrics to determine the main cause for poor quality. If the video stream is MPEG-TS stream, you can also look at the MDI metrics to determine whether DF/MLR is large.
- With the endpoint’s IP addresses, you can look at the network topology to identify where your subnet is located in the network.
Using the CLI to Troubleshoot Issues
Locating Packet Drops
Q. How can I find out using the CLI if packets are being dropped?
The following CLI command shows packet drops at different layers of the Packet Analyzer system at 5 minute intervals and up to the last 24 hours:
root@NAM3-18.cisco.com# show pkt-drop-counters Hour-0
Start time of the hour: 2010-11-05 13:00 PDT
Time hardware pkts dropped FM pkts dropped ART pkts dropped
Handling an Unresponsive Packet Analyzer
Q. Why is my Packet Analyzer Blade not responding?
Do the following:
- Check the Packet Analyzer IP configuration (using the CLI command show ip)
- Check VLAN configuration of management port on Sup:
analysis module <slot> management-port access-vlan <#>
- Does the session from the switch/router work?
- Does a ping to Packet Analyzer mgmt IP address work?
- What is the module status on Sup/router?
Using the CLI to Troubleshoot Performance Agent (PA)
Q. Why is the Packet Analyzer not receiving data from PA?
Packet Analyzer no longer uses Performance Agent as a remote data source. Use Prime Infrastructure or Prime Assurance to collect PA data.