|
|
 Chris Greer and Ward Cobleigh presented for VIAVI at Tech Field Day Extra at Cisco Live US 2025 |
Follow on Twitter using the following hashtags or usernames: #CiscoLive, #CiscoLive25
Enhancing Packet Analysis with AI – Smarter Faster and More Effective with VIAVI
Watch on YouTube
Watch on Vimeo
As network environments grow in complexity, speeds, and feeds, packet analysis gets increasingly difficult. In this session, we’ll look at how artificial intelligence can change the game, including automating anomaly detection, accelerating root cause analysis, and revealing patterns in network traffic that might otherwise go unnoticed. We’ll examine how AI fits into your current troubleshooting workflow, where it’s reliable, and where we need to validate its findings. Can AI really spot the issues you care about? How do you know when to trust it–and when to take a second look? Whether you’re a network engineer, a security analyst, or anyone responsible for performance and uptime, you’ll walk away from this session with practical guidance on using AI to streamline manual tasks, improve accuracy, and gain deeper insight into network behavior.
Ward Cobleigh and Chris Greer discussed the current state of AI-driven packet analysis, particularly focusing on how popular Large Language Models (LLMs) handle PCAP data. They presented a small, deliberately crafted PCAP file with one significant anomaly (a 132-second server response time) to various LLMs, including Claude, Sonnet 4, GPT, Copilot, and Gemini (OG and 2.5 Pro preview). Their findings revealed mixed results: Claude provided generic guidance without direct answers, Sonnet 4 acknowledged limitations and suggested using specialized tools, and GPT, despite an initial “helpful” demeanor, struggled to pinpoint the 132-second delay and even hallucinated a NASDAQ transaction. Copilot, while initially limited by a small data intake (only 20 frames), ultimately proved effective in identifying the delay and offering a comprehensive troubleshooting plan. Gemini 2.5 Pro preview, however, stood out as the most capable, accurately identifying the issue, providing detailed analysis, and formulating well-structured hypotheses and troubleshooting steps, even suggesting checking application logs over general server logs.
Chris Greer elaborated on practical uses for AI in packet analysis, such as gaining additional context on filtered captures (e.g., IP addresses, domains, protocols) and assisting with complex T-shark commands or regular expressions. He also highlighted the benefit of AI in identifying issues that might be missed due to hyper-focus on a specific conversation. However, significant challenges remain, primarily the limited amount of data LLMs can currently process (most struggled beyond 200 packets, with Copilot maxing out at 20 frames and Selector AI at 5 MB). The speakers emphasized the critical need for sanitizing PCAP data before uploading it to cloud-based LLMs due to the sensitive nature of network traffic. Despite current limitations, they concluded that AI for packet analysis is rapidly evolving, with purpose-built AI tools like Selector.ai’s Packet Copilot and Packet Safari Copilot showing immense promise, and that effective prompt engineering remains crucial for extracting meaningful insights from LLMs.
Personnel: Chris Greer, Ward Cobleigh
Assessing the Current State of AI-driven Packet Analysis with VIAVI
Watch on YouTube
Watch on Vimeo
As networks grow in complexity, speeds, and feeds, packet analysis gets increasingly challenging. In this session, we’ll look at how Artificial Intelligence can change the game–automating anomaly detection, accelerating root cause identification, and revealing patterns in network traffic that might otherwise go unnoticed. We’ll examine how AI fits into your current troubleshooting workflow, where it’s reliable, and where we need to validate its findings. Can AI really spot the issues you care about? How do you know when to trust it–and when to take a second look? Whether you’re a network engineer, a security analyst, or anyone responsible for performance and uptime, you’ll walk away from this session with practical guidance on effectively using AI to streamline manual analysis and gain deeper insight into network behavior.
Ward Cobleigh and Chris Greer continued their discussion on the practical challenges of using AI in packet analysis, particularly focusing on managing large PCAP files. They emphasized that as network speeds increase, PCAP files can grow rapidly, making analysis difficult. Greer’s best practices included capturing only necessary data and using Wireshark’s rolling capture to limit file sizes. For complex, multi-tier applications, it’s crucial to identify the right capture points to find the root cause, not just symptoms. VIAVI Solutions helps customers by providing tools to efficiently capture and analyze relevant packets, avoiding the overwhelming task of sifting through massive data sets. Their approach involves using machine learning to score network performance and identify problem domains, then narrowing down to specific socket connections for detailed analysis.
VIAVI’s system uses an end-user experience (EUE) scoring method to pinpoint inefficiencies, categorizing them as network, client, app, or server-related issues. They demonstrated how their application dependency map visualizes the service architecture, helping to identify problematic servers. By focusing on specific socket connections and filtering irrelevant data, they enable users to export small, manageable PCAP files for further analysis in tools like Wireshark. This approach streamlines the troubleshooting process, allowing analysts to concentrate on relevant data and resolve network issues more effectively. They also addressed challenges in capturing data in cloud environments, noting the varying capabilities of AWS, Azure, and Google Cloud, and the importance of reliable data capture methods.
Personnel: Chris Greer, Ward Cobleigh