|
Q: How can I connect NetIntercept to my network for monitoring?
Q: What are the space/electrical/etc requirements to install NetIntercept?
Q: Where should I connect NetIntercept to my network?
Q: What is the maximum bandwidth NetIntercept supports?
Q: What about more heavily loaded networks?
Q: I want to access my NetIntercept box from a remote location. How do I set this up?
Q: I'm not sure my NetIntercept box is set up on it's network properly. Can you give me some steps to assure that my NetIntercept box has basic network connectivity?
Q: Suppose I want to install NI on my own hardware?
Q: What if I need to parse a protocol NI doesn't handle?
Q: Is it legal to use NetIntercept on my network?
Q: Does using NetIntercept compromise privacy rights?
Q: How do I enable NetIntercept'’s SSH decryption?
Q: I've encountered an error in NetIntercept. What do I do?
Q: There are extraneous vertical lines in various places on the NetIntercept User
Interface. How do I get rid of them?
Q: What is an iButton and how does NetIntercept use one?
Q: How do I set up NetIntercept to respond to syslog messages?
Q: How can I connect NetIntercept to my network for monitoring?
NetIntercept monitors via a standard Ethernet interface - the physical
connection is made via an RJ45 jack and Category 5 cabling. The port
that NI is connected to must deliver all the traffic to be monitored,
regardless of destination MAC address. If NI is connected to a
standard hub, this will happen automatically, because NI never
transmits any packets on its monitoring interface, so the hub can't
start filtering based on MAC address. If NI is connected to a switch,
it must use a special monitoring port that delivers all packets,
regardless of destination.
Back to top
Q: What are the space/electrical/etc requirements to install NetIntercept?
See the NetIntercept Quick Start Guide for
for information on the physical and logical prerequisites to installing NetIntercept at your site.
Back to top
Q: Where should I connect NetIntercept to my network?
That depends on your needs. If NetIntercept is being used to log and
analyze traffic in and out of an organization, it would normally be
connected outside the firewall - many organizations maintain a small
network, sometimes referred to as the DMZ, which is shared by
the firewall, external servers and the upstream net's router. If
NetIntercept is being used as a debugging tool, it needs to be
connected where it can observe traffic from the application in
question.
Back to top
Q: What is the maximum bandwidth NetIntercept supports?
NetIntercept can capture from 10/100/1000 Ethernet. Our official
capture and analysis rates for the latest version of NetIntercept are
stated on the NetIntercept specs page.
Back to top
Q: What about more heavily loaded networks?
If you have major traffic volumes that you don't want to analyze
(NetNews or file sharing protocols, for instance), NetIntercept allows
you to set up a (tcpdump-compatible) capture filter to only capture
certain types of traffic. Reconfiguration and/or classification of
your network into "interesting" and "uninteresting" subnets might also
be worth considering. NetIntercept also offers database subsets based
on netmask and time range, if you would rather capture and parse more
data, and filter "after the fact".
Back to top
Q: I want to access my NetIntercept box from a remote location. How do I set this up?
You can use a UNIX, Windows or Macintosh computer to run an X server
and SSH to connect to your NetIntercept box through its Control port.
We've created a set of instructions for installing these software
packages on UNIX or Windows systems (see How to Set
Up Remote Access) to help you set up a secure connection between
your client machine and your NetIntercept box. We also have a List of X Servers and SSH Software that you can
refer to.
Back to top
Q: I'm not sure my NetIntercept box is set up
on it's network properly. Can you give me some steps to assure that my
NetIntercept box has basic network connectivity?
Sandstorm has composed a web page to aid users in diagnosing and
solving some basic network connectivity issues. Please see Diagnosing Network Connectivity Issues for
this guide. This page was designed to enable the NetIntercept user to
clearly explain their particular problem to their local network personnel for a
speedy resolution for their issue.
Back to top
Q: Suppose I want to install NI on my own hardware?
NetIntercept installation requires custom kernel and OS changes, and
there are potential throughput and tuning issues which mean that the
NI software performs better when it runs on a system we have
configured in-house. Also, the NetIntercept systems are easier to
support when we ship the pre-configured machine to you.
Back to top
Q: What if I need to parse a protocol NI doesn't handle?
We do not currently support user-developed parsers for NI. However,
if you can provide us with protocol specifications and some test data,
we will be glad to discuss developing a new or customer parser with
you.
Back to top
Q: Is it legal to use NetIntercept on my network?
Many jurisdictions, including the United States and most European
countries, give protection to personal electronic messages sent and
received by individuals. However, most business and government
organizations need to be able to monitor traffic and intervene in the
event of an employee's absence, so they have put a formal policy in
place forbidding personal use of their networks and computers. Where
this has been done, monitored traffic can be assumed to be purely
business-related, and any non-business traffic that is found can be
handled according to standard "personal use" procedures. It is
important to have these procedures in place before beginning any
monitoring activities.
Back to top
Q: Does using NetIntercept compromise privacy
rights?
Tools to observe Local Area Network traffic have
existed for almost 20 years. While NetIntercept represents a
considerable advance in monitoring technology, almost anything NI does can be
done using older commercial or free tools, albeit much less efficiently.
As a general rule, information that requires strict privacy should
either be kept off broadcast networks entirely, or protected with
encryption. In one way, NI contributes to privacy rights by making it
possible to select and view specific network connections or traffic
types without intruding on others.
Back to top
Q: I've encountered an error in NetIntercept. What do I do?
If you've encountered an error in NetIntercept, see Handling NetIntercept Errors for further
instruction on what information we will need to get from you to help
resolve the issue.
Back to top
Q: There are extraneous vertical lines in various places on the NetIntercept User Interface.
How do I get rid of them?
This is a known issue when using StarNet's X-Win32 version 8.1 to access NetIntercept remotely from another
computer. Perform the following steps to remove this display behavior:
- Shut down the NetIntercept User Interface, and all sessions that are using X-Win32.
- Shut down X-Win32.
- Open X-Config from the Start menu.
- Select the Window tab.
- Uncheck the Advanced Window Caching option.
- Press Apply, then exit from X-Config.
- Restart X-Win32.
- Restart the NetIntercept User Interface.
The issue is only present in X-Win32 version 8.1 and above.
Back to top
Q: What is an iButton and how does NetIntercept use one?
Please refer to the iButton Information page for information about how iButtons function with NetIntercept.
Back to top
| 
Sandstorm Home
Products
Support
