Full Packet Capture now available in LANGuardian
We regularly get feature requests from our customers which are always very welcome. Such requests can greatly influence our road-map, while it also highlights that our customers are actively using our products. Recently a number of customers asked us to add direct or full packet capture. Specifically, they wanted a way to capture a small amount of very specific traffic.
At the core of LANGuardian is a metadata extraction engine where raw network packets are analyzed. User and application data such as usernames, filenames and website domains are extracted and stored in a database which can then be used for real time or historical troubleshooting.
However, there may be times where you may need access to the raw network packets. Typical use cases would include:
- More detail for troubleshooting issues. Earlier, I was looking at a DHCP issue on my network, and I took a capture of the DHCP traffic to see if there was anything interesting in the packet payloads.
- Capture specific traffic which then can be used to build custom IDS signatures or for developing firewall rules.
- Application traffic sampling for building custom application signatures.
As LANGuardian packet sensors are typically connected to the network core, it has access to a rich data source. Applications such as Wireshark can be easily overloaded, if you connect them to a SPAN or mirror port. The LANGuardian packet capture feature allows you to create packet captures based on:
- Network interface
- Packet and flow filters
- Packet count
Take a look at this short video below, as it shows how a packet capture was setup to grab 100 TCP packets where the destination port was set to 80.
If you would like to try this packet capture feature for yourself, download a 30-day trial of LANGuardian here.