How LANGuardian Works
LANGuardian from NetFort is powerful network traffic and security monitoring software. You can use LANGuardian to:
- Passively capture traffic flowing through your network switch
- Analyse internal traffic, capture metadata such as IP addresses, user names, file and folder names, web domains and URIs
- Store the results in a database for reporting and analysis
- Get alerts if suspicious activity is detected
- Keep a constant eye on you network and help prevent incidents that could turn into breaches or network outages
- Provide access to traffic data through a web interface
We’ve designed LANGuardian to give you powerful network security monitoring without the headaches. It works on traffic data, so there’s:
- No client software to install
- No interaction with the devices on the network
- No impact on network performance.
- All you need is a SPAN, mirror port or network TAP.
LANGuardian works with the most common network switches. In most cases traffic is captured at the network core and we have options for remote sensors for multiple data centers or isolated networks such as a DMZ. Our technical support team can answer any questions you may have on your own network topology.
Monitor your network inside and out with passive traffic capture
LANGuardian captures network traffic from a SPAN or mirror port on your network switch. Simply connect the mirror port to a dedicated network adapter on the physical or virtual server where LANGuardian is installed. Depending on how you configure the SPAN port, LANGuardian can capture LAN, WAN, and Internet traffic.
Configuring a SPAN port on your switch involves the following steps:
- Identify an unused switch port to designate as a monitoring port for LANGuardian.
- Identify the switch ports you want to monitor (these are often called source ports).
- Configure the switch to associate the source ports with the monitoring port.
The switch will send a copy to the monitoring port of all data flowing through the source ports. LANGuardian captures the data from the monitoring port for analysis. The actual data itself is not affected and there is no performance impact. Most network switches have a SPAN port (some manufacturers call it a monitoring port or mirroring port) and configuration instructions can usually be found in the switch documentation. If you have a Cisco switch, you can download our free SPAN Port Configurator to help you configure it. Our support team has experience of configuring all kinds of switches – if you need help, please contact us.
During installation, you connect a network interface card (NIC) on the LANGuardian system to a SPAN port on your network’s core switch. The LANGuardian software uses the term sensor to represent this physical connection between the core switch and the LANGuardian system. There are some situations where you might want to create more than one sensor in LANGuardian. In these situations, you can create more than one SPAN port on your switch, and connect each SPAN port to the LANGuardian system. For example, you might want to monitor Internet traffic separately from internal network traffic. In this case you would need two SPAN ports on your switch, and these would be represented as two sensors in the LANGuardian software. You would need three NICs on your LANGuardian system – one to connect to the SPAN port monitoring Internet traffic, one to connect to the SPAN port monitoring internal network traffic, and one to deliver the browser-base user interface.
Get network activity in detail with deep packet inspection
By inspecting the content of traffic packets as well as just the header, LANGuardian captures and displays highly detailed information about the traffic on your network.
- Content-based application recognition identifies traffic by application, even when unusual or dynamic port numbers are used
- Targeted protocol decoding provides total visibility into the most commonly used network traffic protocols – web traffic, file share traffic, and email.
Content-Based Application Recognition (CBAR) is a new LANGuardian feature that takes traffic-based application recognition to a new level. With support for hundreds of the most common applications and protocols, and a unique deep packet inspection algorithm, CBAR delivers greater accuracy and fewer false positives than other approaches to application recognition. More on CBAR.
Targeted protocol decoding provides total visibility into the most commonly used network traffic protocols – web traffic, file share traffic, and email. The NetFort DPI algorithm extracts detailed information from the traffic packets and combines it with information from other sources such as DNS and Active Directory to give you a single point of access to everything you need to know about activty on your network. More on traffic protocol decoding: Web activity | File activity | Email
View real-time or historical activity from the traffic database
LANGuardian’s secure, hardened, and highly-optimized database is designed for very fast storage and retrieval of traffic data. From there, you can see historical or real-time network activity data.
- Troubleshoot and resolve immediate problems with real-time information
- Use LANGuardian alerts to signal potential problems before they happen
- Carry out network forensics with LANGuardian’s historical data
- Identify network issues and trends by comparing past and present data.
Analyze the results quickly and easily through a web interface
LANGuardian’s user interface has hundreds of built-in reports with graphs, charts, and drill down capabilities. You can also create your own custom reports or enable alerts for specified events.
- Use the search panels to look for information on network activity specific to a user, IP address or subnet, file name, or website
- Dashboards contain general reports on overall network activity
- Use the dashboards to drill down to more detailed information
- As you use LANGuardian more regularly, you can jump directly to detailed reports from the Reports menu or Report Finder
The Search page is divided into four panels — Bandwidth Troubleshooting, Network Forensics, File Activity, and Web Activity. Using these panels, you can specify a parameter (username, IP address, filename, or website address) and LANGuardian will return a results page showing a summary of all network activity relating to the parameter you specified. From the results page, you can drill down to reports containing more detailed information. The Dashboard page organizes, prioritizes, and displays the network data that is of interest to you. From dashboards, you can drill down to reports containing more detailed information. You can customize dashboards, and LANGuardian now includes a NOC mode to optimize the display of dashboards on wall screens in a NOC. The Reports menu provides you with single-click access to LANGuardian reports. LANGuardian comes with over 80 built-in reports, and you can also create your own custom reports. You can also integrate LANGuardian data into SolarWinds NPM and import it into Microsoft Excel.
You can find out more about the LANGuardian user interface here. If you’d like to go into greater detail about how LANGuardian works, visit the architecture page.
Find out more
Any questions? Contact us
Want to see LANGuardian in action? See our online demos
Better yet, why not try it on your own network, risk-free? Download a no-cost 30-day trial copy
Take the next step to securing your network. Talk to NetFort today. Contact us at firstname.lastname@example.org or call us at
+1 646 452 9485 or +353 (91) 520 501 in EMEA.