Assessing the Current State of AI-driven Packet Analysis with VIAVI

As network environments grow in complexity, speeds, and feeds, packet analysis gets increasingly difficult. In this session, we shared the results of research into how Artificial Intelligence has the potential to change the game, including automating anomaly detection, accelerating root cause analysis, and revealing patterns in network traffic that might otherwise go unnoticed. But how can AI fit into your current troubleshooting workflow, where is it reliable, and where do we need to validate its findings? Can AI really spot the issues that matter? Whether you’re a network engineer, a security analyst, or anyone responsible for performance and uptime, you’ll walk away from this session with practical guidance on how to use AI effectively, and a better understanding of its limitations.

Ward Cobleigh and Chris Greer continued their discussion on the practical challenges of using AI in packet analysis, particularly focusing on managing large PCAP files. They emphasized that as network speeds increase, PCAP files can grow rapidly, making analysis difficult. Greer’s best practices included capturing only necessary data and using Wireshark’s rolling capture to limit file sizes. For complex, multi-tier applications, it’s crucial to identify the right capture points to find the root cause, not just symptoms. VIAVI Solutions helps customers by providing tools to efficiently capture and analyze relevant packets, avoiding the overwhelming task of sifting through massive data sets. Their approach involves using machine learning to score network performance and identify problem domains, then narrowing down to specific socket connections for detailed analysis.

The VIAVI Solutions Observer platform uses an end-user experience (EUE) scoring method to pinpoint inefficiencies, categorizing them as network, client, app, or server-related issues. They demonstrated how their on-demand application dependency map visualizes the service architecture, helping to identify problematic servers. By focusing on specific socket connections and filtering out irrelevant data, they enable users to export small, manageable PCAP files for further analysis in tools like Wireshark. This approach streamlines the troubleshooting process, allowing analysts to concentrate on relevant data and resolve network issues more effectively. They also addressed challenges in capturing data in cloud environments, noting the varying capabilities of AWS, Azure, and Google Cloud, and the importance of reliable data capture methods.