|
FAQ
1.General
1.1
What is Sax2?
1.2
What can I do
through Sax2?
2. Installation & deployment
2.1 Iinstalled Sax2 will affect net
speed?
2.2 Capture
Nothing. Top
2.3 Why I can
only capture the local traffic? Top
2.4 HUB or mirror
switches on the recommendation models.
2.5 Whether
the company will leak privacy by using Sax2?
2.6 What is
principle to realize Sax2?
2.7 Can Sax2
monitor Active Directory domain network?
2.8 When re-install,
whether need to backup configuration and log?
3. Usage
3.1
How to determine the name of worker who uses a computer?
3.2 How can
I see a machine's MAC address?
3.3 Can I monitor
MSN after it use plug-in encryption?
3.4 Can Sax2
detect the traffic occupation in the network?
3.5 Why do
3.4not show the email which I sent from web page in the
mail logs?
3.6 Email log
list capturing the e-mail message, but I double-click the
message to see the original information, failed. Why?
3.7Can Sax2
identify the worm infected machines in network?
3.8 When we
manage firewall through web interface, need to add 10,081
port behind the URL, but then I have not seen the information
in the HTTP logs, what is the problem?
3.9 If access
the Web site by https, can it analyze the accessing server
information?
3.10
When capture packets, find some adapter have a number of
IP addresses. Why? Is this normal?
3.11 Why I
can only capture the packets sent , can not capture the
packets received ?
4. Purchase
4.1 Why should we buy the official
version?
4.2 How to get
the official version of Sax2?
4.3 How to
activate this product?
4.4 Can remote
landing be activated?
1.1
What is Sax2?
Sax2 is network security and management tools, which
is designed for the network specifically with powerful functions
and simple operation. With the real-time packets capturing
and analysis of system, you can detect network attacks,
and interfere with its implementation once discovered, thereby
protecting networks against attacks.
Top
1.2
What can I do through Sax2?
If you are:
【Network Manager】 - - Detecting network attacks,
find infected machines, count network traffic, find potential
security flaws in network ...
【Executives】- - - -- -- -- -- View the company's internal
Web access, test whether e-mail is safety , detect illicit
server log ...
【Security Manager】- -- -- Perspective on the specific
content of network transmission, analyze network anomalies,
to find potential security risks in network...
【Security adviser】- - - -- -Analyze network, help customers
to resolve address security vulnerabilities, optimize network
performance ...
Top
2.1
Iinstalled
Sax2 will affect net speed?
Sax2
is the bypass monitoring mode; only analyze the copy of
the packets, so it will not affect the existing communications
and network speed. Is the choice of hub (HUB) or switch
to monitor? we recommend using HUB (Please note the Hub’s
connection), otherwise needing to use the mirror switch,
when the export bandwidth of less is than 4 M.
Top
2.2
Capture
Nothing.
Maybe not
choose the right adapter.
Click "Detection \ Adapter" menu to pop-up adapter
settings window,All supported adapters are listed
in the Adapter page,
if there are two or more adapters
, check whether
the selected adapter
is the
adapter
you are using.
If did not find any adapter
or information
is not correct, that means you have the installation problems.
Please re-install. If after the re-installation, we also
can not find the adapter
, then it
is possible that the adapter
does not
support.
Top
2.3
Why I can only capture
the local traffic?
This means your computer
is connected with the switch. In order to capture
other computer’s traffic, we need to increase
a HUB or a switch which support mirror port. If the
connect Internet through the server, it also can be installed
directly on the server. Please refer to specific "Installation
& deployment "
Top
2.4
HUB or mirror switches on the recommendation models.
Recommended HUB (hub)
models: TL-HP5MU of the Tplink, ( five port 10 M Ethernet
hub).
Recommended mirror switch
models: TL-SF2005 of the Tplink, ( five port mirror switches).
Top
2.5
Whether the company will leak privacy by using Sax2?
Sax2
only run in your company's operating within the LAN, do
not have any data exchange with Interne except checking
for updated version. Information is in the local archive,
will not cause the leakage of information.
Top
2.6
What is principle to realize Sax2?
1). Protocol Analysis
of Principles
Through the mirror port
or switch HUB radio communications, can receive the communication
data packets from other control host. And then revert data
package by software, extracted the data from it.
2). Blocking
Principles
TCP communication is the
connection-oriented, so can disconnect the TCP connection
d by sending some disguise packets. This is the blocking
principle of
Sax2.
Top
2.7 Can Sax2 monitor Active
Directory domain network?
Sax2
can monitor the
computer in domain , but can not support monitoring by domain
account, only can monitor based on the MAC address and IP
address.
Top
2.8 When
re-install, whether need to backup configuration and log?
When uninstall,
we will delete the profile, but does not delete the log
file, so before you re-install, you better back up the previous
configuration (installation directory’s the "data" directory
is that).
