background image

7

Protecting Your Digital Assets

TM

CRU Ditto Shark User Manual

4 HOME SCREEN

The “Home” screen is where you will perform most of your operations with the Ditto Shark, and is the default 
screen to load upon logging into the Browser Interface. Click on the 

Home tab

 to access the “Home” screen 

from any other area of the Browser Interface.

4.1 ACTION

The “Action” panel lets you start, abort, and document the following actions. The “Start” button begins the 
action. The “Abort” button stops the action in progress. Click the 

Comment button

 to write a note that will 

be appended to the log. Click the 

Configure button

 to modify the default settings for each action, which 

can also be modified on the “Configure” screen (See Section 5).

4.1.1 Network Capture

The Ditto Shark provides two methods of capturing network traffic that can be combined and used 
simultaneously if you wish. The first method captures network traffic and stores it in a series of incre-
mented PCAP files on the local target destination. The second method captures network traffic in 
real-time and outputs it to a remote monitor that uses a third-party Wireshark network protocol analyzer. 
Instructions for both methods as well as instructions for using them simultaneously can be found below.

PCAP Network Capture 

a.  Using the Browser Interface, select 

Network Capture

 from the “Action to Perform” drop-down 

box.

b.  Select the network capture filter from the “Network Capture Filter” drop-down box or type in 

the ports you wish to capture in the text box directly below that using the syntax “port ## or ##” 
without quotes (e.g. port 80 or 81 or 443).

Figure 7. 

The “Home” screen.

Содержание WiebeTech Ditto Shark

Страница 1: ...ith virtually no packet loss Captures sustained 10 100 Mbps network traffic and short burst gigabit network traffic Filter and capture network traffic to a tcpdump Wireshark compatible PCAP file Optional live capture stream rpcap interface for Wireshark Removable drive carrier for data storage Fail safe design continues passing through network traffic if power is lost Free firmware updates for reg...

Страница 2: ...28 11 2 Using NFS and SMB Samba Shares 30 11 3 Using and Configuring Network Capture Filters 31 12 Upgrading Firmware 32 13 Technical Specifications 34 TABLE OF CONTENTS 1 General Information 3 1 1 Package Contents 3 1 2 Identifying Parts 3 1 3 LED Behavior 3 1 4 Thermal Cooling 3 1 5 How to Use the Ditto Shark 4 2 Setup 4 3 Browser Interface 6 3 1 Accessing the Browser Interface 6 3 2 Icons Used ...

Страница 3: ... Power Switch SD Card Slot Power Input for AC Adapter RJ45 Gigabit Ethernet Connection NETTAP INTERFACE RJ45 Gigabit Ethernet Connection USB 2 0 Port DP20 Keylock Eject Button DESTINATION INTERFACE Stealth Mode Switch DP20 Status Lights DP20 Carrier eSATA Ports Power Connectors RJ45 Ethernet Connection 1 3 LED BEHAVIOR LED COLOR STATE DESCRIPTION DP20 Power Green Solid The DP20 is powered on DP20 ...

Страница 4: ...onfigured it properly using the steps below b Connect the power cable to the rear of the Ditto Shark and turn the Ditto Shark on with the power switch located on the rear of the unit c Press the Down navigation button on the Ditto Shark until you reach the Settings menu see Figure 1 on the Front Panel Then press Enter to view the Settings d Press Up or Down until you reach the Dst Network Settings...

Страница 5: ...d to the USB 2 0 port on the NetTap Interface side of the Ditto Shark to enter the static IP address your network administrator gave you If you do not have a keyboard press Back and Enter to scroll the cursor right and left and press Up or Down to increase or decrease the number highlighted by the cursor c When you have finished press Enter until the cursor has moved all the way to the right and t...

Страница 6: ...s ICON ACTION Information Opens a window with a brief description of the setting that the information icon appears next to Refresh Refreshes the field that the icon appears next to in order to give updated information Reset Loads the defaults for the setting that the Refresh icon appears next to Add Adds a user defined field to a list of items Remove Removes a user defined field from a list of ite...

Страница 7: ... Section 5 4 1 1 Network Capture The Ditto Shark provides two methods of capturing network traffic that can be combined and used simultaneously if you wish The first method captures network traffic and stores it in a series of incre mented PCAP files on the local target destination The second method captures network traffic in real time and outputs it to a remote monitor that uses a third party Wi...

Страница 8: ...work capture and if hashing is enabled a TXT file that contains each of the generated PCAP files MD5 or SHA 1 hash value see Section 5 1 2 to enable hashing Live Network Capture a Using the Browser Interface select Network Capture from the Action to Perform drop down box b Select the network capture filter from the Network Capture Filter drop down box or type in the ports you wish to capture in th...

