nGeniusONE Enterprise

Essentials
Lab Guide
Trademark Attributions

© 2022 NETSCOUT SYSTEMS, INC. All rights reserved.

NETSCOUT, the NETSCOUT logo, Network General, the Network General logo, NETSCOUT University, nGenius, nGeniusONE,
Sniffer, InfiniStream, Business Container, Business Forensics, TrueCall, NetVigil and Quantiva are trademarks of NETSCOUT
SYSTEMS, INC. Other brands product names and trademarks are property of their respective owners. NETSCOUT reserves the
right, at its sole discretion, to make changes at any time in its technical information and specification, and service and support
programs.

The information presented in the course and in this training guide is for educational purposes only, and the appropriate
manual or NETSCOUT representative should be consulted for issues relating to actual operation and maintenance of the
products described in the course.

Copyright

© 2022 NETSCOUT SYSTEMS, INC. All rights reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any
language in any form or by any means without the written permission of NETSCOUT SYSTEMS, INC. or its suppliers or affiliate
companies.

Americas East Americas West Asia Pacific Europe

For more information, please
visit www.netscout.com or
contact NETSCOUT at 800-
309-4804 or +1 978-614-4000
310 Littleton Road 178 E. Tasman Drive 17F/B, No. 167 TunHwa N. Road One Canada Square
Westford, MA 01886-4105 San Jose, CA 95134 Taipei 105, TAIWAN 29th floor, Canary Wharf
UNITED STATES UNITED STATES Tel: +886 2 2717 1999 London E14 5DY
Tel: 978-614-4000 Tel: 408-571-5000 UNITED KINGDOM
Toll Free: 800-357-7666 Tel: +44 207 712 1672
NETSCOUT offers sales, support, and services in over 32 countries.
 Lab 1
By The Numbers

Overview
Description
The purpose of this lab is to teach you how to interpret the vast array of
values and numbers you will come across while using nGeniusONE.

Objectives
After completing this lab, you will be able to:
• Understand how to read and interpret displayed numeric values
• Quickly identify what data is good, bad, or critical
• Clearly understand displayed graphs and their data

Time to Complete Lab

15 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 1–1

By The Numbers Lab 1

Connecting to nGeniusONE
Logging on
1. Use a web browser and connect to the IP address assigned to you by the
instructor.
2. The instructor will provide your login/password credentials.
You should see something like this:

3. There are many icons available to you, and you will get the opportunity
to take a more detailed look at them during this course. First, let’s look
at some useful areas. Locate the settings menu wheel in the upper
right-hand corner and select it.

4. The Setting Menu allows you to access various tasks and features that
will prove useful to you during this course. The first one we’ll look at is
Help. Select Help from the menu to launch the nGeniusONE Online
Help page.

1–2 nGeniusONE Enterprise Essentials

Lab 1 By The Numbers

Understanding Numeric Values

Review of Terms
Before you can analyze how your network is performing, you should have a
good understanding of not only the metrics being collected, but also how
that data is being presented and what it’s telling you.
5. Select the Online Help tab that you left up from previous page. If you
logged out, log back in again, and then select the Online Help.
6. From the Search area in the upper right, enter Overview of Key
Performance Indicators, and hit return. You should see Overview of
Key Performance Indicators appear at the top of the results list. Select
it and answer the following questions.
7. When are KPI metrics collected?
_____________________________________________________________
8. List at least 4 ASI-mode KPIs that are collected.
_____________________________________________________________
_____________________________________________________________
9. Where are KPI statistics displayed in nGeniusONE?
_____________________________________________________________
10. Using the image below, give a brief description of each of the following:

a. Avg App RT ___________________________________________

b. TCP RTT _____________________________________________
c. Retrans % ____________________________________________
d. Client TCP Ack Time __________________________________
NOTE: Remember to use the online help, try searching for “TCP
Analysis” if you need help with this question.
11. SYN/ACK + __________ = Client Connect Time.
12. SYN + _______________ = Server Connect Time.
Now we’ll look at some of the monitors.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 1–3

By The Numbers Lab 1

Match the Monitor

13. One thing to notice as you become more familiar with using the
nGeniusONE Console, are the changes to the underlying column
headings. Using the following image, identify what monitor was
launched.
(HINT: search for Using Service Monitor Summary Tabs)

A. _____________ B. ______________ C. _____________ D. _____________

14. Use this image, to answer the following questions.

 What type of Service Monitor was used here?

_____________________________________________________________
 What entry displayed the highest Latency, and how many failures
were registered for that entry?
____________________________________________________________

1–4 nGeniusONE Enterprise Essentials

Lab 1 By The Numbers

15. Which of these entries, might you investigate first? _________________

16. This concludes this lab exercise, minimize the nGeniusONE Server
window, do not logout.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 1–5

By The Numbers Lab 1

Review
Questions
Write down any questions or observations for discussion during the lab review.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________

1–6 nGeniusONE Enterprise Essentials

Lab 1 By The Numbers

Answer Sheet
Understanding Numeric Values
7 – KPI metrics are collected when response time is enabled for the
monitoring appliance and for supported applications in Global Settings.
8 – Any 4 of the following is correct: Successful Transactions, Failed
Transactions, Response Time, Timeouts, Request Retries, Error Codes, and
Applicable Unified Communications KPIs.
9 – In nGeniusONE, KPI statistics are displayed in Service Monitors
10 – a. Average response time for the application in milliseconds, b. TCP
round-trip delay time in milliseconds from client to server and back, c.
Ratio of retransmitted TCP packets in relation to total packets, d. Average
response time for the client to acknowledge a request.
11 – ACK
12 – SYN/ACK

Match the Monitor

13 – A: DNS Monitor B: Database Monitor, C: Web Services Monitor, D:
DHCP Monitor
14 – a. DNS Monitor, b. Bottom Left (89.36ms) and 14 failures
NOTE: numbers may vary slightly.
15 – Number 2, as it has the highest application errors and % failures.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 1–7

By The Numbers Lab 1

This page left intentionally blank.

1–8 nGeniusONE Enterprise Essentials

 Lab 2
Unraveling Services

Overview
Description
The purpose of this lab is to familiarize you with Service Settings, Service
Dashboard, and Service Alerts.

Objectives
After completing this lab, you will be able to do the following:
• Navigate through some nGeniusONE Service Settings
• Become familiar with the Service Dashboard
• Launch the Notification Center

Time to Complete Lab

15 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 2–1

Unraveling Services Lab 2

Service Dashboard Navigation

Launching the Service Dashboard
1. From the nGeniusONE Console, click the Service Dashboard icon.
2. Verify and if necessary, modify the following options to the indicated setting:
• Toggle Tiles / Over Time mode is set to Snapshot
• Open service hierarchy tree is set to Enterprise
• Toggle service /domain mode is set to Domain View
• Duration is set to Last Hour
• Metrics for the Application Services; Primary Metric is set to % Failures;
Secondary Metrics is set to New Sessions and Transactions
• Sort order is set to Critical Alert
3. Click the filter icon, and in the popup filter field , type data

4. Click on the Data Center domain tile to display the lower associated service domain and /
or services

2–2 nGeniusONE Enterprise Essentials

Lab 2 Unraveling Services

5. Click in the filter field, clear out the search string, then click on the filter icon to close the filter
field
6. Click on the Data Center Boston domain tile, follow by clicking on the Enablers domain tile

7. Visually, locate the LDAP Services tile. Make a note of the Percentage failures ______ and the
Transactions count __________.
8. Change the Duration to Last 24 Hours. Make a note of the Percentage failures ______ and
the Transactions count _______. Comparatively speaking, are the percentage failed
transactions at the Last Hour and the Last 24 Hours duration roughly close?
_____________________________________________________________________________
9. Click the Toggle Tiles / Over Time mode button. Change it to Over Time.
The Over Time mode provides a data sample plot over time duration graphical display with the
intent to provides a trends analysis
10. Set the Duration to Last Hour. Visually, locate the LDAP Services tile. As you move the mouse
cursor from left to right across each of the 5-minute duration percentage failed samples; are
the readings roughly close?
_____________________________________________________________________________
11. Set the Duration to Last 24 Hours. As you move the mouse cursor from left to right across
each of the 1-hour duration percentage failed samples; are the readings roughly close?
(NOTE: You may have to adjust to see the view more clearly)
_____________________________________________________________________________
12. Set the Sample Resolution to 5 Min. As you move the mouse cursor from left to right across
each of the 5-minute duration percentage failed samples; comparatively speaking are the
readings similar to when the Duration was set to Last Hour?
_____________________________________________________________________________
13. Set the Duration to Last Hour, and click the Toggle Tiles / Over Time mode button. Change it
to Snapshot.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 2–3

Unraveling Services Lab 2

Summary Tab – Configuration, Sorting

Summary Views
1. From the LDAP Services tile, select the small triangle in bottom right corner, and launch
the LDAP Monitor.

