Capture Engine for Omnipeek Support FAQs

 

Questions

What are new the features that are available in Capture Engine Enterprise 9.2?

  • Multi-byte character support for packet analysis
  • Native QoS analysis support
  • Support for notifications via authenticated email systems
  • Timestamp support for Arista networks
  • Performance improvements
Back to the top

What are new the features that are available in Capture Engine Enterprise 9.1?

  • Compass on the Capture Engine
  • Geographical breakdown of traffic per IP address
  • Show connected users on the Capture Engine and Omnipliances
  • ACL Policy to disable file download from Capture Engine
  • Pattern and Value filter enhancements
  • Support for protocol identification of ICAP, Cisco FabricPath and CAPWAP
  • Performance improvements
Back to the top

What is the Remote Compass feature?

The New Remote Compass is the same interactive network forensics dashboard application in Omnipeek that is now available on the Capture Engine for Omnipeek.

Back to the top

How do I see what users are connected to my Capture Engine?

Just log into the Engine, then go to the Admin Tab>Connected Users. A complete list of users will be there.

Back to the top

I just loaded Capture Engine 9.1 32-bit on my Win 2003 server. I am having problems with the service and connecting. What is going on?

Savvius has dropped support for Win 2003 Server as of the 9.1 release.

Back to the top

What is the TCPDump Adapter for the Capture Engine?

The TcpDump Adapter Plugin now provides a user interface for the Capture Engines which supports the following actions.

  • Connect to a remote host and retrieves the remote host's list of supported interfaces.
  • Create Tcpdump Adapters associated with a remote host/interface.
  • Edit Tcpdump Adapter configurations.
  • Delete Tcpdump Adapters.
Back to the top

What is the Top Applications graph on the Forensics tab?

The Top Applications Distribution graph is collected when "Top Stats" is enabled in the Capture Options. Data for Top Applications Utilization is collected when "Timeline Stats" is enabled in the Capture Options. This data is also available in the Applications Dashboard

Back to the top

What is the Sparklines graph in the in the Details subtab of the Forensics tab?

The sparkline are the Network Utilization (Mbits/s) graphs, just shrunken. The data for the sparkline is only requested when the item becomes visible. Sparklines are updated for active captures only.

Back to the top

What is the Savvius Splunk App?

The Savvius Splunk App is a set of dashboards, and other configuration, that is installed into a Splunk Instance.

The Splunk App includes a high level dashboard showing a summary of the following statistics:

  • GeoStats
  • Top Talkers
  • Top Protocols
  • Top Flows
  • VoIP Call Stats
  • Events
  • Summary Stats

The Splunk App includes detailed dashboards for the following statistics:

  • GeoStats
  • Nodes
  • Protocols
  • Flows
  • Events
  • VOIP Calls
  • Summary Stats
Back to the top

What is the "Priority to Disk" option?

When enabled it gives priority to CTD (Capture to disk) captures, so that real-time monitoring captures have less impact on the CTD performance.

Back to the top

What is the "Disk space for this capture" option in the General->Capture Option?

This slider and associated text field are used to specify the maximum amount, in gigabytes, of disk space for the capture to occupy.

Back to the top

What is the VoIP Stats Option in the General->Capture Options?

When VoIP Stats are enabled, it will rate calls as Bad, Poor, Fair, and Good based on MOS-Low which will appear on the Timeline graph.

Back to the top

What is an improvement for the Forensics Search?

The "Forensics Search on Open Files" is a good improvement to the Forensic Search. When performing a Forensics Search, any currently open file will now not have to be closed before the search can proceed.

Back to the top

What is the VLAN-MPLS Advanced Filter Node?

This is an advanced filter node which you will be able to specify one or more VLAN IDs or ID ranges. Also, you will be able to specify one or more MPLS Labels or Label ranges.

Back to the top

What is the "Download Engine Packet Files" option in Omnipeek's Tools menu?

This option will allow you to search, download and merge packet files from multiple engines.

Back to the top

What is the real-time Forensic Search feature?

Now when you do a forensic search, the results window will show up immediately. You will also see a progress bar at the top of the window displaying the progress of packets loading and processing.

