We have a situation that one of our AMD is missing the TCP sessions near about 5% and after reviewed we found that few software services created to monitor the applications have 100% missing sessions.
AMD is performing well without any drop packets or running out any other resources.
What could be the issue?
Below screenshots are reference to my question.
So - most likely the SPAN is the source of your problem. I've posted a couple of times before but it's worth repeating - SPAN has very limited value in a production environment. Your best bet for success is have a target port that is much higher in speed than your source ports, and still you can fail 🙂 so that's why you should use a TAP instead.
In the manual (assuming you are on 12.4)
We have AMD Version:
22.214.171.124 and the below two screenshots are taken from the two different AMDs. The weird thing is that only the application traffic is missing 100% on the DH-1 side and the partially missing traffic for the same application(s) on the DH-2.
One more observation that the configured analyzer is HTTP which is showing 100% missing session in DH-1 AMD but for the Unknown TCP there is no missing session.
The same application in the DH-2 AMD is partially missing the traffic and that is also for the HTTP analyzer.
As per our understanding AMD is not under performing, therefore, I took below screenshots for your understanding, might be we are missing something or overlooked.
Packet Distribution (Driver Level)