GigaSMART Packet Slicing
Required License: Base
GigaSMART operations with a Slicing selected truncate packets after either a specified header/layer and offset (a relative offset) or at a specific offset. Slicing operations are typically configured to preserve specific packet header information, allowing effective network analysis without the overhead of storing full packet data.
Packets can have multiple variable-length headers, depending on where they are captured, the different devices that have attached their own headers along the way, and the protocols in use (for example, IPv4 versus IPv6). Because of this, slicing operations with a hard-coded offset will not typically provide consistent results.
To address this, the GigaSMART lets you configure packet slicing using relative offsets – a particular number of bytes after a specific packet header (IPv4, IPv6, UDP, and so on). The GigaSMART parses through Layer 4 (TCP/UDP) to identify the headers in use, slicing based on the variable offset identified for a particular header instead of a hard-coded number of bytes.
Keep in mind the following when configuring GigaSMART operations with a Slicing component:
|
Feature |
Description |
|||||||||||||||||||||||||||||||||
|
Protocol |
The following are the protocols that you can select for from the protocol drop-down list:
The GigaSMART can provide slicing for GTP tunnels, provided the user payloads are unencrypted. Both GTPv1 and GTPv2 are supported – GTP' (GTP prime) is not supported. Keep in mind that only GTP-u (user plane packets) are sliced. Control plane packets (GTP-c) are left unmodified because of their importance for analysis.
|
|||||||||||||||||||||||||||||||||
|
Slicing Offsets |
You can specify either a relative offset or a static offset for the start of the packet slice:
|
|||||||||||||||||||||||||||||||||
|
Recalculated CRC |
GigaSMART packet slicing automatically calculates and appends a new four-byte Ethernet CRC based on the sliced packet’s length and data and uses it to replace the existing CRC. This way, analysis tools do not report CRC errors for sliced packets. |
|||||||||||||||||||||||||||||||||
|
GigaSMART Trailer |
Slicing operations can optionally include the GigaSMART Trailer. If you do elect to include the GigaSMART Trailer, it will include the original packet length before slicing. Note: Refer to Using GigaSMART Trailers for details on when the GigaSMART Trailer is required for a GigaSMART Operation as well as the information found in it. |
|||||||||||||||||||||||||||||||||
|
In Combination with Masking |
Slicing operations can be assigned to GigaSMART groups consisting of multiple engine ports. Refer to Groups of GigaSMART Engine Ports for details. |
Example – GigaSMART Packet Slicing
This example shown in creates a GigaSMART slicing operation named IPv6_Headers. This operation truncates all packet data starting four bytes after the IPv6 header. The sliced packet would include the DLC, IPv6, and TCP headers, which are often enough for analysis needs.
Figure 869: GigaSMART Operations (GSOP) Page with Slicing Selected
Displaying Slicing Statistics
To display slicing statistics, select GigaSMART > GigaSMART Operations > Statistics. The statistics for slicing will be in the row labeled Slicing in the GS Operations column.
Refer to Slicing Statistics Definitions for descriptions of these statistics as well as to GigaSMART Operations Statistics Definitions.
MORE INFORMATION 
