Netwatch
Netwatch collects information about the inbound and outbound network connections made to the host over a specified duration. Once this information is collected, the details can be downloaded as a csv file which contains details about the IP address, direction of connection, Port, the process making the connection, etc.
Steps to perform Netwatch
Open Project added earlier and click on Discover. The host(s) are listed in the table.
Select a host. You can select multiple hosts as well if required.
Once the required hosts are selected, click on Netwatch actions and click on Start netwatch
A popup confirmation window opens up. You can view the selected hosts, select the duration for running netwatch and clean earlier netwatch data from here
Change the netwatch run duration as shown below:
If you would like to clean the earlier run netwatch data
Click on OK to start Netwatch on the selected hosts, click on Cancel to cancel the operation.
Once you click on OK, you will receive a notification that Netwatch has started
Please start using the host as you normally would, accessing the applications installed on it. The network traffic will be captured.
Once Netwatch is started, the Netwatch status will be updated in the Netwatch status column
If you would like to stop a running Netwatch, you can select the host, click on Netwatch actions and click on Stop netwatch
Once Netwatch stops, the status is updated
If you would like to clean Netwatch data from a previous run, you can select the host, click on Netwatch actions and click on Clean netwatch data. Please note that once cleaned, there is no way to recover the data.
You will receive a notification regarding the same
Once you have run Netwatch on all the hosts you are interested in, you can download the data in csv form.
Navigate to the home page of the project, click on the three horizontal lines located at the upper right corner. Then, select NetWatch Data from the options. By clicking here, you will be able to download the Netwatch data in CSV format.
This opens a popup windows where you can specify ip addresses you would like to ignore ( for example: dns server ip, OmniDeq Server ip, etc)
After entering the hosts to ignore ( or leaving the entry blank ), click on OK to download the csv file
A sample csv image is shown below:
| Field | Description |
|---|---|
| Project_Wave_Name | Project name of the source node |
| Host_Alias | Node name of the node for which Netwatch is captured. |
| Host_IP | Host IP of the Node. |
| Group | Allocated group Id of the group of connected nodes containing this node |
| Connected_Project_Wave_Name | Project Name of the connected Node. |
| Connected_Host_Alias | Host IP of the connected Node. |
| Direction | Shows if the connection was inbound or outbound. |
| Boundary | Internal if the connected node is part of any other Omnideq project, External otherwise. |
| Port | For outbound direction, this is the Port number of the Node to which the outbound connection was to. In case of inbound, it is the Port number of the current Node to which the external host is connected to. |
| ProcessID | pid of the process that is holding the connection. |
| ProcessName | process name of the Process that is holding the connection. |
| Connected_Host_IP | IP of the connected Node or Host. |
If the IP addresses that are inbound or outbound are present in any of your Projects, they are identified and the Project Name where the IP address is present and the Host Alias is added in the CSV file. And based on the connections, grouping of machines is also suggested in the CSV file.