Questions

What are new the features that are available in Capture Engine for Omnipeek 12?

SEE MORE

What are new the features that are available in Capture Engine for Omnipeek 12?

  • Added support for 3rd party authentication
  • Expert enhancements
  • VoIP enhancements
  • Support for Financial Transaction Card Message Interchange protocol (ISO8583)

What added support for 3rd party authentication has been added to Capture Engine 12?

SEE MORE

What added support for 3rd party authentication has been added to Capture Engine 12?

ACL supports third-party authentication by allowing the administrator to enter a username in the Add Users to ACL dialog. The username entered is the one entered by a user for third-party authentication. Users are able to configure them to allow authentication via RADIUS, TACACS+(Not supported on Capture Engine for Windows), or Active Directory.

What are some of the new Expert enhancements?

SEE MORE

What are some of the new Expert enhancements?

  • Improved Expert and VoIP performance
  • Added Expert event for detecting Gratuitous ARP
  • Added Expert event for detecting TCP Duplicate ACKs
  • Made SACK options more obvious in Flow Visualizer
  • Made Flow Visualizer come up faster
  • Updated Expert event default settings
  • Improved Expert event behaviors
  • Improved Expert Settings file handling for the engine

What are some of the new VoIP enhancements?

SEE MORE

What are some of the new VoIP enhancements?

  • Added Asserted Identity to Calls & Media views
  • Added the ability to search Asserted Identity
  • Fixed VoIP-related issues
  • Fixed call playback, DTMF related issues
  • Synthesized DTMF from RTP events when signaling is absent

How do you configure the new Protocol Translations the Capture Engine?

SEE MORE

How do you configure the new Protocol Translations the Capture Engine?

  1. Go to the tab in Settings>Protocol Translations
  2. Click the Insert Button
  3. Choose TCP or UDP
  4. Enter the Port number
  5. Choose the Sub-Protocol by clicking “Choose” then click OK

How do you configure the Packet File Indexing to increase performance for Forensic Searches?

SEE MORE

How do you configure the Packet File Indexing to increase performance for Forensic Searches?

  1. Go to Capture Options>Packet File Indexing
  2. Select the packet characteristics you are most likely to use in a forensic search software filter then click OK

Is there a way to have multiple decode columns in the Packets view?

SEE MORE

Is there a way to have multiple decode columns in the Packets view?

Yes. By right-clicking on a field within the Decode View, you can add as many decode columns as you like and arrange them in any order.

Note: Once you add a decode column to the Packet List Columns, you cannot modify it, only delete it. Right-Click on the column title bar and uncheck the decode to delete it.

What is the Country Filter dialog menu and where can I find it?

SEE MORE

What is the Country Filter dialog menu and where can I find it?

The Country Filter dialog allows you to specify one or two countries, and a direction (like the address and port filter dialogs). It is in the Advanced filter under the Logical “And”, “Or” and “Not” options.

What is the Remote Compass feature?

SEE MORE

What is the Remote Compass feature?

The Remote Compass is the same interactive network forensics dashboard application in Omnipeek that is also available on the Capture Engine for Omnipeek.

How do I see what users are connected to my Capture Engine?

SEE MORE

How do I see what users are connected to my Capture Engine?

Just log into the Engine, then go to the Admin Tab>Connected Users. A complete list of users will be there.

What is the Sparklines graph in the Details sub-tab of the Forensics tab?

SEE MORE

What is the Sparklines graph in the Details sub-tab of the Forensics tab?

The Sparklines are the Network Utilization (Mbits/s) graphs, just shrunken. The data for the Sparklines are only requested when the item becomes visible. Sparklines are updated for active captures only.

What is the "Priority to Disk" option?

SEE MORE

What is the "Priority to Disk" option?

When enabled it gives priority to CTD (Capture to disk) captures, so that real-time monitoring captures have less impact on the CTD performance.

What is the "Disk space for this capture" option in the General>Capture Options?

SEE MORE

What is the "Disk space for this capture" option in the General>Capture Options?