2. Let’s take a look at which LDAP Server(s) is experiencing a Total Failures count in the
hour. Click on the “Failures” column label to sort from the highest to lowest in
descending order.

a. Which LDAP Server(s) has the highest Total Failures count?

__________________________________________________________________

b. What is the “Failure” count associated with each LDAP Server?

__________________________________________________________________

c. What error code is displayed for this Server?

__________________________________________________________________
3. Click on the “Location keys” icon, and select “Client Community”, click the “Apply”
button. You may need to click on the “Failures” column label to sort from the highest to
lowest in descending order. Scroll up to view which LDAP Server(s) has the highest Total
Failure count.

The Communities feature supports adding IP addresses and address ranges to specify server and
client groups that lie within your enterprise. Server communities aggregate both server and client
activity specified in subnets and/or IP addresses while Client communities aggregate client activity-
specified only

Given the LDAP Server(s) Name with the highest Failure counts, what are the client community
IP addresses being serviced by these server(s)?

________________________________________________________________________

________________________________________________________________________

2–4 nGeniusONE Enterprise Essentials

Lab 2 Unraveling Services

4. Match the definition with the term.

(HINT: search for Understanding Services to answer the next two questions)

TERM DEFINITION
A. Service Member
B. Application Service
C. Network Service
D. Service Domain
E. Service Hierarchy
1. ____ a service that includes only physical interfaces and
location keys.
2. ____ an organization of application services, network
services, and service domains in parent-child order.
3. ____ a grouping of application services, network services,
and other service domains.
4. ____ the fundamental unit of a service.
5. ____ a service that can include interfaces, applications,
application groups, message IDs, network services, and
location keys.

5. Match the icons with the definition.

ICON DEFINITION
1. ____ indicates a network service.
A.

2. ____ indicates an unassigned application service.

B.

3. ____ indicates a network service with user assignments.

C.

4. ____ indicates an application service with user assignments.

D.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 2–5

Unraveling Services Lab 2

Service Dependency
Service Dependency allows you to see the interdependencies between servers that deliver a
service, as well as how those servers are performing. It also helps identify servers that are
causing problems or that were not expected in the service delivery chain.

1. Click on the Service Dashboard tab.

2. Visually locate the arrow icon located to the lower right of the LDAP Services tile. Click on
the button and select the Service Dependency option NOTE: If you don’t see the LDAP
Services tile, go back to the Data Center > Data Center Boston > Enablers view.
The Service Dependency map opens showing all the dependencies associated with
various LDAP servers and their clients.
3. Click on the Search icon and enter the name of the LDAP Server that had the highest total
failure count noted earlier (select More icon if find isn’t visible). Click the Apply button.

4. Click on the Re-Center icon (if you don’t see it, select More then select the Re-Center
icon). Take a moment, of the clients connected to this select LDAP Server, which appear
to be having problems?
_________________________________________________________________________
5. Expand the Client grouping by clicking the plus sign icon. Take a moment to compare
your earlier notes to the displayed client to server connectivity mapping.

6. Move your mouse cursor over the links. You can get information such as errors, rates,
and requests.

2–6 nGeniusONE Enterprise Essentials

Lab 2 Unraveling Services

Service Dependency provides a map of servers associated with a service or other drilldown
context, along with client communities and other servers that provide an enabling function
(such as DNS or RADIUS). It includes traffic and performance metrics, allowing you to
determine if client communities are being affected by a poorly performing server.

The connections between nodes are represented by lines. The thickness of those lines
indicates the relative transaction load on that link.
7. Right click on one of the links.
What can you also do here that saves time?
________________________________________________________________________
8. Close all running modules.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 2–7

Unraveling Services Lab 2

Quick Look at Alerts

Alerts are one of the tools you can use to monitor network performance and are displayed in
the Notification Center as well as Server and Instrumentation Health modules. Let’s take a
look at some Alerts.

1. Go to the Service Dashboard, ensure you are at top level (Enterprise). Are any alerts
present? YES / NO
2. Ensure the layout is set to Critical Alert, and toggle to Service View mode.
3. Locate a tile on the dashboard that has both Critical and Warning counts.
4. What tile had both Critical & Warning alerts? _________________________________
5. Select the small triangle in the lower right-hand corner of this tile (see below for example
of a tile with both critical and warning alerts) and then select the Notification Center from
the list.

6. What type of Alert is this? ______________________________

7. How many occurrences of this are there? _________________
8. From the Alert ID column, expand the Service Alert shown, and select the first Critical
alert in the list.
9. Notice at the bottom of the screen, you have Alert Evidence, such as Alert Details and
Alert Charts. Select the Export To icon located right above the Alert Chart, and select
PDF.

2–8 nGeniusONE Enterprise Essentials

Lab 2 Unraveling Services

10. Check in the lower left-hand portion of the browser, you should see the Alert PDF appear,
select it.

You now have a PDF of the Alert that looks like this, it can be saved and/or sent to
associates to use during your triage of the network.

11. Close out the PDF file, and select the first Warning alert displayed.
12. Look closely at the Alert Details window, what is the Set Threshold value shown? ______
13. What was the triggered value? _________________
14. You’ll get a chance to look at Alerts later, for now close out the Notification Center.
15. Select Close All Running Modules, but remain logged into the nGeniusONE console.

This concludes the lab.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 2–9

Unraveling Services Lab 2

Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

2–10 nGeniusONE Enterprise Essentials

Lab 2 Unraveling Services

Answer Sheet
Launching the Service Dashboard
8 – Yes, the last hour and last 24-hour failure percentages are roughly the
same
10 – No, the readings go up and down over the duration displayed.
11 – No, again the readings go up and down over the duration displayed
(24rs)
12 – Yes, the readings fluctuate up and down over the time period.

Summary Views
2 – a. LDAPSrv1, b. Numbers will vary, c. Auth. method not supported
3 – 192.168.130.31, 192.168.130.32, 192.168.130.33, and 192.168.130.34
4 – 1. = C, 2. = E, 3. = D, 4. = A, 5. = B
5 – 1. = C, 2. = A, 3. = D, 4. = B

Service Dependency
4 – All the clients under CG3 (IPs noted earlier 192.168.130.31 to .34)
7 – Launch Monitors and/or view Node information.

Alerts
4 – Tile that has both may vary (i.e., Microsoft Exchange All)
6 – Threshold Alert type
7 – Number of occurrences will vary (i.e., 19)
12 – The set threshold value shown is 25 ms
13 – The trigged value will vary (i.e., 51.5 ms)

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 2–11

Unraveling Services Lab 2

THIS PAGE LEFT INTENTIONALLY BLANK

2–12 nGeniusONE Enterprise Essentials

 Lab 3
Dashboard Navigation

Overview
Description
The purpose of this lab is to familiarize you with Service Dashboards,
Service Monitors, and Enablers.

Objectives
After completing this lab, you will be able to:
• Navigate the nGeniusONE Console
• Launch a Service Monitor
• Change Dashboard Metrics

Time to Complete Lab

15 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–1

Dashboard Navigation Lab 3

Navigate the nGeniusONE Console

Looking at the Console
There are 2 main categories of monitors, Traffic and Service; we’ll be
concentrating on Service Monitors, as well as a few Service Enablers in
this section.
1. From the nGeniusONE Console, place your cursor in the
Type module names to search area.

