It no longer shows any computers that can be monitored.
Posted: Mon Jul 26, 2010 7:24 pm
by barak
It no longer shows any computers that can be monitored. We did have to move the computer to a different room, but we setup the ethernet cables to attach to the same port in the switch as it was connected >to.
I am must have changed something, but I am not sure what.
It no longer shows any computers that can be monitored.
Posted: Mon Jul 26, 2010 7:27 pm
by admin
We need more details to locate the problem:
1. Can WFilter monitor itself computer?
2. Is the port a mirroring port in your switch?
3. What is your switch model and brand? And how is the mirroring setup?
And please also check below settings:
1. In "System Settings"->"Monitor Settings", check whether monitoring is started.
2. In "System Settings"->"Monitor Settings", check the "Monitoring adapter" to see whether it is correct.
3. In "System Settings"->"Monitor Settings", check "IP Segment" settings. If you're not sure about it, please leave it as blank.
4. In "Control Settings"->"User-computer table", check whether WFilter computer itself is checked as "Enable Monitor".
It no longer shows any computers that can be monitored.
Posted: Tue Jul 27, 2010 7:00 pm
by barak
1. Can WFilter monitor itself computer? - No
2. Is the port a mirroring port in your switch? - Yes
3. What is your switch model and brand? And how is the mirroring setup?
The switch is a Netgear GS748AT 48 Port Smart Switch. '
One port has a Cisco PIX firewall. Other port is mirroring that PIX port, which is the one that the
monitoring Ethernet card for IMFirewall is plugged into.
Second Set of Questions You Asked:
1. In "System Settings"->"Monitor Settings", check whether monitoring is started. --
It says Monitoring State is Running.
2. In "System Settings"->"Monitor Settings", check the "Monitoring adapter" to see whether it is correct. --
It is correct, but I tried the other Adapter and it did not work either.
3. In "System Settings"->"Monitor Settings", check "IP Segment" settings. If you're not sure about it, please leave it as blank.
I made it blank.
4. In "Control Settings"->"User-computer table", check whether WFilter computer itself is checked as "Enable Monitor".
It has to NIC cards. One that is in the mirroring port was checked, the other was not. I have checked both.
No computer are listed as online.
It no longer shows any computers that can be monitored.
Posted: Tue Jul 27, 2010 11:54 pm
by admin
Even WFilter is not connected to the mirroring port, it shall be able to monitor itself computer unless it has no internet activity.
There is a way to check whether port mirroring is properly configured: Upon successful mirroring, the "Received" packet number shall be much larger than the "Sent" packet number in the monitoring computer's "local network status".
It no longer shows any computers that can be monitored.
Posted: Wed Aug 04, 2010 8:05 pm
by barak
local area network status
It no longer shows any computers that can be monitored.
Posted: Wed Aug 04, 2010 8:12 pm
by admin
As you can see from the "local network status", the "Received"
packets number is about the same as the "Sent" packets. It means the
port mirroring isn't working.
So I recommend you to check your port mirroring settings, though you
said you're using the same port as previous. It is also possible that:
1). WFilter computer is connected to a wrong port.
2). Someone has changed the port mirroring settings.
Please check.
If this problem still exists, tell me your detailed port mirroring
settings.
And what are the anti-virus and firewall programs in the WFilter
computer? Because some firewall programs might drop non-local packets, I
also recommend you to disable anti-virus and firewall programs in
WFilter computer to check(you don't need to disable firewalls in client
computers).
It no longer shows any computers that can be monitored.
Posted: Wed Aug 04, 2010 10:50 pm
by barak
As far as I can tell, the port mirroring is still setup like it was (PIX is plugged into the mirroring port on the switch g3) and the network card is plugged into the port where the data is being sent (g2).
Attached is a screen shot of the switch setup.
I removed the anti-virus program.
Today, I switched the network cable so the cable going to g2 was in the other card (thinking maybe the card has issues). When I tried to apply the settings in WFilter. It just hung. It never told me the settings were applied. It looked up for over 4 hours. I finally stopped it and rebooted the computer. It looks like the settings took, but nothing is different.
It no longer shows any computers that can be monitored.
Posted: Thu Aug 05, 2010 1:18 am
by admin
From what I can see, the port mirroring settings are correct.
Other steps for you to try:
1. Make sure the cable connections are correct. (I guess you have done it).
2. Restart the switch. Because it is possible that the port mirroring settings won't take effect before restarting of the switch.
3. If it is available, connect another PC/laptop to the "g2" port and check its "local network area status". The "Received" packet number shall be much larger than the "Sent" packets.