SmartNA 10G Filtering TAP User Guide
Contents
1. Network Critical WY PROVIDING THE MISSINGLINK SmartNA 10G Filtering TAP User Guide Table of Contents bu NN mm Ul INTOQUCUION daa 3 Apphance OVEVISW sonara dio echo tac ire 4 DRE LE o yg NA E E 6 CONTE ULATION se A Dee De a sn en ie 7 AL Eos SUR eee a ee ie 7 aL M SSD OS ic e e ES de ae na a ae ee A et 8 A A AA PPP nn os sees suseaneseenuneatecesensounevccapwese eeseuneneeveasueressne 12 REDONS ares ei sips ee O RE PE E TEES Re 13 6 1 REPO ONE dv a ae ee ese ENOTE eet en Do ee are 13 I PO 11 LE eana RET 15 Filtering on Each Monitoring POrt ccccsccsceccsccccsccececcsccccsccscescsscsceccececceseccessececcsceecess 17 7 1 Filters Page ON Si arcs an a D on 17 J FEM A 18 To CNS PUESTOS en ees 19 Bole MOU ST SATO AA e a en A ne 20 Dod a LA to pasttantadasnestiaaieascusnicedacaestatannonsaaviacstuiacnneitan tahernesbiantaectataadniiaest amt SRS 21 GORENG OND PR II A 23 SHECITICALIONS and Safety cesscaunccasenscccacicetonsordocucsseveisucacuandiesiaticessndssonntecedencensntesenbaseetensees 24 2008 Network Critical NA LLC All rights reserved Network Critical is a trademark of Network Critical NA LLC All other trademarks are the property of their respective owners 2 jJ 1 Introduction Network Critical s SmartNA 10G Filtering TAP is an intelligent tap for 10G networks The SmartNA 10G Filtering TAP inspects every bit in every packet at full duplex 10 Gigabits per second allowing users to selectively2. ou A 3 7 i EXPAND COLLAPSE ___ expand collapse O O O q O O mams ale paw TAR A AO m ep porso VLANAP TCPOR UDP FROM GA CB TO amp 10203 4 7 BURST A ne mr e E I liomp_payiosd VLANIP TCP OR UDP FROM GA CBE TO G1 C2 03 C4 7 BURST Jed mwan wace o caca a ms a e ET RR FILTERS O ON RENE ME reno a met OOOO ean e CR ee a e ME II ran ms A L_ VLAN1P TCP OR UDP FROM GA CB TO m1 2 3 0 4 BURST Network Critical Do 1921680121 4 Figure 10 Filters Page ve yA NAVIGATION Provides access to the current statistics burst capture and settings pages Burst capture filters and settings require admin level access standard users can access only the current and statistics pages SAVE FILTERS Saves all filters onto the SmartNA 10G Filtering TAP Filters with errors will be indicated Because the filters are saved on the SmartNA 10G Filtering TAP they may be edited later EXPAND COLLAPSE Expands or collapses the filter When collapsed only the filter controls are shown If the filter is expanded the filter specification and status lines are shown If an error occurs filters with errors are automatically expanded FILTERS Descriptions of the operation of filters can be found in the following section 7 2 Filter Overview Each filter is divided into three sections The top section is a control section and provides controls for activating deactivating filters selecting which
3. tcp syna 35353 O ETT tcp_window_eq0a tcp_window_eq0b tcp_window_gt 1024 a tcp_window_gt 1024 b tcp_window_It 1024 a 1921680120 amp Figure 5 Cumulative Page 14 6 2 Built In Profiles A set of profiles are built in to the SmartNA 10G Filtering TAP and are always available These profiles provide basic information about network behavior and are described below As additional selective regeneration or duplication filters are defined they are automatically added to these reports Creation of filters is explained in section 7 Protocol Breakdown The protocol breakdown profiles show the amount of IPv4 IPv6 TCP UDP ICMP ARP and OTHER OTHER is defined as everything that is not from the previous list traffic for Ports A and B This report is good for getting a quick view of overall network behavior Filter Name tcp_b _tep fn a tcp_fin_b _tep rst_a tcp st D _icp_syn_a PROTOCOL BREAKDOWN _ltcp_synack_a _tep_synack_b __icp_window_eq_0_a tep window eq b _icp_window_gi 1024_a Figure 6 Protocol Breakdown TCP Events These profiles show key TCP traffic types SYN SYN_ACK FIN and RST Unbalanced TCP behavior such as mismatched ratios of SYN to SYN_ACK may indicate connectivity or configuration problems in the network Fitter Name ne TCP EVENTS gt Icp_window_R_1024_a ico window E 1024_b icp window R 256 a icp window 1 256 b _
4. understood and appropriate steps have been taken Grounding There must be an interruptible safety earth ground from the main power source to the product s input wiring terminals power cord or supplied power cord set Whenever it is likely that protection has been impaired disconnect the power cord until the ground has been restored Servicing There are no user serviceable parts inside this product Any servicing adjustment maintenance or repair must be performed only by service trained personnel
