Tips:

How do you configure the new Protocol Translations the Capture Engine?

SEE MORE

How do you configure the new Protocol Translations the Capture Engine?

  1. Go to the tab in Settings>Protocol Translations
  2. Click the Insert Button
  3. Choose TCP or UDP
  4. Enter the Port number
  5. Choose the Sub-Protocol by clicking “Choose” then click OK

How do I configure the new Compass “Group Nodes” option?

SEE MORE

How do I configure the new Compass “Group Nodes” option?

  1. Go to the Tools pull down menu and select Options
  2. Then select Analysis Modules and double-click the Compass Analysis
  3. You will see the “Group Nodes By” field under the Statistics Options
  4. Select one of the options Nodes by Node & MAC, Node or MAC then click OK

How do you configure the Packet File Indexing to increase performance for Forensic Searches?

SEE MORE

How do you configure the Packet File Indexing to increase performance for Forensic Searches?

  1. Go to Capture Options>Packet File Indexing
  2. Select the packet characteristics you are most likely to use in a forensic search software filter then click OK

I am not able to modify the decode column I added, why not?

SEE MORE

I am not able to modify the decode column I added, why not?

Once you add a decode column to the Packet List Columns, you cannot modify it, only delete it. Right-Click on the decode you have added, uncheck it, the decode will be deleted and you may add a new one.

I want to use Compass for the Capture Engine but I do not see it in the Capture View pane, what is wrong?

SEE MORE

I want to use Compass for the Capture Engine but I do not see it in the Capture View pane, what is wrong?

The Compass program is enabled and disabled in the Analysis OptionS. Please go to Capture Options>Analysis Options and enable it there.

What if I don't want some of my users downloading files from the Capture Engine?

SEE MORE

What if I don't want some of my users downloading files from the Capture Engine?

This is feature is available when the ACL is being used. Go to the Access Control page of the Capture Engine Configuration Wizard. There is a new Policy called, “Download Files”. Highlight it and select the user you want to give permission to download files from the Capture Engine.

I have Omnipeek and I am trying to connect to my Capture Engine. I know my credentials are correct, but I cannot connect. Why?

SEE MORE

I have Omnipeek and I am trying to connect to my Capture Engine. I know my credentials are correct, but I cannot connect. Why?

You must either disable the Windows firewall, or add Capture Engine port 6367 and 6369 for TCP to the exceptions list, in order to make Capture Engine accessible from the Omnipeek machine.

Why can't I access the Label option on the Capture Engine, I can in Omnipeek?

SEE MORE

Why can't I access the Label option on the Capture Engine, I can in Omnipeek?

The Label packets option is only for local captures done in Omnipeek.

I configured the TCPDump adapter on my Capture Engine and it is not capturing all the packets visible to the interface, what is the problem?

SEE MORE

I configured the TCPDump adapter on my Capture Engine and it is not capturing all the packets visible to the interface, what is the problem?

“Capture all traffic on interface (Promiscuous Mode)” is not selected in the Save Adapter Dialog and only traffic destined for the interface will be captured.

How can I determine what nodes are using a particular application?

SEE MORE

How can I determine what nodes are using a particular application?

You can right-click on an application in the Applications view and the details will show all nodes associated with that applications. Conversely, in the Nodes view, you can right click on any node, and the details will display all applications associated to that node.

Why can't I see any VoIP stats on my Timeline graph after enabling it in the Capture Options?

SEE MORE

Why can't I see any VoIP stats on my Timeline graph after enabling it in the Capture Options?

You may not have any Open calls in the capture. Only open calls are graphed. Also, make sure you have the Call Quality selected in the View Type field.

How do I configure the VLAN-MPLS Node filter?

SEE MORE

How do I configure the VLAN-MPLS Node filter?

  1. Create an Advanced Filter with a VLAN-MPLS node.
  2. Enable the VLAN IDs checkbox and enter one or more VLAN IDs.
    Note: You can enter a single value or ID range, (for example, 200-210). Values and ranges may be separated by spaces, commas, and semicolons.
  3. Enable the MPLS Labels checkbox and enter one or more MPLS Labels.
    Note: You can enter a single value, or an MPLS label range (for example, 100-110). Values and ranges may be separated by spaces, commas, and semicolons.
  4. Create a new Capture and enable the VLAN-MPLS Filter.
  5. Start the capture

At this point, only traffic that meets the criteria of the filter will be accepted into the Capture’s buffer.

I selected a large portion of my disk space for my capture to disk but it is stopping after the allotted disk space is used up, what is the problem?

SEE MORE

I selected a large portion of my disk space for my capture to disk but it is stopping after the allotted disk space is used up, what is the problem?

If Continuous capture is disabled, the capture stops when this amount of disk space has been filled. Enable Continuous capture and it will recycle the files and keep capturing.