2. You can display modules with names that match the search text
entered. Type the letter M, and notice the console icons change to
match anything with the letter M.
3. Continue on, and type the word Monitor.
4. How many icons are shown? ________________________________
5. Go to the Online Help tab, and search for Overview of nGeniusONE
Monitors, and locate “Overview of” it should be near the top entry
listed.
NOTE: if you closed the help tab, select the settings wheel in the upper
right of the console, and Help.
6. Identify the following Monitor types (the first one is done for you):
a. LDAP Monitor =
Service Enabler, useful for analyzing protocol-specific details.
b. DHCP Monitor =
___________________________________________________________
c. Certificate Monitor =
___________________________________________________________
d. Universal Monitor =
___________________________________________________________
7. From the Console, clear out the search window and go back to the
default view.
8. From the Console, select the Universal Monitor.

3–2 nGeniusONE Enterprise Essentials

Lab 3 Dashboard Navigation

9. Under the Monitors tab on the left, do all the monitors shown match
the monitors shown in step 4 earlier? YES / NO
10. Which monitor shown was not seen earlier in step 4?
_________________________________________________________________
11. Select the Applications Services tab, and then select the Service Name
to change the view so it looks like this.

12. Scan down through the list under Universal, and select Office-365,
notice on the right-hand side, you have User Defined Service Details.
13. Select Launch in the lower right, you should see something like this:

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–3

Dashboard Navigation Lab 3

14. You have the ability to launch more than one Universal Monitor, select
the home icon in the lower left-hand portion of the monitor.

15. From the Applications Services tab, choose another Service, and select
Launch.
16. Select the More Views drop down in image above, you should now see 2
monitors listed with both showing the Application Service you chose.

17. Next, we’ll look at launching specific Service Monitors, select Close all
running modules, but do not logout.

3–4 nGeniusONE Enterprise Essentials

Lab 3 Dashboard Navigation

Service Monitors
You are now familiar with launching the Universal Monitor, next we’ll take a look at the
different ways a Service Monitor can be launched from nGeniusONE.

Launching a Service Monitor – Service Dashboard

First, we’ll look at launching a Service Monitor from the Service
Dashboard.
1. Select the Service Dashboard icon from the Console; you should see
tiles with traffic.
2. Ensure you are set to Enterprise, Service View, and Hierarchy
Order.

3. Click the in the lower right-hand corner of the very first tile
displayed on the Dashboard.
4. What monitor does it show can be launched? Launch that monitor.
_____________________________________________________________
5. Go back to the Service Dashboard, and find another tile that
launches a different monitor, and launch it.
Since you launched two different Service Monitors, notice the
column headings are different. Later in the lab, you’ll take a closer
look at that.
6. Select Close all running modules to close the monitors.

Launching a Service Monitor – Notification Center

Now let’s try launching a Service Monitor from the Notification Center.
1. Select the Notification Center from the Console.
2. From the list, locate the first Critical alert, and select it.
3. You can launch the Service Monitor from either the top of the
screen, or right above the Alert Chart by selecting the icon.
4. What Service Monitor launched? (NOTE: If you can select more
than one, choose the first one)
_____________________________________________________________
5. Notice the name of what launched, it matches the Alert ID you
selected.
6. Select Close all running modules to close the monitors.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–5

Dashboard Navigation Lab 3

Launching a Service Monitor – Console

Lastly, we’ll try launching a Service Monitor from the Console.
1. Select the DNS Monitor from the Console.
2. Notice only one monitor (DNS Monitor) appears under the Monitors
tab, go to the right-hand side, and ensure both Monitored Elements
(DC-Inf:if3 & DC-Inf:if4) are selected, and then Launch the monitor.
3. Since the DNS Monitor was launched, the column headings are
things that are related to DNS.
4. What was the highest failure number recorded?
___________________________________________________________
5. What was the DNS Server Name or IP address associated with it?
___________________________________________________________
6. Select Close all running modules to close the monitors.

3–6 nGeniusONE Enterprise Essentials

Lab 3 Dashboard Navigation

Pane Views and Metrics

The next thing we’ll look into, are the Service Monitor tables and panes, as it’s important
to understand what is being displayed, and how to modify it and change views as
required.

Closer Look at Tabs

1. Launch the DNS Monitor, with the following settings:

2. The first area we’ll concentrate on is the Title bar of the Summary
Table pane.

The time toolbar allows you to adjust the duration of results you
want to display at a time. The circled areas here allow you to
navigate forward or backward in time.
3. Make note of the time and select the left circled icon.
4. Did the values in the charts increase? YES / NO
Remember, all you are doing is sliding the viewed time up or down,
it’s still 1 hour of time, just different starting and ending points.
5. Select the Duration menu, and change the time to Last 6 Hours.
6. Now, did the values in the charts increase? YES / NO
7. Change the Duration back to 1 Hour.
8. Set the Shift By to 30 minutes, did you notice a change? YES / NO
9. Make note of the time, and select the left time. It should have
changed by 30 minutes. Try it also with the time on the right side.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–7

Dashboard Navigation Lab 3

10. Change the Shift By back to Hour.

The time duration and navigation will prove handy when you need
to isolate problems that happened at a specific time.
11. Selecting the More icon will display the remaining icons. Use the
image below to perform the following steps.

3–8 nGeniusONE Enterprise Essentials

Lab 3 Dashboard Navigation

12. Select the Search icon and enter the following:

NOTE: The IP or Name from earlier is in reference to the IP

address/name of the DNS Server that had the highest number of
failures. Check the IP Address or DNS Server Name you wrote
down on page 6, step 5 and enter it here and select Find.
The Find Record allows you to pull up a specific entry and can be a
time saver as you perform network triage.
13. Reset the Search, and select Show view by Messages. Notice how
the screen output changed. When using Monitors that include
message groups (like the DNS Monitor here), the results for all
messages in Latency are presented as a single Latency value.
14. Switch back to Show view by Application.
15. Next select the Export to icon; you have the ability to export as CSV
(Table or Charts), PDF, or RTF. Make sure you have the entry with
the highest number of failures selected, and then choose PDF.
16. Select the PDF in the lower left-hand portion of the browser to
launch it.
Being able to collect data in this way will prove useful when
gathering information together.
17. Close out the PDF, and with entry that has highest failures
selected, click on the Launch Session Analysis icon.
18. The Session Analysis screen is broken into three main sections,
Session Overview, Session Trace, and Session Summary. Make
note of what information is displayed and also that the columns at
the top of the screen have now changed.
We’ll spend some more time with these fields in a later lab.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–9

Dashboard Navigation Lab 3

19. Select the Expand icon, and click on Summary to go back to the
DNS Services screen.

20. From the DNS Services, ensure the entry with the highest failures
is still selected, and launch the Location keys icon with the
following:

21. What is the Client Community displayed?

__________________________________________________________
22. Go back to the Location keys, and select the Reset to default icon.

23. Next select the Switch to icon , this allows you to change the
views being displayed. Select Universal from the list.

3–10 nGeniusONE Enterprise Essentials

Lab 3 Dashboard Navigation

24. Now go back to the Switch to icon (NOTE: you may have to choose
the More icon) and choose TCP Analysis.
By default, monitors display metrics based on Key Performance
Indicators, but you may want to view TCP metrics, such as Latency,
TCP Window Size, Retransmissions, Resets, etc.
25. Select the More icon, and spend a few minutes looking at each of the
options available to you. Once you’re done, select Close all Running
modules from the top, but remain logged in.

This concludes the lab.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–11

Dashboard Navigation Lab 3

Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

3–12 nGeniusONE Enterprise Essentials

Lab 3 Dashboard Navigation

Answer Sheet
Looking at the Console
4 – at least 14 icons are displayed (numbers may vary)
6 – There are four (4) dashboards:
b. DHCP = Service Enabler, useful for analyzing protocol-specific
details
c. Certificate = application based service monitor, tracks certificates
in use across the Enterprise, including which are coming up for
expiration and the server to which they are assigned.
d. Universal = special function monitor, offers a means to launch
other monitors and is also a generalized “view” that can be switched to
within specialized monitors.
9 – NO
10 – RTP Monitor

Launching a Service Monitor – Service Dashboard / Notification Center

4 – The monitor that launches will vary for both.