Back to the top

What is the Support tab used for?

The information that is stored there is mainly for Tech Support in case customers experience problems.

Back to the top

If I save the information as a backup file or email it to Tech Support, what information am I saving?

This feature allows you to save the data displayed on the Home tab and all options of all captures present on the engine.

Back to the top

What information is contained in the Audit Log tab?

The Capture Engine audit log lists available information regarding events taking place on the Capture Engine. Each log entry displays the Date, Time, Client, User, Message, and Result.

Back to the top

How do you use the searchable log options in Capture Engine?

  1. Go to the Logs view on an Engine capture window.
  2. Click on the Clock icon next to the Search field.
  3. Select the date and time range.
  4. Click OK.
Back to the top

Where do I enter the Log Settings in Capture Engine?

  1. Open the Capture Engine Configuration Wizard.
  2. Go to the General screen.
  3. Enter the Log max and Log adjust values.
  4. Click OK.
Back to the top

What are the enhancements to Third Party Authentication?

Capture Engine Linux and TimeLine now have the ability to use multiple authentication servers of different types, including TACACS, Radius and Active Directory.

Back to the top

How is the Multi-Segment Analysis (MSA) feature used on Capture Engine Enterprise?

The MSA Wizard guides you through the creation of an MSA project. It allows you to choose captured data from multiple Capture Engines located on your network or, multiple existing packet files.

Back to the top

What is Active Directory Authentication for Capture Engine?

To provide Active Directory authentication to the Engine, we use the provided (ADSI) components.

Configuring Active Directory Authentication on Capture Engine Windows will require two bits of information:

  • IP Address: This is the host servers IP Address
  • Port Number: Default port is 389
Back to the top

Is it true that all the Capture Engine versions have the same view as the TimeLine Network Recorder?

Yes, in addition to the classic files view, all Capture Engines now have a Timeline view in which a user can make a selection for a forensic search with all of the same parameter choices as in the Files view.

Back to the top

How does the offline forensic search feature work?

When a forensic search is started, it will continue and when it is completed, it will show up in the Forensic Searches tab. If it is a lengthy search, the user can log out of the engine and log back in at any time to view and analyze the results.

Back to the top

Can I search the log file in Capture Engine?

Yes, you can enter characters in the search field and find exactly what you are looking for.

Back to the top

How does the packet de-duplication feature work?

In the General Capture Options, there is now a check box that says "Discard duplicate packets". When this is checked, if the FCS of an incoming packet matches one from the ring buffer, that packet will be discarded. This is a great feature for customers monitoring from SPAN ports, where duplicate packets are often seen.

Back to the top

Why am I not seeing the Multiple Engine View in Capture Engine?

If you have a Group made, click the "Group Name" i.e., "John Does Engines" and all the Engines under that group will appear in the Multiple Engine View. If you have not put your Engines in a Group then you must click the empty space right under the list of Engines. Then the Multiple Engine View will appear on the screen with all the Engines.

Back to the top

Why can't I see the Capture Engine Tabs such as Filters, Graphs, Alarms, and Notifications?

You must first select the Settings Tab and then all of the Tabs mentioned above will populate on the Home screen.

Back to the top

What are the TimeLine graph and forensics capabilities on the Omnipliances and Capture Engines?

TimeLine graph and forensics capabilities now apply to all Omnipliances as well as Capture Engine Enterprise. Those products are now able to display a Timelne graph, real-time stats, and perform forensics search.

Back to the top

Does Capture Engine Enterprise run on 64 bit Operating Systems?

The Capture Engine Linux is a 64-bit native; there is no 32-bit version of the Capture Engine Linux. The Windows Capture Engine is 64-bit native.

Back to the top

I installed my Capture Engine on Windows 7 laptop, but the application will not run. What is the problem here?

Capture Engine is not compatible with User Account Control (UAC) under Windows 7. In order to run Capture Engine under Windows 7, you must disable UAC.

Contact Us Savvius Blog Follow Savvius on Twitter Like Savvius on Facebook Follow Savvius on LinkedIn Follow Savvius on YouTube