I am attempting to save my capture to disk files as pcap or pcapng and they are still saving as a *.pkt format. What is the problem?

SEE MORE

I am attempting to save my capture to disk files as pcap or pcapng and they are still saving as a *.pkt format. What is the problem?

The pcap or pcapng file format for capture to disk needs to have a period in front of the file extension, for example: C:UsersUsernameDocumentsCapture 1-.pcap.

When using the Download Engine Packet Files to retrieve files from various engines and merge them, can I save it as a format other than *.wpz or *.pkt?

SEE MORE

When using the Download Engine Packet Files to retrieve files from various engines and merge them, can I save it as a format other than *.wpz or *.pkt?

Yes, once you have merged the files into one, you can open it up in Omnipeek and then change the file to a number of different formats.

Using the Download Engine Packet Files feature, I select the engines I want to search and in the Capture Session dialog a couple come back with "No results were found". There is saved data on those engines, what is the problem?

SEE MORE

Using the Download Engine Packet Files feature, I select the engines I want to search and in the Capture Session dialog a couple come back with "No results were found". There is saved data on those engines, what is the problem?

This means that there is no data that was found during the specified time frame that was allocated for the search. Also, the data it retrieves must have had the Timeline Stats enabled in the Capture Options before the capture starts. You can verify this by looking in the Forensics tab.

How do I save the Support tab information?

SEE MORE

How do I save the Support tab information?

There are buttons to save this as a text file and to copy it to the clipboard.

  1. The save icon saves all information. There is a menu item for save as well, File>Save Support Info. The default file save name is Capture Engine Support.txt.
  2. The copy button (as well as the Edit>Copy menu item) will copy only the selected text to the clipboard. If there is no selection, it will copy everything.

Note: There is a refresh button which will update the information (re-query and re-receive it from the engine). There is no auto-refresh, however each time you switch to this tab, the information there will be refreshed.

When I enter a new number in the Log max field and click next in the Capture Engine Configuration Wizard, I receive a prompt that says "Enter an integer between 10000 and 100000000". I have entered a number between those ranges, what is wrong?

SEE MORE

When I enter a new number in the Log max field and click next in the Capture Engine Configuration Wizard, I receive a prompt that says "Enter an integer between 10000 and 100000000". I have entered a number between those ranges, what is wrong?

When you enter the numbers in the range, do not include commas.

How do you configure the new multiple authentication servers?

SEE MORE

How do you configure the new multiple authentication servers?

  1. Go to the Capture Engine Configuration Wizard or use OEM configuration icon.
  2. Go to the Security menu
  3. Select Enable Third-party Authentication.
  4. Add any authentication servers on your network.

How do I add files to the Capture Engine?

SEE MORE

How do I add files to the Capture Engine?

  1. Go to the Files tab.
  2. Click on the Upload Packets icon.
  3. Select the files you want to add to the Capture Engine.
  4. Click Open.

How do I access the new CDR (Call Detail Records)?

SEE MORE

How do I access the new CDR (Call Detail Records)?

In the Capture Options Statistics Output, enable the “Save statistics report”. Then under the “Report type” select the Call Detail Records option.

Will all Omnipeek Users Need Access to the Capture Engine Data Folder?

SEE MORE

Will all Omnipeek Users Need Access to the Capture Engine Data Folder?

Yes, the data folder used by Capture Engine to store trace files must have write permissions for all users who want to use Omnipeek. The Capture Engine data folder is configured using the Capture Engine Manager (on the General tab of the Remote Engine Properties dialog).

Is Capture Engine Enterprise compatible with User Account Control (UAC) under Windows 7?

SEE MORE

Is Capture Engine Enterprise compatible with User Account Control (UAC) under Windows 7?

No, In order to run Capture Engine under Windows 7 you must disable UAC.

Is there a way to only capture the header of a packet?

SEE MORE

Is there a way to only capture the header of a packet?

Yes, here’s how:

  1. Click View/Filters to bring up the filters window.
  2. Click the Insert button (Green)
  3. Select Simple or Advanced for Filter Type.
  4. Select Protocol Filter.
  5. Select the Protocol and check Slice to Header.

Can a NIC connected to a SPAN/Mirror port also be used for network services?

SEE MORE

Can a NIC connected to a SPAN/Mirror port also be used for network services?

No, you will need an additional adapter to use for network services or use a multi-port adapter like the Intel dual or quad port adapters. These cards could connect via one port and capture on the additional, available ports.

Why does the Dashboard view display Traffic History and Top Talkers by IP Address as not available?

SEE MORE

Why does the Dashboard view display Traffic History and Top Talkers by IP Address as not available?

Be sure the modules are enabled. Start a new Monitoring Capture or New Capture>Click the Performance View>Traffic History and Top Talker Statistics should be checked.

Please also note that the Dashboard view is available only when Monitoring and Capturing. Forensic Captures by default have all Analysis Options unchecked.