NetFort Advertising

LANGuardian V12.3 – New features:

LANGuardian 12.3 introduces 4 new customization features to allow users to apply custom labels to reporting variables, host-names and traffic flows.

The 4 new customization features are brought together on a new customization page, which is accessed via a new drop down menu.

CBAR Local Rules

LANGuardian Content Based Application (CBAR) engine fingerprints each traffic flow on the network to identify the application protocol in use (HTTP, SMB, SMTP etc). The new (see later) Top Protocols report is the summary report for viewing network usage by each application protocol. Some protocols cannot be fingerprinted by LANGuardian , such as custom/in house applications, encrypted protocols, or protocols which LANGuardian does not recognise. The Custom Flow classification settings allow the user to apply a custom label to all traffic flows matching particular attributes, such as source and destination IP address, source and destination port number etc. The flow is then saved in the database with that custom flow label. An example usage would be to label all backup traffic as such, as this traffic typically cannot be fingerprinted by application recognition engines.

Report Variables

Create Report Variables to identify subnets or server port groups in your network. For example, label the subnet as ‘Local Network’, or a port group ‘80, 8080, 3128’ as “Common Web Ports”. These values are then available for use us in report drop down filters.

Hostname Labels

LANGuardian automatically displays DNS/NetBIOS  resolutions beside IP addresses in all reports. However, sometimes systems do not have a DNS record associated with them, or the DNS name may not be suitable for use in reports. This features allows the user to create a custom label in the LANGuardian database, for any IP address. This label is then used in reports, instead of any other DNS resolution.

Server Port Labels

LANGuardian automatically displays labels for well know IANA ports beside port numbers in all reports, such as port 22 (ssh), port 53 (DNS). However, frequently server ports do not have an IANA name associated with them, or the IANA value may not be suitable for use in reports. This features allows the user to create a custom label in the LANGuardian database, for any server port number. This label is then used in reports, instead of any IANA value.

Changes to report categories

There has been some reorganisation of the reports menu, with the following changes:

A new category CBAR Applications has been added for reports derived from the LANGuardian Content Based Application Recognition (CBAR) engine. The top level report CBAR :: Top Protocols, is a replacement for the old report IP :: Top Applications, which has been discontinued.

A new category Bandwidth has been introduced to replace the discontinued IP and IP Actively categories. Reports from the IP and IP activity categories are now available in the Bandwidth category.

Changes to menus

The configuration menu (under the gearwheel) has been modified in the following way.

  • New links
    • Pcap File Reader. This allows for quick import and analysis of pcap files that have been created using other applications such as TCPDump or Wireshark
    • Customisation: Link to a new page to create custom variables, lablels and flow classifications
    • Settings: the old Configuration link has been rename to Settings
  • Removed links:
    • View trends, Configure Trends and Bandwidth Quota Manager are now all available under the Settings link.

Graphs on search page

The Search Page now support Pie and Bar charts, to create “at a glance” snapshot of network, user, file or web activity.

Netflow V9 support

Support for Netflow V9 has been added. See the Create Senor menu. Netflow V9

Internal performance optimisations

A number of optimisations have been made to speedup reports such as Top Website Domains and Top Fileservers.

LANGuardian V12.3 includes the following bug fixes:

Bug fixes

3219 – Destination filter dropped in drilldown to Top Applications from Inbound TCP Traffic report

3225 – Console CLI does not display correct IP address configured by ESX wizard

3175 – Snort IDS add rule GUI, can add broken rule, with ^M

3162 – ?in regexp doesn’t work in report filter

3208 – Netfort alert plugin performance bug

3220 – Webserver should detect browser disconnect and terminate any running reports

3042 – SNMP monitor is not enabled on probes

3214 – Error running report

3217 – Some alerts from probes (New Mac, Trend alert) may be dropped on Central Managers

3216 – Postman daily does not run

3195 – LANGuardian reports are not displayed in Orion if using HTTP API with Orion running as HTTPS

3211 – Top Talkers report fails, error with sdb table path, subnet filter

3209 – Netflow sensor cannot be edited

3205 – JavaScript error when Windows Files Share :: Search by Filename :: By Users

3118 – If a new set of IDS rules/reports/etc cannot be updated when first downloaded, it will never be

3188 – Multiple alerts can corrupt db table

3183 – Negated subnets handled incorrectly

2896 – Snoopy SMB Fileshare decoder mixes up client and server

3198 – Time Filter on Top Domains

3197 – Some youtube links cannot be resolved

3191 – Error: malformed string

3186/3185 – Delete link on sysadm/local_hostnames.cgi does not work

3175 – Adding snort signatures broken up into multiple lines breaks the ID.

3181 Adding a new network card messes up the sensor interface list.

3177 – Issues with trends

3178 – Duplications in Web Browsers reports

Known Issues

3252 –  Creation of custom hostname labels. Custom hostname labels will not override NetBios or DNS names for systems. LANGuardian will use NetBios or DNS names obtained from passive decoding of NetBios and DNS traffic for systems, in preference to custom hostname labels.