LAD: LateralAccessDevice

takes you back to before the Internet

How It Works | Download LAD | Support | LAD Security | Features & Uses | Resources

How to Capture Packets with LAD

Capturing packets with LAD is as simple as connecting a few cables (really!). By default LAD automatically captures data on every port, meaning you can capture all traffic that passes through it in aggregate and also just the traffic pertaining to specific devices, whether they are connected directly to one of LAD's ports or connected via a switch. In some circumstances LAD may not be able to differentiate between the traffic of individual devices, for example, if they are connected to LAD via a router that obscures their identifying information (such as when using NAT).

The Virtues of Long-Term Packet Capture

Long-term, or continuous, packet capture offers several advantages over "spot checks." The first and most obviously is that you have the data at all times, whether or not you need it for a specific purpose.

Continuously capturing packets with LAD is an easy, no-hassle task. If LAD is connected, by default it is capturing the packets. LAD also has no issue with storage or storage management because it captures and stores the packets in a circular fashion, in which the newest data overwrites the oldest once it reaches capacity. If you need a longer lookback period before things get overwritten, simply switch out the HDD of the chassis on which you are running LAD for a bigger one. In pass-through operation LAD's packet capture function operates passively and does not interfere with the traffic, which is the hallmark of commercial-grade packet capture. Much like a video camera, it simply records what passes through, without altering it.

In addition to pass-through capture, LAD can accept packet data from a router or switch's SPAN/mirror ports

SPAN/Mirror Capture

To convert LAD into a dedicated, standalone appliance for commercial-grade full packet capture off a SPAN or mirror port takes just a couple simple steps:

  1. Login to LAD and click on "Ports."
  2. Select the port which you will be connecting to the SPAN/mirror port on the switch or router.
  3. Checkmark "Receive Only."
  4. Save changes and reboot LAD.

After LAD reboots, the port will not route traffic, but instead capture and record everything that it receives.

Pass-Through Capture

For pass-through (aka inline) capture, you will need to change the settings on two of LAD's ports. For illustrative purposes, here are the sequence of steps to set up ports 3 and 4 for pass-through.

  1. Login to LAD and click on "Ports."
  2. Select Port 3.
  3. Checkmark "Receive Only" AND "Mirror/Send to."
  4. Select Port 4 from the dropdown menu next to "Mirror/Send to."
  5. Return to the "Ports" menu, and select Port 4.
  6. Checkmark "Receive Only" AND "Mirror/Send to."
  7. Select Port 3 from the dropdown menu next to "Mirror/Send to."
  8. Save changes and reboot LAD.

After LAD reboots, the two ports will simply pass the traffic through from one side to the other, as if there were no intervening equipment between the devices and equipment attached to either port.

Sample Configurations for Professional Users

The minimum recommended hardware configuration when using LAD for packet capture is three network interfaces, however, four or more would be preferred for most circumstances. LAD with multiple network interfaces offers several capabilities that prove quite handy for professional users, from software and web developers to network engineers and network support teams.