Frequently Asked Questions

What is LiveNX's Flow Rate?

LiveNX can process 1 M flows/sec via a special-purpose, high-performance database.

How are devices discovered by LiveNX?

Via SNMP by specifying an IP address, subnet range, or a seed device.

What do I do if I am locked out of my account?

You can reset your local admin password using the LiveNX Server Management Console. LiveNX Server Management Console can be access thru VM console or VNC.

Instruction to reset admin password:

1. SSH onto LiveNX OVA

2. SSH login credential, username = admin, password = changeme

3. Run command “vnc start”

4. Connect thru  VNC Viewer

5. VNC login credential, username = admin, password = changeme

6.Launch LiveNX Server Management Console.

7. Go to Manage > Reset Password

8.  After resetting password, login to the LiveNX Client and change password. 

Does LiveNX support non-Cisco Devices?

LiveNX Flow provides advanced end-to-end system-level flow visualizations for multi-vendor networks. The following devices have gone through flow-analysis testing with LiveNX can be found in the LiveNX specifications page at

Do I Need a New License to Get the Latest Release Version?

A new license is not required to upgrade minor release versions

Can LiveNX schedule Periodic Report?

You can schedule daily, weekly and monthly reports via LiveNX Report Scheduler. The report can be sent as a PDF attachment or a hyperlink via emails.

Can I customize my dashboard with LiveNX?

As of LiveNX 7.2.0, Custom Dashboard is available in the Web UI.

  • Dashboards can be shared with other users
  • Custom widgets can be created from a certain report
  • A new “Filterable Custom Dashboard” has been added to allow filtering of dashboards containing only custom widgets
  • Default templates have been reworked to provide more insight into the information they provide
  • “Add Widget” process has been improved

How many users can connect to a LiveNX Server?

You may have a total of ten active sessions connecting to a LiveNX server at any time, but only one admin session. This is to ensure that key items (for example – alerting, device settings, etc.) are properly handled. Please see the user guide for more information about the different rule-based access control privileges available for each user type.

How do I start LiveNX Client through a Java Webstart?

1.Login into the LiveNX Web UI Client.
2. Go to https://LiveNXIP
3. Enter username and password
4. Click Login
5. On the top right corner, click the Desktop icon to Launch Desktop App and accept the Java Webstart installation.

LiveNX Client through a Java Webstart

This may take several minutes as all the files are downloaded and installed. Once installed you will be prompted to run the client and you will get the LiveNX login prompt.
If this is your first-time logging into the LiveNX Client, login into the default administrator account and create users. The initial default admin credentials are as follows:

Username: admin
Password: admin

How much historical data does LiveNX hold before it starts purging?

In 7.1.0 release, the automatic purging schedule is now available from 1-365 days. To change LiveNX Database settings, go to Tools > Options > Database in the Java Client.

I don't think I'm seeing any NetFlow data on my device but am not sure. How can I verify this?

In the LiveNX client, you can verify that you are not seeing any NetFlow data by selecting Flow –> Data Status and clicking the Execute Flow Counts button.

NetFlow data on my device

  • Flows should be coming in on port 2055, unless changed in the Management Console.
  • LiveNX may not read the flow data if it is coming from an IP address that was not used when adding it to the application.
    • If this is the case, you could try re-adding the device using the IP address being used to source NetFlow.
    • You could also potentially set the NetFlow source interface to correspond with the IP address used to add the device.
  • Ensure that there are no ACLs that could be blocking NetFlow out of the device.

How to Export/Import LiveNX Backup Configuration file?

1. Login to the LiveNX Web UI Client.
2. Go to https://LiveNXIP
3. Enter username and password
4. Click Login
5. On the top right corner of the LiveNX page, Click the Gear icon, System Management > Configuration

LiveNX Backup Configuration

6. Click Export to Export Backup Configuration or Import to Restore Backup Configuration

Import to Restore Backup Configuration


1. Java Client session will timeout during the export configuration process.

2. Import Configuration process will require to restart LiveNX Service.

Windows 64-bit Operating System – Server 2008 or 2012 R2, Windows 7 (Professional or Ultimate) with .NET framework v3.5.1+

Linux RHEL/CENTOS 6.4 or 6.5 with GNOME UI

Does LiveNX Server support Rest API?

Yes, LiveNX support Rest API. This is a way for users to access captured network data on the LiveNX Server without direct use of the LiveNX Client. This allows the user to build up their own special reports or analysis through a programmatic way based upon the LiveNX data.

To Access the LiveNX Rest API Swagger Page:

1. Login to the LiveNX Web UI Client.
2. Go to https://LiveNXIP
3. Enter username and password
4. Click Login
On the top right corner of the LiveNX page, Click the API icon, you will be redirected to the API page https://<LiveNXIP>:8093/v1/docs/

LiveNX Rest API Swagger Page

Under What Circumstances Would I Need to Deactivate My License?

There are 2 scenarios that would require you to deactivate your license.

License activations are tied to the original server’s MAC address.
Deactivating your license will enable it to be re-activated at a future time or location with a new MAC address.

a. Migrating your LiveNX Server to a new location.
b. Starting a fresh installation.

Can LiveNX show rankings like who are heavy traffic users by each QoS queue?

Using NetFlow, we can map IP address wrt DSCP markings, but we don’t map IP address directly to QoS queue.  Most companies use DSCP based QoS queue maps so this works most of the time.

