4
Protecting Your Digital Assets
TM
Ditto Network Tap Module User Manual
d. Select the media from the “Destination” drop-down box that you want Network Tap Module to save
your captured data.
e. Select the partition on the destination media you want to capture to from the “Partition” drop-down
box.
f. Bypass “Live Network Capture” and leave it disabled.
g. Click the
Start button
to begin capturing network data. When you are fi nished, click the
Stop
button
.
You can view the log of the network capture action by scrolling down to the “System Log” panel on
the “Home” screen. Find and click on the latest link, which will be denoted by a fi lename with a date/
timestamp format: “S_yyyymmddhhmmss”. Alternatively, you can click on the
Logs button
from the
top menu bar.
You can view the data retrieved from the network capture action by examining the destination media,
which will contain a folder named with the same data/timestamp format: “S_yyyymmddhhmmss”. This
folder includes the PCAP fi les containing the captured data, an XML fi le containing the log information of
the network capture, and—if hashing is enabled—a TXT fi le that contains each of the generated PCAP
fi les’ MD5 or SHA-1 hash value (see Section 5.1.2 to enable hashing).
3.1.2 Live Network Capture
a. Using the Browser Interface, select
Network Capture
from the “Action to Perform” drop-down
box.
b. Select the network capture fi lter from the “Network Capture Filter” drop-down box or type in the
ports you wish to capture in the text box directly below. Use the syntax “port ## or ##” without
quotes (e.g. port 80 or 81 or 443)
c. Disregard the “Interface” and “Destination” drop-down boxes.
d. Ensure your third party Wireshark network protocol analyzer is standing by to receive data. If you
need help in confi guring Wireshark itself, click the
Information icon
next to “Live Network Cap-
ture” for a link to Wireshark’s remote capture documentation.
e. Click the
Enable button
next to “Live Network Capture” to turn live network capture on. When you
are fi nished capturing network traffi c, click the
Disable button
.
Do
NOT
click the Start button! This button actually enables the PCAP network capture function that
captures network traffi c to your local destination media. It does
NOT
enable live network capture.
Figure 1.
The “Action” section on the “Home” screen, showing
the options available for the “Network Capture” action.
STOP!