Creating an MSA project
To create an MSA project, you must use the MSA wizard. The MSA wizard guides you through the creation of an MSA project, and includes steps for setting up the project parameters and ultimately, displaying the MSA project window. There are multiple ways to start the MSA wizard. Additionally, depending on which way you start the wizard, there are multiple entry points to the MSA wizard. You can start the MSA wizard in the following ways:
• From the menu, choose …. The MSA wizard appears, and prompts you to create an MSA project by either searching for packets on remote engines, or using packet files:
• Searching for packets on remote engines: Select this option and the MSA wizard first guides you through choosing a time range to search, and a filter to apply (making a filter for IP/port pairs is recommended, though any filter supported by Omnipeek will work). Additional wizard screens guide you through choosing which Capture Engines and which capture sessions per Capture Engine you wish to search against.
Finally, the wizard performs the search, and the relevant packets are downloaded to Omnipeek for analysis. From there, it works the same way it does for doing multi-segment analysis from files, except that the files are already entered for you (they're the files downloaded from the Capture Engines). You can reorder the segments, rename the segments, change the time offsets, and save the output to an .msa file.
• Use packet files: Select this option and the MSA wizard guides you through choosing which files to use (one file per segment), and the time offsets between them. You can also name each segment, and reorder them. Then you can save the resulting project to an .msa file, which can be reloaded later. The .msa file contains all the analysis, so you don't have to do any of this setup again.
• From the Packets view in the navigation pane: Right-click one or more packets and choose …. The MSA wizard appears and guides you through the creation of the MSA project, beginning with choosing a time range to search, and a filter to apply.
• From any of the Expert views (Clients/Servers, Flows, and Applications) in the navigation pane: Right-click one or more flows and choose …. The MSA wizard appears and guides you through the creation of the MSA project, beginning with choosing a time range to search, and a filter to apply. The … option only appears for IPv4 TCP flows. MSA does not support UDP or IPv6 flows.
• From any of the Web views (Servers, Clients, Pages, and Requests) in the navigation pane: Right-click one or more servers, clients, pages, or requests and choose …. The MSA wizard appears and guides you through the creation of the MSA project, beginning with choosing a time range to search, and a filter to apply.
• From the Nodes and Protocols views in the navigation pane: Right-click one or more nodes or protocols and choose …. The MSA wizard appears and guides you through the creation of the MSA project, beginning with choosing a time range to search, and a filter to apply.
IMPORTANT: The time it takes for Omnipeek to build and display an MSA project is dependent on the number of segments, the number of flows, and the number of packets in each flow. MSA includes a limit of 100,000 packets per flow (modifiable from Multi-Segment Analysis Options), but there is no hard limit to the number of segments or flows that can be included in a project. Be selective when choosing data for your MSA projects. If you find that an MSA project is taking too long to build, you can cancel out and reduce your data set.