background image

2

Protecting Your Digital Assets

TM

CRU Ditto Shark User Manual

6 Admin Screen

20

6.1 User Accounts

20

6.2 Permissions

20

6.3 Adding a New User

21

6.4 Editing an Existing User

21

6.5 Deleting a User

21

7 Logs Screen

21

8 Utilities Screen

22

8.1 System Maintenance

22

8.1.1 Firmware Upgrade

22

8.1.2 Confi guration

22

8.1.3 Other Buttons

22

8.2 Upgrade Log Messages

23

8.3 Import Log Messages

23

9 Using the Front Panel Interface in Standalone Mode

23

9.1 How to Navigate

23

9.2 Menu Screens

23

9.2.1 Status

23

9.2.2 Perform Action

24

9.2.3 Investigation Info

24

9.2.4 Settings

25

9.2.5 Disk Info

28

9.3 Factory Reset

28

10 Stealth Mode

28

11 Advanced Features and Functions

28

11.1 Using iSCSI Devices

28

11.2 Using NFS and SMB (Samba) Shares

30

11.3 Using and Confi guring Network Capture Filters

31

12 Upgrading Firmware

32

13 Technical Specifi cations

34

TABLE OF CONTENTS

1 General Information

3

1.1 Package Contents

3

1.2 Identifying Parts

3

1.3 LED Behavior

3

1.4 Thermal Cooling

3

1.5 How to Use the Ditto Shark

4

2 Setup

4

3 Browser Interface

6

3.1 Accessing the Browser Interface

6

3.2 Icons Used in the Browser Interface

6

3.3 User Accounts

6

4 Home Screen

7

4.1 Action

7

4.1.1 Network Capture

7

PCAP Network Capture

7

Live Network Capture

8

Simultaneous PCAP and Live Network 

Capture

9

4.1.2 Erase Destination Disk

9

4.2 Investigation Info

10

4.3 System Settings

11

4.4 Current Status

11

4.5 Disks

11

4.5.1 View Hexidecimal Data

11

4.5.2 View Snapshot Data

11

4.6 System Log

12

5 Confi gure Screen

12

5.1 System

12

5.2 Network

14

5.3 Erase

17

5.4 Network Capture

17

5.5 Naming

19

5.6 Quick Start

19

Содержание WiebeTech Ditto Shark

Страница 1: ...ith virtually no packet loss Captures sustained 10 100 Mbps network traffic and short burst gigabit network traffic Filter and capture network traffic to a tcpdump Wireshark compatible PCAP file Optional live capture stream rpcap interface for Wireshark Removable drive carrier for data storage Fail safe design continues passing through network traffic if power is lost Free firmware updates for reg...

Страница 2: ...28 11 2 Using NFS and SMB Samba Shares 30 11 3 Using and Configuring Network Capture Filters 31 12 Upgrading Firmware 32 13 Technical Specifications 34 TABLE OF CONTENTS 1 General Information 3 1 1 Package Contents 3 1 2 Identifying Parts 3 1 3 LED Behavior 3 1 4 Thermal Cooling 3 1 5 How to Use the Ditto Shark 4 2 Setup 4 3 Browser Interface 6 3 1 Accessing the Browser Interface 6 3 2 Icons Used ...

Страница 3: ... Power Switch SD Card Slot Power Input for AC Adapter RJ45 Gigabit Ethernet Connection NETTAP INTERFACE RJ45 Gigabit Ethernet Connection USB 2 0 Port DP20 Keylock Eject Button DESTINATION INTERFACE Stealth Mode Switch DP20 Status Lights DP20 Carrier eSATA Ports Power Connectors RJ45 Ethernet Connection 1 3 LED BEHAVIOR LED COLOR STATE DESCRIPTION DP20 Power Green Solid The DP20 is powered on DP20 ...

Страница 4: ...onfigured it properly using the steps below b Connect the power cable to the rear of the Ditto Shark and turn the Ditto Shark on with the power switch located on the rear of the unit c Press the Down navigation button on the Ditto Shark until you reach the Settings menu see Figure 1 on the Front Panel Then press Enter to view the Settings d Press Up or Down until you reach the Dst Network Settings...

Страница 5: ...d to the USB 2 0 port on the NetTap Interface side of the Ditto Shark to enter the static IP address your network administrator gave you If you do not have a keyboard press Back and Enter to scroll the cursor right and left and press Up or Down to increase or decrease the number highlighted by the cursor c When you have finished press Enter until the cursor has moved all the way to the right and t...

Страница 6: ...s ICON ACTION Information Opens a window with a brief description of the setting that the information icon appears next to Refresh Refreshes the field that the icon appears next to in order to give updated information Reset Loads the defaults for the setting that the Refresh icon appears next to Add Adds a user defined field to a list of items Remove Removes a user defined field from a list of ite...

