Frequently Asked Questions
NetFort LANGuardian is software that analyzes your network traffic. Using advanced deep packet inspection techniques, LANGuardian gives you a unique level of visibility into everything that’s happening on your network, including user activity, file and database monitoring, intrusion detection, bandwidth usage, and Internet access. For details, see Explore LANGuardian on this site.
Probably not. LANGuardian works by analyzing network traffic that it captures from a monitoring port on a network switch. It can also capture NetFlow and sFlow data. In general, domestic routers do not have a monitoring port and therefore they cannot provide traffic data to LANGuardian.
LANGuardian is available under a perpetual license or a subscription license. Pricing is based on the number of users on your network and the number of sensors you want to deploy. Specialized features are provided as additional modules, so you do not pay for them if you do not need them. For more details, please see the licensing page.
If you buy LANGuardian on a subscription basis, you are entitled to unlimited technical support and free product updates for the duration of your subscription. If you buy LANGuardian on a perpetual license, A NetFort Support and Maintenance contract entitles you to unlimited technical support and free product updates for the duration of the contract. See the pricing and quotations page and support and maintenance page for details.
Generally, no. This is because typical home routers and hubs are not capable of providing LANGuardian with traffic data for analysis.
Yes. LANGuardian produces detailed traffic reports that allow you to drill down from a single graph covering the entire network to the details of bandwidth consumed by individual files downloaded or web pages visited.
Yes. In the Windows File Shares :: events report, you can search by file name and drill down to a list of file events (open, read, delete, move). If you have the Identity module installed, you can click View Report with Usernames to see the name of the user who deleted the file.
Yes. You can search by username and drill down to the sites and even individual files the user has accessed, or you can search website name and drill down to see which users accessed that website. You can also drill down from bandwidth reports to identify users or websites that are consuming a lot of bandwidth.
No. LANGuardian runs on industry standard hardware. However, because it deploys as a bare-metal installation, it requires dedicated hardware. When you install LANGuardian, any operating systems or data already existing on the hardware will be erased.
The machine on which you install LANGuardian must have two network interface cards, a 2 GHz or faster CPU, at least 2 GB RAM, and at least 40 GB disk space for the traffic database.
LANGuardian requires at least two network interface cards (NICs). It makes the network data available via a browser-based user interface, which requires one NIC. It acquires traffic data from a core switch, which requires a separate NIC. In some networks, the core switch might have additional monitoring ports configured, and in those cases LANGuardian will require additional NICs to capture data from each of these ports.
No. LANGuardian software deploys as a bare-metal installation onto dedicated hardware. You can install LANGuardian on a machine that already has Windows installed, but in doing so you will reformat the disk, erasing the operating system and and data.
No. LANGuardian requires two Ethernet adapters, one to capture traffic and one for the management interface. Most laptops have only one Ethernet adapter. Although laptops usually have a second (wireless) adapter, and it is even possible to add further adapters via USB, they are generally not supported by LANGuardian because of device support limitations in the underlying operating system.
No, but when somebody accesses a forbidden website LANGuardian can notify you immediately and tell you the name of the user involved.
LANGuardian will work with any network switch that supports port mirroring. We have tested LANGuardian with a wide range of switches from manufacturers that include 3Com, Cisco, Dell, HP, Juniper, Netgear and Nortel. See the core switch documentation page for links to vendor switch information. If you need any help getting your switch configured, please contact us.
No. When you configure port mirroring on your core switch, the switch electronically copies each data packet to the monitoring port. LANGuardian captures traffic data from the monitoring port, so it does not affect the traffic flowing through the switch.
No. LANGuardian captures all of its data from the network traffic flowing through your core switch.
Yes. In the user interface home page, click Search by Website Name, then enter youtube.com in the search dialog box. LANGuardian will return a report summarising the amount of bandwidth consumed by access to YouTube in the previous 24 hours. You can customize the report to display a different time period and you can drill down to details of accesses by specific users or from specific clients.
Yes. You can customize the Web :: events (web accesses) report to return details of all accesses to a list of named websites. For example, to report on accesses to YouTube, Facebook, LinkedIn, Twitter, and Google+, change the Website Name dropdown to matches regexp, and in the field next to the dropdown enter:
Yes you can install LANGuardian into Hyper-V (Windows server 2012) to monitor local virtual traffic (intra HyperV traffic). Documentation and advice on how to configure LANGuardian in a Hyper-V environment is available by contacting email@example.com.
SPAN can be connected to Hyper-V (2012/R2) instance by enabling Port Mirroring on Virtual Switch, and configuring it as a source for external SPAN traffic.
Here are the Powershell commands.
LANGuardian deploys as a bare-metal installation and therefore it never needs to be uninstalled. If you deployed LANGuardian on dedicated hardware and want to reuse the hardware for a different purpose, re-format the hard disk or install a different operating system and LANGuardian will be overwritten. If you deployed LANGuardian in a virtual environment, simply delete the virtual machine on which you installed it.
You can reset your LANGuardian instance to use the default factory settings. This will delete the traffic database and reset the management interface IP address to the default value of 192.168.127.200. To reset LANGuardian, click the Configuration button in the main menu to display the LANGuardian Configuration page. Scroll down to the Upgrade/Backup/Restore section of the page and click Restore the system to factory defaults.
A sensor is the term LANGuardian uses to describe a connection to a monitoring port on a core switch. In large networks you might configure several monitoring ports that you want LANGuardian to capture traffic data from. Each of these ports must be connected to a separate network interface card (NIC) on the LANGuardian system. In the LANGuardian user interface, you can see a collective view of the traffic captured by all sensors, or you can drill down to see the traffic data associated with each individual sensor.
LANGuardian collects data from a core switch on your network. Connecting LANGuardian to a monitoring port gives the most detailed information, but LANGuardian can also accept flow data (NetFlow and sFlow) and pcap files. For more information, see the architecture page.
LANGuardian uses whatever locally attached storage is available to it. The larger the disk, the more traffic data you can store. The amount of storage you need for your network traffic depends on factors such as the overall traffic volume, the types of traffic and events you want to monitor, the number of sensors, and the amount of historical data you want to have available online.
LANGuardian stores the data in its proprietary database until 80% of the available storage is used. The remaining 20% of locally attached storage is used to store database archives. When the database size reaches 80% of the available storage, LANGuardian frees storage space by creating an archive of the oldest data and purging it from the database until 50% of the available storage is free. You can download archives manually for offline storage, or you can configure LANGuardian to automatically to export them, via FTP, to another location on the network. If you do not download the archives or export them via FTP, the storage space allocated to archives will eventually fill up. When that happens, LANGuardian will delete the oldest archives when it needs to make space available for newer ones.
Snort is an open-source network intrusion detection system that performs real-time traffic analysis on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. LANGuardian includes an intrusion detection system that is based on Snort.
Find out more
If you have any questions about how LANGuardian can meet your requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free trial to try it on your own network with your own data.
Talk to us now
Talk to NetFort today. Contact us at firstname.lastname@example.org or call us at +353 (91) 520 501.