USB Presenter Capture

From Allegro Packets Product Wiki
Jump to navigation Jump to search

This page describes how the Allegro Network Multimeter allows a user to start a capture with a USB presenter. This capture can be actioned 'Back in Time' for a defined period. In addition, the capture files can be uploaded to an SFTP server at a defined time.

This feature has been designed to allow non-IT staff to record pcaps when an error occurs; it also allows for captures without opening a Web interface.

Requirements

This feature is supported by all Allegro Network Multimeters, even for the VM Version starting at firmware Release 3.0. It requires a free USB port on the Allegro with USB 2.0 or higher. One internal or external disk needs to be configured at GenericStorage and a ring buffer must be configured. Please note that the capture is extracted from the ring buffer and a ring buffer filter rules for packet slicing will affect the exported pcap.

As of now, the Logitech R400 is supported. Allegro will add more presenters on request. An optional USB sound device will play a beep when a key has been pressed.

USB Capture Trigger Setup

Connect the Logitech R400 USB dongle with the Allegro. If you have a Virtual Edition Allegro, please pass-through the USB device directly to the Allegro VM.

Once this is done, navigate to the Settings -> Expert settings page and open the USB capture trigger.

Presenter dialog.png

Once any key has been pressed on the presenter, one pcap will be generated. The pcap end time is when the button has been pressed and the start time is defined by the capture interval. As example, an interval of 60 seconds will generate a capture of the last minute when a presenter key was pressed.

The captures are stored at the root directory of the storage device or, if enabled, in the upload directory for SFTP uploads.

SFTP Export Setup

The Allegro can automatically upload pcap files to an SFTP server from the upload directory on the disk. To configure it, please navigate to SettingsRemote Access and ExportPcap export via SFTP. This allow to export all captured pcap files at a certain time of day. As example it can be used to transfer pcaps during the night from remote locations to a central SFTP server.

Sftp export.png

Advanced Multi-pcap Setup

There are situations where the Allegro shall record multiple separate pcaps for a key with specific filters. This can be done by enabling the USB capture filter in the USB capture trigger dialog. The filter syntax is described in the Capture module.

A good example is the installation of an Allegro 500 with 2 links and 2 virtual link groups ( see Virtual Link Group Configuration Guide), one before and one behind the firewall.

Presenter filter group.png

As a second example you can record pcaps of up to 4 different IP addresses at the same time with just one click.

Presenter filter ip.png