Capturing in Time-Sensitive Networking Environments with ProfiShark 1G

Solutions for Complete Access and Visibility into Network

Capturing in Time-Sensitive Networking Environments with ProfiShark 1G

Time-Sensitive Networking (TSN) is a set of standards defining mechanisms for the time-sensitive transmission of data over Ethernet networks. Deterministic communication is critical to multiple industries (Audio Video Bridging, Automotive, Industrial and Power automation, Mobile Fronthaul Networks).

The purpose of this article is to demonstrate the benefit of ProfiShark 1G in TSN environments and to describe its usage. In order to support TSN, a TAP has special requirements in terms of latency, jitter and capture capability.

Time-Sensitive Networking

Transparent In-Line

Like all Profitap’s in-line TAPs, the ProfiShark is protocol agnostic and L1 passthrough for all frames, tags, and encapsulations. This includes preempted frames (IEEE 802.1Qbu/802.3br), fragmented and CRC-invalid frames.

The in-line latency and the jitter introduced by the in-line circuit is minimal, making it suitable for IEEE 802.1AS and 1588 v2.

DEVICE
LATENCY
JITTER
L1 PASS-THROUGH
ProfiShark 100M
2 ns
100 ns
Yes
ProfiShark 1G/1G+
400 ns
32 ns
Yes
ProfiShark 10G/10G+
300 ns
40 ns
Yes

Capture Capabilities

The ProfiShark 1G is capable of capturing any type of frame, including preempted frames (IEEE802.1Qbu/802.3br), fragmented and CRC-invalid frames.

FRAME TYPE
PREAMBLE COUNT
SMD
FCS
Standard / Express
7
0xD5
CRC
SMD-lx Premptable frame start
7
0xE6, 0x4C, 0x7F or 0xB3
CRC
SMD-Cx Non-initial fragment
6
0x61, 0x52, 0x9E or 0xAD
CRC ^ 0xFFFF0000

Moreover, the ProfiShark Manager offers an option to capture the entire L1 Ethernet frame in direct capture. When ‘capture full frames’ option is enabled, the frames are captured with the preamble (0x55), the SMD and the CRC.

Wireshark Integration

With ‘capture full frames’ option enabled, the PCAP-NG Link-Layer Header is set to LINKTYPE_ETHERNET_MPACKET. This Link-Layer type is fully supported by Wireshark since 2.6.0 and allows proper dissection of L1 frames (see Wireshark view below). Once dissected, the additional L1 data is displayed in the Packet detail view and doesn’t conflict with higher protocols. Additionally, fragmented preempted frames can be reassembled in Wireshark.

The ProfiShark Manager offers different capture options. The different capture options and their effect are listed below.

All-In-One Advanced Gigabit Network TAP

ProfiShark 1G is one of the most powerful, compact portable network tap devices. It’s a portable troubleshooter dedicated to network monitoring, combining both performance and flexibility.

This pocket-sized Gigabit TAP is the equivalent of an aggregator tap and two NICs, requiring only a laptop or a desktop PC with a free USB 3.0 port. ProfiShark 1G is the ultimate solution for your field testing and monitoring performance.

All our ProfiShark products also include other important features, as are hardware filters, statistics and configuration options, through our own ProfiShark Manager application.

ProfiShark 1G+ combines all the features of ProfiShark 1G but with added GPS and PPS features for advanced timestamping.

All-In-One Advanced Gigabit Network TAP
ProfiShark 1G+ with laptop
Link to product pages: ProfiShark Portable Network TAPs

The Benefits of Using ProfiSight Network Traffic Analyzer

Solutions for Complete Access and Visibility into Network

The Benefits of Using ProfiSight Network Traffic Analyzer

As networks get faster and more complex, new performance issues appear. Conventional network monitoring takes too much time, that’s why network analysts are looking for tools that not only help them get to the source of problems as fast as possible, but also optimize their workflow.

So, how can we get from a broad view of the network to a pinpoint view of the traffic, anywhere, in seconds, drill down and find the potential weak spots, server congestion, ports usage and more?