Страница 7: ... Section 5 4 1 1 Network Capture The Ditto Shark provides two methods of capturing network traffic that can be combined and used simultaneously if you wish The first method captures network traffic and stores it in a series of incre mented PCAP files on the local target destination The second method captures network traffic in real time and outputs it to a remote monitor that uses a third party Wi...

Страница 8: ...work capture and if hashing is enabled a TXT file that contains each of the generated PCAP files MD5 or SHA 1 hash value see Section 5 1 2 to enable hashing Live Network Capture a Using the Browser Interface select Network Capture from the Action to Perform drop down box b Select the network capture filter from the Network Capture Filter drop down box or type in the ports you wish to capture in th...

Страница 9: ...twork traffic click the Disable button h Click the Start button to begin capturing network data to your local destination media When you are finished click the Stop button You can view the log of the PCAP network capture action by scrolling down to the System Log panel on the Home screen Find and click on the latest link which will be denoted by a filename with a date timestamp format S_yyyymmddhh...

Страница 10: ...n creating custom directories and file names see Section 5 9 The Hide button allows you to minimize the panel Click the Edit button to enter information about the Investigator Case Number Evidence Number Description Notes Base directory prefix and a Base filename prefix for a PCAP file Each field is filtered to block non printable ASCII characters Any characters at the file system level that may n...

Страница 11: ...nel To see the available space a disk has click the green double arrow icon next in the Used column header see Figure 14 The disk usage will refresh and give an updated amount The Destination Network button allows you to mount an iSCSI NFS or SMB share to the Ditto Shark so that you can capture network data to it For more information see Section 11 4 5 1 View Hexidecimal Data To view a disk s hexi...

Страница 12: ...an click on the Logs button from the top menu bar 5 CONFIGURE SCREEN The Configure screen allows you to modify the way the Ditto Shark functions to suit your specific needs Click on the Configure tab to access the Configure screen from the Browser Interface 5 1 SYSTEM The System tab allows you to view and customize the following settings This information is also dis played in the System Settings p...

Страница 13: ...nc automatically increments the case number and AutoInc Pause automatically incre ments the case number but displays a confirmation prompt the LCD screen before beginning the requested action These options require a number to be present on the end of the Case Number specified in the Investigation Info section LCD Prompt Evidence Four options may be chosen to modify the evidence number specified in...

Страница 14: ...AID or port multi plication PM This option gives you the ability to mirror any two devices you attach regardless of these implementations However the attached devices must still be empty so use the Erase Destination Disk action from the Home screen if the devices are not empty see Section 4 1 6 before attempting to mirror them 5 2 NETWORK The Network tab allows you to view and customize the follow...

Страница 15: ...0 DHCP End Address 10 10 10 199 DNS Server Enabled DNS Domain Name ditto local NTP Server Enabled NAT Gateway Disabled Do not connect the Ditto Shark to another network while it is configured as a server Doing so will cause network conflicts and may disrupt network traffic Client DHCP This option automatically configures the destination Ethernet port to connect to the attached net work Client Stat...

Страница 16: ...efault settings below will work for most environments with several exceptions Input your own key to ensure that your Ditto Shark remains secure You may be required to conform to your country s laws and regulations regarding wireless radio fre quency usage Select your two digit country code from the Regulatory Domain drop down list and the Ditto Shark will limit the frequencies it may broadcast on ...

Страница 17: ...y written If Full is selected the entire disk will be read to ensure that the last pattern was actually written If None is selected no verification will be performed Format After Erase Check this box to format the disk with the default format The default format can be set in the System tab on the Configure screen see Section 5 1 5 4 NETWORK CAPTURE The Network Capture tab allows you to view and cu...

Страница 18: ...at the Ditto Shark uses to talk to the third party network protocol analyzer software The default port is 2002 Username The username used by the third party network protocol analyzer software Password The password used by the third party network protocol analyzer software 5 4 3 Advanced Settings Buffer Size Sets the the buffer size used by the Ditto Shark during a network capture action The minimu...

Страница 19: ...to the Investigation Info panel on the Home screen see Section 4 2 Timestamp Timestamp Displays the timestamp The timestamp is required to be included in all directory names but it is optional for file names Base Filename Displays the base file name This option is the default first variable for file names but may be changed User customizable Case Number Displays the case number User customizable D...

Страница 20: ...governs A hyphen or None indicates that the user does not have access to the features governed by that permission 6 2 2 Configurable Permissions The following list of permissions specifies what each controls and can be configured when adding or editing a user account Some permissions for the Administrator and Front Panel accounts will be greyed out by default Admin None allows access to modify the...

Страница 21: ... absolutely certain you wish to delete the account 7 LOGS SCREEN The Logs screen provides information about the Ditto Shark s actions Click on the Logs tab to access the Logs screen from the Browser Interface Action logs show the timestamp the type of action performed the user who performed the action and a link to the Action Log screen that provides more information about the performed action Cli...