Does LiveNX Allow local authentication alongside LDAP?

LiveAction does allow local authentication alongside LDAP. If you are planning to migrate to LDAP and would like to test it with LiveNX.

Does LiveNX support AD Security Group?

This feature has already been implemented in 6.2.0, but not many customers are aware of how it works. Follow these steps to add users from AD Security group.

Is there a limit of to the number of interfaces LiveNX supports on one device?

From a topology drawing perspective, we have a 100-interface limit, so you can see them. In the future, we’re looking at grouping on the screen. For interface level alerts for up/down, errors or drops, we provide that for all interfaces. For layer 2 trunks and access ports and HW queue information, we show all interface. From a flow device view, we show flows from any interface that has been enabled.

Does LiveNX support full FCAPS (Fault, Configuration, Accounting, Performance, Security) management?

LiveNX specializes in application and network performance with QoS Control. It offers alerting, visual path trace and another color-coded status for fault management, but no syslogging. It also provides network health functionality including network discovery and topology, network monitoring using NetFlow, IPFIX, SNMP, QoS, routing and LAN statistics, dashboard, Top N analysis, device CPU/memory usage, link utilization and interface up/down. LiveNX also supports NCCM via Netline Dancer integration and provides performance baselining and capacity planning via Flow, SNMP and IP SLA. As for Security, LiveNX can recognize DDoS-like behaviors and allows customers to create an access-list on-the-fly to block malicious traffic.

LiveAction specializes in application and network performance with QoS Control. It offers alerting, visual path trace and another color-coded status for fault management, but no syslogging. It also provides network health functionality including network discovery and topology, network monitoring using NetFlow, IPFIX, SNMP, QoS, routing and LAN statistics, dashboard, Top N analysis, device CPU/memory usage, link utilization and interface up/down. LiveAction also supports NCCM via Netline Dancer integration and provides performance baselining and capacity planning via Flow, SNMP and IP SLA. As for Security, LiveAction can recognize DDoS-like behaviors and allows customers to create an access-list on-the-fly to block malicious traffic.

What is best practice when applying a QoS policy to a subinterface?

Cisco suggests using a hierarchical policy since there are no hard bandwidth limits associated with the subinterface.
You can create a “shaping” policy in LiveAction and set a shape value to the “class-default” as in the screenshot below:

Notice the policy called “shape-a” is setting a shaping policy of 10Mbps. Then, drag another policy under class-default, as shown below:
Here is an example of the config using a policy called “a” and how it is associated with the hierarchical shaping policy called “shape-a”. It is then tied to a Gig subinterface in our lab setup.

policy-map a
class a
    bandwidth percent 80
class b
class c
policy-map shape-a
class class-default
    shape average 10000
  service-policy a
interface GigabitEthernet0/1.101
encapsulation dot1Q 101
ip address
ip nbar protocol-discovery
ip flow ingress
ip flow egress
no cdp enable
service-policy output shape-a


What are LiveSP main features?

Keywords: Overview, Implementation, User features.

LiveSP is a multi-tenant platform that delivers Communication Service Providers (CSP), Managed Service Providers (MSP) and network integrators with a powerful application-aware management tool, helping them to assure the delivery of WAN connectivity services to their business customers.
For all the traffic and applications going through the WAN links and accesses, for thousands of enterprise customers, LiveSP is divided into several modules that allow to:

  • display executive view of network and critical application KPIs;
  • drill down near real-time dashboards and assess end-user experience with fine-grain end-to-end application performance metrics across LAN, WAN and Application servers;
  • troubleshoot hybrid network path (PFR) issues;
  • alert when critical application performance is out-of-policy;
  • report daily, executive view of your Network SLA
  • closely customize customers’ network (dashboard, alerting, site clustering, custom applications, etc.);
  • easily admin multi-tenant profiles and rights
  • monitor flow and polling collection.

What capabilities does LiveSP provide to build custom dashboards and reports?

Keywords: User features.

Dashboards are made of customizable dashlets. A dashlet may use various visualization formats and can be configured as easily as you build an Excel timeline graph:

  • pie, to display top nodes on one specific metrics (example: top loaded interfaces);•
  • bar graph, to display aggregated view for several metrics and nodes (example: traffic repartition per DSCP for Citrix, Gmail and FTP);
  • timeline, to visualize trend of KPIs (example: traffic per primary / secondary network for hybrid network);
  • gauge, to highlight performance status of a KPI (example: salesforce response time over the end-customer network);
  • table, to detail performance metrics for Top nodes (example: top path changes with jitter /drop /latency out-of-policy event count);
  • pie-line, to mix gauge and timeline visualization (example: business/leisure traffic repartition)

Reports can include images, text, date and shapes, to have a powerful communication tool.

Is it possible in LiveSP to have executive dashboards beside expert visualization?

Keywords: User features.

LiveSP is designed to give both non-specialists and specialists the right insight of network SLAs and end-user experience.

  • The home page provides a workspace to build an overview of network usage, performance and status.
  • The dashboard module provides a fully customizable tab-centric workspace. Admins browse the KPI library and mix in the same tab metrics coming from SNMP polling and IWAN features. End-users drill down near real-time data from one dashboard to another for more details or to spot the root cause of an issue.
  • The report module helps Service Providers structure their communication with their multiple enterprise customers. It turns application or network information from the LiveSP platform into synthetic, decision-driven and good looking PDF report. End-customer chose a template in the report library. They customize the timeframe and schedule a PDF e-mailing for daily / weekly / monthly reporting. Each widget is a dynamic object that is automatically updated when the report is sent.

