Installation & Deployment

Ax3soft products can monitor and analyze the data transmitted within the intranet and/or between the intranet and extranet, or over VLAN. However, the program can only function properly with correct installation and configuration. The following sections, taking Sax2 as an example, introduce how to install and configure Ax3soft products in different network environments, including shared network and switched network.

Sharing networks – Connect the Internet through the Hub

A shared network is also known as hubbed network which is connected with a hub.
Hubs are commonly used to connect segments of a LAN. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. A passive hub serves simply as a conduit for the data, enabling it to go from one device (or segment) to another. So-called intelligent hubs include additional features that enable an administrator to monitor the traffic passing through the hub and to configure each port in the hub. Intelligent hubs are also called manageable hubs. A third type of hub, called a switching hub, actually reads the destination address of each packet and then forwards the packet to the correct port.
With a shared environment, Ax3soft Sax2 can be installed on any host in LAN. The entire network data transmitted through the Hub will be captured, including the communication between any two hosts in LAN.

(Topology illustration 1)

Switched network – Switches with management functions (port mirroring)

Switch is a network device working on the Data Link Layer of OSI. Switch can learn the physical addresses and save these addresses in its ARP table. When a packet is sent to switch, switch will check the packet’s destination address from its ARP table and then send the packet to the corresponding port.

Generally all three-layer switches and partial two-layer switches have the ability of network management; the traffic going through other ports of the switch can be captured from the debugging port (mirror port/span port) on the core chip. To analyze the traffic going through all ports, Ax3soft Sax2 should be installed on this debugging port (mirror port/span port).

The following table presents the advantages and disadvantages of using a switch with mirror port.

a. No additional facility required
b. No need to change network topology
a. Occupies a switch port
b. Possible influence to network transmission performance when meeting huge traffic

(Topology illustration 2)

Switched network – switches without management functions (no port mirroring)

If your switch has no management function, you can:

the use of network-connector (Taps)

Taps can be flexibly placed on any line in network. When the requirement for network performance is very high, you can add a tap to connect your network. The following table presents the advantages and disadvantages of using a tap.

a. No influence to network transmission performance
b. No interference with data stream and raw data
c. Does not occupy IP address, free from network attacks
d. No need to change network topology
a. High cost
b. Additional facility (tap) required
c. Requires dual adapters
d. Can not connect Internet

(Topology illustration 3)

  Use Hub (Hub)

Working on share mode, hubs are applicable for small networks.

a. Low cost
b. No need to be configured
c. No need to change network topology
a. Additional facility (hub) required
b. Interference to network transmission performance when meeting huge traffic
c. Not applicable for big networks

(Topology illustration 4)

Monitoring a network segment

In the case when you only need to monitor the traffic in a network segment (e.g. Finance department, Sales department, etc.), you can connect the server on which Ax3soft Sax2 is installed and the network segment with a exchange facility. The exchange facility can be hub, switch or proxy server.

(Topology illustration 5)