Launching a Service Monitor – Console

4 – The highest failure value will vary (i.e., 39,379)
5 – The DNS Server Name or IP may vary (i.e., DNS Server 1,
134.170.27.86)

Closer Look at Tabs

4 – NO
6 – YES
8 – YES
21 – The Client Community will vary (i.e., O365-int-clients, New York
Users, etc.)

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 3–13

Dashboard Navigation Lab 3

THIS PAGE LEFT INTENTIONALLY BLANK

3–14 nGeniusONE Enterprise Essentials

 Lab 4
Selecting Monitors

Overview
Description
The purpose of this lab is to learn how to read/interpret Traffic Monitor,
select the proper Service Monitor, and understand how to perform packet
analysis.

Objectives
After completing this lab, you will be able to:
• Develop familiarity with throughput analysis modules
• Identify Service Monitor selection
• Drill down to Packet Analysis

Time to Complete Lab

15 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 4–1

Selecting Monitors Lab 4

Throughput Analysis
Traffic Monitor
The Traffic Monitor is supplied data from InfiniStream appliances enabled
for ASI classification.
1. From the nGeniusONE Console, launch the Traffic Monitor with the
following selected.

2. With the 2 interfaces now displayed, it should be easy to see which one
is receiving more traffic, but are the applications on them the same?
YES / NO
3. Make sure DC-Inf:if3 is selected, and record the top 3 applications
_________________________________________________________________
4. Perform the same for DC-Inf:if4.
_________________________________________________________________
5. Are the top 3 applications the same? YES / NO
6. With DC-Inf:if3 selected, from the Summary tabs area, select the
Discovered Applications tab.
7. What happened to the charts?
_________________________________________________________________
8. Which port is the top discovered application?
_________________________________________________________________
9. Select the Vital Signs tab.
10. Now you see link layer traffic information, do you see any dropped
packets? YES / NO Take a minute to review the chart.
11. Select the Applications tab and then Launch Conversation View.
12. Locate and record the IP addresses of the conversation with the highest
total volume.
Host A: ___________________ Host B: _________________________

4–2 nGeniusONE Enterprise Essentials

Lab 4 Selecting Monitors

13. Select the Location Keys icon and enter the following and Apply.

14. Do you see any Host A or Host B port numbers? YES / NO

15. What does a “–“ mean in the column?
______________________________________________________________
16. If you wish to change any of the columns, select the
Column Management icon and review.
17. From the Expand icon, go back to the Summary, and select the Hosts
tab. Make note of the top host, select that top host from the pie chart,

and launch host analysis.

18. What Transport Protocol has the highest In Volume traffic? NOTE:
you may have to select the drop down to reveal the protocols. _______
19. Go back to the Summary View, and select the Locations Tab.
20. Which location has the highest amount of traffic?
________________________________________________________
21. Select that location and change the measure picker to % Utilization.
22. What percentage does that location display? ________________
23. Close the Traffic Monitor, but remain logged into nGeniusONE.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 4–3

Selecting Monitors Lab 4

Monitor Selections
Selecting Service Monitors
1. Here are some examples of problems you may receive, what Service
Monitor would you choose to look deeper into the issue?
a. Customers can’t access Web Server _____________________________
b. Remote learning videos not playing _____________________________
c. Users aren’t getting IP addresses via DNS ______________________
d. SharePoint Users can’t access network _________________________
2. Remember the Service Monitors can be launched from multiple
locations. From the Service Dashboard, locate the following tile, and
launch the Service Monitor associated it:

3. What Monitor launched?

__________________________________________________

4. Select the Switch to icon and choose Service view.

5. Expand the Error Code Distribution Over Time chart, it should look
similar to this:

4–4 nGeniusONE Enterprise Essentials

Lab 4 Selecting Monitors

6. What if you wanted to find out which of the error codes displayed,
had the highest count and highest % of Errors? Select the Analyze icon,
Top 10 – Pie, and identify which Error Code had the highest Count and
% of Errors.
________________________________________________________________
7. Launch the Notification Center and select the first Critical Alert for the
Service: Microsoft Exchange All and launch the Universal Monitor
What is the Alert ID?
________________________________________________________________
8. What Error Codes are associated with this Service Monitor? NOTE:
You might need to launch the Monitor associated with this Alert.
________________________________________________________________
9. Leave the Universal Monitor up, and go back to the nGeniusONE
Console, do not close out this Service Monitor.
10. Launch and familiarize yourself with a few other Service Monitors,
taking time to pay attention to the Summary Tabs area.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 4–5

Selecting Monitors Lab 4

Drilling Down
Performing Packet Analysis
Now that you’re becoming more familiar with launching various Service
Monitors, the next step will be looking deeper into the Sessions, and
ultimately drilling down to the Packets.
1. The Session Analysis tab provides a correlated view of ___________
selected for drilldown from the table or charts in the _____________ tab
of Monitors or Enablers, or certain nGenius UC Server views.
2. T or F Session Analysis drill down is supported from Traffic Monitors
3. Go back to the Universal Monitor you launched from the Notification
Center (see step 7 on previous page).
4. From the Error Code Distribution window, select the Launch Session
Analysis icon.
NOTE: If you are seeing an error, make sure the time is for last hour.
5. What 3 main areas are viewable?
_________________________________________________________________
6. You may have to adjust the bottom area – Session Summary, select the
Maximize icon to make that section bigger. What is listed as the failure
under the Session Information area on the lower left-hand side?
_________________________________________________________________
7. From the Session Trace section in the middle, select the Server side to
drilldown into Packet Analysis.

4–6 nGeniusONE Enterprise Essentials

Lab 4 Selecting Monitors

8. You should now see the packet decode for the selected entry.

9. You’ll spend more time diving deeper into Packet Decodes later, for now
select Close all running modules from the top and stay logged into
nGeniusONE.

This concludes this lab exercise

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 4–7

Selecting Monitors Lab 4

Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

4–8 nGeniusONE Enterprise Essentials

Lab 4 Selecting Monitors

Answer Sheet
Traffic Monitor
3 – The top 3 applications on if3 may vary (i.e., Audio 39.01%, HL7 15.40%,
IP_OTHER 11.39%)
4 – The top 3 applications on if4 may vary (i.e., SMB 50.05%, InvWebHTTP
27.76%, and Audio 9.23%)
5 – No, the top 3 applications on each interface are different.
7 – The charts now display the TCP & UDP port numbers for the top 10
discovered applications.
8 – The TCP port number will vary (i.e., TCP 4983 75.40%)
15 – A display of “-“ indicates that the port number is not known or not
applicable (i.e., for peer-to-peer applications).
18 – Transport Protocol with highest In-Volume will vary (i.e., TCP)
20 – Location with highest amount of traffic will vary (i.e., Data Center)
22 – Location % will vary (i.e., 31.50%)

Selecting Service Monitor

1 – a. Web Services Monitor, b. Media Monitor, c. DNS Monitor, d.
Universal Monitor
3 – Universal Monitor launched
6 – The values may vary, (i.e., Error Code 2: Server Failure 24,382 Count,
94.68% of Errors).
7 – The Alert ID will vary.
8 – 403 Forbidden

Performing Packet Analysis

1 – The Session Analysis tab provides a correlated view of flows selected
for drilldown from the table or charts in the Summary tab of Monitors or
Enablers or certain nGenius UC Server views.
2 – False, you cannot perform Session Analysis drilldown from the Traffic
Monitors.
5 – Session Overview, Session Trace, Session Summary
6 – The failure shown may vary (i.e., 1: Generic Bind error)

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 4–9

Selecting Monitors Lab 4

THIS PAGE LEFT INTENTIONALLY BLANK

4–10 nGeniusONE Enterprise Essentials

 Lab 5
Solving Problems Visually

Overview
Description
The purpose of this lab is to familiarize you with the Grids and other visual
aids.

