|
![]() Chris Greer and Ward Cobleigh presented for VIAVI at Tech Field Day Extra at Cisco Live US 2025 |
This Presentation date is June 11, 2025 at 10:30-11:30.
Presenters: Chris Greer, Ward Cobleigh
Follow on Twitter using the following hashtags or usernames: #CiscoLive, #CiscoLive25
Enhancing Packet Analysis with AI – Smarter Faster and More Effective with VIAVI
Watch on YouTube
Watch on Vimeo
As network environments grow in complexity, speeds, and feeds, packet analysis gets increasingly difficult. In this session, we shared the results of research into how Artificial Intelligence has the potential to change the game, including automating anomaly detection, accelerating root cause analysis, and revealing patterns in network traffic that might otherwise go unnoticed. But how can AI fit into your current troubleshooting workflow, where is it reliable, and where do we need to validate its findings? Can AI really spot the issues that matter? Whether you’re a network engineer, a security analyst, or anyone responsible for performance and uptime, you’ll walk away from this session with practical guidance on how to use AI effectively, and a better understanding of its limitations.
Ward Cobleigh and Chris Greer discussed the current state of AI-driven packet analysis, particularly focusing on how popular Large Language Models (LLMs) handle PCAP data. They presented a small, deliberately crafted PCAP file with one significant anomaly (a 132-second server response time) to various LLMs, including Claude, Sonnet 4, GPT, Copilot, and Gemini (OG and 2.5 Pro preview).
Personnel: Chris Greer, Ward Cobleigh
Assessing the Current State of AI-driven Packet Analysis with VIAVI
Watch on YouTube
Watch on Vimeo
As network environments grow in complexity, speeds, and feeds, packet analysis gets increasingly difficult. In this session, we shared the results of research into how Artificial Intelligence has the potential to change the game, including automating anomaly detection, accelerating root cause analysis, and revealing patterns in network traffic that might otherwise go unnoticed. But how can AI fit into your current troubleshooting workflow, where is it reliable, and where do we need to validate its findings? Can AI really spot the issues that matter? Whether you’re a network engineer, a security analyst, or anyone responsible for performance and uptime, you’ll walk away from this session with practical guidance on how to use AI effectively, and a better understanding of its limitations.
Ward Cobleigh and Chris Greer continued their discussion on the practical challenges of using AI in packet analysis, particularly focusing on managing large PCAP files. They emphasized that as network speeds increase, PCAP files can grow rapidly, making analysis difficult. Greer’s best practices included capturing only necessary data and using Wireshark’s rolling capture to limit file sizes. For complex, multi-tier applications, it’s crucial to identify the right capture points to find the root cause, not just symptoms. VIAVI Solutions helps customers by providing tools to efficiently capture and analyze relevant packets, avoiding the overwhelming task of sifting through massive data sets. Their approach involves using machine learning to score network performance and identify problem domains, then narrowing down to specific socket connections for detailed analysis.
The VIAVI Solutions Observer platform uses an end-user experience (EUE) scoring method to pinpoint inefficiencies, categorizing them as network, client, app, or server-related issues. They demonstrated how their on-demand application dependency map visualizes the service architecture, helping to identify problematic servers. By focusing on specific socket connections and filtering out irrelevant data, they enable users to export small, manageable PCAP files for further analysis in tools like Wireshark. This approach streamlines the troubleshooting process, allowing analysts to concentrate on relevant data and resolve network issues more effectively. They also addressed challenges in capturing data in cloud environments, noting the varying capabilities of AWS, Azure, and Google Cloud, and the importance of reliable data capture methods.
Personnel: Chris Greer, Ward Cobleigh