Generating encrypted capture files
All files created by ORA are encrypted. These files can only be decrypted and analyzed with computers having a unique security key.
To generate encrypted capture files:
1. Obtain the ORA management file generated in Generating an ORA management file.
2. Double-click the ZIP file to extract the contents of the file to a location on the target computer’s hard disk.
3. Double-click the ORA application file (OmnipeekRemoteAssistant.exe). The main program window appears. The parts of the main program window are described below.
• Wired Adapters: Select this option to choose from a list of available wired network adapters installed on the ORA computer. You cannot select a combination of both wired and wireless adapters.
• Wireless Adapters: Select this option to choose from a list of available wireless network adapters installed on the ORA computer. You cannot select a combination of both wired and wireless adapters. The wireless adapter must be a supported adapter with the appropriate driver installed. Please visit https://www.liveaction.com/support/frequently-asked-questions/ for information on obtaining and installing the driver for your wireless adapter.
• Adapter List: The adapter list displays and allows you to select from the available wired or wireless network adapters installed on the ORA computer. You cannot select a combination of both wired and wireless adapters.
If a wireless network adapter is selected, the Channel drop down menu is enabled, allowing the selection of a wireless channel.
NOTE: If you are using a supported wireless network adapter, check with your network analyst to ensure you have the appropriate LiveAction supported wireless driver installed. You must have a supported wireless adapter and driver to capture 802.11 traffic.
• File Properties: The File Properties let you choose a folder path and specify the maximum rollover file size of a file before a new file is created. The folder path can be entered directly into the folder path edit box, or selected by clicking . All files created by ORA are saved as encrypted LiveAction capture files (*.pke), and are appended with a timestamp so that each new file created with the same folder path and file name is unique.
• Capture Control: The Capture Controls let you start and stop captures. and are enabled only when the configuration is correct. is disabled until a valid adapter has been selected. Once the capture has been started, the main program window, except for , is disabled. While the capture is running, the Total Packets, Total Bytes, and Capture Duration are displayed in real-time. When is clicked, the main program window is reenabled.
4. In the Adapter List, select one or more wired adapters, or one or more wireless adapters. You cannot select a combination of both wired and wireless adapters.
5. In the File Properties, enter or select a folder path for your encrypted capture files.
Each file that is created includes a prefix (default prefix is ‘Packet’) and timestamp in its filename. The file is saved as a LiveAction encrypted capture file (*.pke).
6. In the File Properties, specify a rollover file size (in MBs) for each capture file before a new capture file is created.
7. Click to begin generating capture files.
8. Click when you want to stop generating capture files.
9. Deliver your encrypted capture files to your network analyst per their instructions.