With a network traffic analyzer

Before getting into how this type of traffic analyzer can make a difference to your network forensics and troubleshooting techniques, let’s talk first about the most common methods used these days: packet analysis and flow analysis.

Packet analysis technology is widely used to dig down into what is happening over a network by focusing on the individual packets that cross your traffic rather than on the flow of the network.

Even though this method generally provides the most insights into your network traffic, as complete packets can be captured and further analyzed, it also gives you huge amounts of data. This makes it almost impossible for you to take real-time decisions and immediately expose the worst-performing parts of the network. You need time to shift through a lot of data for evidence of an issue or an intrusion, just like finding a needle in a haystack.

Also, in high-speed networks, packet analysis requires expensive hardware and substantial infrastructure for storage and analysis.

And that’s where a flow analysis tool can come in handy

Instead of giving you loads and loads of data that will also come with added cost, a flow-based tool focuses on the flow of the network, the “who,” “what,” and “when” of network transactions.

Flow analysis tools are based on a technology that provides insights about who is communicating with whom, with which devices or end-points, and which protocol. It gives you a lot of visibility of your network’s traffic without the added weight of a packet analysis tool.

It makes it easier to dig into certain conversations, giving you a fast and efficient way to understand what type of traffic is traversing the network. Also, since this data is so light, you can store it for as long as you want, and network forensics and security monitoring tools can make use of it to monitor and alert for traffic abnormalities.

For all those reasons and more, our engineers created ProfiSight

ProfiSight is Profitap’s Network Traffic Analyzer, specially built to give you fast visibility into the traffic that matters. What does that mean? Its accurate insights about your network bandwidth utilization, application usage and statistics, LAN, talkers and conversations, performance and errors, or user activity will tell you how your network resources are allocated and used in real-time.

Basically, it’s a network monitoring tool that tracks the flow of applications and key services over all areas of the network — devices, servers, link connections — and offers insights into network bandwidth utilization, helping you adjust resources for optimal performance.

It’s optimized for fast indexing and has the ability to filter large amounts of network traffic, improving your monitoring workflow and saving valuable troubleshooting time.
All its dashboards support flexible user queries by fields and timestamps to allow a faster analysis of the problems. ProfiSight covers a large array of network troubleshooting indicators, designed to help you pinpoint issues or highlight trends that would otherwise pass unnoticed.

Moreover, when a deep packet-level analysis of the traffic flow is needed, you can choose to pair it with top packet analyzers (like Wireshark) for multiple visual histograms, graphs and statistics.

So, can I use packet analysis and flow analysis together?

Profitap ProfiSight Network Traffic Analyzer

Yes, you can. As you know, even though flow analysis is perfect for determining traffic statistics overall, it can fall short when you need to analyze a specific issue in depth.

For example, in the event of a data breach, you need to be able to quickly understand what or how it happened, and which systems or data sources have been compromised. Packet capture and analysis provides a complete and accurate historical record of network traffic, giving you the means to reconstruct events and dig down to the actual network packets to pinpoint exactly what took place.

That’s why ProfiSight can be integrated with any of our ProfiShark portable packet capture devices (or any other capture tool of your choice). In this way, it allows for a quick view of the flow data by extracting the metadata of a captured packet stream. This can help you get an overview of the main talkers in a few clicks and determine if they are a security or performance issue.

When combined with our portable packet capture devices, you can capture every packet on the line and get a complete overview of the network for in-depth analysis. Also, you can easily connect to your ProfiShark remotely so that you can track down network issues anywhere, anytime.

For a hands-on experience of how you can capture, monitor and analyze network traffic with ProfiSight, watch the video below made by Chris Greer:

The benefits of a network traffic analyzer paired with the deep-dive of a packet capture device are multiple, but one of them is that you can reduce the load that a packet capture requires while still providing the raw data when you need it. Time is essential in most of the cases, and pairing these tools will help you spot network issues in minutes rather than in hours or days.