This applies to all QP models, QManager and PureInsight products upon installation of the solution for the first time
Overview of the Physical Appliances
Configuring the Network Interface of the QP
Connecting to the QP
Accessing QManager
Transceiver Setup
Verifying the Capture Port Linkage
Starting the Capture
Packet Search
PureInsight Features
General Solution Workflow
Accessing PCAPs Directly from the QP
Running Wireshark on the QP
Safely Erasing All Capture Traces from the QP
1. Overview of the Physical Appliances
All QP on-premise models have similar I/O ports for behind the unit itself. The quantity of ports will vary depending on which QP model - whether it is the QP4000 or QP500.
All Factory QP Models have the interface ‘eno1’ as the default management ports (RJ45)
I/O Port Type | # Ports QP4000 | QP2000 | QP1000 | QP600 | QP500 |
---|---|---|---|---|---|
Ethernet (RJ45) | 2 | 4 | 4 | 2 | 2 |
BMC (RJ45) | 1 | 1 | 1 | 1 | 1 |
VGA | 1 | 1 | 1 | 1 | 1 |
USB | 2 | 4 | 4 | 4 | 4 |
Serial | 1 | 1 | 1 | 1 | 1 |
All QP models have a single BMC port which is set to static or dynamic (DHCP) depending on the end-user’s preference. By default the BMC is set to dynamic.
Retrieving the BMC IP address
There are two methods to acquire the BMC IP address
Via Command Line:
Login to the QP using SSH (Secure Shell)
Once logged into the shell type this command
sudo ipmicfg -m
If the default shell login and password is needed, please contact support@quantea.com to request the default login credentials. Please provide the serial number in the email.
Via BIOS Splash Screen:
Connect the QP to a monitor using a VGA cable
Reboot the QP
Once the QP is booting, the BMC IP address will show on the bottom right of the screen during system boot time
Retrieving the Management IP Address
There are several methods of retrieving the IP address of the QP. Here we will mention three methods that are the easiest.
Via QManager GUI:
QManager can be accessed using a known IP address, or it can be accessed via the browser and typing in ‘127.0.0.1’ in the browser window (in the QP500/600 models only).
Login to QManager using the default credentials
After logging into QManager, go to [Configuration] → [Network] → [Host and Network]
The IP address will be displayed in the GUI along with other information (shown below)
Via Command Line:
Login to the QP using SSH (Secure Shell)
Once logged into the shell type this command below
ip addr show
The ‘eno1’ interface will show as eno1 with the IP address shown in the line that starts with ‘inet’ or ‘inet6’ for IPv6
Via GNOME Desktop (QP600 and QP500 only):
Using the integrated screen on the QP600 and QP500, the IP address can be configured using the GNOME desktop
Press any key on the keyboard connected to the QP to turn on the screen
Login to the GNOME desktop GUI using the default credentials
Upon logging into the desktop, go to [Applications] → [Settings] → [Network]
Go to Ethernet (eno1) and click on the ‘Cogwheel’ icon
The static IP will be listed on the next page
The desktop login credentials might be different from the QManager login credentials. To retrieve the default credentials please send an email to support@quantea.com
2. Configuring the Network Interfaces of the QP
There are several ways to configure the IP address of the QP
Via QManager (WebGUI)
QManager can be accessed using a known IP address, or it can be accessed via the browser and typing in ‘127.0.0.1’ in the browser window (in the QP500/600 models only).
Login to QManager using the default credentials
After logging into QManager, go to [Configuration] → [Network] → [Host and Network]
Choose an interface whether it is ‘eno1’, 'eno2’ or others by clicking on the [Enable] checkbox
Checking on the [Enable] checkbox will allow you to make changes to the network interface fields in the form
Fill the required fields
Field | Value | Example |
---|---|---|
Name | enoX (where X is the interface number) | eno1 |
Host Name | string value | quantea_qp4000 |
Aliases | (Optional) alternative host name alias | quantea_b |
IP Address | IPv4 or IPv6 address | 192.168.1.20 |
Netmask | Netmask for IPv4 in bits. 24 is equivalent to /24 | 24 |
DNS | (Optional) IP address of the DNS server | 192.168.1.1 |
Broadcast Address | (Optional) Broadcast address based on IP address | 192.168.1.255 |
Default Gateway | Default gateway IP address | 192.168.1.254 |
On the very bottom of the page, click on the [Enable] button to submit your changes and to apply the new network configuration
Note that you will be disconnected from the GUI if the same interface being used changed its IP address
Ping the new IP address or utilize the browser to access the new IP address
Via GNOME Desktop (for QP500/QP600 models only)
Using the integrated screen on the QP600 and QP500, the IP address can be configured using the GNOME desktop
Press any key on the keyboard connected to the QP to turn on the screen
Login to the GNOME desktop GUI using the default credentials
Upon logging into the desktop, go to [Applications] → [Settings] → [Network]
Go to Ethernet (eno1), toggle the [ON/OFF] switch and then click on the ‘Cogwheel’(gear) icon
The field with the IP address and other settings are displayed
Set the IP address to static by clicking on the [Manual] radio button
Fill the IP address and the other necessary fields accordingly
Click [Apply] when finished
Go back to the interface list and toggle the [ON/OFF] switches one more time to make sure the settings apply
Note: Changing the interface settings using the GNOME GUI will also change the settings shown on QManager Web-GUI
Via Command Line (via SSH or BMC remote console) - Non-Persistent Change
These steps provide a non-persistent way of changing the IP address of the management interface. Changes will revert after a system reboot of the QP. For persistent changes please follow the methods shown above.