5. 10G Filtering TAP Receive bps pps O AO MS A 2345k A os Step 3 View Reports 1 Enter https address from a computer that has access to the SmartNA 10G Filtering TAP where address is the address assigned to the device 2 Use the default login and password supplied by Network Critical and verify that the reports are now active by selecting the current link E7 Reports Mozilla Firetor File Edt View History Bookmarks SompBook Tools Help q d E 4 O Mtpetn92168 0121 current al Gl cl pra acs ce 2 tcp window gt 1024 a iep window EL Aep witeicw E 10248 AR LR OUR ES cp mime IE 255 4 z om a a iep window E 256 b H p udp lb 6 ba lt p Network Critical eee Done 1921680110 5 JU Note Please use Firefox version 2 0 or greater as your browser for greater compatibility f n PR 6 Reports The SmartNA 10G Filtering TAP reports provide information on network behavior information such as protocol breakdown TCP events and TCP window size The information is presented in a set of tables that show the current instantaneous value and statistics such as minimum maximum mean and standard deviation derived from the past 60 seconds The tables are viewable using a web browser JavaScript is required and the link between the browser and the SmartNA 10G
6. INDICATOR STATUS Figure 1 SmartNA 10G Filtering TAP Front View The front of the SmartNA 10G Filtering TAP has six network interfaces The function of these ports is described below Live Network Ports Full duplex 10G interfaces to monitor network e traffic These ports do not have IP or MAC addresses and are fully bol o transparent to other network appliances The ports are linked with an integrated bypass and will continue to pass traffic under all conditions Monitoring Ports Duplicates network traffic selectively according to filters set on the SmartNA 106 Filtering TAP The 10G and 1G duplicate ports can be connected to a standard computer running packet analysis software or to a dedicated capturing appliance 2 E 0 olol O Management Port Used to manage the SmartNA 10G Filtering TAP view reports and send network behavior data This port has an IP address shown on the LCD and is SSL secured Status LEDs Each port has status LEDs to indicate link conditions A B LC connector O Error O Transmit activity blink activity O Link receive activity solid link blink activity 1 2 LC connector O Transmit activity on port 2 blink activity O Transmit activity on port 1 blink activity 3 4 MANAGEMENT RJ 45 O Error 10 100 link activity solid link blink activity O Gigabit link activity solid link blink activity To the right of the network ports are an informat
7. Select Mgmt IPv4 Address Date amp Ti me Menu NTP Mode NTP Pv4 Address Viele ks stack v Select a parameter to modify and press Modify the desired value by using the left and right buttons to move amongst fields and the up and down buttons to change the value After at least one of the settings has been modified these changes must be saved The top line of the LCD will flash between NOT SAVED and the menu title NOT SAVED NTP Mode NTP IPv4 Address J select X back v To save settings press and hold the green check button for three seconds A confirmation menu will appear Save changes V yes x n0 Press the green check button to save the changes or the red X button to cancel the changes Wait while the SmartNA 10G Filtering TAP saves the changes and restarts Other network settings are configured in the same manner The Date amp Time menu configures e NTP Mode e NTP IPv4 Address NTP Hostname fo Y e Date amp Time e Time Zone Mirroring Config gt Port Rate Limit The Port Rate Limit menu is used for setting rate limiting for the 1G ports ports 3 and 4 The ports can each be set to one of ten different rate limit values specified in either packets per second or bits per second To configure the port rate limit press the X button until you reach the Top Menu Scroll to Configuration and select it Select Mirroring Config then Port Rate Limit The f
8. duplicate only the traffic of interest to either 10G or 1G ports thereby enhancing the utility of existing tools or enabling the creation of entirely new applications Key features of the SmartNA 10G Filtering TAP include e Selective Regeneration e Traffic Statistics LCD Web based and Emitted e Integrated Passive Bypass Selective Regeneration Selective regeneration is a powerful form of bandwidth reduction that enables systems attached to the SmartNA 10G Filtering TAP to have access to a useful subset of full line rate 10G traffic without being overwhelmed by high packet rates For example a laptop running packet analysis software can be connected to a 10G link and a filter can be set to duplicate only relevant packets for debug say ICMP packets with a particular payload and instead of receiving the entire 10G link the laptop receives only the relevant packets Drilling Down The SmartNA 10G Filtering TAP s filtering capabilities enable drilling down on a particular network segment allowing network monitoring tools to generate reports for only the end points of interest Other examples include selectively duplicating traffic from specific users to satisfy compliance policies detecting passwords in the clear or the detection of unauthorized applications running over non standard ports port masquerading Integrated Passive Bypass Integrated passive bypass allows the SmartNA 10G Filtering TAP to continue to pass traffic even in the e
9. Activate the filter 1 Click the activate button the status line will change to indicate the filter is being activated m STRING MATCH PAYLOAD WORD OFFSET va hoo 20 mail WORD OFFSET WORD OFFSET Activating payload_check 2 The level of traffic containing the string specified will be indicated by the counters as part of the filters shown on the current and statistics pages 8 Getting Help For additional assistance with the Smart Network Access System please contact one of our Technical Customer Support Representatives European Support Center Phone 44 0 118 954 3210 North and South American Support Center Phone 716 558 7280 On the Web Go to www NetworkCritical com Support gt Contact Support 9 Specifications and Safety Specifications 100 240 V AC full range 50 60 Hz 60 W 1 7 x 15 3 x 13 1 H x W x D 1U rack mountable wei Operating requirements 0 to 40 C 32 to 104 F Specifications are subject to change without notice Safety Information MN Documentation reference symbol If the product is marked with this symbol refer to the product documentation to get more information about the product WARNING A WARNING in the documentation denotes a hazard that can cause injury or death CAUTION A CAUTION in the documentation denotes a hazard that can damage equipment Do not proceed beyond WARNING or CAUTION notices until the hazardous conditions are
10. E iep window 1356 b i uipa 26 14 L p Done 1911680141 A JO gt A AAA ee a 2 Figure 3 Current Page f i PR NAVIGATION L PLAY PAUSE L PER PORT BANDWIDTH Bs a PER RULE FILTER STATISTICS NAVIGATION PLAY PAUSE PERPORT BANDWIDTH PER RULE FILTER STATISTICS TT 1FPI1F1 q e ee ee ee Wart bpaj Mean beri Laps nes 1 Figure 4 Statistics Page Reports Mozilla Firefox current statistics cumulative burst fitters settings play pause Last Cleared Tue Mar 11 14 18 56 2008 clear e CLEAR Port Total bytes packets i PE 369 791 10 994 Filter Name Total bytes 1 762 278 ea 4 774 068 4 774 068 packets 24 622 E 8 191 150 880 2 030 894 593 53 768 353 16 434 MEA A gt RE 14 347 314 438 23 513 DRE En 85648 ER as TEE m E 8 fin_b 2 030 894 _tcp_fin_ 1 576 178 _tep_rst_a 1 214 917 gt 0074 _tcp_syn_a a _tcp_syn_b 3785484 tcp_synack_a 3 785 484 AE oO aa ae 177 972 986 _tcp_window_eq_0_a _tcp_window_eq_0_b _tcp_window_gt_1024_a _tcp_window_gt_1024_b _tcp_window_t_1024_a 996 888 _tcp_window_tt_1024_b O FE A _tcp_window_ _256_b 21 992 043 em EA CR RES RUE 103 SES HA NE emma tcp_fina S PENAS ROA AR o O OO O
11. Filtering TAP is secured with SSL A selection of standard reports is built into the SmartNA 10G Filtering TAP These reports are described in more detail in the following sections As additional filters are defined statistics for these filters are automatically added to the report Reports update continuously in real time and can be paused 6 1 Reports Overview Figure 3 5 show the three reports pages current statistics and cumulative respectively The current page displays the current bits per second packets per second and percentage bits per second and packets per second for each traffic profile or filter The statistics page adds minimum mean maximum and standard deviation The cumulative page rather than showing rates shows the total number of bytes and packets Any page can be paused by clicking on the pause link To resume realtime viewing click play The tables can be sorted by clicking on the column headers an up or down arrow will appear to indicate the sorting order l Reports Moz 3 Firefox File Edit Vies Hige Ecckbegrks SongBost Teoh Help BG mMosnszi6oin urent PINES NAVIGATION L current allais burst Sen mios PLAY PAUSE L PERPORT BANDWIDTH Bo olin RE 4 a a PER RULE FILTER el 4 STATISTICS G 26 O 5 0 E a ep window REC E ep wide gt IOM b r _tep_window 11028 a Ttep_windew_ 1024_6 0 HL a _E 256 fi
12. cally deactivate the filter Click the activate box to reactivate FILTER NAME An identifier for the filter alphanumeric characters and characters only maximum length of 24 Spaces are not allowed in the filter name FILTER TYPE A pull down that selects the type of filter specification available Filter types are described in greater detail below DUPLICATE FROM TO PORTS The 10G port from which traffic will be duplicated or mirrored Port A can duplicate to ports 1 3 and 4 Port B can duplicate to ports 2 3 and 4 The relationship between the ports is shown in Figure 12 fe PR Figure 12 SmartNA 10G Filtering TAP Port Relationship BURST CAPTURE ENABLE Activates burst capture of packets matching the filter specification This feature is described in more detail in section 7 4 7 3 Creating Filters The SmartNA 10G Filtering TAP comes with a set of filter templates that cover a broad set of networking protocols and applications This section explains the basics of specifying filters and walks through some examples Entering Values CIDR masks port ranges Most filters contain fields that support entry of CIDR masks and port ranges CIDR masks for IP addresses are specified using the standard notation Port ranges for TCP or UDP ports are specified using a between the ports Examples of these are shown below Example 1 IPv4 address CIDR 192 168 0 0 with anything in th
13. e and specify the type as TCP PC VLANIP TCP OR UDP i STRING MATCH FILTER FILE Step 2 Specify FROM TO ports and TCP protocol 1 Choose a port to copy the traffic FROM FROM A B 2 Choose a port to copy the traffic TO 3 Select TCP as the protocol rocco Ansanananaaanan UDP ANCHORED Step 3 Activate the TCP traffic filter 1 Click the activate button the status line will change to indicate the filter is being activated 2 The level of TCP traffic in your network will now be indicated by the counters as part of the filter and on the current and statistics pages Filter provisioned How do create a payload filter to count traffic with a specific string This example takes you from specifying a filter to duplicating traffic with a certain payload It shows you how to specify a payload filter and allows you to see how much traffic containing the specified phrase exists on your network in packets second and megabits second Step 1 Select the STRING MATCH filter type Enter a name for the rule and specify the type as String TT payload_ check STRING MATCH VLAN IPATCP OR UDP WORD OFFSE VLAN IPV6 Wa hoo 20 mail FILTER FILE Step 2 Specify FROM TO ports enter payload string 1 Choose a port to copy the traffic FROM 2 Choose a port to copy the traffic TO TO 1 2 3 gt Vus Ji PAYLOAD WORD OFFSET yahoo 20 mail WORD OFFSET Step 3
14. e last two octets 192 168 0 0 16 Example 2 IPv6 address CIDR To Specify aaaa bbbb cccc dddd eeee ffff 1111 2222 with aaaa bbbb cccc dddd eeee ffff 1111 2222 64 anything in the last 64 bits Example 3 Port range Range from 80 to 8080 80 8080 Entering Values Payload The payload specification enables creation of complex filters based on payload inspection anywhere in the packet Payload searches can be case insensitive non anchored and contain wildcards Each payload field has several options as follows Used to specify an offset specified in 16 bit words from which to begin the search non SNE MOROS anchored or specific location to search anchored ANCHORED Selects between anchored and non anchored searches from the SKIP WORDS value IGNORECASE Selects case insensitivity searching for text strings PAYLOAD A combination of ASCII or hexadecimal characters with wildcards The following conventions are used in payload strings e Strings in hexadecimal representation are enclosed between vertical bars e g 01 AB 09 e Strings in ASCII representation are converted to their HEX representation automatically e Each pair of hexadecimal characters in between vertical bars is an octet value e Forexample ABCD is equivalent to 41 B 43 44 e The dot represents a don t care byte It is supported in both ASCII and HEX notations e When using ASCII notation the non alphanumeric characters including all spec
15. g the PIN press and hold the for three seconds to save SmartNA 10G Filtering TAP Setup Web based Config Network configuration IP address gateway netmask NTP and web port This section is used to specify the networking configuration of the SmartNA 10G Filtering TAP In addition to the standard network settings the web port parameter allows configuration of which port the web server operates e g https address web port Example HRARRRRRA RARA AMAR AMAR AMAR EEE HE EF NETWORK SETTINGS RRARARRRA RARA RARA AAA REE EEE EHH HE EF ip settings ip address 192 168 0 121 gateway 0 0 0 0 netmask 255 255 255 0 ping enable yes time setting ntp_address 192 168 3 1 ntp hostname local ntp server ntp enable no timezone 0 server setting port over which browser is used e g https address web port web port 443 Username and password configuration This section specifies the users and passwords of admin users and regular users Regular users can only view the web based reports Admin users are additionally allowed to change filtering selective regeneration options and configure the SmartNA 10G Filtering TAP Multiple admin and regular users may be specified but at least one admin user must be specified Example HRARARA RARA RARA RARA RAR ARA RRR HEE EEE USERNAME PASSWORD CONFIGURATION RRARARRRARA RA RARA RARA AMAR MRMRAMAM ARR multiple admins or users are supported administrative userna
16. ial characters need to be escaped or alternatively specified in HEX notation e White spaces that are not escaped are ignored e Search strings are specified in words an even number of bytes If the length of the specific search is odd a don t care will be appended Here are a few examples of payload specification e Hexnotation 6e 65 74 77 6f 72 6b 73 is equivalent to ASCII notation net work e Mixed notation packet 20 6e 65 74 77 6f 72 6b is equivalent to ASCII notation packet net work and to HEX notation 70 61 63 6b 65 74 20 6e 65 74 77 6f 72 6b A dot designates a don t care byte e g packet 6e 65 74 77 6f 72 6b is like the previous example but any character byte can replace the space HEX 20 between the two words The dot can also be used in HEX notation e g 6e 74 77 6f 72 6b is equivalent to n followed by any character then twork 7 4 Burst Capture This feature enables selective remote capturing of packets to pcap files Packets are selected and captured on the filters page then viewed on the burst page Step 1 Packet Selection On the filters page define or choose a filter that matches the packets to be captured Step 2 Packet Capture After the filter has been chosen click the box next to BURST in the filter control bar The status line will indicate that burst capture is in progress for the duration of the capture which is roughly ten seconds and update when
17. ion display and a control pad They are used to display network traffic conditions as well as manage and configure the SmartNA 10G Filtering TAP operation The network visibility screens are shown below see section 4 2 for information on using the LCD to configure the SmartNA 106 Filtering TAP AMIA gt YA Receive bps pps A1 A TASK B T ea 10G Duplicate bps pps AP PEN T SEK DA MERE CASE 16 Duplicate p pps oe 12 345 4 1273435 bps ee els See CN DR RSC Model SNA10G STN 12345 H W ver 5 SIW ver 4349 4543 Port Link Status A B 3 4 MGT A UY Addr 192 168 003 125 MS A EPS AUD GW 000 000 000 000 V change any x back Port A B Receive Bandwidth Displays the current rate of traffic being received through ports A and B in bits second and packets second 10G Duplicate Bandwidth Displays the current rate of traffic being transmitted out of the 10G duplicate ports 1 and 2 in bits second and packets second 1G Duplicate Bandwidth Displays the current rate of traffic being transmitted out of the 1G duplicate ports 3 and 4 in bits second and packets second Built in Traffic Statistics In addition to total bandwidth the LCD displays traffic statistics for 15 built in traffic types These types are arp tcp udp icmp ipv4 ipv6 other traffic not matching the above tcp_syn tck_syn_ack tcp_fin tcp_rst tcp window size 0 tcp window size lt 256 tcp window size lt 1024 and tcp window
18. ks by connecting each receive port separately NETWORK A 00 UB ED PACKET CAPTURE LN NETWORK ANALYSYS QD Network Critical Ay coe A 3 paai g Network Critical ZOD CO Ni ON Ni 5 L NN EMITTED STATISTICS MANAGEMENT Ng MANAGEMENT NETWORK B PACKET CAPTURE NETWORK ANALYSYS Figure 2 Deployment Connectivity 4 2 Setup Options SmartNA 10G Filtering TAP configuration items include e Network configuration IP address gateway netmask e Username and password configuration e Monitoring duplication port configuration SmartNA 10G Filtering TAP Setup LCD and Control Pad IP address Configuration To change the IP address configuration press the X button until you reach the Top Menu then scroll to Configuration and select it by pressing the check button then select Mgmt IPv4 Config The following screen will be presented Mgmt Pv4 Config Noes kia PUIS AIDE WIS LOT DO V change any x backw A down or up arrow WA appearing in the lower or upper right corners of the LCD indicates there are more items below or above the items currently displayed use the up and down arrows to see additional menu items Press the check button to modify A list of modifiable options will be shown These are the address mask and gateway Select Mgm
19. me and password creates user for reports and filter specification and settings admin admin admin user username and password creates user for web reports only user user user The Port Rate Limit menu is used for setting rate limiting for the 1G ports ports 3 and 4 The ports can each be set to one of nine different rate limit values specified in either packets per second or bits per second Example Rate limiting for 1G mirr can each be rate aed or bps bits per second ports Ports 3 and 4 e or r by either pps packets per second Available values are un un un WM H HH SHE HE HE HE HE HE HE HE HE HE HE DS TS p p p p b b b b T TS TS un un un nm _3_ratelimi rror 4 ratelim 5 Startup Now that the hardware and networking components are installed and configured it s time to start the SmartNA 10G Filtering TAP This section describes startup and allows you to confirm that the SmartNA 10G Filtering TAP is operating properly Operation of the SmartNA 10G Filtering TAP is described in the following sections Step 1 Start SmartNA 10G Filtering TAP device Turn on the SmartNA 10G Filtering TAP Step 2 Observe bandwidth on SmartNA 10G Filtering TAP LCD Go to a SmartNA 10G Filtering TAP appliance that is installed on a link that currently has network traffic Push the LCD toggle button until the Receive screen appears and confirm that there is traffic flowing through the SmartNA
20. ng systems attached to the SmartNA 10G Filtering TAP to have access to full line rate 10G traffic without being overwhelmed by the high packet rate For example a laptop running Wireshark open source packet analysis software can be connected to a 10G link and a filter can be set to duplicate only relevant packets for a debug say ICMP packets with a particular payload Instead of receiving the brunt of the 10G link the laptop only receives a trickle of relevant packets Another example is to use the SmartNA 10G Filtering TAP s filtering capabilities to drill down on a particular network segment allowing network monitoring tools such as ntop open source network monitoring to generate reports for only the relevant end points Other examples include selectively duplicating traffic to satisfy compliance policies detecting passwords in the clear or detecting unauthorized applications running over non standard ports port masquerading FILTERING AGGREGATION REDUCTION Network Critical Network Critical Figure 9 SmartNA 10G Filtering TAP Port Relationship 7 1 Filters Page Overview The regeneration filters are managed from the filters page The main page is arranged into sections as described below Fitters Mozilla Firefox File Edit View History Bookmarks ScrapBook Tools Help GS Li nttps 1921680121iters Sr Ge NAVIGATION cut sites buat Mers satings SAVEFLTERS
21. ollowing screen will be presented Port Rate Limit loff SO 3 100 pps 4 100mbps V change any x back Press to modify any of these fields use cursor up down to select a rate limit left right to move between ports then press and hold the for three seconds to save Front Panel Setup The Front Panel Setup menu is used to configure the brightness and contrast of the LCD a screensaver and an idle screen that the LCD returns to after being inactive for five minutes To configure the front panel settings press the X button until you reach the Top Menu Scroll to Configuration and select it Select Front Panel Setup The following screen will be presented Front Panel Setup Idle Receive Bri 100 Cont 45 V change any x backw Press to modify any of these fields then press and hold the for three seconds to save Security For security purposes an 8 16 digit PIN is available to allow only administrators to change configuration items on the SmartNA 10G Filtering TAP To change or set the admin PIN press the X button until you reach the Top Menu Scroll to Security and select it Select Reset Admin PIN The following screen will be presented Security Reset Admin PIN Jes el CG D ack Press y to enter or modify the PIN PINs must be between eight and 16 digits in length Selecting a PIN of zero length turns off the admin PIN security feature After configurin
22. ports to duplicate FROM and which ports to duplicate TO setting the name of the filter choosing from filter types and burst capture The middle section contains fields specific to each filter template and is used to enter selective regeneration or duplication criteria such as IP addresses and payload The bottom section reports status as well as error messages and also displays the amount of traffic matching the specified filter A typical filter is shown in Figure 11 FILTER ACTIVATE FILTER NAME FILTER TYPE DEACTIVATE DUPLICATE FROM DUPLICATE TO BURST CAPTURE PORT PORT ENABLE EXPAND EC ERROR y COLLAPSE ef CA lh E MEANAPATCP OR UDP FILTER CONTROL VLAN 100 IP SRC 1392 168 0 1 IP DST 192 168 0 0 24 TCP SPORT FILTER SPECIFICATION PAYLOAD ANCHORED Y IGNORECASE OFFSET ANCHORED example string 00 11 aa bb 14 somewhere else in packet 3 d Filter provisioned bps pps a STATUS AND COUNTERS Figure 11 Filter Overview EXPAND COLLAPSE Expands or collapses the filter When collapsed only the filter controls are shown If the filter is expanded the filter specification and status lines are shown If an error occurs filters with errors are automatically expanded FILTER ACTIVATE DEACTIVATE Activates or deactivates the filter A check box indicates the filter is active Since modification of active filters is not allowed editing a filter specification or control will automati
23. pplied Step 2 Attach the SmartNA 10G Filtering TAP to the rack Install the SmartNA 10G Filtering TAP in the rack using the four large rack mounting screws supplied Step 3 Supply power to the appliance Connect the power cord to the connector on the rear of the SmartNA 10G Filtering TAP Step 4 Power up the SmartNA 10G Filtering TAP Flip the power switch on the rear of the SmartNA 10G Filtering TAP to ON the 1 position 4 Configuration This section describes the installation of the SmartNA 10G Filtering TAP into the network as well as how to configure the SmartNA 10G Filtering TAP 4 1 Network Setup Step 1 Connect the Management Port Connect the management port to your network Step 2 Connect Monitoring Ports Connect the monitoring ports to the systems running software for the further analysis of packets e g Wireshark ntop etc See section 4 2 for configuring the operation of these ports Step 3 Connect Live Network Ports The SmartNA 10G Filtering TAP is a fully transparent network appliance with integrated fiber bypass Traffic will continue to flow in both directions even without power to the device The SmartNA 10G Filtering TAP is deployed between any two network devices and transparently bridges the link To install the appliance simply connect the A and B ports between two branches of the network as shown in Figure 2 In addition it is possible to monitor and provide bandwidth reduction on two different lin
24. size gt 1024 Version Model Serial Number Displays the version serial number model of the system and fiber type To access this screen open the Top Menu by pressing the back button then select Device Info by pressing down and view by pressing the green check button Port Status Displays port link status The network ports show 10 100 GI G or 1061 G for link speed If no link exists the display shows three periods Port 1 and Port 2 are always 10G and active so they are not shown To access this screen open the Top Menu by pressing the back button then select Port Link Status by pressing down and view by pressing the green check button Management Port IP Address and Netmask The top line displays the IP address for the management port the second shows netmask and the third is the gateway address If the gateway is all zeros then it is disabled To access this sceen open the Top Menu by pressing the back button then select Configuration then Mgmt IPv4 Config 3 Installation The SmartNA 10G Filtering TAP can be mounted in a standard 19 rack and occupies 1 rack unit To deploy in this configuration attach the supplied mounting brackets to the appliance and attach it to the desired rack location Step 1 Attach mounting brackets to the SmartNA 10G Filtering TAP Attach a mounting bracket to each side of the SmartNA 10G Filtering TAP using the three screws su
25. t IPv4 Address Mgmt Pv4 Config Address Net mask J select x back v Press the left and right buttons to select a digit Press up and down to modify the digit Press the check button to accept the new address Mgmt Pv4 Address T92 CNT lk 5 V accept x cancel 7 After at least one of the settings has been modified these changes must be saved The top line of the LCD will flash between NOT SAVED and the menu title NOT SAVED Mgmt Pv4 Address Mgmt Pv4 Mask Y select x back v To save settings press and hold the green check button for three seconds A confirmation menu will appear Save changes Je X n0 Press the green check button to save the changes the red X button to cancel the changes Wait while the SmartNA 106 Filtering TAP saves the changes and restarts Other network settings are configured in the same manner The Mgmt IPv4 Config menu configures e Address e Netmask e Gateway DNS1 Address DNS2 Address Allow Ping Web TCP Port Time and NTP Configuration To change the Time and NTP configuration press the X button until you reach the Top Menu Scroll to Configuration and select it Select Date amp Time Config The following screen will be presented Date amp Time 2008 0211 Ti 20226 Time Zone GMT v change any x backw Press the check button to modify A list of modifiable options will be shown These are the address mask and gateway
26. the capture is complete Step 3 Packet Download Following the capture of these packets they can be viewed on the burst page On this page a list of packet captures will be shown sorted by time If no packets were captured the number of packets for that entry will be zero Click on the link to download and view the pcap file e g using packet analysis software To delete a capture click on the x hyperlink A maximum of ten pcaps are saved Successive captures will automatically delete older pcaps vj Y Buel Caglure Lisl Mica Foelos Fibs Cot View Wigtory Gockmarks Sersplocuk fools Help SB BL IIA ant ciiai Hamia HER Mari pelinos Capture lilat Time STE Praceta y MOnFeb25 1545112008 DEWE 552 a Mon Feb 25 1547542003 3374 K8 321 x Mon Feb gS ol a 200 435 1 Ke Muy E Mon Feb 25 15474006 367 1 KE 348 s Mon Feb 25 1545714 008 Or MB Fil a Hon Feb 2h 1544437003 401 055 3839 Nuts EN Dene 102168011 amp JB ee ent Figure 13 Burst Capture Page 7 5 Filter Examples How do create a rule to duplicate TCP traffic on my network This example takes you from specifying a filter to duplicating only TCP type traffic It shows you how to specify a payload filter and allows you to see how much traffic containing the specified phrase exists on your network in packets second and megabits second Step 1 Select the VLAN IP TCP OR UDP filter type Enter a name for the rul
27. udp_a udp_b Figure 7 TCP Events TCP Window Size These profiles provide information about TCP window size a key measure of health on the network TCP window sizes of O less than 256 less than 1024 and greater than 1024 are counted Filter Name arp_a _arp_b cmp 8 iemp_b _other_a other_b cp a tcp_b _tcp_fin_a tco_fin_b rst_a tcp_rst_b _tcp_syn_a tep_syn_b _tcp_synack_a ICO alent A ca TCP WINDOW Aicp_window_eq_0 a SIZE tep_window_eq_0_b _tep_window_gt_1024_s _tcp_window_gt_1024 b top_window__1024_s tep window E 1024_b icp_window_f_ 256 a Mica window E Tia udp_b Figure 8 TCP Window Size 7 Filtering on Each Monitoring Port The SmartNA 10G Filtering TAP features filtering capabilities on each monitoring port Traffic entering the live ports A and B can be duplicated to up to four 4 monitoring ports e Port 1 10 Gigabit Monitoring Port LC Connector provides a copy of live network traffic A gt B e Port 2 10 Gigabit Monitoring Port LC Connector provides a copy of live network traffic B gt A e Port 3 1 Gigabit Aggregated Monitoring Port RJ 45 providing an aggregated copy of live network traffic A gt B amp B gt A e Port 4 1 Gigabit Aggregated Monitoring Port RJ 45 providing an aggregated copy of live network traffic A gt B amp B gt A This filtered regenerations functions as selective bandwidth reduction enabli
28. vent of a power outage Traffic Statistics The SmartNA 10G Filtering TAP provides basic statistics for network behavior in three ways the LCD web reports and with an open data format The LCD continuously displays total network traffic passing through the SmartNA 10G Filtering TAP as well as a breakdown into major protocol groups TCP UDP ARP ICMP OTHER TCP events and TCP window size giving an instant view into the wire The same statistics and user defined filter information is available via a browser making network behavior data available anywhere Simple Drop in Deployment Deployment of a SmartNA 10G Filtering TAP is as simple as connecting the monitor ports to the network setting the IP address of the management port connecting the selective regeneration ports to packet capture equipment and providing power Reliability The SmartNA 10G Filtering TAP s high performance and reliability is derived from the utilization of an all hardware data path By transferring complexity into a custom ASIC the SmartNA 10G Filtering TAP can run a lightweight hardened OS making its embedded software both simple and resistant to security attacks The integrated passive bypass means no interruption to the network 2 Appliance Overview The SmartNA 10G Filtering TAP s ports and controls are shown in the figure below LIVE NETWORK MONITORING MANAGEMENT INFORMATION CONTROL PAD PORTS PORTS DISPLAY ee POWER LINK ACTIVITY
Download Pdf Manuals
Related Search