Objectives
After completing this lab, you will be able to:
• Create and Modify a Grid.
• Create and Modify Over Time View
• Launch Notification Center and identify problems

Time to Complete
20 minutes

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–1

Solving Problems Visually Lab 5

Visual Tools – Grid

Creating a Grid

1. From the nGeniusONE Console, select the Grid icon .

2. The first Grid you will create is the easiest one; from the main
screen select Add Grid from the top panel.
3. Make sure your configuration looks like this:

4. The arrows in the image indicate what was selected by default

when this screen appeared. Check to make sure you are configured
the same and select “Add to Scratchpad” in lower right corner.
5. You should see something like this now:

5–2 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

6. Are you able to read all the Chart titles? YES / NO

7. Select the View Options icon and change the Columns to 3, this
should allow you to read all the Chart titles.

8. Switch back to the default of 4 Columns and select Fit to Window.

9. Select the Save icon and enter a name of GRID-TEMPL-if3, accept
and remaining defaults select Save.

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–3

Solving Problems Visually Lab 5

10. This initial Grid was created using a Template, and consists of the
following 8 charts:

Worst Servers (Slow Transaction Percent) Worst Client Communities (Slow Transaction Percent)

Client Connect Time Most Accessed Servers (Transactions)

Most Accessed Servers (New Sessions) Top Applications (Volume)

Top Conversations (Volume) Usage (Utilization)

11. We might want to look to see if this Grid consisting of these 8 charts
will support what we need. First, let’s create a few more and then
we can revisit this initial Grid.
12. Select the Expand icon, located just under the Grid name, and then
choose the Context Builder.

Notice only a single interface was used, and you accepted all the
defaults for the Charts.
13. Now we’ll create another Grid. From the lower left select the Home
icon, and then select Add Grid, using the same interface as before,
but choose Template – Server Performance.
14. What did you notice when you selected Template – Server
Performance?
______________________________________________________________
15. What is it asking you to review?
______________________________________________________________
16. With DC-Inf:if3 highlighted, select Add to Filter + in the top right
corner of the window.
17. What tabs do you see on the left portion now?
______________________________________________________________
18. Select the Server Site tab, making sure to only highlight
OracleSrvFarm, and Add to Filter +

5–4 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

19. Select the Application tab, highlight OracleInv, and Add to Filter +.
20. From the Server Tab, select the entry displayed, but don’t add to
filter this time.
21. You should see something like this, and the Add to Scratchpad is no
longer greyed out, select Add to Scratchpad.

22. What Charts were launched?

_____________________________________________________________
23. Make sure View Options are set to 2 columns and Fit to Window.
24. Select the Save Grid as icon and enter a name of GRID-TEMPS-if3,
accept remaining defaults and select Save.
25. Select the Home icon in the lower left-hand portion to bring you
back to the main Grid page. You should see both of your newly
created Grids.
Close all running modules, next we’ll look at Over Time Views.

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–5

Solving Problems Visually Lab 5

Visual Tools – Over Time Views

The Over Time Dashboard is a grid of up-to-30 automatically updating charts, the context of
which comes from services in a selected domain. These charts help you visualize and
compare a set of metrics relevant for a specific service.

Launching Over Time Dashboard

1. From the nGeniusONE Console, launch the Service Dashboard.
2. Expand the Service Hierarchy Tree and identify which Domain
currently is displaying the most alerts. If more than one domain
has the same number of Alerts, choose one.
3. Which Domain did you select? ________________________________
4. Does this Domain have a circle next to its name? YES / NO
5. What does a circle icon indicate?
_____________________________________________________________
6. Select the Domain you identified and change from Snapshot view to
Over Time view.

5–6 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

7. Are any charts displayed, if not what might be the problem? (Note:
if you see charts, proceed to step 10).
___________________________________________________________
8. If you selected a Domain that doesn’t display any charts, expand the
Domain, and select the sub-domain with the most alerts.
9. Do you see charts now? YES / NO
10. Pin the Service Hierarchy tree and compare the number of charts
displayed against the services for the selected Domain.

11. Once done comparing the numbers, unpin the Service Hierarchy
tree, and refresh your view.
12. What do you notice about all the charts displayed?
____________________________________________________________
Next, we’ll look at creating a customized Over Time View, using the
same Domain/Sub-Domain you selected.

Creating an Over Time View

1. From the Over Time View you have displayed, in the toolbar area,
change the view from Default, to Private.

2. Do any of the charts display no information? YES / NO

3. If you have charts with no data, make note of those charts.
4. From the toolbar, in the upper right corner select the Edit icon.

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–7

Solving Problems Visually Lab 5

5. You should now see all the charts, remove any charts that displayed
no data by selecting the Remove View icon in the upper right corner
of the view.
6. Switch back to the Service Hierarchy and identify those services
within the Domain/Sub-Domain being used, that have the highest
number of alerts.
7. Write down 4 Services with the highest Alerts.
_______________________________________________________________
8. We will only be using views for the 4 services you identify, remove
all other charts at this time.
9. Your screen should now look something like this:

10. You will be adding 2 more views with metrics Alerts &
Successful/Failed Transactions to the 4 services you identified in
step 7 above.
(i.e., If Active Directory was the Service, you’d have % Failures,
Successful/Failed Transactions, and Alerts)
11. As you add the new views, ensure they are placed together by
placing the mouse in the top of the view, right clicking, and
dragging it into place.

5–8 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

12. From the View Options icon, change the Columns layout to 3, and
enable Fit to window.

13. Once you are done configuring all the views, there should be
___________ views on the display.
14. Select the Save icon from the toolbar, and then Exit to leave
Configure mode.
15. From the Options, check or adjust Fit to window, so you can clearly
see values displayed. Your Over Time View should look like this:

16. Take a few minutes to try making changes to the Options fields and
review the display output.

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–9

Solving Problems Visually Lab 5

17. Change the view from Private to Default, what happens?

______________________________________________________________
18. Change it back to Private, your newly created view should be
present once more.
19. Choose one of the Alert Views, and in the upper right corner, launch
the Notification Center.

20. Take a minute or so to look over the information displayed on the

Notification Center.
21. Go back to the Over Time View and from the Alerts window, select a
data point in the display, and hold the shift key down. What
happens?
______________________________________________________________
Close all running modules, next we’ll look at the Notification
Center.

5–10 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

Visual Tools – Notification Center

The Notification Center is an nGeniusONE analytics application that proactively detects
common critical situations in Enterprise networks by analyzing ASI data to discover where
problems may be occurring. Analysis is performed every hour, identifying critical events by
comparing 5-minute samples against computed baselines or predefined thresholds for
multiple supported event metrics.

Launching
1. From the nGeniusONE Console, launch the Notification Center,
and filter on only Critical Severity levels.
2. How many are displayed for the last hour? ____________
3. From the right-hand side of the screen, select the Column
Management button and ensure to configure this way, and select
OK.

4. Select the Description column to sort it by alphabetical order.

5. Scan through the list and select the first Database Services alert
you find.
6. What is the Average Response Time Threshold?
_________________________________________________________
7. What was the Triggered Value?
_________________________________________________________
8. Looking at the Description, what caused this situation to display?
__________________________________________________________

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–11

Solving Problems Visually Lab 5

9. Review the Cause and Impact Metric Over Time chart; it should
look something like this.

10. Place your mouse on the Avg. Response Time Threshold line and
make note of the Threshold value of 100.
11. Next, do the same for the highest point above the Threshold line,
and make note of that value.
12. Now, launch the Database Monitor.
13. What name or value is shown once the Database Monitor launches?
__________________________________________________________
14. With the highest failures highlighted, launch Session Analysis,
what happened? (NOTE: Make sure you are set to 1 hour).
__________________________________________________________
15. Go back to the Summary window of the Database Monitor and
notice in the Error Code Distribution window, there are multiple
Error Codes displayed.
16. Highlight the Error Code with the highest count, and launch
Session Analysis. What is the Failure reason displayed?
__________________________________________________________
17. Go back to the Notification Center tab, and launch the Universal
Monitor for the same Critical Alert.
18. Did you notice any changes in the Error Code chart? YES / NO
19. From within the Error Code Distribution graph, launch Session
Analysis. (NOTE: Make sure you are set to 1 hour).
20. Select the Avg RT (ms) column in descending order and highlight
the top entry.