Does LiveSP provide default resources out of the box, such as dashboards?

Keywords: User features.

LiveSP includes several resources out of the box: default dashboards, reports, alerting, home page, KPI, poller, etc. These resources are based on years of network monitoring expertise and make LiveSP available from day one for many use cases.

Can I drill down an issue for more details?

Keywords: User features.

Yes, the “drill down” feature is available across the platform. It will help IT managers to deep-dive, step-by-step by displaying the useful dashboards/visualization of their network.
When you select an element (site, application, DSCP, etc.), using the magnifying glass, from any module (home page, flow map, etc.), LiveSP will automatically display the available dashboards. Pick the view you need and LiveSP will switch on the new view, with the right scope on right time frame.
For example, you detect unusual spikes of traffic for ms-update. You need more details to understand who is updating its PC during working hours (thus generating a spike of WAN load). Click on the magnifying glass beside the ms-update legend. LiveSP will automatically propose the compliant dashboards.

What is the data retention period? Is there a way to admin the purge?

Keywords: Collection, User features.

When received, data is aggregated to minimize storage without deleting history. Available granularities are 5 minutes, hour and day. By default, data retention is 3 weeks for 5 minutes granularity, 3 months for 1-hour granularity, and day data are never purged. Specific KPI such as daily 5 minutes max period can, however, be stored for a longer period for capacity planning needs.

What does “near real time” dashboards” mean?

Keywords: Collection, User features, Implementation.

CPEs send flows on a scheduled period. Let’s take 5 minutes as the export period: for 5 minutes, the CPEs aggregate traffic. Then, they export the aggregated flows, the next 5 minutes (smooth export to prevent the spike of traffic in the collection link). LiveSP collects the data on the fly and starts data processing at the end of the five minutes export period. So when an event occurs, it will be displayed between 5:30 minutes (best case) to 14 minutes after the event (the worst case with the heavy load on the LiveSP servers).


Has the end-customer any customization capabilities?

Keywords: User features.

Yes. End-customers (or account manager) can define a dedicated environment including dashboard, reports, alerting, custom application, site clustering. They can group sites in cluster to focus on specific area of their network. They can build their custom applications on top on NBAR2 dictionary.

How my customers connect to LiveSP? Is it possible to use SSO authentication?

Keywords: Implementation, User rights.

Service Providers administrators and operations teams access LiveSP using login and password, through a login page, or via Single Sign-On (SSO) from their internal portal. Customers access LiveSP preferably using SSO, via existing external portal. It prevents customer login/password administration on the LiveSP platform.
LiveSP is compliant with any SSO configuration. As SSO implementations are often different, LiveAction professional services team provides specific plugin compliant with your SSO environment (preferably RESTful or SOAP Web Services).

Does LiveSP alert me when one of my critical application is out of policy?

Keywords: User features.

LiveSP allows admins to configure alerts based on network or application metrics in order to increase visibility of end-user experience or network events. When the chosen KPI is above a threshold, an alert is raised.

Can I implement different levels of services depending on customer profiles?

Keywords: User features, Implementation, User rights.

LiveSP as a dedicated solution for Service Provider enables customer profiling in a unique instance. Depending on the offer a customer has subscribed to, end-user access specific features, KPI and resources (Dashboard, report, etc.). Service Provider can also decide to keep specific features for internal use in order to improve their operating efficiency and proactivity (scheduled reports, alerting).

customer profiles

What capabilities does LiveSP provide to troubleshoot hybrid network and Cisco PFR?

Keywords: User features.

When a VPN architecture is used and application traffic is transiting between sites, obtaining visibility on the flows is an important facet of the QoE management. With dynamic WAN paths, Cisco PFR, in-depth knowledge of the application flows is becoming even more critical.
With its WAN path module, LiveSP offers a simple and innovative visualization of the end-to-end flows. Designed for VPN set across a few or thousands of sites, it adapts to each enterprise context and builds maps showing the flow going through their network.
Combining traffic metrics and distribution with performance metrics, the flow map is an extremely effective tool to troubleshoot or optimize the network and application delivery infrastructure.

Is there a way to recognize an application which is not in the Cisco NBAR2 dictionary?

Keywords: IWAN, Admin features.

On Top of Cisco IWAN dictionary, LiveSP can recognize traffic based on IP, port, HTTP hostname, SSL (HTTPS) server name. The workflow is the following:

Does the flow match an embedded LiveSP customer specific application?

  • If no match, does it belong to the NBAR2 dictionary?
  • If no match, does it match with an IANA service based on well-known ports?
  • If no match then the flow is classified as unknown.

Cisco NBAR2

Does LiveSP support IP range discovery?

Keywords: Collection, Admin features, Implementation.

As a multi-tenant platform, LiveSP does not support network discovery. LiveSP needs information that cannot be discovered such as the client name for a specific IP address, and particular IWAN fields to process IWAN information. A seed file is required to enable LiveSP.

Can LiveSP poll CoS and IPSLA metrics?

Keywords: Collection, Implementation, Admin features.

