WANGUARD 5.2 User Manual & Administrator's Guide
●
IP Validaton
This opton can be used to distnguish the directon of the packets or to ignore unwanted IP trafc:
○
Of
– The Sensor analyzes all trafc, but you must enable MAC Validaton to distnguish the
directon of trafc
○
On
– The Sensor analyzes the trafc that has the source and/or the destnaton IP in the selected IP
Zone
○
Strict
– The Sensor analyzes the trafc that has either the source or the destnaton IP in the
selected IP Zone
○
Exclusive
– The Sensor analyzes the trafc that has the destnaton IP in the selected IP zone but not
the source IP
●
MAC Validaton / Address
This opton can be used to distnguish the directon of the packets or to ignore unwanted OSI Layer 2
trafc:
○
None
– The Sensor analyzes all trafc, but you must enable IP Validaton to distnguish the directon
of trafc
○
Upstream MAC
– MAC validaton is actve and the MAC Address belongs to the upstream router
○
Downstream MAC
– MAC validaton is actve and the MAC Address belongs to the downstream
router
The MAC Address must be writen using the Linux conventon – six groups of two hexadecimal values
separated by colons (
:
).
●
BPF Expression
You can flter the type of trafc the Sensor receives. Use BPF expressions or tcpdump-style syntax.
●
Use PF_RING
Enable if you have PF_RING installed on the server. PF_RING provides high-speed packet analysis.
●
Top N
Allows extended trafc tops generaton. Enabling this causes a minor performance penalty.
●
Comments
Comments about the Sensor confguraton can be saved here. Not visible elsewhere.
To start the Snifng Sensor click gray square buton from the Side Region.
Afer setng a Sensor as Actve, you should see if it starts properly by watching the Events – see page 58.
If the Snifng Sensor starts without errors, but you can't see any data afer more than 10 seconds, please
check the following:
✔
You have correctly confgured the switch/TAP to send packets to the server on the confgured interface.
✔
The server is receiving the packets packets through the confgured interface. You can verify this with a tool
- 45 -
Содержание Wanguard 5.2
Страница 1: ......