Installing Iris. Using Iris to Monitor Network Activity. Decoding and Reconstructing Captured Data

Страницы работы

97 страниц (Word-файл)

Фрагмент текста работы

Note that running active scripts can be represent a security risk.

Decode UDP Datagrams

Indicate if you want Iris to show the content of UDP datagrams in Decode Mode.

Scroll sessions list to ensure last session visible

Iris will scroll the Sessions list. This ensures that the most recent data is shown in the packet capture window.

Use Address Book

Iris will use -+


Lists all installed adapters. See “Installing Iris” for more information about supported Ethernet cards.

To change an adapter,

•  Click the adapter.

•  Click OK (you don’t need to click Apply).

Adapters can be changed even while capturing.

Note: RAS adapters are not supported under Windows 2000/NT/XP.

They are supported on Windows 9x/Me.





Enable alarm sound

Iris will play an audio alarm when a connection attempt is detected.

Play this wave


Audio file that will be played instead of the default sound.

Log to file

File where connection attempts will be saved.

Ignore all local connections

Iris will use current IP address and network mask to determine if an address is from the local network or if it is from an external host. If this option is checked, Iris will not take into consideration connection attempts initiated by local hosts.

Ignore connections on these ports

Iris will ignore connection attempts seen on a port from the allowed ports list.

Use software


If this is checked, Iris will apply filter rules to connection attempts.

If this is cleared, Guard will notify all connection attempts (which are not filtered by the allowed port list) regardless of the applied software filter. This option allows the Guard module to function independently of the current filter.

However, using the filter gives you the option to watch connection attempts only on specific hosts. In both cases, the Ignore connections on these ports option will be in effect. 

Note: Even if Use software filter is checked, a filter will be applied only if Apply filter to incoming packets is ON.





Packet buffer size

Number of packets that the internal buffer can hold.

Stop when free disk space drops bellow

Allows you to set a break-off point for packet logging. Iris will stop logging packets when disk space gets very low. This stops a denial of service (DoS) attack aimed to fill the hard disk of the system that Iris is running on.

Note: If Decode module is enabled, Iris will also create temporary files using disk space from the partition where it is installed. These temporary files are deleted when New Capturing Session is selected or when Iris exits.

Enable CPU overload protection

Iris will not display packets when the CPU usage is at 100% for more than 4 seconds. As soon as CPU usage is less than 100%, Iris will start displaying packets again.

For advanced users:

To customize "CPU Overload Protection" add the following entries to the registry and modify their values:


ye Digital Security\Iris\CPU_Usage]





CPU_load_threshold means the CPU usage percentage from which Iris starts counting seconds

Seconds_load_threshold is the number of overload seconds after which Iris starts reducing its processing.

Start automatically with Windows

Starts Iris automatically when Windows starts, allowing a packet-log to occur as soon as possible.

Check for updates when program starts

If checked, Iris will check if a new version is available and will display What’s new in the latest version. System has to be connected to Internet for Update to work..

Using schedules


Using Schedules, you can configure Iris to capture packets only in certain timeframes.

Blue means CAPTURE, white means DO NOT CAPTURE.

In the image above, Mornings schedule will make Iris capture from

Похожие материалы

Информация о работе