NetFort Advertising

Installing LANGuardian

Overview

LANGuardian is standalone software that requires no additional licenses. The download contains all the software you need including the Linux based operating system. There are several different installation options to choose from:

  • On a dedicated physical machine
  • As a virtual machine on VMware ESX
  • As a virtual machine on Microsoft Hyper-V
  • On your laptop or PC using VMWare Player or VirtualBox

1. Installing LANGuardian on a dedicated physical machine

LANGuardian runs on industry-standard PC or server hardware, typically running a 2GHz processor, 4GB RAM, and 250GB of disk space. The only special requirement is that the PC or server must have two network interface cards (NICs): one to collect the traffic data, and one to provide access to LANGuardian’s user interface. Connecting additional sensors to your network requires additional NICs on your PC or server.

Installation diagram

The diagram below shows LANGuardian in a typical network setup consisting of PCs, laptops, servers, a core switch, and a firewalled Internet connection. LANGuardian deploys as a bare-metal installation onto dedicated hardware that is connected directly to the core switch.

LANGuardian network diagram

Instructions

In this network, the core switch port assignments are as follows (click the diagram to see a close-up of the switch ports):

Port number Description
4 User LAN
5 File server
6 SQL Server database server
7 Application server
8 Intranet server
10 Management interface
12 Monitoring (SPAN) port
Uplink Connected to Internet via firewall

 

To monitor this network, the following steps are necessary:

  1. On your network switch:
    1. Configure port 12 as a monitoring port.
    2. Configure ports 4, 5, 6, 7, 8, and the uplink port as the source ports to be monitored.
  2. Connect a network cable from the monitoring port on the switch (port 12) to one of the network interface cards on the LANGuardian server.
  3. Connect a network cable from an unused port on the switch (port 10) to the other network interface card on the LANGuardian server.
  4. In the LANGuardian user interface:
    1. In the Administration menu, click Sensors.
    2. In the Sensors menu, click Add New Sensor.
    3. Choose a sensor type and follow the instructions.

2. Installing LANGuardian on VMware ESX

When you install LANGuardian in a VMware ESX environment, it can monitor traffic on the internal virtual network, as well as traffic on the physical network. To monitor virtual network traffic, the virtual switch you are monitoring must be configured to operate in promiscuous mode. To monitor physical network traffic with a LANGuardian virtual machine, you need a dedicated virtual switch that is associated with its own NIC.

LANGuardian works on the same principle in virtual networks as in physical networks. A VMware ESX environment incorporates a virtual network switch, which is the virtual equivalent of the core switch in a physical network. The virtual network switch supports promiscuous mode, a setting that enables virtual adapters to see all traffic flowing through the switch and essentially providing the same functionality as a SPAN or monitoring port on a physical network. This makes it possible for the LANGuardian virtual appliance to monitor and report on all network traffic flowing through the virtual network.

Installation Diagram

The illustration below shows a typical virtual network setup consisting of file, application, and database servers connected to a virtual switch. When connected to the same virtual switch as the servers, the LANGuardian virtual appliance can monitor all network activity on the servers.

In this network, LANGuardian is installed on a virtual server that is connected to a virtual switch. When the switch is configured in promiscuous mode, LANGuardian can capture all traffic flowing through the switch.

Monitoring physical network traffic with a LANGuardian virtual machine

As well as monitoring traffic on your virtual network, a LANGuardian virtual appliance can monitor network traffic on your physical network. In this configuration, you must configure an additional sensor in the LANGuardian user interface and connect this sensor to a separate virtual switch, which in turn must be connected to the physical network. The diagram below illustrates this configuration.

LANGuardian on ESX

3. Installing LANGuardian on Microsoft Hyper-V

When you install LANGuardian in a Microsoft Hyper-V environment, it can monitor traffic on the internal virtual network, as well as traffic on the physical network. To monitor virtual network traffic, the virtual switch you are monitoring must be configured to operate in promiscuous mode. To monitor physical network traffic with a LANGuardian virtual machine, you need a dedicated virtual switch that is associated with its own NIC.

When deployed in a Hyper-V environment, LANGuardian will capture and analyze traffic only the virtual network. During the installation, you will configure LANGuardian to join your network. You must use a fixed IP address. Please make sure you have obtained a valid IP address and subnet mask, and know the address of the default gateway, before starting the installation.

Installation Diagram

The illustration below shows a typical virtual network setup consisting of file, application, and database servers connected to a virtual switch. When connected to the same virtual switch as the servers, the LANGuardian virtual appliance can monitor all network activity on the servers.

In this network, LANGuardian is installed on a virtual server that is connected to a virtual switch. When the switch is configured in promiscuous mode, LANGuardian can capture all traffic flowing through the switch.

Hyper-V Installation

Monitoring physical network traffic with a LANGuardian virtual machine

As well as monitoring traffic on your virtual network, a LANGuardian virtual appliance can monitor network traffic on your physical network. In this configuration, you must configure an additional sensor in the LANGuardian user interface and connect this sensor to a separate virtual switch, which in turn must be connected to the physical network. The diagram below illustrates this configuration.

Hyper-V virtual network

4. Installing LANGuardian on your laptop or PC with VMWare Player

You can install LANGuardian as a virtual machine on your PC or laptop. This allows you to see your own traffic, or if you connect your laptop to a SPAN or mirror port, you’ll also be able to troubleshoot other network problems.

Core switch documentation

LANGuardian needs a source of network packets, and the most common is a SPAN or mirror port. All managed switches will have options where you can get a copy of network packets as they move through the switch. It’s an unobtrusive way of monitoring what is happening on a network, and because it’s not in-line, your network performance won’t be affected in any way.

We’ve assembled a handy guide to setting up SPAN or mirror ports on the most commonly used switches, with links to all of the major manufacturers’ documentation in one place. See here for more.

Find out more

Any questions? Contact us

Want to see LANGuardian in action? See our online demos

Better yet, why not try it on your own network, risk-free? Download a no-cost 30-day trial copy

 

Take the next step to securing your network. Talk to NetFort today. Contact us at sales@netfort.com or call us at

+1 646 452 9485 or +353 (91) 520 501 in EMEA.