Login to the QP using SSH (Secure Shell)
Once logged into the shell type this command below:
ifconfig eno1 192.168.1.20 netmask 255.255.255.0 up
Use the command above except substitute (eno1) with the interface that you would like to configure; (192.168.1.20) with the desired IP address and (255.255.255.0) with the desired network mask.
To change a default gateway for the management interface, use the command below:
route add default gw 192.168.1.254 dev eno1
Replace (192.168.1.254) with desired gateway IP address and (eno1) with the desired interface name
Verify that the changes are applied by typing this command:
ip addr show
Verify the gateway configuration has been changes by using this command:
route -n
3. Connecting to the QP via QManager and PureInsight
By setting up the IP address using the steps before, the QP is now ready to be accessed.
Both QManager and PureInsight is designed to work with web browsers
Check the Browser Compatibility Chart
Format | Example | |
---|---|---|
QManager | http://<QP_IP_Address> | http://192.168.1.20 |
QManager (SSL) | https://<QP_IP_Address> | https://192.168.1.20 |
PureInsight | https://<QP_IP_Address>/pureinsight | https://192.168.1.20/pureinsight |
Separate guides on QManager and PureInsight are provided in the knowledge base
Link to QManager Guide (Knowledge Base)
Link to PureInsight Guide (Knowledge Base)
4. Accessing QManager
In order to access QManager, go to you web browser and type in the address which is detailed in the previous section.
It will take you to the QManager login page. Type the default credentials to login.
After logging in, you will go to the System Status page by default. The Navigation Bar is shown across the top bar. Go to [Capture] → [Capture Setting].
If network interface transceivers are still not connected to the QP, read the next session below.
5. Transceiver Setup
Compatible transceivers are shown in this list: Compatible Transceivers
Verify that the transceiver is can fit the QP model. Use this transceiver cage chart to verify with your transceiver:
Transceiver Speed | Cage Form Factor | Additional Requirements |
---|---|---|
1G | SFP | |
10G | SFP+ | |
25G | SFP28 | Requires QSFP to SFP Converter |
40G | QSFP | |
50G | SFP56 | Requires QSFP to SFP Converter |
100G | QSFP28 | |
200G | QSFP-DD | |
400G | QSFP-DD |
Connect the transceiver and cable to the QP and verify the linkage by following the steps in the next section.
6. Verifying the Capture Port Linkage
Once the appropriate transceivers and cables are connected, now it is time to verify the link status on the capture interfaces.
Login into QManager and go to the [Capture Settings] page
Instructions on logging in to QManager and accessing the Capture Settings page is on Section #4
The link status will be shown on the upper right of the page. The link status indicator updates every 5-10 seconds.
Here are the types of link statuses
Link Status | Explanation |
---|---|
UP | Link is up |
DOWN | Link is down |
UP (Glitch) | Link is up but FEC or other correction settings are disabled. Perhaps due to limitation of the transceiver |
DOWN (Glitch) | Link is down but FEC or other correction settings are disabled. Perhaps due to limitation of the transceiver |
7. Starting the Capture
With QManager, starting a capture can be done within a couple of steps. All QPs already have the default configuration set up in QManager so that is needed to do is to ‘Start’ the capture.
Login into QManager and go to the [Capture Settings] page
Follow the steps of starting capture in this page
Detailed steps regarding starting a capture: Start a Capture
8. Packet Search
Packet Search is a valuable tool for identifying and resolving issues by using filters that cover protocols, port numbers, timeframes, and expressions. The following explanation clarifies how to use Packet Search on QManager.
Packet search relies on the QP’s internal indexing system to deliver an accurate search. If the QP is brand new and completely empty until recently, then wait for a 2-3 minutes for the initial indexing to work its way through and try again the steps below.