Yes. Expert polling mode leverages a scripting interface to connect the monitored device and its counterparts (Provider Edge, IPSLA probe) and collect advanced metrics (CoS, IPSLA, Metrics, etc.). Admins can mix CLI, attributes coming from the topology and routers template to build advanced metrics such as traffic per CoS, IPSLA jitter, etc.

Standard SNMP polling mode helps admin to quickly add metrics based on OID (for example CPU, traffic, drop, etc.).

Is it possible to record and display raw flows coming from the router?

Keywords: Collection, Implementation, Admin features.

Yes, an expert mode is available on LiveSP. It records raw flows (data + template) coming from the specified CPE and make the data available for analysis. It helps admins troubleshoot issues on router template configuration.

What are the several flow record types that I see when I use the LiveSP raw flow analyzer?

Keywords: Collection, Admin features.

The flow record represents the atomic building block exported by the device. NFv9 and IPFIX define 4 types of flow records: template, data, options template, options data. While template and data records describe the actual live traffic, the two latter stand for static mapping information, such as devices, interfaces, applications, etc.

Does LiveSP provide DSCP fields?

Keywords: Collection, User features.

By using NBAR2 in the class-map, routers can identify traffic by NBAR2 application signature. This allows per-application policy control such as QoS, for example limit traffic rate for Netflix, Pandora, and iTunes applications, or guarantee bandwidth for business applications such as WebEx, Office 365, or Sharepoint.

LiveSP stores and reports metrics down to the DSCP level per application and interface. This helps know whether a given application may have been misclassified when there is a DSCP-based QoS.

What happens if a CPE is configured to send AVC information and then PFR and WAAS?

Keywords: Implementation, Collection, User rights, Admin features.

IWAN monitoring level may be configured through LiveSP provisioning for each CPE. If the CPE exports PFR data flows but provisioned only for AVC, the PFR flows will be ignored by LiveSP.

Is it possible to define his own Key Performance Indicators based on raw counters provided by the collection?

Keywords: Collection, Implementation, Admin features.

Yes, besides default KPI included in the KPI library, admins can define custom KPIs they need to assess the network and end-user experience. They use a graphical interface to build formulas mixing raw counters and operand. New KPIs are immediately available for building new graphs or tables.



Acronym Meaning Notes
AVC Application Visibility and Control Cisco Deep Packet Inspection feature embedded in routers. It enables application recognition based on signature and fields extraction.
ART Application Response Time Cisco passive probe embedded in routers. It enables application performance metrics such as latency per network part.
BR Border Router Cisco PFR component
COS Class Of Service
CSP Communication Service Providers
CSR Cloud Services Router
DPI Deep Packet Inspection
FE Field Extraction
FNF Flexible NetFlow Latest Netflow version
IP Internet Protocol Layer 3 datagram protocol.
IPFIX Internet Protocol Flow Information Export Industry standard for Netflow.
LAN Local Area Network
MACE Measurement, Aggregation, and Correlation Engine
MC Master Controller Cisco PFR component
MMA Metric Mediation Agent
MMON Media MONitoring
MSP Managed Service Providers
NAT Network Address Translation
DPI Deep Packet Inspection Generic name for application recognition engine over telecommunication network.
NBAR(2) Network Based Application Recognition Cisco Deep Packet Inspection Engine.
PA Performance Agent
PFR PerFormance Routing
SSO Single Sign On
SNMP Simple Network Management Protocol
SP Service Provider
TCP Transmission Control Protocol Layer 4 reliable transport mechanism.
UDP User Datagram Protocol Layer 4 transport mechanism. Connectionless transport layer protocol.
VRF Virtual Routing and Forwarding
WAAS Wide Area Application Services
WAN Wide Area Network

What is Cisco Intelligent WAN?

Key words: Cisco IWAN, Overview, Collection, Implementation.
Cisco is a feature bundle embedded in routers, targeted at improving end-user experience when they use applications over Wide Area Network (WAN). Cisco IWAN provides the ability to report your application performance metrics, enables per-application policy for granular control of application bandwidth use (AVC), monitors network performance and selects the best path for each Class of Service (Performance Routing, PFR), and optimize application traffic for faster response time and less bandwidth (WAAS).
Netflow version 9 and IPFIX are the protocols of choices for Cisco IWAN to export information from the routers.

How many applications can Cisco AVC recognize?

Keywords: Cisco IWAN, Overview, Collection, Implementation.

In the past, typical network traffic could easily be identified using well-known port number. HTTP, HTTPS, POP3, or IMAP were among common traffic seen in enterprise. Today, there is increasing number of applications which is delivered over HTTP – both business and recreational applications. And many applications use dynamic ports such as Exchange, and voice and video which are delivered over RTP. This makes them impossible to be identified by looking at port number.

NBAR2 is Cisco’s Deep Packet Inspection (DPI), based on application signature, and Field Extraction (FE) technologies, to retrieve fields such as HTTP URL, SIP domain, mail server, and so on. Application information such as Sharepoint, Netflix, or Google Docs is provided by NBAR2 signature dictionary, called protocol pack. The protocol pack is updated several times a year to include new applications. Version 16.0 includes more than 1500 signatures.

What is Cisco Intelligent Path Control, PFR?

Keywords: Cisco IWAN, Overview, Collection, Implementation.

