Whats New

March 10/18/2016

More Fixes to the LTNet Network Engine.
LabTech Plugin and Agent integration implemented
Network Topology map is avaialable.
Fixed offline device reporting.
UPS and printer handling is improved.

March 9/8/2016

Changed to NetFlow and Add LTNet Functionality.
Various Fixes and improvements
Netflow 5,6,8 are all supported, no mirroring required, no winpcap, greater scalablity
Added many screens of data and summaries.

March 4/30/2015

Improved Performance and memory Usage of busy networks.
Various Fixes and improvements
Added Flow Direction to the Flows, Shows initial Direction and then the data transfer direction after.
Improved perfromance of category mapping, and flow retirement

March 3/26/2015

New Map Picture and Plotting technique

New Map of Activity of Flows, Animated.

Fixed assignedment of Aliases to Mac addresses
Fixed Assignment of category to flows, when flow is retired to quickly
Improved performance and timing of the main screen refreshes
Trimmed all history to make the program not puck after 7 days because of too much data
Changed the RemoteProgram to install a Service and Auto Find the server for port reporting.
Programs and installers are all digitaly signed so no more warnings when installing\running
Added Right click navigate to device and whois IP to menus


Alerting Added – Alerts are retained for a specific time and then auto deleted

Alert Rules engine added to create alerts.

 

Trigger Spots are defined as follows

1.  None

2.  MacNew ' mac

3.  AddressNew

4.  FlowNew ' all flow fields + Dest IP fields + SrcMac IP Fields

5.  FlowFinish ' all flow fields + Dest IP fields + SrcMac IP Fields

6.  FlowAssign ' all flow fields + Dest IP fields + SrcMac IP Fields

7.  InternetCheckFailure 'Responses, IPs

8.  InboundConnectionNew ' Fields + Dest IP fields + SrcMac IP Fields

9.  InboundConnection 'Fields + Dest IP fields + SrcMac IP Fields

10. OnPacket    -   UNUSED RIGHT NOW

11. ScheduledScan    -   UNUSED RIGHT NOW

12. AssetNew 'Fields  + SrcMac IP Fields

13. SSDPNew 'Fields  + SrcMac IP Fields

14. CDPNew 'Fields  + SrcMac IP Fields

15. ProgramNew 'Fields  + SrcMac IP Fields

16. VirusDetected 'Fields  + SrcMac IP Fields

17. NewWebhost ' Fields + Dest IP fields + SrcMac IP Fields

18. NewWebConnection ' Fields + Dest IP fields + SrcMac IP Fields

19.   AddressResolveFinish

20.   AddressBlacklistFinish

 

Operators Used For Rules

·         Exists – ex

·         Missing – mi

·         Equals – eq

·         NotEquals – ne

·         LessThan – lt

·         LessThanOrEqual - le   

·         GreaterThan – gt

·         GreaterThanOrEqual - ge   

·         Contains – ct

·         NotContains – nc

·         InSet – in

·         NotInSet – ni

·         Anything – at

·         Between – bt

·         RegexLike – rl

·         NotRegexLike – nr

·         AND – and

·         OR - or

Rule and Alert Examples – you can nest parentheses for rules

1.       ((local.Mac eq '001F2905ECF8') and (local.Manufacturer ne 'Cisco'))

2.       rule.Name was Detected on rule.UniqueValue at rule.AlertDate local.DhcpClient

 

Variables used for Alert messages and Rules
  
Variables are named after the table and column in the database, looking at any gridview will give you the name of the variable, remember to remove any spaces in the column name.

·         MacAddress Table – local.columnname

·         IPAddress Table – ip.columnname

·         Packet Data – packet.columnname

·         SSDP Table – ssdp.columnname

·         CDP Table – cdp.columnname

·         Asset Table – asset.columnname

·         Flow Table – flow.columnname

·         Inbound Connections Table – conn.columnname

·         Process Table – exe.columnname

·         WebConnections Table – web.columnname

·         The Current Rule being processed – rule.columnname

 

