Tips

How do you configure the Packet File Indexing to increase performance for Forensic Searches?

SEE MORE

How do you configure the Packet File Indexing to increase performance for Forensic Searches?

  1. Go to Capture Options>Packet File Indexing
  2. Select the packet characteristics you are most likely to use in a forensic search software filter then click OK

How do you configure the new Protocol Translations the Capture Engine?

SEE MORE

How do you configure the new Protocol Translations the Capture Engine?

  1. Go to the tab in Settings>Protocol Translations
  2. Click the Insert Button
  3. Choose TCP or UDP
  4. Enter the Port number
  5. Choose the Sub-Protocol by clicking “Choose”
  6. After you have selected one Click OK

How do I configure the new Compass “Group Nodes” option?

SEE MORE

How do I configure the new Compass “Group Nodes” option?

  1. Go to the Capture Options>Analysis Options and double-click on Compass
  2. Then you will see the “Group Nodes By” field under the Statistics Options
  3. Select one of the options Nodes by Node & MAC, Node or MAC then click OK

How do you enable the Monit feature to run?

SEE MORE

How do you enable the Monit feature to run?

The Savvius configuration is disabled by default, and can be enabled it to run automatically on boot by issuing the following commands:

(cd /etc/monit/conf-enabled; ln -s ../conf-available/omnid) monit reload

The Savvius configuration is stored and runs in a directory that will persist on reboot. It is user programmable and has many options, but only the pre-defined Savvius parameters and options are supported

I am not able to modify the decode column I added, why not?

SEE MORE

I am not able to modify the decode column I added, why not?

Once you add a decode column to the Packet List Columns, you cannot modify it, only delete it. Right-Click on the decode you have added, uncheck it, the decode will be deleted and you may add a new one.

I want to use the new Compass for the Capture Engine but I do not see it in the Capture View pane, what is wrong?

SEE MORE

I want to use the new Compass for the Capture Engine but I do not see it in the Capture View pane, what is wrong?

The Compass program is enabled and disabled in the Analysis Options. Please go to Capture Options>Analysis Options and enable it there.

What if I don't want some of my users downloading files from the Capture Engine?

SEE MORE

What if I don't want some of my users downloading files from the Capture Engine?

Go to the Access Control page of the Capture Engine Configuration Wizard. There is a new Policy called, “Download Files”. Highlight it and select the user you want to give permission to download files from the Capture Engine.

I have Omnipeek and I am trying to connect to my Capture Engine. I know my credentials are correct, but I cannot connect. Why?

SEE MORE

I have Omnipeek and I am trying to connect to my Capture Engine. I know my credentials are correct, but I cannot connect. Why?

You must either disable the Windows firewall, or add Capture Engine port 6367 and 6369 for TCP to the exceptions list, in order to make Capture Engine accessible from the Omnipeek machine.

My Omnipliance did not come with an LCD, how do I configure it?

SEE MORE

My Omnipliance did not come with an LCD, how do I configure it?

With Capture Engine, the configuration is done using the Configuration Utility on the supplied USB key. Simply launch the utility, enter the information for IP, NTP, Time Zone, etc. and save it. Then, you can insert the key into the Omnipliance and just reboot. It will grab the configuration from the utility.

If I am running two CTD (Capture to disk) captures on the same adapter, should I enable both for the "Priority to Disk" option?

SEE MORE

If I am running two CTD (Capture to disk) captures on the same adapter, should I enable both for the "Priority to Disk" option?

Yes, if two captures are on the same adapter but one has CTD Priority off, it essentially makes it off for all other CTD captures.

I have selected "Disk space for this capture" for about half of the disk space and when it fills the amount the capture stops, what is wrong?

SEE MORE

I have selected "Disk space for this capture" for about half of the disk space and when it fills the amount the capture stops, what is wrong?

If Continuous capture is disabled, the capture stops when this amount of disk space has been filled.

When I go to the Diagnostics tab and don't see any data, what is the problem?

SEE MORE

When I go to the Diagnostics tab and don't see any data, what is the problem?

When you first go to the tab after connecting it does not automatically refresh the screen. You must select an option from the pull-down menu or click the refresh icon to begin the diagnostics.

How do you configure the new multiple authentication servers?

SEE MORE

How do you configure the new multiple authentication servers?

  1. Go to the Capture Engine Configuration Wizard or use OEM configuration icon.
  2. Go to the Security menu
  3. Select Enable Third-party Authentication.
  4. Add any authentication servers on your network.

How do I create a new Multi-Segment Analysis (MSA) project for multiple Capture Engines?

SEE MORE

How do I create a new Multi-Segment Analysis (MSA) project for multiple Capture Engines?

  1. From the File menu, choose “New Multi-Segment Analysis Project”.
  2. Then select “Search for packets on remote engines”.
  3. Choose the time range and filter for the search.
  4. Choose engines to search.
  5. Choose capture session and click Next to start the search.

How do I add files to the Capture Engine?

SEE MORE

How do I add files to the Capture Engine?

  1. Go to the Files tab.
  2. Click on the Upload Packets icon.
  3. Select the files you want to add to the Capture Engine.
  4. Click Open.

How can I sync my Omnipliance to an NTP server?

SEE MORE

How can I sync my Omnipliance to an NTP server?

Please refer to the Omnipliance Getting Started Guide that was included with your machine.

Can I make changes to OmniAdapter in the Omnipliance?

SEE MORE

Can I make changes to OmniAdapter in the Omnipliance?

Making changes to the OmniAdapter is not recommended unless using Omnipeek or the Capture Engine Manager.

How do I turn the Omnipliance On and Off?

SEE MORE

How do I turn the Omnipliance On and Off?

To start the Omnipliance: Press the Power button on the back of the Omnipliance. After the Omnipliance has finished loading, the LCD will display the Savvius Omnipliance welcome screen.

To shut down using the LCD controls:

  1. Make sure that multiple users are not logged into the Omnipliance
  2. From the welcome screen press the (Cancel) button twice to display the option to initiate a system shut down.
  3. Press the (Check) button to shut down.

Note: Do not shut down Omnipliance by pressing the power button on the back of Omnipliance