Login into QManager and navigate to the Packet Search page by going to [Packet Search] → [Packet Search]
The Packet Search page has several options, this page will describe the remaining steps (and a video) on how to perform a packet search on QManager. Using Packet Search on QManager
9. PureInsight Features
PureInsight is a separate user interface to QManager to perform queries and network analysis.
PureInsight has several benefits including:
Identify and pinpoint unusual traffic in the network
Collect data for security analysis
Detect peaks and valleys in the bandwidth usage
Analyze the performance of your network
To connect to PureInsight please follow the steps described in Section #3 of this quick start guide.
As a first time user of PureInsight, it is suggested to use the Interactive Search section of PureInsight as a starting point to get a sense on the various capabilities of PureInsight.
Here are the links to PureInsight:
Link to the main PureInsight page
Link directly to PureInsight Interactive Search
10. General Solution Workflow
Going through this quick start guide, you already have a good picture on the general workflow regarding the QP, QManager and PureInsight.
QP, QManager and PureInsight
Here is a quick summary of how the QP, QManager and PureInsight all work together to maximize your workflow when it comes to analyzing your network.
QP: The QP is the main appliance that is designed to collect network traffic
QManager: QManager is the software UI that configures the QP. It has four main functionalities: Capture, Admin, Search and Storage
PureInsight: PureInsight is a software UI that uses the QP’s data for network visualization and analysis
Both QManager and PureInsight share the same PCAP dataset stored on the QP. So a search can be performed on PureInsight and then the search result can be replayed using QManager.
Capture Trace Format
The capture format is an industry standard PCAP format (libpcap based) that with a nanosecond timestamp precision
Iterative Searching
Searches can be performed on the search results themselves. For example if the first packet search query is to search all packets in the QP from 14:00 to 14:15, that search query result can be searched again.
The output search result on a previous search query becomes the input for the upcoming search query, it can be performed many times until more relevant data is extracted.
Query # | Input | Output | Search Criteria | Result |
---|---|---|---|---|
1 | All Packets from 14:00 to 14:15 | search_result.pcap | All packets | 1,000,000 packets |
2 | search_result.pcap | search_result.pcap | ip host 192.168.1.20 | 78,000 packets |
3 | search_result.pcap | search_result.pcap | dst host 8.8.8.8 | 2,500 packets |
4 | search_result.pcap | search_result.pcap | tcp | 188 packets |
The idea of iterative searching is to help narrow a larger subset of data into more specific and more relevant dataset so that root causes can be determined quicker.
11. Accessing the PCAPs Directly from the QP
There are several ways of accessing PCAP data from the QP.
Downloading PCAPs via SFTP
Download via SFTP is a straightforward method to get PCAPs from the QP
We recommend tools such as WinSCP or Filezilla as SFTP clients
Connect to the QP using port 22 on your SFTP client and enter the credentials for SSH access
Navigate the directory to go to ‘/cifs/capture/permanent' or ‘/cifs/capture/records/portX' (where X is the port number)
Find the PCAP file of interest and download to your PC using the SFTP client software
Downloading PCAPs via PureInsight
With PureInsight, a search can be performed to extract relevant packets which will be saved to an output PCAP file. That output PCAP file can then be downloaded using the PureInsight GUI.
Note: PureInsight File Manager only has access to individual files within the ‘/cifs/capture/permanent’ directory
Login into PureInsight
Go to the Interactive Search page
Within the interactive search page, perform a date/time search and select a directory to search from.
Create an output file
12. Running Wireshark on the QP
One requirement to run Wireshark on your client using the QP is X11, there are several options including MobaXterm and SecureCRT for Windows. Mac/Linux clients already have X11 installed natively.
After installing SecureCRT of MobaXterm follow the steps below to be able to access wireshark on the QP
Open up SecureCRT/MobaXterm and select the New Session option.
Select the SSH2 protocol.
Then enter the Hostname and the Username (Change the port or firewall if needed).
Once connected, open Session Options and got to Connection > Port Forwarding > Remote/X11. Then enable Forward X11 packets option and then select ok.
After logging in via SSH, type this command to run wireshark
wireshark
Wait until Wireshark GUI shows up on your client PC
All PCAP files in the directory ‘/cifs/capture/’ can be opened using Wireshark
13. Safely Erasing All Capture Traces from the QP
Erasing all capture traces from the QP can be performed using QManager.
Login into QManager
Go to [Packet Search] → [Clear PCAP Folder]
Click on [List Available Directories]
Select a directory you would like to clear by clicking on the directory
The directory will autofill in the main page, then click on [Clear]
Wait until the page reloads, the files in that directory is cleared after the page has loaded
Repeat this process until all the directories have been cleared
This page does not clear all PCAPs in a directory recursively, this is a designed as a measure to prevent unintentional deletion of files within other directories.