Страница 22: ...ons for the Ditto Shark The file generated saves a copy of every cus tomizable setting for the unit Save Configuration To save a configuration click on the Save Config button Name the file and then click Continue to open a Save As dialog box and save the file to your computer Load Configuration a Click on the Load Config button browse to the XML configuration file you want to load high light it an...

Страница 23: ...l when targeting network traffic in the field The Front Panel interface allows you to perform a network capture or erase a disk You can also adjust settings view information about attached media or check on the Ditto Shark s operational status The administrator account can assign access permissions to the Front Panel s actions and settings using the Browser Interface 9 1 HOW TO NAVIGATE 9 1 1 Usin...

Страница 24: ... see Figure 26 You can edit the field currently displayed on the LCD by pressing the Enter button on the face of the Ditto Shark or by pressing Enter or the Right Arrow keys on the keyboard and then using the keys to type Using apostrophes in the name fields will cause an error when the file or folder name is created They should not be used in the Investigation Info fields Text strings longer than...

Страница 25: ...ion Table and Quick Erase Quick Start Enables the Quick Start screen on the LCD that appears after you boot or reboot the Ditto Shark The settings for this mode may be modified in the Quick Start tab on the Configure Screen within the Browser Interface See Section 5 6 Prompt Invest Info This opens a Configure Investigation Info window within the Browser Interface after the user has begun an action...

Страница 26: ...w Logging Logs any action to preview a disk i e creating a disk snapshot starting or finishing a HexView action Force SSL When enabled this setting forces any browser to use HTTPS to access the Ditto Shark Browser Interface Stealth Mode Turns off all LEDs and LCDs on the Ditto Shark The physical Stealth Mode Switch serves the same purpose see Section If Stealth Mode is enabled from the Browser Int...

Страница 27: ...lue Most Ethernet LANs will use the standard MTU of 1500 The commonly accepted range for a valid MTU is 68 to 65 535 as defined in RFC 791 NetCap Link Speed Allows you to set the Ethernet connection speed throughput In most cases Auto Negotiate will work If you experience problems staying connected you may need to change the speed to match what your network s capabilities are Dst Destination Netwo...

Страница 28: ...e it from the Browser Interface Click on the Configure tab and then under the System tab change the Stealth Mode drop down box to Enabled Then click Commit Changes If Stealth Mode is enabled from the Browser Interface the physical switch cannot override it 11 ADVANCED FEATURES AND FUNCTIONS 11 1 USING ISCSI DEVICES 11 1 1 Remotely Access an iSCSI Device To connect to an iSCSI device that exists on...

Страница 29: ...rk tab b In the Destination Network section select Server from the drop down box underneath the MAC address Do not customize the default server configura tion unless directed to do so by your network administrator c Click Commit Changes d Now connect the iSCSI Device to the Ethernet port on the Destination Interface side of the Ditto Shark The iSCSI device will be assigned a new IP address if the ...

Страница 30: ...B SAMBA SHARES 11 2 1 Connect to NFS and SMB Shares a Connect the Ditto Shark to the network that your NFS or SMB share exists on through the Destina tion Interface side of the Ditto Shark b On the Home Screen click the Destination Network button at the bottom of the Disks panel c Click on the NFS tab or the SMB tab depending on which type of share you are connecting to d Type the server name into...

Страница 31: ...o Shark b Using the Browser Interface select Network Capture from the Action to Perform drop down box c If you are editing an existing network capture filter that you created select it from the Network Capture Filter drop down box d Type in the ports you wish to capture in your network capture filter in the text box directly below the Network Capture Filter drop down box see Figure 30 Use the word...

Страница 32: ...llowed by the subdirectory s name if any You cannot remove existing selections from the Network Capture Filter list To download an XML Schema that can be used to validate your network capture filter XML file type the following into the address bar of an Internet browser where IP Address is the IP address of your Ditto Shark http IP Address data DittoNetCapFilter netCapFilter xsd Click the Informat...

Страница 33: ...ton f The Ditto Shark will upload the file to itself Once uploaded it will ask you to confirm the upgrade Click Continue After the upgrade is finished cick OK g The LCD panel of the Ditto Shark will ask you to reboot Press the Enter button on the face of the unit to reboot or click on the Reboot button on the Utilities screen METHOD 3 UPLOAD VIA A USB THUMB DRIVE a Go to the firmware updates websp...

Страница 34: ...ser Interface Four line LCD controlled with four soft touch menu navigation buttons or USB keyboard Browser based Ditto interface allows for direct operation remote operation and administration Stealth Mode Turns off all lights LEDs LCD Browser Compatibility Chrome Edge Firefox Opera Safari Hash Modes None MD5 SHA 1 Erase Modes Clear Partition Table Quick Erase External material All metal construc...

Страница 35: ...addition to this warranty In no event will CRU or its suppliers be liable for any costs of procurement of substitute products or services lost profits loss of information or data computer malfunction or any other special indirect consequential or incidental damages arising in any way out of the sale of use of or inability to use any CRU product or service even if CRU has been advised of the possib...

Отзывы: