Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This applies to all QP models, QManager and PureInsight products upon installation of the solution for the first time

  1. Overview of the Physical Appliances

  2. Configuring the Network Interface of the QP

  3. Connecting to the QP

  4. Accessing QManager

  5. Transceiver Setup

  6. Verifying the Capture Port Linkage

  7. Starting the Capture

  8. Packet Search

  9. PureInsight Features

  10. General Solution Workflow

  11. Accessing PCAPs Directly from the QP

  12. Running Wireshark on the QP

  13. Safely Erasing All Capture Traces from the QP


1. Overview of the Physical Appliances

All QP on-premise models have similar I/O ports for behind the unit itself. The quantity of ports will vary depending on which QP model - whether it is the QP4000 or QP500.

All Factory QP Models have the interface ‘eno1’ as the default management ports (RJ45)

I/O Port Type

# Ports QP4000

QP2000

QP1000

QP600

QP500

Ethernet (RJ45)

2

4

4

2

2

BMC (RJ45)

1

1

1

1

1

VGA

1

1

1

1

1

USB

2

4

4

4

4

Serial

1

1

1

1

1

All QP models have a single BMC port which is set to static or dynamic (DHCP) depending on the end-user’s preference. By default the BMC is set to dynamic.

Retrieving the BMC IP address

There are two methods to acquire the BMC IP address

Via Command Line:

  1. Login to the QP using SSH (Secure Shell)

  2. Once logged into the shell type this command

    sudo ipmicfg -m 

If the default shell login and password is needed, please contact support@quantea.com to request the default login credentials. Please provide the serial number in the email.

Via BIOS Splash Screen:

  1. Connect the QP to a monitor using a VGA cable

  2. Reboot the QP

  3. Once the QP is booting, the BMC IP address will show on the bottom right of the screen during system boot time

Retrieving the Management IP Address

There are several methods of retrieving the IP address of the QP. Here we will mention three methods that are the easiest.

Via QManager GUI:

  1. QManager can be accessed using a known IP address, or it can be accessed via the browser and typing in ‘127.0.0.1’ in the browser window (in the QP500/600 models only).

  2. Login to QManager using the default credentials

  3. After logging into QManager, go to [Configuration] → [Network] → [Host and Network]

  4. The IP address will be displayed in the GUI along with other information (shown below)

Via Command Line:

  1. Login to the QP using SSH (Secure Shell)

  2. Once logged into the shell type this command below

    ip addr show 
  3. The ‘eno1’ interface will show as eno1 with the IP address shown in the line that starts with ‘inet’ or ‘inet6’ for IPv6

Via GNOME Desktop (QP600 and QP500 only):

  1. Using the integrated screen on the QP600 and QP500, the IP address can be configured using the GNOME desktop

  2. Press any key on the keyboard connected to the QP to turn on the screen

  3. Login to the GNOME desktop GUI using the default credentials

  4. Upon logging into the desktop, go to [Applications] → [Settings] → [Network]

  5. Go to Ethernet (eno1) and click on the ‘Cogwheel’ icon

  6. The static IP will be listed on the next page

The desktop login credentials might be different from the QManager login credentials. To retrieve the default credentials please send an email to support@quantea.com

2. Configuring the Network Interfaces of the QP

There are several ways to configure the IP address of the QP

Via QManager (WebGUI)

  1. QManager can be accessed using a known IP address, or it can be accessed via the browser and typing in ‘127.0.0.1’ in the browser window (in the QP500/600 models only).

  2. Login to QManager using the default credentials

  3. After logging into QManager, go to [Configuration] → [Network] → [Host and Network]

  4. Choose an interface whether it is ‘eno1’, 'eno2’ or others by clicking on the [Enable] checkbox

  5. Checking on the [Enable] checkbox will allow you to make changes to the network interface fields in the form

  6. Fill the required fields

Field

Value

Example

Name

enoX (where X is the interface number)

eno1

Host Name

string value

quantea_qp4000

Aliases

(Optional) alternative host name alias

quantea_b

IP Address

IPv4 or IPv6 address

192.168.1.20

Netmask

Netmask for IPv4 in bits. 24 is equivalent to /24

24

DNS

(Optional) IP address of the DNS server

192.168.1.1

Broadcast Address

(Optional) Broadcast address based on IP address

192.168.1.255

Default Gateway

Default gateway IP address

192.168.1.254

  1. On the very bottom of the page, click on the [Enable] button to submit your changes and to apply the new network configuration

Note that you will be disconnected from the GUI if the same interface being used changed its IP address

  1. Ping the new IP address or utilize the browser to access the new IP address

Via GNOME Desktop (for QP500/QP600 models only)

