Examples — PacketPilot Config + Analyze

These examples show complete end-to-end workflows combining Config and Analyze.


Example 1: Bring Up a New Switch, Then Analyze the Capture

Goal: Bootstrap a new Cisco switch using Config's console wizard, then upload a config capture to Analyze for a baseline health check.

Equipment needed:

  • Cisco switch (IOS-based)
  • USB-to-serial console cable
  • Windows PC with Config installed
  • Analyze stack running

Step 1: Connect via Serial Console

  1. Connect the USB-to-serial cable from your PC to the switch console port
  2. In Config, open the Console tab
  3. Select the COM port (check Device Manager if unsure)
  4. Select the Cisco vendor profile
  5. Click Connect
  6. Press Enter — you should see the switch switch: prompt or login prompt

Step 2: Run the Cisco Bootstrap Wizard

With the console connected and the Cisco profile active, click Bootstrap.

Follow each step. Example values:

| Setting | Value | |---------|-------| | Hostname | SW-LAB-01 | | Management VLAN | 1 | | IP Address | 192.168.1.10 | | Subnet Mask | 255.255.255.0 | | Default Gateway | 192.168.1.1 | | Enable Secret | LabSecret! | | SSH | Enable | | SSH RSA Key Bits | 2048 |

Click Preview to review the generated commands before applying. When ready, click Apply.


Step 3: Verify SSH Access

After bootstrap completes:

  1. Disconnect the console cable (or keep it connected)
  2. In Config, open the Inventory tab
  3. Click Add Device
  4. Enter:
    • IP: 192.168.1.10
    • Vendor: Cisco
    • Username: admin (or whatever you configured)
    • Password: your bootstrap password
  5. Click Save — Config tests the connection

Step 4: Capture Config and Export to Analyze

  1. Double-click the device to open an SSH session
  2. Run the following commands to capture relevant config:
show running-config
show interfaces status
show vlan brief
show spanning-tree
  1. Right-click the session → ExportJSON
  2. Save the file as SW-LAB-01-baseline.json

Step 5: Analyze in Analyze

  1. Open the Analyze web UI at http://localhost:3000
  2. Click New Case
  3. Name: SW-LAB-01 Baseline
  4. Tags: baseline, new-switch
  5. Click Create
  6. Click Upload Artifact → select SW-LAB-01-baseline.json
  7. Click Analyze

Findings appear. Review the AI summary for a plain-English assessment of the switch's baseline configuration health.


Example 2: SSH Audit of an Existing Device, Export Findings

Goal: Use Config to audit an existing network device over SSH, identify configuration issues, and export findings to Analyze for a formal report.

Equipment needed:

  • An existing switch or router with SSH access
  • Config installed on a Windows PC on the same network
  • Analyze stack running

Step 1: Add the Device in Config

  1. Open Config → Inventory tab
  2. Click Add Device
  3. Enter:
    • IP: the device's management IP (e.g. 10.0.1.1)
    • Vendor: select the correct vendor (or Auto-detect)
    • Username and password
  4. Click Save

Step 2: Run an Audit via Bulk Operations

  1. In the inventory, click the device to select it
  2. Click Bulk Operations in the toolbar
  3. Enter these commands one at a time (or paste them as a sequence):
show running-config | include ^interface|^ snmp-server|^ access-list|^ spanning-tree
show version
show interfaces status
show cdp neighbors
show mac address-table
  1. Review the output — look for:
    • Plaintext SNMP community strings
    • Open or misconfigured access-lists
    • spanning-tree portfast misconfigurations
    • Missing loop-protect on access ports

Step 3: Export Findings to Analyze

  1. Right-click the device → Export Findings
  2. Choose JSON format
  3. Save the file
  4. Open Analyze → open or create a case
  5. Upload the JSON file as an artifact
  6. Click Analyze

Review findings and the AI summary. Export a PDF report for your ticketing system or incident log.


Example 3: Analyze a Suspicious PCAP

Goal: Investigate a network performance issue using a pcap captured on a span port.

Equipment needed:

  • A pcap file from a span port or packet sniffer (Wireshark, tcpdump)
  • Analyze stack running

Step 1: Create a Case

  1. Open http://localhost:3000
  2. Click New Case
  3. Name: Performance-Issue-2025-05-10
  4. Tags: performance, investigation
  5. Create

Step 2: Upload the PCAP

  1. Click Upload Artifact
  2. Drag capture.pcap onto the upload area
  3. Wait for upload to complete

Step 3: Analyze

Click Analyze. Wait 10–30 seconds.


Step 4: Review Findings

In the Findings tab, you might see:

  • CRITICAL — SQL injection attempt detected in HTTP POST payload
  • HIGH — Large number of DNS queries to an unusual external server
  • MEDIUM — TLS certificate mismatch on internal application endpoint

Click each finding to see the evidence (the specific packet that triggered it).


Step 5: Read AI Summary

The AI Summary tab explains the most likely root cause of the performance issue based on the highest-severity findings.


Step 6: Export PDF

Click Export PDF → attach to your incident report or ticketing system.


Example 4: Config + Analyze for a VLAN Hopping Investigation

Goal: A user reports intermittent connectivity issues. Use Config to capture spanning-tree output, then Analyze to check for VLAN hopping indicators.


Step 1: Capture via Config SSH

  1. Add the suspect switch in Config
  2. Open an SSH session
  3. Run:
show spanning-tree
show interfaces trunk
show vlan
show etherchannel summary
  1. Right-click session → Export → JSON

Step 2: Analyze the Export

  1. In Analyze, create a new case: VLAN-Hop-Investigation
  2. Upload the JSON export from Config
  3. Click Analyze

Look for findings related to:

  • Spanning-tree inconsistencies
  • Trunk misconfigurations
  • Native VLAN mismatches

Step 3: Generate Report

Export the PDF and share with your network engineering team for follow-up.