Storage
General
The Allegro Network Multimeter allows for internal or external storage device(s) to be connected.
Such HDD- or SSD-based storage devices, serve the following purposes:
- Ring Buffer: Allows for network traffic recording (partial or 100%) onto a fixed size ring buffer/circular buffer (FiFo)
- Storage: Allows for the creation of a dedicated storage partition, for saving and storing pcap files onto the local device
- Network traffic replay and analysis of data recorded onto the ring buffer
- Retroactive filtered packet capturing, from network traffic data residing in the ring buffer. see -> Capture module
Managing storage devices
The Allegro Network Multimeter supports disks formatted with an ext4 filesystem and will only use the first partition of each disk.
If a compatible disk is attached, a dialog will show up and offer to activate the disk as a storage device. Multiple storage devices can be active at the same time. The active storage device for which the properties and contents are shown can be selected at the top of the 'Storage' page. Next to the drop-down menu there is a little pen icon which allows to set an alternative name for the storage device (which is displayed e.g. in the capture dialog).
The 'Storage' page will show stats about the selected device as well as the contents.
If an unformatted disk or a disk with an incompatible file system is attached, it will show up on the Storage page where it can be formatted using the Format button displayed next to the device's type and size. After formatting the disk, it will be automatically activated for use as storage device.
Encryption
The Allegro Network Multimeter uses an AES256 LUKS encryption container for encrypted single shared ring buffers. You can connect and mount the encrypted disk with many Linux Distributions. It will ask for your password to mount the container. The Allegro Network Multimeter uses hardware encryption if available. The Allegro 200 does not have HW encryption support and can encrypt up to 400MBit/s in software. All other Allegro devices can encrypt with 2GB/s by using the built-in hardware encryption.
The Allegro Network Multimeter does not store the password of the encrypted device on the disk. you need to re-enter the password if you unmount, reboot or power-off the Allegro Network Multimeter.
The encryption is not available for the cluster ring buffer.
To encrypt a storage device with AES256 disk encryption, (re)format the disk and enable the AES256 disk encryption option in the on-screen menu:
Random, device specific passwords
It is possible to use a randomly generated password for the encrypted storage device. When used, the storage can be activated and deactivated without entering the password. Also, the storage device is automatically activated on system start/restart. The password is stored encrypted on the device and cannot be moved a different device. The password is also deleted on a configuration reset of the Allegro Network Multimeter. Since the password is stored on the Allegro Network Multimeter, the storage device cannot be used on a different Allegro Network Multimeter without reformatting. When the key is removed (on configuration reset or reformat), it cannot be restored!
Deactivation
If an active storage device is to be disconnected from the Allegro Network Multimeter, the deactivate button on the storage page can be used to deactivate the storage device.
The page will then show that the respective storage device has become inactive. Now, the device can be disconnected safely.
Secure erase
For security reasons, the "Securely erase content" button, allows for special formatting algorithms to wipe your disk(s).
Everything on the disk is overwritten with randomly generated patterns, making attempts to recover data (near to) impossible.
After the secure erase process, a disk needs to be formatted before use.
SATA secure erase
If selected in the dialog, disks will be the SATA (extended) secure erase instruction set, for SATA disks that support it. SATA secure erase is a special operation which works on the disk hardware layer (part of the SATA standard).
For SSDs:
- this is a very fast operation (some seconds)
- if both SATA secure erase and SATA enhanced secure erase are supported, both will be performed, leaving the disk with all bytes zeroed
For HDDs:
- the erase of a rotational drive can take several hours or days, because they have to wipe the data from the magnetic disk sequentially. During this time the drive might look as if it is defect. There is no way to monitor the progress of the secure erase
- if both SATA secure erase and SATA enhanced secure erase are available, only the enhanced erase will be performed
NVME crypographic erase
For NVME type SSDs, Allegro Packets utilizes the "Cryptographic Erase" instruction set, which is a fast operation (some seconds).
- if both crypto erase and normal erase are supported, both will be performed, leaving the disk with all bytes zeroed
Software wiping
When using software wiping (by deselecting the hardware erase in the dialog), the disk will be erase by software. This may take several hours to complete. The disk will be erased by writing one iteration of random bytes at the whole disk.
