Beeks Analytics uses the following probe types:

A) Stack probes
There are multiple stack probes in VMX-Capture. They perform decoding of messages, timestamping, mapping, anomaly detection, and generation of pre-aggregated stats. They then send the decoded message, anomalies, and pre-aggregated stats to the Agent service in VMX-Analysis and to a core data feed.

Stack probes provide data for analytics in VMX-Analysis and capture the following types of information: 

  • Data about business objects (transmitted as Agent Events)
    For example, data relating to a quote, order, fill, heartbeat.

  • Latency stats
    For example, Market Data wiretime, TCP roundtrip.

  • Network stats
    For example, bandwidth per link, microbursts per port, loss, window size etc.

To configure a Stack probe, you’ll define a Berkeley Packet Filter (BPF) filter to determine what the probe will listen for. This will be packet-level data such as packet headers, TCP ports, or protocol types. Then you’ll set the data that will be passed to VMX-Analysis.

B) Packet Capture probes
There are multiple packet capture probes in VMX-Capture. They capture packets to disk to provide a store of the captured data, which users can then consult if needed for diagnostics or evidence. Packets are stored in pcap files compressed with Gzip. VMX-Capture can capture network data, without loss, to compressed PCAP files at up to 100Gb/s sustained.

Packet capture (to disk) provides the following:

  1. An absolute record of network traffic at packet-level. Use it as evidence in disputes, or if you need to go back to calculate some stats, or decode protocols that you didn't have decoders in place for at the time. Packet capture viewing tools (such as Wireshark) can be used to view the data in this repository, and VMX-Capture allows you to filter the capture files to the precise timing and BPF filter that you need.

  2. Market Data replay with mdPlay, in which we very accurately reproduce market conditions by replaying market data from these captures with exactly the same timings as the original.

To configure a Packet Capture probe, the Napatech card is configured with the the data that the probe will listen for. The probe outputs files in pcap form that are compressed into gz archives. The file naming convention is [probename][timestamp].pcap.gz

A Packet Capture probe writes a new pcap file to disk every 10 seconds.