5–12 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

21. Review the Session Information data at the bottom, what Failure
Reason are you seeing?
___________________________________________________________
22. We’ll look at Packet Analysis and Decodes later. Close the
Universal and Database Monitors and go back to the Notification
Center.
23. Filter only Warning Severity, and choose the first Sharepoint entry.
24. What is the Configured Threshold value for this entry?
_____________________________________________________
25. What was the triggered value?
____________________________________________________
26. Take a few minutes to look at some of the other displayed Alerts.
27. Once you are done, select Close All Running Modules, but remain
logged into the nGeniusONE Console.

This concludes the lab

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–13

Solving Problems Visually Lab 5

Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

5–14 nGeniusONE Enterprise Essentials

Lab 5 Solving Problems Visually

Answer Sheet
Creating a Grid
14 – The Review and Add area requires additional information, items show
up in Red that requires attention. The Add to Scratchpad is greyed out
and can’t be selected until additional information is added.
15 – It’s asking to add an Application, Server, or Network Service,
Application, Server, or Application Group, Server, or Network Service,
Application Group, Server.
17 – Application, Application Group, Site, Client Site, Server Site, QoS
22 – Interfaces seen (Top ifns by Server Volume), Successful & Failed
Transactions Overtime, Worst Client Communities (Response Time (ms)),
and Response Time Distribution.

Launching Over Time Dashboard

3 – The Domain chosen will vary (i.e., Enterprise Applications)
5 – Domains that contain other sub-domains, and no child services, have a
circle icon indicating that the domain does not contain service data, and
therefore does not have an Over Time view.
7 – You might have selected a Domain with no data available, or one that
has a circle icon, and therefore does not have an Over Time view.
12 – All of the Over Time Views charts are all using metric of % Failures.

Creating an Over Time View

7 – The 4 Services will vary (i.e., Active Directory, Exchange Clients, Load
Balancer – External, Microsoft Exchange All)
13 – There should be 12 views displayed once you are done.
17 – The newly created View is not displayed because it was created in a
Private view and will only appear for that given user.
21 – The Notification Center launches.

©2021 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 5–15

Solving Problems Visually Lab 5

Notification Center
2 – The number of Critical Alerts will vary (i.e., 11).
6 – The Avg. Response Time Threshold was 100ms
7 – Triggered Value higher than 100ms (i.e., 137.75ms)
8 – Configured Threshold has been repeatedly exceeded over a # minute
period
13 – The Alert ID is shown in the Database Monitor.
14 – Session Analysis launches, showing Session Overview, Trace, and
Summary information.
16 – Failure 1653: Undefined
18 – NO, same Error Codes displayed as before
21 – Failure Reason 942: Undefined
24 – Configured Threshold Value 125ms
25 – Triggered Value over 125ms (i.e., 238.46ms)

5–16 nGeniusONE Enterprise Essentials

 Lab 6
Report Configuration

Overview
Description
The purpose of this lab is to familiarize you with Reports.

Objectives
After completing this lab, you will be able to do the following:

• Create a report
• Run a report
• Modify a report

Time to Complete Lab

15 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 6–1

Report Configuration Lab 6

Reports
Creating a Report – For New Service Launch
Your organization is rolling out a new service (Office 365) for their
customers, and one of the key stakeholders will be the management staff.
The operations folks who monitor the network in the NOC also have an
interest with this new service roll out.
Create a report for each, making sure you include the following:

AUDIENCE NEED
Management Team These key stakeholders will need weekly reports
that outline the Service Load & Response Time
metrics, particularly successes and failures for
the new service, and metrics on Top Servers the
service is running on.

Network Operations The NOC team members will need daily reports
Center on anything to do with the new service.

1. From the Service Console open Report Configuration.

2. Select Create Report or select the plus in the middle of the screen.
3. From the Create Report window, enter the following, and select
Configure.

4. The first thing to do is select a Template. From the list of templates

available, select Service Performance, and then in the lower right select
Next.

6–2 nGeniusONE Enterprise Essentials

Lab 6 Report Configuration

5. The second step is to choose a Data Source. Select the filter icon on the
right, and in the Search… area, enter Office.

6. Select Office-365 as shown here, and select Next.

7. How many views do you see? _________________

8. Remove the last view (Top Servers By Worst Error Count) by selecting
the blue checkbox.
9. Under the Service Load view, open the Advanced Options and ensure
your configuration matches this:

10. Leave all remaining defaults, and select Finish.

11. Review your newly created report settings; make sure it includes all the
information this group needs.
12. Notice in the toolbar area, it says Not Scheduled, select the drop down.
Remember the Managers want to see weekly reports, and many of them
may not have access to or are very familiar with nGeniusONE, so send
their report as PDF in an email.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 6–3

Report Configuration Lab 6

13. Configure the Editions information as follows:

14. Configure the Sharing information as follows:

NOTE: If an SMTP message pops up, select Close and ignore it.

15. Select Apply, Save, and then Save and Exit.

6–4 nGeniusONE Enterprise Essentials

Lab 6 Report Configuration

16. You should see your newly created report.

17. Next, create the second report, and name it: New Service O365 – NOC
– <your initials>.
18. Ensure you create this second report using the Service Message
Summary template.
19. Choose Office-365 for Application Services.
20. Review all the views, and if all looks good, select Finish.
21. Schedule this report to run Hourly at 8am, Daily at noon, and Weekly
at 4:30pm on Friday.
22. Set the Sharing parameters as follows:

23. Select Save and then Save and exit, you should now see both reports.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 6–5

Report Configuration Lab 6

Launching Reports
Now you have both reports created, and scheduled, next we’ll launch them
and take a look at the information they provide.
1. Select Generate Instance for the Managers report.

2. Accept all defaults and select Generate to launch the report.

3. Take a few minutes to review the views and their outputs.
4. Select the Home icon in the lower left, and Generate and launch the
NOC report, again keeping all defaults.
5. Do any of the views contain no data? YES / NO
6. Do you see any failures in this report? YES / NO
7. From the nGeniusONE Console, select My Reports.
8. Select the View Editions, and select a Snapshot for each.
9. Do these reports here look the same as the reports from Report
Configuration? YES / NO
10. Close out My Reports.
11. From Report Configuration create and launch a Capacity Planning
report, tied to Monitored Element interfaces DC-Inf:if3 & DC-Inf:if4,
and ensure that Utilization is enabled for all applicable views and
scheduled to run once a week (Friday 4:30pm).

6–6 nGeniusONE Enterprise Essentials

Lab 6 Report Configuration

12. What are the Top Applications for each interface?

_______________________________________________________________
13. Who are the Top Talkers for each interface?
_______________________________________________________________
14. Create a Link Analysis and Location Analysis Reports, using both
Monitored Elements for each, accept all defaults, schedule them the
same as the Capacity Planning report, and launch each.
15. Take a few minutes to look at the outputs; you may need to create one
of these later.
16. Select Close all running modules from the top, but remain logged into
the nGeniusONE Console.

This concludes the lab

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 6–7

Report Configuration Lab 6

Review
Questions
Write down any questions or observations for discussion during the lab review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

6–8 nGeniusONE Enterprise Essentials

Lab 6 Report Configuration

Answer Sheet
Launching Reports
7 – 5 views should be present (Service Load, Service Response Time, Top
Servers By Worst Average Response Time, Top Servers By Transaction,
and Top Servers By Worst Error Count).
12 – Top Applications for each interface may vary.
13 – Top Talkers for each interface may vary.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 6–9

Report Configuration Lab 6

THIS PAGE LEFT INTENTIONALLY BLANK

6–10 nGeniusONE Enterprise Essentials

 Lab 7
Data Mining

Overview
Description
In this lab you will perform Data Mining using the Packet Analysis
features.

Objectives
After completing this lab, you will be able to do the following:
• Perform a packet capture
• Filter on packet types
• Save a packet trace
• View a saved trace file

Time to Complete
15 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–1

Data Mining Lab 7

Packet Analysis
There may come a time when you need to perform a deeper dive as you
try to determine how your network is performing. This lab exercise is
designed to help you understand what tools are available when
performing packet analysis, as well as help isolate information through
the use of filters.

Data Mining – Direct Decode

1. Select the Packet Analysis module icon from the console.

2. Under the Monitored Elements tab on the left, select the check box
next to the “DC-Inf: if3 “ interface.
3. From the Decode tab on the right, verify the start and end dates are
for today and the duration is one minute.

