Assessing the Current State of AI-driven Packet Analysis with VIAVI

As networks grow in complexity, speeds, and feeds, packet analysis gets increasingly challenging. In this session, we’ll look at how Artificial Intelligence can change the game–automating anomaly detection, accelerating root cause identification, and revealing patterns in network traffic that might otherwise go unnoticed. We’ll examine how AI fits into your current troubleshooting workflow, where it’s reliable, and where we need to validate its findings. Can AI really spot the issues you care about? How do you know when to trust it–and when to take a second look? Whether you’re a network engineer, a security analyst, or anyone responsible for performance and uptime, you’ll walk away from this session with practical guidance on effectively using AI to streamline manual analysis and gain deeper insight into network behavior.

Ward Cobleigh and Chris Greer continued their discussion on the practical challenges of using AI in packet analysis, particularly focusing on managing large PCAP files. They emphasized that as network speeds increase, PCAP files can grow rapidly, making analysis difficult. Greer’s best practices included capturing only necessary data and using Wireshark’s rolling capture to limit file sizes. For complex, multi-tier applications, it’s crucial to identify the right capture points to find the root cause, not just symptoms. VIAVI Solutions helps customers by providing tools to efficiently capture and analyze relevant packets, avoiding the overwhelming task of sifting through massive data sets. Their approach involves using machine learning to score network performance and identify problem domains, then narrowing down to specific socket connections for detailed analysis.

VIAVI’s system uses an end-user experience (EUE) scoring method to pinpoint inefficiencies, categorizing them as network, client, app, or server-related issues. They demonstrated how their application dependency map visualizes the service architecture, helping to identify problematic servers. By focusing on specific socket connections and filtering irrelevant data, they enable users to export small, manageable PCAP files for further analysis in tools like Wireshark. This approach streamlines the troubleshooting process, allowing analysts to concentrate on relevant data and resolve network issues more effectively. They also addressed challenges in capturing data in cloud environments, noting the varying capabilities of AWS, Azure, and Google Cloud, and the importance of reliable data capture methods.