Capture Settings¶
For all settings related to capture, you need to apply changes on the probe once you are happy with your change set.
To do so click on Apply change(s) under the sub menu
Pending modification(s) from the left hand side panel. Choose if you would like to schedule the change or apply immediately. Click on the Apply button. In the task
list presented - you will be informed of the details of the task execution - status, duration, started, retries, etc.
Change interface settings for a probe¶
This will effectively allow you to enable/disable interfaces on the probe.
Click on Appliances major menu -> Select the desired probe - as available under name form the Stamus Probes list. Click on sub menu Edit under Action form the
left hand side panel. Click on subsection Interfaces. Select the desired sniffing interfaces for the remote probe and then click on Submit.
You should be able to
verify the change as displayed in the NSM settings sub menu on the right hand side panel view. Click on Apply change(s) under the sub menu Pending modification(s) from
the left hand side panel. Choose if you would like to schedule the change or apply immediately. Click on the Apply button. In the task list presented - you will be informed of
the details of the task execution - status, duration, started, retries, etc.
NOTE: In case there is a no interface displayed, you can use (Re)discover system parameters under Special actions sub menu from the left hand side panel. This will try
a discovery of the different parameters of the probes.
Add Berkeley packet filter to adjust probes inspection¶
Click on Appliances major menu -> Select the desired probe - as available under name form the Stamus Probes list. On the right hand side under Interface settings
click on the interface you would like to add the BPF (Berkeley packet filter) add the filter expression in the Berkeley Packet Filter section - > click on the Submit button.
Click on Apply change(s) under the sub menu Pending modification(s) from the left hand side panel. Choose if you would like to schedule the change or apply immediately. Click on the
Apply button. In the task list presented - you will be informed of the details of the task execution - status, duration, started, retries, etc.
For example, to be able to negate traffic from a given host or port, you could do the following:
not (host 10.28.1.30 or host 10.28.1.24)
or
not (port 80 or 8080)
Add threads to an interface inspection on a probe¶
Click on Appliances major menu -> Select the desired probe - as available under name form the Stamus Probes list. On the right hand side under Interface settings
click on the interface you would like to edit -> adjust the number of threads in the Threads section - > click on the Submit button.
Click on
Apply change(s) under the sub menu Pending modification(s) from the left hand side panel. Choose if you would like to schedule the change or apply immediately. Click on the Apply
button. In the task list presented - you will be informed of the details of the task execution - status, duration, started, retries, etc.
Network card load balancing¶
In case your system has a network card with available load balancing features for sniffing you can activate the Network card load balancing that will trigger the usage of this feature
as well as a series of optimizations. If this option is unset, then the load balancing between threads will be done by the kernel.
Activating this option is not recommended for virtual probes.