  1. Using the integrated screen on the QP600 and QP500, the IP address can be configured using the GNOME desktop

  2. Press any key on the keyboard connected to the QP to turn on the screen

  3. Login to the GNOME desktop GUI using the default credentials

  4. Upon logging into the desktop, go to [Applications] → [Settings] → [Network]

  5. Go to Ethernet (eno1), toggle the [ON/OFF] switch and then click on the ‘Cogwheel’(gear) icon

  6. The field with the IP address and other settings are displayed

  7. Set the IP address to static by clicking on the [Manual] radio button

  8. Fill the IP address and the other necessary fields accordingly

  9. Click [Apply] when finished

  10. Go back to the interface list and toggle the [ON/OFF] switches one more time to make sure the settings apply

Note: Changing the interface settings using the GNOME GUI will also change the settings shown on QManager Web-GUI

Via Command Line (via SSH or BMC remote console) - Non-Persistent Change

These steps provide a non-persistent way of changing the IP address of the management interface. Changes will revert after a system reboot of the QP. For persistent changes please follow the methods shown above.

  1. Login to the QP using SSH (Secure Shell)

  2. Once logged into the shell type this command below:

    ifconfig eno1 192.168.1.20 netmask 255.255.255.0 up 
  3. Use the command above except substitute (eno1) with the interface that you would like to configure; (192.168.1.20) with the desired IP address and (255.255.255.0) with the desired network mask.

  4. To change a default gateway for the management interface, use the command below:

    route add default gw 192.168.1.254 dev eno1 
  5. Replace (192.168.1.254) with desired gateway IP address and (eno1) with the desired interface name

  6. Verify that the changes are applied by typing this command:

    ip addr show 
  7. Verify the gateway configuration has been changes by using this command:

    route -n 

3. Connecting to the QP via QManager and PureInsight

By setting up the IP address using the steps before, the QP is now ready to be accessed.

Both QManager and PureInsight is designed to work with web browsers

Check the Browser Compatibility Chart

Format

Example

QManager

http://<QP_IP_Address>

http://192.168.1.20

QManager (SSL)

https://<QP_IP_Address>

https://192.168.1.20

PureInsight

https://<QP_IP_Address>/pureinsight

https://192.168.1.20/pureinsight

Separate guides on QManager and PureInsight are provided in the knowledge base

Link to QManager Guide (Knowledge Base)

Link to PureInsight Guide (Knowledge Base)

4. Accessing QManager

In order to access QManager, go to you web browser and type in the address which is detailed in the previous section.

It will take you to the QManager login page. Type the default credentials to login.

After logging in, you will go to the System Status page by default. The Navigation Bar is shown across the top bar. Go to [Capture] → [Capture Setting].

If network interface transceivers are still not connected to the QP, read the next session below.

5. Transceiver Setup

Compatible transceivers are shown in this list: Compatible Transceivers

Verify that the transceiver is can fit the QP model. Use this transceiver cage chart to verify with your transceiver:

Transceiver Speed

Cage Form Factor

Additional Requirements

1G

SFP

10G

SFP+

25G

SFP28

Requires QSFP to SFP Converter

40G

QSFP

50G

SFP56

Requires QSFP to SFP Converter

100G

QSFP28

200G

QSFP-DD

400G

QSFP-DD

Connect the transceiver and cable to the QP and verify the linkage by following the steps in the next section.

6. Verifying the Capture Port Linkage

Once the appropriate transceivers and cables are connected, now it is time to verify the link status on the capture interfaces.

  1. Login into QManager and go to the [Capture Settings] page

Instructions on logging in to QManager and accessing the Capture Settings page is on Section #4

  1. The link status will be shown on the upper right of the page. The link status indicator updates every 5-10 seconds.

  2. Here are the types of link statuses

Link Status

Explanation

UP

Link is up

DOWN

Link is down

UP (Glitch)

Link is up but FEC or other correction settings are disabled. Perhaps due to limitation of the transceiver

DOWN (Glitch)

Link is down but FEC or other correction settings are disabled. Perhaps due to limitation of the transceiver

7. Starting the Capture

With QManager, starting a capture can be done within a couple of steps. All QPs already have the default configuration set up in QManager so that is needed to do is to ‘Start’ the capture.

  1. Login into QManager and go to the [Capture Settings] page

  2. Follow the steps of starting capture in this page

Detailed steps regarding starting a capture: Start a Capture

8. Packet Search

Packet Search is a valuable tool for identifying and resolving issues by using filters that cover protocols, port numbers, timeframes, and expressions. The following explanation clarifies how to use Packet Search on QManager.

Packet search relies on the QP’s internal indexing system to deliver an accurate search. If the QP is brand new and completely empty until recently, then wait for a 2-3 minutes for the initial indexing to work its way through and try again the steps below.

  1. Login into QManager and navigate to the Packet Search page by going to [Packet Search] → [Packet Search]

  2. The Packet Search page has several options, this page will describe the remaining steps (and a video) on how to perform a packet search on QManager. Using Packet Search on QManager

9. PureInsight Features

PureInsight is a separate user interface to QManager to perform queries and network analysis.