Страница 9: ...twork traffic click the Disable button h Click the Start button to begin capturing network data to your local destination media When you are finished click the Stop button You can view the log of the PCAP network capture action by scrolling down to the System Log panel on the Home screen Find and click on the latest link which will be denoted by a filename with a date timestamp format S_yyyymmddhh...

Страница 10: ...n creating custom directories and file names see Section 5 9 The Hide button allows you to minimize the panel Click the Edit button to enter information about the Investigator Case Number Evidence Number Description Notes Base directory prefix and a Base filename prefix for a PCAP file Each field is filtered to block non printable ASCII characters Any characters at the file system level that may n...

Страница 11: ...nel To see the available space a disk has click the green double arrow icon next in the Used column header see Figure 14 The disk usage will refresh and give an updated amount The Destination Network button allows you to mount an iSCSI NFS or SMB share to the Ditto Shark so that you can capture network data to it For more information see Section 11 4 5 1 View Hexidecimal Data To view a disk s hexi...

Страница 12: ...an click on the Logs button from the top menu bar 5 CONFIGURE SCREEN The Configure screen allows you to modify the way the Ditto Shark functions to suit your specific needs Click on the Configure tab to access the Configure screen from the Browser Interface 5 1 SYSTEM The System tab allows you to view and customize the following settings This information is also dis played in the System Settings p...

Страница 13: ...nc automatically increments the case number and AutoInc Pause automatically incre ments the case number but displays a confirmation prompt the LCD screen before beginning the requested action These options require a number to be present on the end of the Case Number specified in the Investigation Info section LCD Prompt Evidence Four options may be chosen to modify the evidence number specified in...

Страница 14: ...AID or port multi plication PM This option gives you the ability to mirror any two devices you attach regardless of these implementations However the attached devices must still be empty so use the Erase Destination Disk action from the Home screen if the devices are not empty see Section 4 1 6 before attempting to mirror them 5 2 NETWORK The Network tab allows you to view and customize the follow...

Страница 15: ...0 DHCP End Address 10 10 10 199 DNS Server Enabled DNS Domain Name ditto local NTP Server Enabled NAT Gateway Disabled Do not connect the Ditto Shark to another network while it is configured as a server Doing so will cause network conflicts and may disrupt network traffic Client DHCP This option automatically configures the destination Ethernet port to connect to the attached net work Client Stat...

Страница 16: ...efault settings below will work for most environments with several exceptions Input your own key to ensure that your Ditto Shark remains secure You may be required to conform to your country s laws and regulations regarding wireless radio fre quency usage Select your two digit country code from the Regulatory Domain drop down list and the Ditto Shark will limit the frequencies it may broadcast on ...

Страница 17: ...y written If Full is selected the entire disk will be read to ensure that the last pattern was actually written If None is selected no verification will be performed Format After Erase Check this box to format the disk with the default format The default format can be set in the System tab on the Configure screen see Section 5 1 5 4 NETWORK CAPTURE The Network Capture tab allows you to view and cu...

Страница 18: ...at the Ditto Shark uses to talk to the third party network protocol analyzer software The default port is 2002 Username The username used by the third party network protocol analyzer software Password The password used by the third party network protocol analyzer software 5 4 3 Advanced Settings Buffer Size Sets the the buffer size used by the Ditto Shark during a network capture action The minimu...

Страница 19: ...to the Investigation Info panel on the Home screen see Section 4 2 Timestamp Timestamp Displays the timestamp The timestamp is required to be included in all directory names but it is optional for file names Base Filename Displays the base file name This option is the default first variable for file names but may be changed User customizable Case Number Displays the case number User customizable D...

Страница 20: ...governs A hyphen or None indicates that the user does not have access to the features governed by that permission 6 2 2 Configurable Permissions The following list of permissions specifies what each controls and can be configured when adding or editing a user account Some permissions for the Administrator and Front Panel accounts will be greyed out by default Admin None allows access to modify the...

Страница 21: ... absolutely certain you wish to delete the account 7 LOGS SCREEN The Logs screen provides information about the Ditto Shark s actions Click on the Logs tab to access the Logs screen from the Browser Interface Action logs show the timestamp the type of action performed the user who performed the action and a link to the Action Log screen that provides more information about the performed action Cli...

Страница 22: ...ons for the Ditto Shark The file generated saves a copy of every cus tomizable setting for the unit Save Configuration To save a configuration click on the Save Config button Name the file and then click Continue to open a Save As dialog box and save the file to your computer Load Configuration a Click on the Load Config button browse to the XML configuration file you want to load high light it an...