4. Select Decode in the lower right-hand corner.

5. Wait for Mining Complete on the status bar at the lower right before
continuing.

6. Notice the packet count, it can be viewed in multiple locations.

7–2 nGeniusONE Enterprise Essentials

Lab 7 Data Mining

7. After you’ve run the Decode, the output display is broken up into
what 3 sections?
____________________________________________________________
8. From the Packet Summary toolbar area, select the
Launch Enhanced Decode icon, ensure you select TCP Analysis.

This Decode allows you to focus on TCP, RTP, or MDF frames.

9. What is displayed is based on a unique __________________ and
_________________________ combination derived from the ___________
you selected before launching Enhanced Decode.
10. The left-hand Y axis displays the TCP __________________.
11. The right-hand Y axis displays the TCP _________________.
12. If you wish to go back, to the original Decode, select the Navigate to
launched sessions icon.

13. From the View Session window that opens, locate the launched
decode session, click it, and select Decode to go back to original
decode.

14. Take a look at some of the other actions that can be performed via the
Summary Tool bar area.
15. Close out Packet Analysis.
©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–3
Data Mining Lab 7

Data Mining – Service Monitor Drilldown

1. From the Service Dashboard, select DNS Services.

2. Launch the Service Monitor associated with it and set

Failures column in descending order.
3. Ensure you select the entry with the highest failures and launch
Session Analysis.
4. Locate a status in red from the display output, and launch Packet
Decode.
5. Take a few minutes to review the output, and then close out the
Service Monitor that was launched and the Service Dashboard.
6. Launch the Packet Analysis module once more, using the same
information from page 2 (steps 2 and 3).

Using Filters
1. How many processed packets does it display? __________________

2. Click the “Launch Filter Constructor” icon:

7–4 nGeniusONE Enterprise Essentials

Lab 7 Data Mining

3. Enter the following information:

4. Wait for the “Filter Complete” status to appear before proceeding.

5. What is the filtered packet count now? _______________
6. What is the packet type displayed in the Interpretation column now?
_______________

7. Select Navigate to Launched Sessions.

8. Highlight the Mining Complete entry, and select Decode to go back to
the session you started.
9. Next you’ll mine a conversation.

Mining a Conversation
1. From the Filter Constructor, construct a filter application==SIP.
2. Look for a (SIP) INVITE with IP address 192.168.100.12 and select it.
3. Launch Filter Constructor with that packet highlighted.
4. How many packets are there? __________
5. What do you see here?
________________________________________________________________

6. Highlight the invite packet and launch the bounce chart.

7. What detailed information is shown?
________________________________________________________________
8. In the middle pane expand the SIP headers.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–5

Data Mining Lab 7

9. Select the packets from INVITE through the end of the conversation
and look at the different message types one at a time to see how they
change and where they appear in the ladder diagram.

10. Save the trace file with the following information:

11. Close the Packet Analysis window.

7–6 nGeniusONE Enterprise Essentials

Lab 7 Data Mining

Trace Files
1. Launch the Packet Analysis module, and select the Trace Files tab.
2. Select the trace file you saved and then Decode to review it.

3. Select Go to Managed Entities in upper left.

4. To get setup for next section, select the More icon at the top, and then
Settings.
5. Change the Decode Launch to Graph.

Graph View
1. From the Monitored Elements tab, ensure DC-Inf:if3 is selected, and
select Graph Decode in lower right..
You should be presented with four-panels (Charts Panel, Summary
Panel, Detail Panel, and Hex Panel) of the Graph View. The Panel at
the top, displays the “segments” pictorially.
2. Select the last segment from the Charts Panel, and write down the
packet number displayed ____________________.
3. When you selected the last segment, did the Slider on the bottom half
of the Charts Panel move? YES / NO
4. Would you expect the Slider to move when selecting the last segment
on the screen? YES / NO
5. Move the slider to the right, by selecting the arrow in lower right
hand corner.

6. Select the last segment, what’s the packet number? ________________

7. Shift back to the left, and ensure packet number 1 is selected.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–7

Data Mining Lab 7

8. From the Detail Panel, select the + to open up the Objects tab.

9. Now with the Objects tab open, record the number of objects for each
layer displayed.

Layer Objects/Segments

Application

Host

Context

Network

10. Select the Application Layer, locate and check the SIP application
from the list, and select Add to Filter.
11. What happened to the segments in the Charts Panel?
_______________________________________________________________
12. From the Tool Bar, select the Launch Filter Constructor icon.

13. Remove the Filter application==sip, and add sip to the Search area,
then select Apply.

7–8 nGeniusONE Enterprise Essentials

Lab 7 Data Mining

14. What changed in the Charts Panel?

______________________________________________________________
15. Delete the Search criteria information from the Interval Filter.
16. Make note of the top 4 application entries shown.
17. Select the Launch Quick Filter from the tool bar.

18. Add the top 4 Application entries you identified in step 16 and select
Apply.
NOTE: the top 4 entries may be different from image below.

19. Notice under the Objects tab, only 4 applications are displayed.
20. Select the Launch Classic Decode icon from the tool bar.

21. What do you notice about this screen?

______________________________________________________________
22. Launch the screen to go back to the classic decode.
23. You’ll have more time to explore Packet Analysis later, for now select
Close all running modules.

This concludes the lab.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–9
Data Mining Lab 7

Review
Questions
Write down any questions or observations you may have to bring up during the lab
review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

7–10 nGeniusONE Enterprise Essentials

Lab 7 Data Mining

Answer Sheet
Data Mining – Direct Decode
7 – After running a Decode, results are displayed in 3 panes (Packet
Summary, Packet Detail, and Packet Hex).
9 – What is displayed is based on a unique IP address and port pair
combination derived from the packet you selected before launching
Enhanced Decode.
10 – The left-hand Y axis displays the TCP Window size in bytes.
11 – The right-hand Y axis displays the TCP Bytes in Flight value in
bytes.

Using Filters
1 – The number of processed packets will vary.
5 – Filtered packet count will vary.
6 – HTTP

Mining a Conversation
4 – Should be a small number of packets (10 or less).
5 – SIP call setup messages
7 – The bounce chart shows the SIP packets used to setup the call.

Graph View
11 – The segments aren’t completely filled up.
14 – A blue dot appears over the segments indicating where the search
value entry was discovered.
21 – The filter used is present on bottom of the screen.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 7–11

Data Mining Lab 7

THIS PAGE LEFT INTENTIONALLY BLANK

7–12 nGeniusONE Enterprise Essentials

 Lab 8
Special Function Modules

Overview
Description
The purpose of this lab is to familiarize you with Special Function
modules.

Objectives
After completing this lab, you will be able to do the following:
• Launch the Search and Discover Tool
• Launch the Discover My Network Module
• Navigate through the various screen interfaces

Time to Complete
20 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 8–1

Special Function Modules Lab 8

Special Function Modules

In the first part of the lab, you will take a look at one of the Special
Function Modules, Discover My Network. The second part, you will look
at Search and Discover.

Discover My Network
1. From the nGeniusONE Console, launch Discover My Network.
2. Notice it looks very similar to the Traffic Monitor. From the
Monitored Elements tab, select interfaces DC-Inf:if3 & DC-Inf:if4,
and then Launch.
3. What application shows the highest number of transactions?
______________________________________________________________
4. What types of views can you see using the Discover My Network
Module?
______________________________________________________________
5. How many applications did it discover? _________________________
6. Sort the Application Column in descending order and locate the
HTTPS-Corp application.
7. With the HTTPS-Corp application selected, launch the Service
Monitor associated with it.
8. What is the IP Address or Name of this Server?
_______________________________________________________________
9. Go back to the Discover My Network Summary page and sort by
Transactions > Failed. What Application is showing the highest
number of Failed Transactions? (NOTE: If two have the same
number, choose first one)
_______________________________________________________________
10. Close out the Discover My Network module, but remember the
information you collected.

8–2 nGeniusONE Enterprise Essentials

Lab 8 Special Function Modules

Search and Discover

The Search and Discover module is a powerful tool to help narrow down
the search for what you are looking for (i.e., user name, host, phone
number, or service).
1. Select the “Toggle Search and Discover” icon.

2. From the Search window that appears, enter the IP Address of the
Server Associated with the HTTPS-Corp Application (see step 8 from
previous page).
3. Answer the following questions:
a. What interface is linked to this Server? ___________________
b. What is this IP associated with? _________________________
c. What is available to launch under the interface?
_________________________________________________________
4. Launch Host Analysis, and note the Application and Server Name
displayed.
5. Does this match with what you saw earlier? YES / NO
6. From Location Keys, add Server Site.
7. What is the Server Site shown? (adjust column width if necessary)
____________________________________________________
8. Take a few minutes to look through the displayed output.
9. Select Close All Running Modules.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 8–3

Special Function Modules Lab 8

Search and Discover – Server IP Address Subnet

What if all you had was an IP address subnet from which to begin with?
1. Select the “Toggle Search and Discover” icon again.
2. Enter the following in the search area: 192.168.0.0/16
3. Select the dropdown from DC-Inf:if3, and then select Apply Filter.

4. How many hosts show up in the search result? ________________

5. Enter a new search, use 192.168.0.0/24, and apply filter.
6. How many search results show up this time? ______________
7. Launch Host Analysis, what Application is being used? ____________
8. Enter a new search, use 192.168.10.0/24.
9. Apply the filter, how many hosts IPs does it show? _______________
10. Close out all the open Search and Discover tabs, and Host Analysis.

This concludes the lab.

8–4 nGeniusONE Enterprise Essentials

Lab 8 Special Function Modules

Review
Questions
Write down any questions or observations you may have to bring up during the lab
review.
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 8–5

Special Function Modules Lab 8

Answer Sheet
Discover My Network
3 – The Application with the highest transactions count may vary (i.e., CITRIX
ICA)
4 – Using the Discovery My Network module will allow you to see at-a-glance
transaction activity, throughput in terms of application latency, TCP window
sizes, and network volume in both kilobytes and number of packets.
5 – The number of discovered applications will vary (i.e., 81).
8 – The IP Address is 192.168.131.28, and the name is LB2-External.
9 – The Application with the highest failed transactions may vary (i.e., Citrix
Web HTTP, Citrix LDAP, DNS-Active Directory).

Search and Discover

3 – a. DC-Inf:if3, b. Host c. Host Analysis or Service Monitor
7 – Server Site = Boston Load Balancer - External

Search and Discover – Server IP Address Subnet

4 – The total hosts may vary, (i.e., 170).
6 – When using 192.168.0.0/24, only 1 Host comes back (192.168.0.1)
7 – ICMP is the Application being used by 192.168.0.1
9 – The numbers may vary (i.e., 10 hosts).

8–6 nGeniusONE Enterprise Essentials

 Lab 9
TEST OUT

Overview
Description
The purpose of this lab is to test what you’ve learned during the
nGeniusONE Enterprise Essentials course you’ve attended. You can use
any materials provided to you as you start this exercise.

Objectives
After completing this exercise, you should be able to:
• Use the nGeniusONE Console and Service Monitors
• Perform Network Triage using multiple workflows
• Create and forward nGeniusONE Reports, Graphs, and Charts
• Perform Packet Analysis and Drilldown

Time to Complete
40 minutes

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 9–1

TEST OUT Lab 9

Training Tickets Overview

Congratulations, you are almost done with your nGeniusONE training. The only thing
that remains is to test your knowledge of what you learned. These Training Tickets
are designed to present you with multiple problems, each in the form of a trouble ticket
and/or work order request. You must complete 3 of the 5 problems within the given
time period and be prepared to explain your answers/findings if called upon.

You can use all the materials you have before you while attempting to solve these
tickets. If you get stuck or have any questions before getting started, please notify
your instructor.

Good luck!

9–2 nGeniusONE Enterprise Essentials

Lab 9 TEST OUT

Training Tickets
The Training Tickets are broken down into two main categories:
• Work Request / Configuration / Creation
o Reports
o GRIDs
o Alerts
o Etc.
• Triage / Troubleshooting
o Oracle
o Citrix
o DNS
o Etc.

You will have time to complete each ticket, as well as have time to discuss findings as a
group. You may find more than one way to isolate problems in the network.

Let’s begin…

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 9–3

TEST OUT Lab 9

Ticket #1 – Triage/Troubleshoot
Ticket Details
Your customer NetArch is receiving complaints coming from users in
Washington area who can’t access Active Directory Server. Review the
email from the TAC Manager, and perform triage on this problem. Make
sure to document your findings and answer any/all questions.

1. What is the IP Address of the Active Directory Server?

________________________________________________
2. Is there any particular DNS query that’s failing?
________________________________________________
3. What does it look like the issue is?
________________________________________________________________
________________________________________________________________
4. How did you fault isolate this problem? (describe workflow)
________________________________________________________________
________________________________________________________________
5. Move on to the next problem, retain any work you did.

9–4 nGeniusONE Enterprise Essentials

Lab 9 TEST OUT

Ticket #2 – Work Request/Configuration/Creation

Ticket Details
This next ticket is a request that was received via email. Review the
email and steps listed below, then complete the request. Make sure to
document your findings and answer any/all questions (if applicable).

1. Give this Report a name of Management Staff Monthly Report –

<Month>/<Year>
2. Make sure to only include US West Coast Based Client sites that
access the Oracle Server Farm site.
3. Remember to add the following Site and Application Performance
metrics: Transactions, Successes, Failures, Response Time, and
Active Sessions.
4. Schedule it to run on the first day of the month at 9:30am.
5. Make sure you deliver it via email to [email protected]
as a Web URL.
6. Generate your report and verify it includes all the information in the
work request.
7. Move on to the next problem, retain any work you did.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 9–5

TEST OUT Lab 9

Ticket #3 – Triage/Troubleshoot
Ticket Details
Your customer (Topmon99) is receiving a high number of DNS
complaints coming from users isolated in the New York area. Review the
email from the TAC Manager, and perform triage on this problem, make
sure to document your findings and answer any/all questions.

1. What Service Monitor do you think should be looked at first?

_______________________________________________________________
2. What is the IP Address range for this group of users?
________________________________________________________________
3. Based on your findings, what does it appear is the likely problem?
________________________________________________________________
________________________________________________________________
4. Ensure you perform a packet capture and save the file as
Topmon99_DNS.
5. Move on to the next problem, retain any work you did.

9–6 nGeniusONE Enterprise Essentials

Lab 9 TEST OUT

Ticket #4 – Triage/Troubleshoot
Ticket Details
One of your key customers (Ora4orce) is receiving a high number of
complaints about users trying to access their Oracle App Server
Database in the UK. Review the email from the TAC Manager, and
perform triage on this problem. Make sure to document your findings
and answer any/all questions.

1. What Service Monitor do you think should be looked at first?

_______________________________________________________________
2. What are the IP Addresses of the Oracle App Server Databases?
________________________________________________________________
3. Based on your findings, what does it appear is the likely problem?
________________________________________________________________
________________________________________________________________
4. Collect up all your saved information, saving any captures as
Prob0004.
5. Move on to the next problem, retain any work you did.

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 9–7

TEST OUT Lab 9

Ticket #5 – Work Request/Configuration/Creation

Ticket Details
Here is another work request that was received via email. Review the
email and steps listed below, then complete the request. Make sure to
document your findings and answer any/all questions (if applicable).

1. Remember that the Grid you create needs to cover key areas of the
recent Sharepoint rollout.
2. Also remember that it needs to be easy to understand, as people both
within and outside of your group may view it.
3. It will be displayed on large screens in the NOC, so adjust viewing
parameters as needed.
4. Save this Grid as GRID-0005.
5. Launch the Grid, and ensure it contains all required information.

9–8 nGeniusONE Enterprise Essentials

Lab 9 TEST OUT

Review
Questions
Write down any questions or observations you may have to bring up during the lab
review.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________

©2022 NETSCOUT CONFIDENTIAL & PRO PRIET ARY 9–9

TEST OUT Lab 9

Answer Sheet
All Answers to be discussed together.

9–10 nGeniusONE Enterprise Essentials

NETSCOUT University Course Information
[email protected]