To access the BAM standard Packet Capture dashboards, go to the Beeks folder and select the appropriate dashboard.

Dashboards overview

There are two Packet Capture dashboards provided with Beeks Analytics for Markets:

  1.  Use the Simple Packet Query Management V13.1 to retrieve packet capture information from one or more selected capture probe.

    1. You can use a BPF filter to further filter the packet capture to a particular subset of packets.

    2. You can preserve the query so that you can retrieve a previous query and easily rerun it for a different time period.

  2. Use the Packet Query Management V13.1 to perform the above tasks and in addition:

    1. Use the stack probe decode and statistics functions to provide message field decodes and statistics in JSON format.

SCR-20250709-mpdm.png
Simple Packet Query Management V13.1 dashboard

Usage Instructions

Instructions are provided here for the Simple Packet Query Management V13.1 dashboard.

To set up the VMX-Prism dashboard, you need to instruct it to run one or more jobs. A job is a predefined query that is either temporary or (if you choose to preserve it) you create and then can rerun whenever required.

  1. Complete the Query Name field by choosing an appropriate name for the query (especially useful if you are preserving the query) or retain the default query name and make sure that you choose ‘Apply time range’. Take care with the default timezone for the query - you can edit this in the time picker, and it’s important to be precise with these time ranges when retrieving a packet capture.

  2. Choose an appropriate time period for the query using the dashboard time picker.

Note: packet captures tend to contain much more data than the timeseries statistics that are normally queried on a Grafana dashboard. Exercise caution when choosing long time periods for the packet capture retrieval.

  1. Compete the Preserve field:

    1. true: The job will stay in the Query Job List in the dashboard.

    2. false: The job will be deleted from the Query Job List after a specified time. By default, this is a week.

  2. Choose the appropriate capture probe(s) that you want to retrieve packet data from.

  3. If you wish to filter down the packet capture more tightly, enter the appropriate BPF filter. for example, filter for a given IP, port, or protocol, with a text-based filter such as tcp and (dst 172.18.10.36 and dst port 5001). Define the filter using Berkeley Packet Filter syntax.

  4. Create a job by choosing Run Query.

  5. The query will be added to the list in the Query List panel. The query status may be running or ready.

  6. Once the query is ready, click on the query name in the Query List panel. The Query Detail panel will show the PCAP file(s) that the query generated.

  7. Click on the PCAP file(s) to download them.