PFR is part of Cisco IWAN. PFR monitors network performance and routes applications based on application performance policies and load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth. PFR is comprised of two major Cisco IOS components, a Master Controller (MC) and a Border Router (BR).

The Master Controller is a policy decision point at which policies are applied to various traffic classes that traverse the Border Router systems.

  • The hub master controller is the master controller at the hub-site, which is either a data center or a headquarter. This is the device where all policies are configured. It also acts as master controller for that site and makes optimization decision.
  • The branch master controller is the master controller at the branch-site. There is no policy configuration on this device. It receives policy from the Hub MC. This device acts as master controller for that site for making optimization decision.

Border Routers (BRs) are in the data forwarding path. Border Routers collect data from their Performance Monitor cache and smart probe results, provide a degree of aggregation of this information and influence the packet forwarding path as directed by the Master Controller to manage user traffic.

What is Netflow/IPFIX?

Keywords: Cisco IWAN, Collection, Implementation, Sizing.

Netflow provides the ability to collect IP network information as it enters or exits an interface. A Flow Record consists of keyed fields and non-keyed fields. Keyed fields are all field(s) which need to be unique in order for a new Flow Record cache entry to be created in the CPE memory. Non-keyed fields provide information such as metrics (byte count, packet count, latency or jitter). For every record, a cache table is created to track and store flow entry. A new cache entry is created when the keyed field(s) of the packet does not match existing cache entry. Otherwise, only the non-keyed fields are updated, such as byte count is incremented.

What makes Netflow collection different from SNMP monitoring?

Keywords: Cisco IWAN, Collection, Implementation, Sizing.

The key difference resides in the information access: SNMP requires collectors to request the information. Netflow collectors passively receive and process flows from all devices. For first case (polling), devices need to store the data available on request. With Netflow, devices send data once processed. Thus, if devices embed the right processing engines (Deep Packet Inspection, passive probe, etc.), one could have much more detail on traffic and performance using Netflow.

What are the differences between Netflow versions?

Netflow 5 (IPv4 specific)

NFv5 is the most commonly deployed version. The flows exported by the equipment provides 5-tuple keyed fields, source IP / port, destination IP / port and protocol, to describe the identities of the systems involved in the conversation and the amount of data transferred.

Flexible Netflow FNF V9 (IPv4 and IPv6 compatible)

Version 9 has brought FNF capability, which makes Netflow a highly versatile protocol. Its flexibility makes it particularly more relevant for complex reporting and heterogeneous data. Here are a few key components:

  • flexible key field aggregation;
  • variable number of data fields;
  • unidirectional or bidirectional;
  • sampled or not;
  • multi-vendor (430 standardized fields, thousands vendor-specific fields);
  • aggregated, synchronized or not for exports.


IPFIX (IP Flow Information eXport) also referred to as NFv10, IPFIX is the industry standardized version of Netflow. It builds on NFv9 for most of the features, and brings additional flexibility (variable-length fields, sub-application extracted fields, options-data, etc.).

Note: Netflow version 9 and IPFIX are the export protocols of choices for AVC, because they can accommodate flexible record format and multiple records required by Flexible Netflow infrastructure. IPFIX is recommended.

Does IWAN increase router CPU and memory load?

Keywords: Implementation, Collection, Cisco IWAN, Sizing.

Yes, compared to the relative simplicity of SNMP monitoring metrics, IWAN features comes at an expense on the network device in terms of memory (need for anticipation in configuring the cache size) and CPU (for advanced processing). Cisco has introduced EZPM in latest version of IWAN to decrease CPU load. Service providers have to check if the needed additional resources on routers is compliant with their existing portfolio (which router for which contracted bandwidth).

What is the Netflow impact on CPE performance?

Keywords: Implementation, Collection, Cisco IWAN.

Most architecture are compatible with Cisco IWAN, as it runs on top of an overlay transport protocol (DMVPN for IWAN 2). However, the concrete deployment of IWAN requires a Cisco Validated Design: Cisco provides online in-depth PDF guides for deployment and configuration.

What Are Some of the New Expert Enhancements?

  • Improved Expert and VoIP performance
  • Added Expert event for detecting Gratuitous ARP
  • Added Expert event for detecting TCP Duplicate ACKs
  • Made SACK options more obvious in Flow Visualizer
  • Made Flow Visualizer come up faster
  • Updated Expert event default settings
  • Improved Expert event behaviors
  • Improved Expert Settings file handling for the engine

What Are Some of the New VOIP Enhancements?

  • Added Asserted Identity to Calls & Media views
  • Added the ability to search Asserted Identity
  • Fixed VoIP-related issues
  • Fixed call playback, DTMF related issues
  • Synthesized DTMF from RTP events when signaling is absent

What Hi-Dpi Does Omnipeek 12.2 Support?

Omnipeek supports 4K (3840 x 2160 pixels) monitors.

What Is the View File Content Option?

This is an option titled “Files” on the Navigation Pane for loaded packet files. It displays files extracted from reassembled HTTP flows. This can be very useful for monitoring network activity.

What Is the Filter File Load Feature?

The File Open dialog in Omnipeek has a “Filter” option. By clicking this button, you can invoke the same Filter UI available in the Capture Options. When the file is loaded, each packet is run through whatever filters were selected by the user, and only packets passing that filter criteria will be loaded.

What Is the Application Dashboard View?

This utility gives a graphic view of Application utilization, Application latency and Application details of flows, packets and bytes.

