Deploying NetPatrol on an Wingate working enviroment.

Technical support forum for Qbik NetPatrol - our new Intrusion Detection System.

Moderator: Qbik Staff

Deploying NetPatrol on an Wingate working enviroment.

Postby javila » Mar 28 04 8:36 am

Hi, greets for your new software realeased.

I was trying this software on the beta layer and I could not make it work, so I leave it for a time.
Now I see that this is an oficial release so I was wondering how to use it in combination with Wingate, is there an profile enviroment? is is installs onthe wingate server machine? it is an administrative omni-powered tool (sorry for the english).
I need some advice here, please.

Thanks.

Javier A.
javila
 
Posts: 93
Joined: Nov 13 03 3:43 am
Location: Santa Cruz de la Sierra - Bolivia

Postby labull » Mar 28 04 12:58 pm

Javier,

I have NetPatrol running on my WinGate 5.2.3 server.

Works well and keeps me alerted.

It will take some tweaking of the rules to eliminate false positives but that's to be expected.

The higher the amount of traffic the busier the system will be. A higher end system helps.

Larry
WinGate 8 - Windows Server 2008 R2 - VMWare
labull
WinGate Guru
 
Posts: 706
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby Pascal » Mar 28 04 2:06 pm

If your WinGate Server is a low spec machine, you can run NetPatrol on a separate machine. You should then switch it to promiscuous mode, so it can inspect all traffic on your network.

The way Larry has it configured is probably the easiest way.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby sietze » Apr 04 04 3:15 am

Hi Javier:

Looks like it is Realtek 8029 and checksums again.

I am trying to do the same as you, installing NetPatrol (v1.0) on the same box as WG (v5.2.2) As soon as I do the WG NAT log starts filling up again with checksum errors. WG not working of course. This even happens when Netpatrol is not running. After deinstalling NetPatrol thing start working again.

'ta luego.

Sietze
sietze
 
Posts: 18
Joined: Mar 27 04 12:53 am
Location: Gibraltar

Postby genie » Apr 04 04 9:32 am

Aye, there is a possibility that NetPatrol driver does not block TCP_OFFLOAD properly - we'll make sure that the driver is updated for the next release.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

Postby sietze » Apr 05 04 12:10 am

FYI:
I've replaced the external Realtek 2029AS card with an Intel Pro 100+ and now both WG 5.2.3 and NP v1.0 are hunky dory.

(In another thread I reported checksum probs with WG 5.2.3 and Realtek 8029AS. But in that case WG 5.2.2 was OK. In this case, together with NP also WG 5.2.2 went awol.)
sietze
 
Posts: 18
Joined: Mar 27 04 12:53 am
Location: Gibraltar

Postby genie » Apr 05 04 10:41 am

Cool! Thanks for the iinfo.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

Postby sietze » Apr 05 04 6:35 pm

No problemo. Of course I should have typed 8029 and not 2029 with my sausage fingers.

I've counted them, and I have 7 of these old Realteks lying about. They are nice because even though they support only 10 mbps (which tends to be enough for the external interface) they are for PCI slots so I can still fit them in modern mobos. I hope Qbik software can be made compatible with these cards.
sietze
 
Posts: 18
Joined: Mar 27 04 12:53 am
Location: Gibraltar

Postby adrien » Apr 21 04 2:07 pm

should be no problem there. The other option often is to manually disable checksum offloading in the adapter properties in your OS.

We found recently until we did this, one of our server adapters would keep bouncing up and down (unplugged, plugged, unplugged, plugged etc).

Adrien
adrien
Qbik Staff
 
Posts: 5197
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby sietze » Apr 24 04 11:06 pm

Adrien, thanks for the hint. However, on the 2 systems with Realtek that I was able to check the driver does not allow diabling CRC. But I'll keep it in mind for future installations. And in any case we seem to have pinpointed the problem.

