NetFort Tips & Tricks - Using LANGuardian to analyze PCAP files

  • 1
  • Idea
  • Updated 6 years ago
  • (Edited)
Did you know that NetFort LANGuardian can analyze PCAP files created by network analyzers such as tcpdump, Wireshark and Microsoft Network Monitor?

Every LANGuardian system includes a PCAP sensor. To analyze PCAP data, simply upload your file and associate it with the sensor. LANGuardian will add the contents of the PCAP file to your traffic database, allowing you to analyze the data in the same way you analyze data captured by LANGuardian itself.

Being able to analyze PCAP data is very useful when you need to investigate activity on remote networks or networks where no other monitoring options exist.

Follow these steps to upload a PCAP file to LANGuardian:

1. Click on the Settings icon in the LANGuardian menu bar and select Sensors.
2. Go to the PCAP sensor and click PCAP File Upload (the maximum allowed file size is 500 MB).
3. Choose the file you want to upload, then click Upload File to add the PCAP file to the LANGuardian sensor.
4. When the file is uploaded, click Process to add the PCAP traffic data to the LANGuardian database and allow reports to be run against the data.

The reports generated by the LANGuardian PCAP sensor will contain much of the same information you are used to seeing in LANGuardian reports, such as bandwidth usage, file share activity, internet analysis. Remember to select the PCAP sensor when running reports and to delete old PCAP's once you have finished. However,there are some limitations because PCAP does not capture as much detail as LANGuardian does.

If you have any questions about using LANGuardian to analyze PCAP data, or indeed any aspect of LANGuardian, please contact us on any time.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 6 years ago

  • 1

Be the first to post a reply!