Whats in the Application Statistics View?

The view displays total applications statistics for the duration of the file, capture, or search in a list with the follow columns:

  • Application
  • Utilization %
  • Bytes %
  • Packets %
  • Bytes
  • Packets
  • First Time
  • Last Time

Whats in the Compass Application View?

The Compass view includes an Applications statistics chart window for grouping statistics by applications.

What Is the Overview Graph for Capture Files?

  • Provides an easy method to “zoom” in on a portion of a file by selecting a time range and reprocessing all statistics
  • Provides summary information on various counts – Packets, Flows, Files, Events, etc. – including those in the selection, and total in the file
  • Provides an overview of Expert events in the file

I Get a Message on My Compass Screen That Says, "Flash Not Installed", I Am Using Windows Server 2012, What Is the Problem?

Flash is typically not installed automatically on Windows Server 2012, so it must be added manually through the server manager.

Follow these steps:

  1. Open up the Control Panel
  2. Notice that the Flash Player is not listed as being installed
  3. Open up the Server Manager
  4. Select “Local Server” from the left pane
  5. Scroll down to “Roles and Features” in the right pane
  6. Select “Features” from the left pane
  7. Click the “Tasks” drop down next to “Roles and Features” and select “Add roles and features”
  8. Inside the tree-list box in the right pane, expand “User Interfaces and Infrastructure”
  9. You should see that “Desktop Experience” is not checked
  10. Check “Desktop Experience” to install Flash (and other things as well)
  11. Continue through the “Add roles and features” section and click “Install”
  12. After the reboot, open the control panel and you will see that Flash is now listed as being installed
  13. Flash will now be installed for Compass in Omnipeek

What Is the Country Filter Dialog Menu and Where Can I Find It?

The Country Filter dialog allows you to specify one or two countries, and a direction (like the address and port filter dialogs). It is in the Advanced filter under the Logical “And”, “Or” and “Not” options.

Is There a Way to Have Multiple Decode Columns in the Packets View?

Yes. By right-clicking on a field within the Decode View, you can add as many decode columns as you like and arrange them in any order.

Note: Once you add a decode column to the Packet List Columns, you cannot modify it, only delete it. Right-Click on the column title bar and uncheck the decode to delete it.

What Is the Filter File Load Feature?

The File Open dialog in Omnipeek has a “Filter” option. By clicking this button, you can invoke the same Filter UI available in the Capture Options. When the file is loaded, each packet is run through whatever filters were selected by the user, and only packets passing that filter criteria will be loaded.

How Do I Label Packets by Color in Omnipeek?

Select the packets you wish to label, right-click on one of them, and you can Label selected packets in the color you wish. This makes it very easy to identify different groups of packets in a trace file.

Where Can I See the Geographic Location of Nodes?

The Nodes view has two columns: “Country” and “City”. This will give a good overview of the geographic location of different nodes.

What Ways Does Compass Generate Statistics in Omnipeek?

From file(s) in the Compass Workspace navigation bar and by creating projects from one or more packet files in the Compass Workspace mode.

I Want to Change the Port on the Access Point Capture Adapter in the Capture Options Dialog, but I Don't See a Way to Accomplish This, How Do I Change the Port?

Go to the Tools pull down menu in Omnipeek and select Options. Then under Analysis Modules select the Access Point Capture Adapter Options. Then you can change the port there by selecting Options.

What Are the Supported Cisco and Aruba 802.11ac Ap's That Are Supported in Omnipeek?

The supported AP’s are the Cisco AP2700, AP3700 and Aruba AP-225 models.

I Want to Change the Port on the Access Point Capture Adapter in the Capture Options Dialog, but I Don't See a Way to Accomplish This, How Do I Change the Port?

Go to the Tools pull down menu in Omnipeek and select Options. Then under Analysis Modules select the Access Point Capture Adapter Options. Then you can change the port there by selecting Options.

Do the Cisco and Aruba Ap's Support Multi-Stream 802.11ac Configuration?

Yes, they support MIMO: 1, 2 and 3 spatial stream configurations.

Does Omnipeek Support 4 Spatial Streams Decoding?

Yes, Omnipeek supports 4 spatial streams decoding.

How Do You Configure the Protocol Translations in Omnipeek?

  1. Go to Tools>Options>Protocol Translations
  2. Select Insert
  3. Choose TCP or UDP
  4. Enter the Port number
  5. Choose the Sub-Protocol by clicking “Choose” then click OK

What Enhanced Support Is There in SCTP?

  • Filter by SCTP Port
  • Improved Protospecs encapsulation of SCTP
  • Made SIP calls encapsulated in SCTP work in VoIP views
  • SCTP Port Translations
  • SCTP enhanced Summary decode, analysis

What Is the Product Activation Mentioned in the Installer?

When you install a Peek product the installer sends a secure message to a web server located at Savvius. The installer sends the following information: serial number, product information, name, company name, and an ID number associated with your computer. This process will assist us in reducing software piracy, as we can insure that our software is used solely by authorized customers. If you have questions or concerns, please contact us.

Where Do I Download the Software to Re-Install My Product?

Please log in to MyPeek at You can access information about your purchase and links to download your software.

