Artio User Guide

Introduction

This page serves as the main documentation for the Artio system.

General concepts

Internally, Artio is divided into two separate systems running independently, called ACE (Artio Control Engine) and ADE (Artio Detection Engine).

The detection engine (ADE) actively monitors the network(s) it is connected to, while reporting back any events to the control engine (ACE).

The control engine is in charge of configuration, USB communication for the command-line as well as SNMP communication with a network management system (NMS).

 

This is why two Ethernet ports are present on the Artio: the one labeled "DET" corresponds to the detection engine and thus should be connected to the network(s) you wish to monitor, while the other, labeled "CTL", corresponds to the control engine and should be connected to your management network.

Front UI

The front of the Artio unit includes an LCD display as well as a single button.

Pressing the button allows cycling between various information to be displayed on the LCD:

  • Version & basic network info
  • ADE basic info (load and VLANs)
  • ADE details (operating frequency / cycle time)
  • Network details (monitored hosts and anomalies)
  • Network load (packets per second)
  • Network load (bytes per second)

SNMP service

The Artio Control Engine offers SNMP v2c service on its "CTL" Ethernet port.

This allows easy integration into any infrastructure where a Network Management System (NMS) is already in place. For cases where no NMS is present, SNMP can still be used through simple standard tools. Being a widely-used industry-standard protocol, many tools exist to interface with it.

On many Linux systems for example, the following command can be used to query all details from the SNMP service:

System details as well as network information can be queried through this interface. Additionally, SNMP Traps will be issued by Artio to the configured NMS address whenever a network anomaly is detected.

The SNMP service details can be configured through the USB command-line interface. The related commands are presented in the corresponding section below.

Command-Line Interface

The Artio system is configured and managed through its command-line interface.

The micro-USB port on the front of the unit provides a standard serial port interface, allowing communication from any operating system without the need of special drivers or software.

 

Please note: the USB cable shown in the picture above may be visually different from the one included with your Artio unit.

To access the command-line interface, connect your computer to the micro-USB port on the Artio using the included USB cable. A new serial port should appear on your system. On Windows, this is visible in the device manager:

This is also visible in the new "Bluetooth & Devices" Settings window:

On most Linux systems, the "dmesg" utility should display some explicit message:

Take a note of the port name, then fire up your favorite terminal application (Putty, MobaXterm or any other) and open the port at a baudrate of 115200.

Please note: The port number on your system may be different from the one displayed in the screenshots here.

Here are examples using MobaXterm and Putty:

That's it! From here you can start typing commands. Try it out with the "help" command first:

Additional help for each command can be obtained by adding its name as an argument to the help command, as will be demonstrated multiple times in the following sections.

Basic information can be queried directly, however any configuration changes or access to sensitive details is restricted to administrators. The following section presents this in further detail.

Administrative mode

Many operations are restricted to administrators of the system and therefore require authentication before accessing them. Authentication is done through the "admin" command, which prompts for a password. Once authenticated, all features are accessible.

The "exit" command can be used to leave Administrative Mode. Additionally, Administrative Mode is automatically exited whenever the USB cable is unplugged.

The password for the system can be configured through the "passwd" command.

Failing authentication too many times will automatically lock the system and temporarily prevent further authentication attempts.

The number of unsuccessful attempts after which to lock the system as well as the duration of the lock can be configured through the "sec" command.

Configuration management

The entire Artio configuration can be persisted to non-volatile memory to preserve settings across reboots. The "config" command allows displaying, saving and re-loading the configuration as well as restoring factory defaults.

Fan control

The Artio unit features two internal fans for cooling. The speed of each fan can be controlled independently. By default, both fans run at 75%.

The speed of the fans can be displayed and controlled using the "fanctl" command.

License information

Each Artio unit includes a license for a certain number of VLANs and Hosts.

Information about the unit can be obtained with the "license" command.

Control engine (ACE) configuration

Specific details for the control engine can be configured through the "ace" command which provides multiple actions.

Without any arguments, it displays details about the ACE.

ACE network configuration

The ACE can be configured to use static network parameters, or acquire them through DHCP.

To use static parameters, the "ace static" command must be used with the desired parameters as arguments. This is illustrated in the screenshot below:

To acquire network parameters through DHCP, the "ace dhcp" command can be used.

Additionally, the "ade dhcp_int" command can be used to configure the interval between DHCP requests.

If needed, the MAC address of the ACE can be changed using the "ace mac" command. Using the special value "dflt" will re-load the factory-default MAC address.

ICMP configuration

The Artio Control Engine can respond to pings (ICMP echo) if desired. This can be configured through the "ace icmp" command.

SNMP configuration

SNMP can be enabled/disabled and the community string can be configured through the "ace snmp" command.

SNMP Traps can also be configured (enabled/disabled, target port) through the "ace snmp_trap" command.

Traps will be sent to the address configured through the "ace nms" command.

Detection engine (ADE) configuration

The "ade" command allows configuring the various aspects of the Artio Detection Engine. When run without any arguments, it simply displays information about the ADE.

ADE MAC configuration

If needed, the MAC address of the ADE can be changed using the "ade mac" command. Using the special value "dflt" will re-load the factory-default MAC address.

ADE VLAN configuration

The Artio Detection Engine automatically picks up on any VLAN presented to it through the trunk port. Automatic detection of VLANs can be enabled or disabled with the "ade vlan_auto" command.

The ADE network interface (labeled "DET") can be connected to either a trunk port carrying multiple VLANs, or a common "access" port directly exposing the network. Packet tagging on the ADE can thus be configured accordingly using the "ade vlan_tag" command.

Upon auto-discovering a VLAN, the ADE will attempt to obtain IP configuration through DHCP.

Each VLAN (whether manually set or auto-discovered) can be individually configured with the "ade vlan" command. When used without any arguments, it simply displays the list of currently configured VLANs.

ADE VLANs can be configured to use static network parameters, or acquire them through DHCP. To use static parameters, the "ade vlan X static" command must be used with the desired parameters as arguments. This is illustrated in the screenshot below:

To acquire network parameters through DHCP, the "ade vlan X dhcp" command can be used.

Additionally, the "ade dhcp_int" command can be used to configure the interval between DHCP requests.

VLANs can also be removed from the ADE using the "ade vlan X off" command.

ADE active scanning

Artio is designed to be able to operate semi-passively, discovering hosts as they manifest themselves on the network. This results in less network load but a slower discovery time.

By default, this mechanism is complemented by active scanning. This active scanning can be configured through the "ade scan" and "ade scan_rate" commands.

ADE detection parameters

Each individual detection module can be enabled or disabled through the following commands:

  • det_scan <on|off> - Configure scan detection
  • det_flood <on|off> - Configure flood detection
  • det_poison <on|off> - Configure poison detection
  • det_ghost <on|off> - Configure ghosting detection
  • det_part_ghost <on|off> - Configure partial ghosting detection

The ADE allows configuring many of its internal detection parameters for fine tuning where required. We recommend not changing these settings unless absolutely necessary. We suggest contacting us to understand the implications before deviating from factory-standard values:

  • ping_int <SECONDS> - Configure host ping interval
  • msta_int <SECONDS> - Configure host MAC stability interval
  • flood_limit <PPS> - Configure flood detection limit (packets per second)