This slider and associated text field are used to specify the maximum amount, in gigabytes, of disk space for the capture to occupy. Keep in mind, once the capture amount is selected for the capture it can no longer be used for other captures.

How do I download files from my Capture Engine to my Omnipeek console machine?

SEE MORE

How do I download files from my Capture Engine to my Omnipeek console machine?

There are 2 ways you can accomplish this task:

  1. Go to the Tools pull down menu in Omnipeek and select “Download Engine Packet Files”.
  2. From the Files tab of the Capture Engine, highlight the file/s you want to download, right-click and select the “Download Packets” option or just click the “Download Packets” icon.

How do I add files to the Capture Engine?

SEE MORE

How do I add files to the Capture Engine?

  1. Go to the Files tab.
  2. Click on the “Upload Packets” icon.
  3. Select the files you want to add to the Capture Engine.
  4. Click Open.

What is the Support tab used for?

SEE MORE

What is the Support tab used for?

The information that is stored there is mainly for Tech Support in case customers experience problems.

How do I save the Support tab information?

SEE MORE

How do I save the Support tab information?

There are buttons to save this as a text file and to copy it to the clipboard.

  1. The save icon saves all information. There is a menu item for save as well, File>Save Support Info. The default file save name is Capture Engine Support.txt.
  2. The copy button (as well as the Edit>Copy menu item) will copy only the selected text to the clipboard. If there is no selection, it will copy everything.

Note: There is a refresh button which will update the information (re-query and re-receive it from the engine). There is no auto-refresh, however each time you switch to this tab the information there will be refreshed.

What information is contained in the Audit Log tab?

SEE MORE

What information is contained in the Audit Log tab?

The Capture Engine audit log lists available information regarding events taking place on the Capture Engine. Each log entry displays the Date, Time, Client, User, Message, and Result.

How do you use the searchable log options in Capture Engine?

SEE MORE

How do you use the searchable log options in Capture Engine?

  1. Go to the Logs view on a Capture Engine window.
  2. Click on the Clock icon next to the Search field.
  3. Select the date and time range.
  4. Click OK.

What is Active Directory Authentication for Capture Engine?

SEE MORE

What is Active Directory Authentication for Capture Engine?

To provide Active Directory authentication to the Engine, we use the provided Active Directory Service Interfaces (ADSI) components.

Configuring Active Directory authentication on Capture Engine Windows will require two bits of information:

  • IP Address: This is the host servers IP Address
  • Port Number: Default port is 389

How does the offline forensic search feature work?

SEE MORE

How does the offline forensic search feature work?

When a forensic search is started, it will continue and when it is completed, it will show up in the Forensic Searches tab. If it is a lengthy search, the user can log out of the engine and log back in at any time to view and analyze the results.

How does the packet de-duplication feature work?

SEE MORE

How does the packet de-duplication feature work?

In the General Capture Options, there is now a check box that says, “Discard duplicate packets”. When this is checked, if the FCS of an incoming packet matches one from the ring buffer, that packet will be discarded. This is a great feature for customers monitoring from SPAN ports, where duplicate packets are often seen.

Why can't I see the Capture Engine Tabs such as Filters, Graphs, Alarms, and Notifications?

SEE MORE

Why can't I see the Capture Engine Tabs such as Filters, Graphs, Alarms, and Notifications?

You must first select the Settings Tab and then all the Tabs mentioned above will populate on the screen.

Why does the Dashboard view display Traffic History and Top Talkers by IP Address as not available?

SEE MORE

Why does the Dashboard view display Traffic History and Top Talkers by IP Address as not available?

Be sure the modules are enabled. Start a new Monitoring Capture or New Capture>Click the Performance View>Traffic History and Top Talker Statistics should be checked.

Please also note that the Dashboard view is available only when Monitoring and Capturing. Forensic Captures by default have all Analysis Options unchecked.

What are the Timeline graph and forensics capabilities on Capture Engine?

SEE MORE

What are the Timeline graph and forensics capabilities on Capture Engine?

Timeline graph and forensics capabilities apply to Capture Engine for Omnipeek. This product can display a Timeline graph, real-time stats, and perform forensics search.