When Trying to Access Mypeek I Get the Following Error: "Our Records Indicate That Your Contracts Have Not yet Been Validated as No Entry of a Shipped Serial Number Has Been Entered. If You Believe You Do Have a Current Contract, Please Notify Us so That We Can Resolve This Matter." How Do I Solve This?

Please validate your serial number before logging into MyPeek for the first time. You will notice a link that says Validate product Serial Number. Clicking on this link will take you to the Validate Shipped Products page. Please enter your serial number and email address.

You only need to validate your serial number one time. Go back to MyPeek using your email address and login password. If you have forgotten your login password, please use the ‘Forgotten Password’ Option.

What If I Do Not Have Access to the Internet, Can I Still Activate My Product?

Yes. When running the installer, please select Manual activation. You will need three pieces of information, your serial number, the CPU ID of the target machine, and the activation key. To get the CPU ID, open a CMD prompt and type <dir>. This will give you’re the Volume Serial Number of the hard drive. Use this (without dashes) for the CPU ID. The Activation key will be generated and emailed to you. Follow the remaining instructions in the installer.

I Have Access to the Internet so Why Is Activation Still Being Rejected?

If you are trying to activate a current release of Omnipeek or OmniEngine, please be sure the Proxy Settings on your computer are properly configured. If you are still having trouble, here are two additional ways to activate your product. 1) We can generate an activation code for you. Choose manual activation and call us with your machine ID number. 2) If you have another machine that has access to the internet go to and fill out the form, an activation code will be generated. Enter the activation code to proceed with the install.

What Is License Policy?

We allow the installation of our products on one computer accessed by a single user, per serial number. Any installations beyond this would require the purchase of either additional licenses.

Can I Re-Install on the Same Machine?

Omnipeek can only be installed on a single machine at a time.  Contact LiveAction technical support (URL) if you need additional help on this topic.

Here Is a List of Common Activation Errors.

  • EC109 – Activation failed please contact us
    Response code 2 – Please contact us, we may need to generate an activation code for you.
  • Ec104 – Your product needs to be validated. Please go to:
  • Ec105 – Be sure you are selecting the correct product. Example SE, NX, VX
  • Ec108 – Be sure you are selecting the correct version number, Example. 3.0, 2.0

MyPeek and more


MyPeek is a customized account designed to increase your experience with Savvius. Through MyPeek, customers with current maintenance can download the latest version of their software and documentation, get access to various plug-ins, learn about upcoming releases and new products.


Product updates may be purchased without a maintenance contract for 40% of the product SRP.


When you purchase software products with maintenance, you are given a personal, customized “MyPeek” account that houses links to the software you have purchased, free utility software, our maintenance newsletters, links to our CIO’s blog, and more. Access to your MyPeek account expires when your maintenance term ends, so unless you are current with maintenance, you cannot update or upgrade your existing software purchase. Please contact to renew maintenance and download the latest version.


The activation process will protect your software licensing rights while assisting Savvius in its efforts to protect its intellectual property. Savvius also has been required by its international channel partner representatives to provide a strong copy protection system, since they cannot invest in products that do not provide anti-piracy measures. In our efforts to address these realities, we believe we have implemented a user-friendly system that will prevent casual piracy and will be next to invisible to legitimate users.

Your maintenance entitles you to 2 activations or installations of the product and our SLA states that one installation is for back-up, the second is for use. If you have special circumstances for installing software please contact your sales rep or email to discuss alternatives.


Typically this is a serial number validation issue. From the MyPeek home page click on “validate your product serial number” and enter your registered email address and serial number. This will enter it into the MyPeek system.


Of course, you can! If your maintenance has been expired for less than 90-days you may purchase a new maintenance contract by paying a lapsed maintenance fee equal to 25% of the SRP of maintenance for the product you are renewing. The new maintenance agreement will begin on the date of order.

Customers without maintenance or that have been expired longer than 90-days may purchase software updates for 40% of the SRP of the software. New maintenance agreements may then be purchased for the updated software.


Software renewals are set at approximately 20% of the original SRP of the product for which maintenance is being purchased. If your maintenance is current you may refer to your MyPeek account for renewal pricing options. If maintenance is expired, or if you’d like to go over alternative options please email or call 925-937-3200.


Savvius offers special migration pricing for owners of competing products. Please contact your sales rep or email for pricing information.


You can transfer up to 12-months of the existing maintenance contract by paying the differential in maintenance price across the two products. Additional months will be forfeited upon upgrading. The original license, while you will always own it, will be made ‘inactive’ from Savvius’ point of view and therefore will not be eligible for future upgrades or support programs.



Of course! Savvius software licenses are perpetual and once you buy it, you own it. You may use the product as long as you like.


Yes! All Savvius requires is new end-user information including name, phone number, email, and physical location. In the case that you are transferring the license to another company or organization, we would prefer to have the request in writing on company letterhead indicating transfer of ownership.


You may purchase maintenance which will give you the ability to download the latest version of Savvius software.

MyPeek login


What Are the Features That Are Available in Capture Engine for Omnipeek 12.2?

  • Added support for 3rd party authentication
  • Expert enhancements
  • VoIP enhancements
  • Support for Financial Transaction Card Message Interchange protocol (ISO8583)

What Added Support for 3rd Party Authentication Has Been Added to Capture Engine 12.2?

ACL supports third-party authentication by allowing the administrator to enter a username in the Add Users to ACL dialog. The username entered is the one entered by a user for third-party authentication. Users are able to configure them to allow authentication via RADIUS, TACACS+(Not supported on Capture Engine for Windows), or Active Directory.