- If the Allegro Network Multimeter is powered off during software wiping, it will not be continued on the next boot. Sensitive data might still be on the disk when interrupted.
- The disk can be formatted and used again, even if software wiping is interrupted
File storage
The Allegro Network Multimeter will initially show the top level directory of the storage partition. By clicking on a directory name the view can be switched to the contents of that sub-directory. This will also show the path of the current directory above the table along with a button that allows to change back to the parent directory.
The following actions for files and directories are available through the following buttons in the same row:
- Analyze PCAP or Analyze all PCAP files: will be shown for packet capture files or directories respectively. If Analyze PCAP is pressed, the Allegro Network Multimeter will either reset all statistics and start analyzing the packet capture file or enables to start a parallel PCAP analysis if this is configured (see Parallel packet processing). Progress, statistics and the option to resume normal operation will appear at the top of the Storage page. Analyze all PCAP files will do the same thing but for all packet capture files residing in the directory together (see the Analyze selected PCAP files together button description).
- Webshark preview: will be shown for packet capture files and, if pressed, opens a Wireshark-like preview of the file.
- Download: starts a browser download of this file.
- Meatballs menu: contains file system operations
The New directory button opens as dialog that can be used to create a new sub-directory in the currently shown directory. Sub-directories can be used as target for storing packet captures (see Capture settings dialog).
The Select or drop file area along with the Upload file button allows to upload a file to the current directory.
The Analyze selected PCAP files together button will start analyzing all packet capture files, that have been marked with the checkbox at the start of the row, together. This will happen in a mergecap-style fashion so that the packet capture files are merged based on packet timestamps. Progress will be shown at the top of the page for every file separately.
File system operations
The meatballs menu in each entry reveals the options
- Rename
- Move
- Copy
- Delete
Renaming will open a text box where the new name of the file can be entered.
Deleting will ask for confirmation before removing the file from disk.
Moving and copying will open a dialog similar to a file explorer. Here the location of the target file can be specified by simply navigating through the folder structure like in any common file browser. If huge files are moved or copied, a new "Pending File System" entry will be created, showing the progress of the file transfer as well as any errors that might have occurred. Any currently pending operations may also be cancelled here.
WebDAV
The Network Multimeter also provides access to the storage contents via WebDAV.
For this, use the Connect to server or Connect to a network drive function on your computer and use the link https://<host name>/webdav.
The credentials are the same as of the web interface. Use the admin account to access the files on the storage device.
WebDAV is supported natively by all current operating systems.
If you have connection problems due to SSL certificate issues under Windows you may try 3rd party tools with WebDAV support.
Operating system | Usage | Notes |
---|---|---|
Windows | In third-party tools with webdav support:
enter URL https://<hostname or ip>/webdav |
Standard windows explorer does not accept self-signed certificates.
Use a third-party tool to use webdav! |
Linux | In file manger, enter URL
davs://<hostname or ip>/webdav |
System usually asks to accept the certificate and that asks for username and password. |
MacOS | Open Finder, select menu "go to -> connect to server".
Enter "https://<hostname or ip>/webdev" |
System usually asks to accept the certificate and that asks for username and password. |
iSCSI
A remote iSCSI target can be used as a storage device.
The iSCSI target must be reachable over the management network connection.
To add an iSCSI target as storage device use the Configure iSCSI device button which is visible on the Storage page when no storage device is currently activated.
In the displayed dialog you must enter the host which can be an IP address or host name and may include a port number (e.g. 'storageServer:3260').
You must also enter the iSCSI Qualified Name (IQN) of the iSCSI target on the iSCSI host.
Using authentication like CHAP is optional and if no authentication is to be used the User and Password` fields can be left empty.
After confirming the dialog by pressing the Configure button the iSCSI storage device will show up in the storage device list after a few seconds.
The Allegro Network Multimeter will also try to activate a configured iSCSI target automatically after system startup.
Once an iSCSI device has been configured the device can be modified or removed using the Modify iSCSI device and Remove iSCSI device buttons on the Storage page.
Only one iSCSI device can be used at a time.