Capture Engine for Omnipeek Support FAQs



What are new the features that are available in Capture Engine Enterprise 10.1?

  • Simple UI for reassigning protocol analysis on non-standard ports
  • New Compass views for country statistics and node grouping
  • New Productivity and Risk rankings in application analysis
  • Improved forensic search performance using file indexing
Back to the top

What are new the features that are available in Capture Engine Enterprise 10.0?

  • Customize packet decode views
  • Faster forensic searches
  • Support for notifications via authenticated email systems
  • Filter by country
Back to the top

What is the new Port Translation for ProtoSpecs?

This option makes it easy for you to configure analysis of protocols on non-standard ports.

Back to the top

What are a couple of the new Compass Enhancements?

  1. Added new "Countries" statistics chart window for grouping statistics by countries
  2. Added new Compass Option for grouping Nodes by Node & MAC, Node or MAC
Back to the top

What are the new Application Dashboards and Statistics views?

The Applications Dashboard view now includes a Category view. Also, the Application Statistics now include the columns Category, Productivity and Risk.

Back to the top

What is the new Packet File Indexing feature in the Capture Options?

This new feature improves the forensic search performance.

Back to the top

Has Savvius added the ability to have multiple decode columns in the Packets view?

Yes. By right-clicking on a field within the Decode View, you can add as many decode columns as you like and arrange them in any order.

Back to the top

What is the Country Filter dialog menu and where can I find it?

The Country Filter dialog allows you to specify one or two countries, and a direction (like the address and port filter dialogs). It is in the Advanced filter under the Logical “And”, “Or” and “Not” options.

Back to the top

What is the Remote Compass feature?

The New Remote Compass is the same interactive network forensics dashboard application in Omnipeek that is now available on the Capture Engine for Omnipeek.

Back to the top

How do I see what users are connected to my Capture Engine?

Just log into the Engine, then go to the Admin Tab>Connected Users. A complete list of users will be there.

Back to the top

What is the TCPDump Adapter for the Capture Engine?

The TcpDump Adapter Plugin now provides a user interface for the Capture Engines which supports the following actions.

  • Connect to a remote host and retrieves the remote host's list of supported interfaces.
  • Create Tcpdump Adapters associated with a remote host/interface.
  • Edit Tcpdump Adapter configurations.
  • Delete Tcpdump Adapters.
Back to the top

What is the Top Applications graph on the Forensics tab?

The Top Applications Distribution graph is collected when "Top Stats" is enabled in the Capture Options. Data for Top Applications Utilization is collected when "Timeline Stats" is enabled in the Capture Options. This data is also available in the Applications Dashboard.

Back to the top

What is the Sparklines graph in the in the Details subtab of the Forensics tab?

The Sparklines are the Network Utilization (Mbits/s) graphs, just shrunken. The data for the Sparklines are only requested when the item becomes visible. Sparklines are updated for active captures only.

Back to the top

What is the "Priority to Disk" option?

When enabled it gives priority to CTD (Capture to disk) captures, so that real-time monitoring captures have less impact on the CTD performance.

Back to the top

What is the "Disk space for this capture" option in the General->Capture Option?

This slider and associated text field are used to specify the maximum amount, in gigabytes, of disk space for the capture to occupy.

Back to the top

What is the VoIP Stats Option in the General->Capture Options?

When VoIP Stats are enabled, it will rate calls as Bad, Poor, Fair, and Good based on MOS-Low which will appear on the Timeline graph.

Back to the top

What is the "Download Engine Packet Files" option in Omnipeek's Tools menu?

This option will allow you to search, download and merge packet files from multiple engines.

Back to the top

What is the Support tab used for?

The information that is stored there is mainly for Tech Support in case customers experience problems.

Back to the top

If I save the information as a backup file or email it to Tech Support, what information am I saving?

This feature allows you to save the data displayed on the Home tab and all options of all captures present on the engine.

Back to the top

What information is contained in the Audit Log tab?

The Capture Engine audit log lists available information regarding events taking place on the Capture Engine. Each log entry displays the Date, Time, Client, User, Message, and Result.

Back to the top

How do you use the searchable log options in Capture Engine?

  1. Go to the Logs view on an Engine capture window.
  2. Click on the Clock icon next to the Search field.
  3. Select the date and time range.
  4. Click OK.
Back to the top

What is Active Directory Authentication for Capture Engine?

To provide Active Directory authentication to the Engine, we use the provided (ADSI) components.

Configuring Active Directory Authentication on Capture Engine Windows will require two bits of information:

  • IP Address: This is the host servers IP Address
  • Port Number: Default port is 389
Back to the top

How does the offline forensic search feature work?

When a forensic search is started, it will continue and when it is completed, it will show up in the Forensic Searches tab. If it is a lengthy search, the user can log out of the engine and log back in at any time to view and analyze the results.

Back to the top

How does the packet de-duplication feature work?

In the General Capture Options, there is now a check box that says "Discard duplicate packets". When this is checked, if the FCS of an incoming packet matches one from the ring buffer, that packet will be discarded. This is a great feature for customers monitoring from SPAN ports, where duplicate packets are often seen.

Back to the top

Why am I not seeing the Multiple Engine View in Capture Engine?

If you have a Group made, click the "Group Name" i.e., "John Does Engines" and all the Engines under that group will appear in the Multiple Engine View. If you have not put your Engines in a Group then you must click the empty space right under the list of Engines. Then the Multiple Engine View will appear on the screen with all the Engines.

Back to the top

Why can't I see the Capture Engine Tabs such as Filters, Graphs, Alarms, and Notifications?

You must first select the Settings Tab and then all the Tabs mentioned above will populate on the Home screen.

Back to the top

What are the TimeLine graph and forensics capabilities on the Omnipliances and Capture Engines?

TimeLine graph and forensics capabilities now apply to all Omnipliances as well as Capture Engine Enterprise. Those products are now able to display a Timelne graph, real-time stats, and perform forensics search.

Back to the top
Contact Us Savvius Blog Follow Savvius on Twitter Like Savvius on Facebook Follow Savvius on LinkedIn Follow Savvius on YouTube