Страница 23: ...l when targeting network traffic in the field The Front Panel interface allows you to perform a network capture or erase a disk You can also adjust settings view information about attached media or check on the Ditto Shark s operational status The administrator account can assign access permissions to the Front Panel s actions and settings using the Browser Interface 9 1 HOW TO NAVIGATE 9 1 1 Usin...

Страница 24: ... see Figure 26 You can edit the field currently displayed on the LCD by pressing the Enter button on the face of the Ditto Shark or by pressing Enter or the Right Arrow keys on the keyboard and then using the keys to type Using apostrophes in the name fields will cause an error when the file or folder name is created They should not be used in the Investigation Info fields Text strings longer than...

Страница 25: ...ion Table and Quick Erase Quick Start Enables the Quick Start screen on the LCD that appears after you boot or reboot the Ditto Shark The settings for this mode may be modified in the Quick Start tab on the Configure Screen within the Browser Interface See Section 5 6 Prompt Invest Info This opens a Configure Investigation Info window within the Browser Interface after the user has begun an action...

Страница 26: ...w Logging Logs any action to preview a disk i e creating a disk snapshot starting or finishing a HexView action Force SSL When enabled this setting forces any browser to use HTTPS to access the Ditto Shark Browser Interface Stealth Mode Turns off all LEDs and LCDs on the Ditto Shark The physical Stealth Mode Switch serves the same purpose see Section If Stealth Mode is enabled from the Browser Int...

Страница 27: ...lue Most Ethernet LANs will use the standard MTU of 1500 The commonly accepted range for a valid MTU is 68 to 65 535 as defined in RFC 791 NetCap Link Speed Allows you to set the Ethernet connection speed throughput In most cases Auto Negotiate will work If you experience problems staying connected you may need to change the speed to match what your network s capabilities are Dst Destination Netwo...

Страница 28: ...e it from the Browser Interface Click on the Configure tab and then under the System tab change the Stealth Mode drop down box to Enabled Then click Commit Changes If Stealth Mode is enabled from the Browser Interface the physical switch cannot override it 11 ADVANCED FEATURES AND FUNCTIONS 11 1 USING ISCSI DEVICES 11 1 1 Remotely Access an iSCSI Device To connect to an iSCSI device that exists on...

Страница 29: ...rk tab b In the Destination Network section select Server from the drop down box underneath the MAC address Do not customize the default server configura tion unless directed to do so by your network administrator c Click Commit Changes d Now connect the iSCSI Device to the Ethernet port on the Destination Interface side of the Ditto Shark The iSCSI device will be assigned a new IP address if the ...

Страница 30: ...B SAMBA SHARES 11 2 1 Connect to NFS and SMB Shares a Connect the Ditto Shark to the network that your NFS or SMB share exists on through the Destina tion Interface side of the Ditto Shark b On the Home Screen click the Destination Network button at the bottom of the Disks panel c Click on the NFS tab or the SMB tab depending on which type of share you are connecting to d Type the server name into...

Страница 31: ...o Shark b Using the Browser Interface select Network Capture from the Action to Perform drop down box c If you are editing an existing network capture filter that you created select it from the Network Capture Filter drop down box d Type in the ports you wish to capture in your network capture filter in the text box directly below the Network Capture Filter drop down box see Figure 30 Use the word...

Страница 32: ...llowed by the subdirectory s name if any You cannot remove existing selections from the Network Capture Filter list To download an XML Schema that can be used to validate your network capture filter XML file type the following into the address bar of an Internet browser where IP Address is the IP address of your Ditto Shark http IP Address data DittoNetCapFilter netCapFilter xsd Click the Informat...

Страница 33: ...ton f The Ditto Shark will upload the file to itself Once uploaded it will ask you to confirm the upgrade Click Continue After the upgrade is finished cick OK g The LCD panel of the Ditto Shark will ask you to reboot Press the Enter button on the face of the unit to reboot or click on the Reboot button on the Utilities screen METHOD 3 UPLOAD VIA A USB THUMB DRIVE a Go to the firmware updates websp...

Страница 34: ...ser Interface Four line LCD controlled with four soft touch menu navigation buttons or USB keyboard Browser based Ditto interface allows for direct operation remote operation and administration Stealth Mode Turns off all lights LEDs LCD Browser Compatibility Chrome Edge Firefox Opera Safari Hash Modes None MD5 SHA 1 Erase Modes Clear Partition Table Quick Erase External material All metal construc...

Страница 35: ...addition to this warranty In no event will CRU or its suppliers be liable for any costs of procurement of substitute products or services lost profits loss of information or data computer malfunction or any other special indirect consequential or incidental damages arising in any way out of the sale of use of or inability to use any CRU product or service even if CRU has been advised of the possib...

Отзывы: