NetFort Advertising

Frequently Asked Questions

What is LANGuardian?

NetFort LANGuardian is software that analyzes your network traffic. Using advanced deep packet inspection techniques, LANGuardian gives you a unique level of visibility into everything that’s happening on your network, including user activity, file and database monitoring, intrusion detection, bandwidth usage, and Internet access. For details, see Explore LANGuardian on this site.

Can I use LANGuardian on my home network?

Probably not. LANGuardian works by analyzing network traffic that it captures from a monitoring port on a network switch. It can also capture NetFlow and sFlow data. In general, domestic routers do not have a monitoring port and therefore they cannot provide traffic data to LANGuardian.

How much does LANGuardian cost?

The actual cost depends on criteria such as the number of users on your network and the scope of your deployment. Please see our pricing page for more details and to request a quotation. If you have specific queries, please contact us directly.

How is LANGuardian licensed?

LANGuardian is available under a perpetual license or a subscription license. Pricing is based on the number of users on your network and the number of sensors you want to deploy. Specialized features are provided as additional modules, so you do not pay for them if you do not need them. For more details, please see the licensing page.

What support and maintenance arrangements are available?

If you buy LANGuardian on a subscription basis, you are entitled to unlimited technical support and free product updates for the duration of your subscription. If you buy LANGuardian on a perpetual license, A NetFort Support and Maintenance contract entitles you to unlimited technical support and free product updates for the duration of the contract. See the pricing and quotations page and support and maintenance page for details.

Can I use LANGuardian to see what my kids are doing on the Internet?

Generally, no. This is because typical home routers and hubs are not capable of providing LANGuardian with traffic data for analysis.

Can LANGuardian tell me how my bandwidth is being used?

Yes. LANGuardian produces detailed traffic reports that allow you to drill down from a single graph covering the entire network to the details of bandwidth consumed by individual files downloaded or web pages visited.

Can LANGuardian tell me who deleted files from a network share?

Yes. In the Windows File Shares :: events report, you can search by file name and drill down to a list of file events (open, read, delete, move). If you have the Identity module installed, you can click View Report with Usernames to see the name of the user who deleted the file.

Can LANGuardian tell me what websites the users on my network are visiting?

Yes. You can search by username and drill down to the sites and even individual files the user has accessed, or you can search website name and drill down to see which users accessed that website. You can also drill down from bandwidth reports to identify users or websites that are consuming a lot of bandwidth.

Does LANGuardian require specialized hardware?

No. LANGuardian runs on industry standard hardware. However, because it deploys as a bare-metal installation, it requires dedicated hardware. When you install LANGuardian, any operating systems or data already existing on the hardware will be erased.

The machine on which you install LANGuardian must have two network interface cards, a 2 GHz or faster CPU, at least 2 GB RAM, and at least 40 GB disk space for the traffic database.

Why does LANGuardian require more than one network interface card?

LANGuardian requires at least two network interface cards (NICs). It makes the network data available via a browser-based user interface, which requires one NIC. It acquires traffic data from a core switch, which requires a separate NIC. In some networks, the core switch might have additional monitoring ports configured, and in those cases LANGuardian will require additional NICs to capture data from each of these ports.

Can I install LANGuardian on Windows?

No. LANGuardian software deploys as a bare-metal installation onto dedicated hardware. You can install LANGuardian on a machine that already has Windows installed, but in doing so you will reformat  the disk, erasing the operating system and and data.

Can I install LANGuardian on a laptop?

No. LANGuardian requires two Ethernet adapters, one to capture traffic and one for the management interface. Most laptops have only one Ethernet adapter. Although laptops usually have a second (wireless) adapter, and it is even possible to add further adapters via USB, they are generally not supported by LANGuardian because of device support limitations in the underlying operating system.

Can LANGuardian prevent users accessing certain websites?

No, but when somebody accesses a forbidden website LANGuardian can notify you immediately and tell you the name of the user involved.

Will LANGuardian work with my network switch?

LANGuardian will work with any network switch that supports port mirroring. We have tested LANGuardian with a wide range of switches from manufacturers that include 3Com, Cisco, Dell, HP, Juniper, Netgear and Nortel. See the core switch documentation page for links to vendor switch information. If you need any help getting your switch configured, please contact us.

Does LANGuardian have any impact on network performance?

No. When you configure port mirroring on your core switch, the switch electronically copies each data packet to the monitoring port. LANGuardian captures traffic data from the monitoring port, so it does not affect the traffic flowing through the switch.

To use LANGuardian, do I need to install any software on the clients in my network?

No. LANGuardian captures all of its data from the network traffic flowing through your core switch.

Can LANGuardian show me how much bandwidth is being consumed by users accessing YouTube?

Yes. In the user interface home page, click Search by Website Name, then enter youtube.com in the search dialog box. LANGuardian will return a report summarising the amount of bandwidth consumed by access to YouTube in the previous 24 hours. You can customize the report to display a different time period and you can drill down to details of accesses by specific users or from specific clients.

Can I get a single report that summarizes all access to social media on my network?

Yes. You can customize the Web :: events (web accesses) report to return details of all accesses to a list of named websites. For example, to report on accesses to YouTube, Facebook, LinkedIn, Twitter, and Google+, change the Website Name dropdown to matches regexp, and in the field next to the dropdown enter:

youtube.com|facebook.com|linkedin.com|twitter.com

Can I install LANGuardian on VirtualBox?

Yes. Download the LANGuardian ISO image, create a new virtual machine in VirtualBox, mount the ISO image and boot from it to start the installation.

Can I install LANGuardian on VMware Player?

Yes. Download the LANGuardian ISO image, create a new virtual machine in VMware Player, mount the ISO image and boot from it to start the installation.

Can I install LANGuardian on Hyper-V?

Yes you can install LANGuardian into Hyper-V (Windows server 2012) to monitor local virtual traffic (intra HyperV traffic). Documentation and advice on how to configure LANGuardian in a Hyper-V environment is available by contacting support@netfort.com.

SPAN can be connected to Hyper-V (2012/R2) instance by enabling Port Mirroring on Virtual Switch, and configuring it as a source for external SPAN traffic.

Here are the Powershell commands.

HyperV SPAN Port Setup

How do I uninstall LANGuardian?

LANGuardian deploys as a bare-metal installation and therefore it never needs to be uninstalled. If you deployed LANGuardian on dedicated hardware and want to reuse the hardware for a different purpose, re-format the hard disk or install a different operating system and LANGuardian will be overwritten. If you deployed LANGuardian in a virtual environment, simply delete the virtual machine on which you installed it.

How do I reset LANGuardian?

You can reset your LANGuardian instance to use the default factory settings. This will delete the traffic database and reset the management interface IP address to the default value of 192.168.127.200. To reset LANGuardian, click the Configuration button in the main menu to display the LANGuardian Configuration page. Scroll down to the Upgrade/Backup/Restore section of the page and click Restore the system to factory defaults.

What is a sensor?

A sensor is the term LANGuardian uses to describe a connection to a monitoring port on a core switch. In large networks you might configure several monitoring ports that you want LANGuardian to capture traffic data from. Each of these ports must be connected to a separate network interface card (NIC) on the LANGuardian system. In the LANGuardian user interface, you can see a collective view of the traffic captured by all sensors, or you can drill down to see the traffic data associated with each individual sensor.

How does LANGuardian collect data?

LANGuardian collects data from a core switch on your network. Connecting LANGuardian to a monitoring port gives the most detailed information, but LANGuardian can also accept flow data (NetFlow and sFlow) and pcap files. For more information, see the architecture page.

How much traffic data can LANGuardian store?

LANGuardian uses whatever locally attached storage is available to it. The larger the disk, the more traffic data you can store. The amount of storage you need for your network traffic depends on factors such as the overall traffic volume, the types of traffic and events you want to monitor, the number of sensors, and the amount of historical data you want to have available online.

What happens when my available storage space fills up?

LANGuardian stores the data in its proprietary database until 80% of the available storage is used. The remaining 20% of locally attached storage is used to store database archives. When the database size reaches 80% of the available storage, LANGuardian frees storage space by creating an archive of the oldest data and purging it from the database until 50% of the available storage is free. You can download archives manually for offline storage, or you can configure LANGuardian to automatically to export them, via FTP, to another location on the network. If you do not download the archives or export them via FTP, the storage space allocated to archives will eventually fill up. When that happens, LANGuardian will delete the oldest archives when it needs to make space available for newer ones.

What is Snort?

Snort is an open-source network intrusion detection system that performs real-time traffic analysis on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. LANGuardian includes an intrusion detection system that is based on Snort.

Find out more

If you have any questions about how LANGuardian can meet your requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free trial to try it on your own network with your own data.

Talk to us now

Talk to NetFort today. Contact us at sales@netfort.com or call us at +353 (91) 520 501.