Top
3.1
How
to determine the name of worker who uses a computer?
1). Sax2 monitor under the MAC address (LAN address,
the user can not be changed) by default. In a single network
environment, MAC address and the computer are one-to-one
relationship, according to MAC address to judge the corresponding
staff.
2) In the multi- segment network environment, MAC
address and computer are not one-to-one relationship, and
need to monitor through IP addresses. Therefore, only through
IP address to judge the user, we recommend using IP and
MAC bundled technology in cases of multi- segment network
environment, to prevent employees to evade monitoring through
the revision of IP.
Top
3.2
How can I see a machine's MAC address?
MAC
address is the adapter address Click the "Start" ->
"Run", input "cmd”, click enter, and then input "ipconfig
/ all" to cmd window. To see all the configuration information
of the adapter, the "Physical Address" is the MAC address.
Top
3.3
Can
I monitor MSN after it use plug-in encryption?
Yes, you
can. But you will see the content is encrypted (it will
be messy code.)
Top
3.4
Can Sax2
detect the traffic occupation in the network?
Sax2
can count the entire network or a single network node,
including the total traffic, traffic per second, the average
traffic in detail.
Top
3.5
Why do not show the
email which I sent from web page in the mail logs?
Sax2’s
mail analysis functions support the protocol is SMTP and
POP3, while sending e-mail based on web use the HTTP protocol,
and submits with form style, so it will not be displayed
in the email log automatically.
Top
3.6
Email
log list capturing the e-mail message, but I double-click
the message to see the original information, failed. Why?
Sax2
did not keep copies of e-mail message by default. In this
case, you will not see the original information directly.
To enable this feature, Please refer to help document.
Top
3.7Can
Sax2 identify the worm infected machines in
network?
Yes it can.
There are two kinds worm. One is based on e-mail worm; the
other one is based on operating system. The first worm’s
the performance of the main characteristics is high frequency
sending a message, similar content in the message headers,
the same e-mail attachments. The second worm’s the performance
of the main characteristics is trying to work with all host
LAN connection, linking the port are consistent and link
between the gap between short time, greater flow of occupation.
Sax2’s email logs can
capture analysis and reorganize sending and receiving mail
in the network. According to e-mail log information and
the features of e-mail worm, user
can identify the worm infected machines in network.
Through packet view and conversation view, you can easily
identify infected machines within vulnerabilities worm.
Top
3.8
When we manage firewall through web interface, need to add
10,081 port behind the URL, but then I have not seen the
information in the HTTP logs, what is the problem?
By default,
Sax2 analyze the HTTP accessing based on the 80 port.
Analyze the web accessing based on other port (such as the
10,081) , Please refer to help document.
Top
3.9
If access the Web site by https, can it analyze
the accessing server information?
No, it can
not. Https is encrypted transmission. Sax2
or even all of the protocol software can only capture communications
packets of https, but can not analyze and restrict its specific
accessing information.
Top
3.10
When
capture packets, find some adapter have a number of IP addresses.
Why? Is this normal?
Generally,
a adapter has a number of IP addresses, as followings:
Under normal
circumstances, a adapter targeted a number of IP.
Gateway:
When data communicates, each of the three-tier equipment
will change the source address of the packet into his own,
and send to the next equipment, so a gateway matching a
number of IP is normal.
ARP attacks:
when do ARP attacks, generally there will have a host of
intermediaries, this host will match a number of IP because
of the needs to deceive the client and gateway together.
Therefore,
when the adapter matches a number of IP address, we need
to analyze. If it belongs to segment 1 and 2, it is normal,
but if it is the third one, which means the network is in
the attacks, and the current adapter corresponding to the
host which is the attack source, should immediately conduct
a thorough investigation.
Top
3.11
Why I can only capture the packets sent , can not capture
the packets received ?
This phenomenon
is due to your wrong HUB connection or incorrect switch
ports mirror configured. If you are using the HUB with the
uplink, the port which connects uplink port can not connect
to any network lines. If it still does not work, you can
try another port. If you are using the switch, please make
sure whether have done mirrors in send and receive data.
Top
4.1
Why should we buy the official version?
As a registered user, you can enjoy the following rights.
1).
Software copies with full functional.
2).
Free upgrades in subscription period.
3)
Get the first information about software upgrades and new
products.
4).
Lifelong free technical support.
Top
4.2
How to
get the official version of Sax2?
Contact us,
and then we will give you the official version and a registration
key and activation number, through the "activation wizard"
to activate to get Sax2 official version.
Top
4.3
How to activate this product?
At any time,
activate the product through the Internet or sending Email.
Each option is only a few steps to complete. For details,
see product activation center
Top
4.4
Can remote landing be activated?
Remote landing can be activated. Its methods are as same
as the local landing activation’s.
Top
|
