Capture Engines have no user interface of their own and rely on an Omnipeek console to provide a user interface through the Capture Engines window. The Capture Engines window in Omnipeek is used for interac- tion between Omnipeek and a Capture Engine.
Connecting to a Capture Engine from Omnipeek
In order to view packets and data from a Capture Engine, you must first connect to the Capture Engine from the Capture Engines window.
To connect to a Capture Engine from Omnipeek:
- Do one of the following to display the Capture Engines window:
- Choose View > Capture Engines.
- Click View Capture Engines on the Start Page.
The Capture Engines window appears and displays the list of currently defined Capture Engines.
Note: Both Omnipeek and Capture Engine Manager maintain the same list of Capture Engines. Making a change in either program automatically updates the list in the other program. - Click Insert Engine. The Insert Engine dialog appears. Note: You can also click Discover Engine in the toolbar to find all of the Capture Engines available on your network segment. See Discover Capture Engines for details.
- Complete the dialog:
- Host: Enter the IP address of the Capture Engine that you want to connect to.
- Port: Enter the TCP/IP Port used for communications. The default port is 6367.
- Domain: Type the Domain for the Capture Engine. If the Capture Engine is not a member of any Domain, leave this field blank.
- Username: Type the Username for login to the Capture Engine.
- Password: Type the Password for login to the Capture Engine.
- Click Connect. When the connection is established, the Capture Engine appears in the
Capture Engines window.
Tip: You can add multiple Capture Engines to the Capture Engines window by clicking Insert Engine. - Click Insert Group to add a group of Capture Engines to the Capture Engines window.
- Select the Capture Engine group and then click Insert Engine to add an Capture Engine to
the group.
Capturing from a Capture Engine
You can select from the following options to capture packets from a Capture Engine:
- New Capture…: This option lets you create a new capture window based on the capture settings that you define.
- New “Forensics Capture”: This option lets you create a new capture window based on pre-configured capture settings optimized for post-capture forensics analysis.
- New “Monitoring Capture”: This option lets you create a new capture window based on pre-configured capture settings optimized to produce higher level expert and statistical data in a continuous capture.
- Edit Capture Templates: This option opens the Capture Templates dialog and allows you to create new or edit existing capture templates.
Note: For more information about each of the optimized capture formats,
please see the Omnipeek User Guide or online help.
To begin a remote capture from a Capture Engine:
- Do one of the following:
- On the Home tab, select the type of remote capture to perform by selecting New Capture under the Captures heading.
- On the Captures tab, select the type of remote capture to perform by clicking the small arrow next to Insert.
- On the Adapters tab, select the type of remote capture to perform by selecting
New Capture under the name of the adapter you wish to use.
The remote Capture Options dialog appears.
- Make any desired changes to the capture option settings.
- Click OK. A Capture Engine capture window appears. Note: The views in the left-hand navigation pane that are available in a Capture Engine capture window depend on the type of Capture Engine that is connected, and the Analysis Options capture settings configured for that capture window. See the Omnipeek User Guide or online help for details on using the features available from Capture Engine capture windows.
- Click Start Capture to begin capturing packets. Start Capture changes to Stop Capture.
- Click Stop Capture when you want to stop collecting packets into the remote capture buffer.