Complete variable List

rule.ID

rule.Name

rule.TriggerSpot

rule.RuleText

rule.AlertID

rule.AlertMessage

rule.OneAlertPerItem

rule.AlertLevel

local.Mac

local.Alias

local.Manufacturer

local.DhcpClient

local.DhcpServer

local.BPS

local.CPU

local.Memory

local.ActivityLevel

local.LastActivity

local.StartedTime

local.ConnectionRequests

local.BytesOut

local.BytesIn

local.LocalBytesOut

local.LocalBytesIn

local.BytesTotal

local.PacketsSent

local.PacketsRecieved

local.LocalPacketsSent

local.LocalPacketsRecieved

local.TCPPackets

local.UDPPackets

local.OtherPackets

local.PacketsSmall

local.PacketsRFC

local.PacketsLarge

local.LastRecording

local.LastBytesIn

local.LastBytesOut

local.LastIP

local.LastBPSRecording

local.LastBytesTotal

local.LocalProbe

local.LastProbeContact

local.LastAssetScan

local.InterfaceInErrors

local.InterfaceOutErrors

ip.ID

ip.IP

ip.Alias

ip.Internal

ip.BytesOut

ip.BytesIn

ip.LocalBytesIn

ip.LocalBytesOut

ip.BytesTotal

ip.PacketsSent

ip.PacketsRecieved

ip.LocalPacketsSent

ip.LocalPacketsRecieved

ip.Mac

ip.PreviousMac

ip.Manufacturer

ip.TCPPackets

ip.UDPPackets

ip.OtherPackets

ip.PacketsSmall

ip.PacketsRFC

ip.PacketsLarge

ip.LastActivity

ip.StartedTime

ip.BlackLists

ip.Country

ip.Latitude

ip.Longitude

ip.LastRecording

ip.LastBytesIn

ip.LastBytesOut

ip.PlotX

ip.PlotY

ip.Port

packet.Direction

packet.DHCP

packet.SrcMacAddress

packet.DestMacAddress

packet.Protocol

packet.ProtocolName

packet.FlowID

packet.SourceIP

packet.DestinationIP

packet.SourceAlias

packet.DestinationAlias

packet.SourcePort

packet.DestinationPort

packet.MultiCastSrc

packet.MultiCastDest

packet.AsciiPayload

packet.Service

packet.ServiceDescription

packet.SSDP

packet.Syn

packet.Fin

packet.CDP

packet.Data

packet.ProcessHash

packet.Program

packet.SrcInternal

packet.DestInternal

packet.packetLength

packet.packettime

packet.dNow

packet.DataType

packet.DataString

packet.DataString2

packet.DataString3

packet.DataString4

packet.SourceMac

packet.CountryCode

packet.BlackList

 

 

 

 

 

Special Variables for FlowNew,FlowFinish, FlowAssign

flow.FlowID

flow.Mac

flow.Source_IP

flow.Source_Port

flow.Destination_IP

flow.Destination_Port

flow.Service

flow.Protocol

flow.Count

flow.PacketsSmall

flow.PacketsRFC

flow.PacketsLarge

flow.BytesIn

flow.BytesOut

flow.StartedTime

flow.LastActivity

flow.Category

flow.Program

flow.ProcessHash

flow.FlowType

flow.DataString

 

 

Special Variables for InboundConnectionNew and InboundConnection

conn.Mac

conn.Destination_IP

conn.Destination_Port

conn.Source_IP

conn.Source_Port

conn.Count

conn.DestinationDynamicIP

conn.FlowType

conn.DataString

conn.Started

conn.LastActivity

 

Special Variables for AssetNew

asset.Mac

asset.ID

asset.IP

asset.SNMPSuccess

asset.DNSSuccess

asset.PortSuccess

asset.PingSuccess

asset.WindowsSuccess

asset.SNMPName

asset.SNMPLocation

asset.SNMPDesc

asset.SNMPContact

asset.HostName

asset.OpenPorts

asset.PingResponseTime

asset.PingOSDetected

asset.LastActivity

 

Special Variables for SSDPNew

ssdp.ID

ssdp.IP

ssdp.Mac

ssdp.friendlyName

ssdp.manufacturer

ssdp.manufacturerURL

ssdp.modelDescription

ssdp.modelName

ssdp.modelNumber

ssdp.serialNumber

ssdp.IconURL

ssdp.Server

ssdp.Location

ssdp.LastActivity

 

Special Variables for CDPNew

cdp.IP

cdp.Mac

cdp.DeviceID

cdp.Software

cdp.Platform

cdp.Version

cdp.LastActivity

 

Special Variables for ProgramNew and VirusDetected

exe.ProcessHash

exe.ProcessName

exe.ProcessPath

exe.Size

exe.StartedTime

exe.LastActivity

exe.LastMac

exe.Scanned

exe.ScanDate

exe.Positives

exe.Count

 

Special Variables for NewWebhost

web.Host

web.URI

web.Destination_IP

web.Destination_Port

web.Count

web.Started

web.LastActivity

 

Special Variables for NewWebConnection

web.Mac

web.RecordingDate

web.Method

web.Host

web.URI

web.QueryString

web.Source_IP

web.Destination_IP

web.Destination_Port

March 3/6/2015

Fixed some install Bugs and messaging for different system that are not like mine. Fixed some Links in the wizard and download urls.

 

March 3/5/2015

Asset bandwidth now defaults to active and this shows BPS

Flow Category and master category editor

License and Registration Added, When running the Wizard you will enter a key or fill out the form and get a key.

Flows now have Bits per Second recording so you can see what flow is doing right now.

Click on a Flow and Get the BPS in the tool tip

Flows List has new Data Item, “Active” Shows the Top X Flows based on BPS


Category Rules and Alert Rules have a GUID and Type to identify if they are user created, default or community

Performance Improvements, Packet Processing has been increased to 40000 packets per second.
  Added a Buffer between packet analysis and packet recording, this buffer is configurable with Packet_Count_Flush and Packet_MilSecond_Flush
  Packet_MilSecond_Flush = after this many milliseconds flush this flows buffer.
  Packet_Count_Flush = After this many packets on the flow flush the buffer.

Packet Latency information increased, See Packet Buffer Sizes, Number of Packets and Average Packet Processing time Per Second

Fixed the Asset Count that was showing one less item in the display than was in the list.

 

 

March 3/2/2015

The Whats New menu item
The User Guide menu item

 

Category Manager changed to Flow Category Rules

Category Rules changed and work correctly and have a Editor\Creator

 Create Category Rules From Flows, in the right click menu

Category Rule Editor, The rule matches only if all the items in the rule match. If the item is set to Zero or Blank then the Item is not tested and is considered a match. All match fields except the numeric ones(local port,remote port, flow type and protocol) are all regular expressions and will match as long as the expression evaluates to true. If the title of the category rule editor is “Edit Category Rule” then you are editing a rule, if the title is “Create Category Rule” then you are adding a new one.