This article covers the data collected by ThousandEyes Endpoint Agent.
No data is automatically collected while an Endpoint Agent communicates with ThousandEyes from outside a monitored network. Manual recording may still be initiated by the endpoint user, targeting ANY (monitored or unmonitored) domain. These results will be collected and reported back to ThousandEyes and will appear in the Endpoint Agent views.
All website visits will be captured. If the visit is to a domain not listed in the monitored domain list, only the target domain will be captured, not the specific resource visited. All visits to monitored domains will be collected; during a visit, two categories of information are collected (see web performance data, below)
Web Performance data includes HTTP Archive (HAR) format data. HAR information collected by the Endpoint Agent includes each file accessed on a particular site, and includes request and response header information, timing, source and destination IP addresses, as well as wait and receive timing for each component loaded in each page visited. Sensitive information in headers (such as cookie information and authorization data) is suppressed at collection time.
For more information on the content of HAR format data, refer to http://www.softwareishard.com/blog/firebug/http-archive-specification/
Waterfall data is shown for each page visited. A “session” constitutes either:
a manual recording initiated by an endpoint user - the session will last from the first page that the user clicks the record button through the last page of the recording.
A waterfall (“page”) will be captured each time the DOM is reloaded in a session (ie, navigation to another page, form submission and/or page refresh). Multiple pages can be shown in a single session.
Network data is collected in a number of different ways, and differs from data captured by the ThousandEyes Enterprise Agent. A detailed list of each series of packets sent is shown below:
Network probes consists of three type of probes:
ICMP ping: Sends 10 ICMP packets with 1 second interval. The round trip time (RTT) is captured and the sent/received ratio.
ICMP path trace: Performs an ICMP-based TTL path trace with a maximum of 32 hops. Information about each hop is captured, including RTT. If the Endpoint Agent is running on a Mac OS X client, MPLS information will also be captured and shown
TCP connect: Opens a TCP connection with a 10 second timeout and closes the connection if it was able to connect. Timing, and error code (if applicable) is captured.
Based on the connection topology of the Endpoint, network probes will be sent to the following destinations:
ICMP path trace
Proxy (if used)
VPN (if used)
Some information about the computer where the Endpoint Agent is installed is collected as well.
Base operating system
Windows / Mac
Major/minor version of operating system
Microsoft Windows 8.1 Enterprise
Kernel version numbers
Browser used for data collection
Google Chrome (46.0.2490.80)
Major/minor version of endpoint agent
Private IP address
Addresses of configured DNS server
Total memory available to Operating System
Logged in user
In addtion to the computer information, the following network information is collected
Name of wireless network
Base Station ID (mac address)
2 (2.4 GHz)
Signal strength (dBm)
Signal quality (expressed as a percentage)
Maximum transmission as seen by operating system
IEEE 802.11 specification for wireless connection
Connection type (Wired/Wireless)
If a proxy is used, the method (PAC file, WPAD, manual)
Network PAC Script
Proxy configuration URL
If proxy autoconfiguration is used, the URL where the file is sourced from
Default network gateway