Monitoring DICOM: The Why and How | ExtraHop


DICOM is a Standard for Digital Imaging and Communications in Medicine. This is the second post in a series exploring the DICOM protocol. If you're new to this topic, start by reading the first post, "An Introduction to DICOM."

Click image to zoom The flow of a request through a radiology department's IT system, including HL7, DICOM, and PACS/RIS transactions.

DICOM is the standard for digital medical imaging used in radiology and other medical specialties such as cardiology, neurology, ophthalmology, sports medicine and dentistry. DICOM is critical in patient diagnosis, treatment and follow-up and it is vital to the most profitable and fastest growing segments in healthcare.

Digital medical imaging using DICOM was once tightly controlled by radiology departments, but now has evolved into a core responsibility for an organization's IT staff and a high priority for healthcare leaders. Additionally, new laws affect how care providers may prescribe and charge for medical imaging services. With the recent changes in healthcare laws and regulations, value-based contracts may not reimburse for duplicate exams, causing loss of revenue.

Medical images are managed via a Radiology Information System (RIS) and a DICOM interface with multiple imaging modalities such as X-Ray, CT, MRI etc. These various imaging modalities create digital images that are stored on a Picture Archiving and Communications System (PACS), and DICOM is the universal format for PACS image storage and transfer. In this multi-vendor environment, it is crucial that each component conforms to a common interpretation of the DICOM standard. Any changes to the underlying infrastructure can break what was working before. Any downtime can adversely affect patient care by delaying the delivery of images vital for diagnosis.

Currently there are limited tools available to effectively troubleshoot issues with DICOM configurations, protocol, network and data related problems. Monitoring DICOM transactions in real-time on the network can provide performance metrics that help the IT team keep the digital imaging services running smoothly.

ExtraHop offers a free bundle that enables you to monitor DICOM in real-time, track trends over time, and create performance and activity baselines for your DICOM environment.

Installing the ExtraHop DICOM bundle will create three different DICOM dashboards: Overview, Messages and Network. If you have an ExtraHop Explore Appliance, you can also create DICOM request and response records for each DICOM transaction.

The dashboards can provide insight into some of the most commonly occurring problems in DICOM deployments, including DICOM errors and aborts, Association Rejects, Response ABORTS and network issues. These issues can be caused either by the network or by DICOM configurations. Let's look at a quick rundown of the three dashboards that come with the ExtraHop DICOM bundle, and what kind of information you'll get from each.

This dashboard shows the Request and Response Error Status. The charts below show two examples of the Error Status that can be seen. In this scenario, the Called Application Entity (AE) Title is not recognized by the Calling AE Title and hence there is no communication between the two AEs (or the Error code is displayed which may have a specific meaning in that environment). DICOM Version mismatch can also cause errors and we can see the request and response versions.

The charts below show request, response and abort counts and over a time period. In a smoothly running DICOM environment you shouldn't see frequent aborts.

The chart below shows an overall picture of the message formats (PDUs) exchanged between peer entities within a layer. Data transfer (DATA-TF) PDUs should be the most common.

The Messages Dashboard shows Association Negotiations and the message formats exchanged (Request, Accept, Reject, Abort) between the peer AE-Titles. An Association process between the two communicating AEs sets all details required to ensure proper connection and interoperability between devices from varying vendors. Association is a DICOM handshake, which starts the network communication channel between the AEs. Then the data transfer DATA-TF, between the AEs can proceed, followed by release. The charts below show the Association process as counts by Calling AEs and Called AEs and over time. In all charts below the names of AE-Titles are hidden for security reasons.

If there are problems happening in the communication then we will see Rejects and/or Aborts. Below are the charts showing when the Reject Response and Abort Response happened and names of the peer AE-Titles. If everything is running smoothly, there will be no Rejects or Aborts seen.

This dashboard shows information about network performance for systems transporting DICOM communications. Below is a chart showing the performance of the slowest 5% of transactions, Response Processing Time, Network Time and Errors. The network time, measured in Round Trip Time (RTT) metrics, calculates the total amount of time the message spent traveling between sending and receiving systems.

The processing time is the total amount of time taken by the receiving system to receive, process, and return an acknowledgement for the message. This may help in showing if the problem is caused by the network or the AEs. In addition, the chart displays how many errors or failed messages occurred, which might reveal if errors on the system are correlated to these timing metrics.

The chart below shows the IP Addresses of the Calling and Called AEs with slowest processing time. This helps in narrowing down if the problem is on the network or on the communicating AEs. In all charts below, the IP addresses are hidden for security reasons.

If you also have the ExtraHop Explore Appliance, DICOM request and response records for all DICOM transactions can be stored, giving you a historic lookback. These records can show you when the problems occurred along with the time-stamp and other important information like AE-Titles, IP addresses, Ports, Aborts, and much more.

Click image to zoom

If you're an ExtraHop user, you can download the DICOM Bundle from our bundles page along with the deployment guide. Not a customer yet? Check out our interactive online demo and see the power of wire data analytics for yourself.


ExtraHop can put simplicity into understanding your complex DICOM infrastructure, giving you critical visibility that you may not have even known was possible. Instead of having to do packet captures after DICOM related problems arise, with the ExtraHop DICOM bundle installed, you will be able to see the problems real-time, and address them proactively when they occur. ExtraHop wire data and stream analytics makes it easier to manage critical radiology and medical imaging services with DICOM applications that are closely tied to system performance, patient care and revenue streams.

This is a companion discussion topic for the original entry at