What Are Some of the Expert Enhancements?

  • Improved Expert and VoIP performance
  • Added Expert event for detecting Gratuitous ARP
  • Added Expert event for detecting TCP Duplicate ACKs
  • Made SACK options more obvious in Flow Visualizer
  • Made Flow Visualizer come up faster
  • Updated Expert event default settings
  • Improved Expert event behaviors
  • Improved Expert Settings file handling for the engine

How Do You Configure the New Protocol Translations the Capture Engine?

  1. Go to the tab in Settings>Protocol Translations
  2. Click the Insert Button
  3. Choose TCP or UDP
  4. Enter the Port number
  5. Choose the Sub-Protocol by clicking “Choose” then click OK

How Do You Configure the Packet File Indexing to Increase Performance for Forensic Searches?

  1. Go to Capture Options>Packet File Indexing
  2. Select the packet characteristics you are most likely to use in a forensic search software filter then click OK

What Is the Country Filter Dialog Menu and Where Can I Find It?

The Country Filter dialog allows you to specify one or two countries, and a direction (like the address and port filter dialogs). It is in the Advanced filter under the Logical “And”, “Or” and “Not” options.

What Is the Remote Compass Feature?

The Remote Compass is the same interactive network forensics dashboard application in Omnipeek that is also available on the Capture Engine for Omnipeek

What Is the Sparklines Graph in the Details Sub-Tab of the Forensics Tab?

The Sparklines are the Network Utilization (Mbits/s) graphs, just shrunken. The data for the Sparklines are only requested when the item becomes visible. Sparklines are updated for active captures only.

What Is the "Priority to Disk" Option?

When enabled it gives priority to CTD (Capture to disk) captures, so that real-time monitoring captures have less impact on the CTD performance.

What Is the "Disk Space for This Capture" Option in the General>Capture Options?

This slider and associated text field are used to specify the maximum amount, in gigabytes, of disk space for the capture to occupy. Keep in mind, once the capture amount is selected for the capture it can no longer be used for other captures.

How Do I Download Files from My Capture Engine to My Omnipeek Console Machine?

There are 2 ways you can accomplish this task:

  1. Go to the Tools pull down menu in Omnipeek and select “Download Engine Packet Files”.
  2. From the Files tab of the Capture Engine, highlight the file/s you want to download, right-click and select the “Download Packets” option or just click the “Download Packets” icon.

How Do I Add Files to the Capture Engine?

  1. Go to the Files tab.
  2. Click on the “Upload Packets” icon.
  3. Select the files you want to add to the Capture Engine.
  4. Click Open.

What Is the Support Tab Used For?

The information that is stored there is mainly for Tech Support in case customers experience problems.

How Do I Save the Support Tab Information?

There are buttons to save this as a text file and to copy it to the clipboard.

  1. The save icon saves all information. There is a menu item for saving as well, File>Save Support Info. The default file saves name is Capture Engine Support.txt.
  2. The copy button (as well as the Edit>Copy menu item) will copy only the selected text to the clipboard. If there is no selection, it will copy everything.

Note: There is a refresh button which will update the information (re-query and re-receive it from the engine). There is no auto-refresh, however, each time you switch to this tab the information there will be refreshed.

What Information Is Contained in the Audit Log Tab?

The Capture Engine audit log lists available information regarding events taking place on the Capture Engine. Each log entry displays the Date, Time, Client, User, Message, and Result.

How Do You Use the Searchable Log Options in Capture Engine?

  1. Go to the Logs view on a Capture Engine window.
  2. Click on the Clock icon next to the Search field.
  3. Select the date and time range.
  4. Click OK.

How Does the Packet De-Duplication Feature Work?

In the General Capture Options, there is now a check box that says, “Discard duplicate packets”. When this is checked, if the FCS of an incoming packet matches one from the ring buffer, that packet will be discarded. This is a great feature for customers monitoring from SPAN ports, where duplicate packets are often seen.

How Does the Offline Forensic Search Feature Work?

When a forensic search is started, it will continue and when it is completed, it will show up in the Forensic Searches tab. If it is a lengthy search, the user can log out of the engine and log back in at any time to view and analyze the results.

What Are the Timeline Graph and Forensics Capabilities on Capture Engine?

Timeline graph and forensics capabilities apply to Capture Engine for Omnipeek. This product can display a Timeline graph, real-time stats, and perform forensics search

What Is Active Directory Authentication for Capture Engine?

To provide Active Directory authentication to the Engine, we use the provided Active Directory Service Interfaces (ADSI) components.

Configuring Active Directory authentication on Capture Engine Windows will require two bits of information:

  • IP Address: This is the host servers IP Address
  • Port Number: Default port is 389

Why Does the Dashboard View Display Traffic History and Top Talkers by Ip Address as Not Available?

Be sure the modules are enabled. Start a new Monitoring Capture or New Capture>Click the Performance View>Traffic History and Top Talker Statistics should be checked.

Please also note that the Dashboard view is available only when Monitoring and Capturing. Forensic Captures by default have all Analysis Options unchecked.

Why Can't I See the Capture Engine Tabs Such as Filters, Graphs, Alarms, and Notifications?

You must first select the Settings Tab and then all the Tabs mentioned above will populate on the screen.