PureInsight has several benefits including:

  • Identify and pinpoint unusual traffic in the network

  • Collect data for security analysis

  • Detect peaks and valleys in the bandwidth usage

  • Analyze the performance of your network

To connect to PureInsight please follow the steps described in Section #3 of this quick start guide.

As a first time user of PureInsight, it is suggested to use the Interactive Search section of PureInsight as a starting point to get a sense on the various capabilities of PureInsight.

Here are the links to PureInsight:

Link to the main PureInsight page

Link directly to PureInsight Interactive Search

PureInsight Use Cases

10. General Solution Workflow

Going through this quick start guide, you already have a good picture on the general workflow regarding the QP, QManager and PureInsight.

QP, QManager and PureInsight

Here is a quick summary of how the QP, QManager and PureInsight all work together to maximize your workflow when it comes to analyzing your network.

QP: The QP is the main appliance that is designed to collect network traffic

QManager: QManager is the software UI that configures the QP. It has four main functionalities: Capture, Admin, Search and Storage

PureInsight: PureInsight is a software UI that uses the QP’s data for network visualization and analysis

Both QManager and PureInsight share the same PCAP dataset stored on the QP. So a search can be performed on PureInsight and then the search result can be replayed using QManager.

Capture Trace Format

The capture format is an industry standard PCAP format (libpcap based) that with a nanosecond timestamp precision

Iterative Searching

Searches can be performed on the search results themselves. For example if the first packet search query is to search all packets in the QP from 14:00 to 14:15, that search query result can be searched again.

The output search result on a previous search query becomes the input for the upcoming search query, it can be performed many times until more relevant data is extracted.

Query #

Input

Output

Search Criteria

Result

1

All Packets from 14:00 to 14:15

search_result.pcap

All packets

1,000,000 packets

2

search_result.pcap

search_result.pcap

ip host 192.168.1.20

78,000 packets

3

search_result.pcap

search_result.pcap

dst host 8.8.8.8

2,500 packets

4

search_result.pcap

search_result.pcap

tcp

188 packets

The idea of iterative searching is to help narrow a larger subset of data into more specific and more relevant dataset so that root causes can be determined quicker.

11. Accessing the PCAPs Directly from the QP

There are several ways of accessing PCAP data from the QP.

Downloading PCAPs via SFTP

  1. Download via SFTP is a straightforward method to get PCAPs from the QP

  2. We recommend tools such as WinSCP or Filezilla as SFTP clients

  3. Connect to the QP using port 22 on your SFTP client and enter the credentials for SSH access

  4. Navigate the directory to go to ‘/cifs/capture/permanent' or ‘/cifs/capture/records/portX' (where X is the port number)

  5. Find the PCAP file of interest and download to your PC using the SFTP client software

Downloading PCAPs via PureInsight

With PureInsight, a search can be performed to extract relevant packets which will be saved to an output PCAP file. That output PCAP file can then be downloaded using the PureInsight GUI.

Note: PureInsight File Manager only has access to individual files within the ‘/cifs/capture/permanent’ directory

  1. Login into PureInsight

  2. Go to the Interactive Search page

  3. Within the interactive search page, perform a date/time search and select a directory to search from.

  4. Create an output file

12. Running Wireshark on the QP

One requirement to run Wireshark on your client using the QP is X11, there are several options including MobaXterm and SecureCRT for Windows. Mac/Linux clients already have X11 installed natively.

Link to downloading MobaXterm

Link to downloading SecureCRT

After installing SecureCRT of MobaXterm follow the steps below to be able to access wireshark on the QP

  1. Open up SecureCRT/MobaXterm and select the New Session option.

  2. Select the SSH2 protocol.

  3. Then enter the Hostname and the Username (Change the port or firewall if needed).

  4. Once connected, open Session Options and got to Connection > Port Forwarding > Remote/X11. Then enable Forward X11 packets option and then select ok.

  5. After logging in via SSH, type this command to run wireshark

    wireshark
  6. Wait until Wireshark GUI shows up on your client PC

  7. All PCAP files in the directory ‘/cifs/capture/’ can be opened using Wireshark

13. Safely Erasing All Capture Traces from the QP

Erasing all capture traces from the QP can be performed using QManager.

  1. Login into QManager

  2. Go to [Packet Search] → [Clear PCAP Folder]

  3. Click on [List Available Directories]

  4. Select a directory you would like to clear by clicking on the directory

  5. The directory will autofill in the main page, then click on [Clear]

  6. Wait until the page reloads, the files in that directory is cleared after the page has loaded

  7. Repeat this process until all the directories have been cleared

This page does not clear all PCAPs in a directory recursively, this is a designed as a measure to prevent unintentional deletion of files within other directories.

  • No labels