In any case I was just having a look at NetPatrol. As a Qbik rteseller it is useful to be familiar with the Qbik products ;-)
Once a future version of NetPatrol allows automatic blacklisting of offending hosts I will have another look at it.
sietze
 
Posts: 18
Joined: Mar 27 04 12:53 am
Location: Gibraltar

Postby bharatshinde » May 07 04 6:47 am

How to install and configure netpatrol .
I have download netpatrol from wingate site and try to install it ,it install and showing me netpatrol console .I don't know how to configure it so plz let me know how to install and configure .
waiting for ur reply.
regards,
Bharat.
bharatshinde
 
Posts: 1
Joined: May 07 04 6:38 am
Location: mumbai

Postby genie » May 07 04 10:13 am

NetPatrol configuration is relatively easy - when you start NPConsole app you can choose a File option "New Connection" - that's how you attach the console to the engine. Then, when the console is connected to local host (IP 127.0.0.1) there is an Edit menu option called Configure - that's where you configure NetPatrol. Mind you, NetPatrol requires minimum configuration and the most important is to set up your home network addresses properly (button "Network" on the configuration dialog).

Important: Configuration at the moment is local only, therefore you cannot configure remote NetPatrol services (planned for future versions). Use 127.0.0.1 IP address to configure the service.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

Postby budiono » May 28 04 7:43 pm

when i've click 'Network' Button, do i have to set up all local network one by one? from 192.168.1.1 to 192.168.1.255 ? coz there alot of computer on my place....
thx
budiono
 
Posts: 16
Joined: May 28 04 2:18 am

Postby genie » May 28 04 7:46 pm

Home network data is used in some of the rules (most of them, actually) and it is better to cover all you home (aka internal) networks, but for better performance you can user masking (i.e. 192.168.0.0/255.255.0.0 will cover all the machines whose IP addresses start with 192.168). Also add your external IP address(s) to the list of home IPs.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

Postby budiono » May 28 04 8:13 pm

thx for reply.
when i first install net patrol and connect to it's console, the yellow indicator is always blinking. so i klik button 'network' and insert IPs that connect to wingate server and disconnect from net patrol console. when i connect to console again, there no red or yellow or blue indicator blinking. and i change the ip list in 'network' button configuration to 192.168.0.0/255.255.0.0 and disconnect from it's console again. then i connect again and the yellow indicator is blinking again.
what that mean when red/yellow/blue indicator is blinking?
thanks...
budiono
 
Posts: 16
Joined: May 28 04 2:18 am

Postby genie » May 28 04 8:17 pm

Aye, The indicators show that there is new information available that concerns the certain part of NetPatrol: red means new alert has been submitted, yellow - new log entry (warning, service info, etc), blue - new firewall action has gone off. Since every login into NetPatrol generates new log entry, yellow indicator always flashes. You can just double click on the indicator to be redirected to the window that requires your attention. As soon as you click left mouse button on the window-that-requires-attention, the indicator stops flashing.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

netpatrol on switched network

Postby geva » Jun 25 04 8:20 am

Hi

I was wondering if Netpatrol is working on a switched network, if Netpatrol then sees all network traffice or does the pc where Netpatrol is installed needs to be installed on a switch-port where all traffic is going through ?
Or how is doing Netpatrol this

Thanks for the answer
geva
 
Posts: 1
Joined: Jun 25 04 8:17 am

Postby labull » Jun 25 04 8:40 am

NetPatrol will only see the traffic that's presented to it so connecting to a switch port will be necessary to monitor all traffic on that network.

Larry
WinGate 8 - Windows Server 2008 R2 - VMWare
labull
WinGate Guru
 
Posts: 706
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby camusakira » Nov 21 04 7:19 pm

what steps do i need to take in order to get to this so called "promiscuous mode"?
camusakira
 
Posts: 13
Joined: Nov 21 04 3:57 pm

Postby genie » Nov 21 04 9:23 pm

All you need to do is to tick the "Promiscuous mode" checkbox in Configuration dialog. This mode works only if Professional license is installed or in the trial mode.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am


Return to NetPatrol

Who is online

Users browsing this forum: No registered users and 1 guest

cron