Document Number: OSUP1065
Product: Observer 10 and higher
Date: 12/20/07
Title: What are Expert Information Packets? Can I disable them? Do I need them?

SYMPTOM:
When viewing a decode captured from an Expert Observer or Observer Suite, the capture contains Expert Information Packets.

What are Expert Information Packets?
Expert Information Packets are packets inserted into a capture to assist the Expert engine within Observer while processing packets. There are 3 types of Expert Information Packets:

1. Expert Load Packets – These packets are inserted every second into the capture. They include information about the number of packets and bytes seen during the previous second, along with the utilization seen.
   These figures are used while drawing the graph seen on the Expert Events tab within the Expert screen.
   
   
2. Start/Stop Packet Capture – These packets are inserted whenever you click on Start or Stop from either the Packet Capture or Decode Screen. They are used to help expert know that there are gaps of time between packets.
   
   
3. Wireless Channel Change – These packets are inserted when monitoring a wireless network adapter. They are inserted only if you are using the Channel Scan option. Each time Observer begins monitoring a new channel while in the Channel Scan mode, a new packet is inserted with the current channel being monitored.

Can I disable them?
Yes. These packets can each be disabled from within Packet Capture. From the Packet Capture screen, click on the SETTINGS button. (GigaStor users, can modify these settings from GigaStor Control Panel – SETTINGS BUTTON). Uncheck those boxes beside the Expert Information Packets you do not want to have generated.

Do I need them?
Expert Information packets are not required for the Expert to work. The following describes the behavior you will see if these packets are disabled:

1. (Disabling Expert Load Packets) – Disabling these packets will cause Expert to draw the Summary graph based solely on those packets within the capture buffer. As an example lets say 20000 packets were seen during a 1 second period, also that there was 10,240,000 bytes and 10% utilization. With these packets enabled Expert would graph 20,000 packets and 10% utilization.
   Now lets say during this second you used a filter and captured only 5 packets during that second, with these packets Observer would graph 20,000 packets and 10% utilization. If you had disabled the Network Load Packets, Observer would graph 5 packets and 0% utilization.
   
   
2. (Disabling Start/Stop Packet Capture) – Disabling these packets can cause Observer to produce invalid response times to packets seen as Observer does not know that the capture was stopped. It only sees gaps within a sequence of the data stream and assumes that the data was not sent or dropped and will, in the case of VoIP packet loss within calls, register calls that not have actually occurred.
   
   
3. (Disabling Wireless Channel Change) – When Expert is processing Wireless data, we need to understand when the adapter is looking at a different channel then when a packet in a conversation was originally seen. This allows Observer to know that though Expert was looking at a conversation on Channel 5, that the next set of packets is now looking at channel 6 or 7 and so on. This prevents Observer from believing data is missing from a conversation due to packets not being captured. If you disable these packets while using the Channel Scan option, your response times and other calculations within the Expert System may not be accurate.