GETTING STARTED
What is Cyberspatial Teleseer?
Which Teleseer plan should I pick?
How to sign-up and register for an account
What are the system requirements?
What kind of file types can Teleseer analyze?
Overview of the Teleseer user interface
Publicly available PCAP repositories
ACCOUNT
How to manage your account
How to reset your password
USING TELESEER
Uploading files on the home page
Navigating the network map
Editing and rearranging the network map
Understanding the host inventory
Understanding the external host inventory
Understanding the Connections table
Understanding the Credentials table
Understanding the Dashboard
Exploring the Inspector panel
Exploring the event timeline
TUTORIALS
How to extract PCAP from your timeline
How to identify malicious IP addresses
How to find vulnerable hosts
How to find plaintext credentials
How to export the host inventory
How to export a screenshot of your network map
How to splice PCAPs
How to add PCAPs to a compressed archive
HELP
Contact support
Glossary
Frequently Asked Questions
Troubleshooting

Frequently Asked Questions

What types of files do you support?

Teleseer processes network collection files containing 802.3 or 802.11 headers. In addition to network collection files, Teleseer processes bro/zeek logs (with more log support to come!), router configuration files, and nessus scans.

When uploading files, we highly recommend processing 802.3 or 802.11 (beta) collection files as opposed to logs because a more enriched topology will be generated. View the Sample Projects to compare a topology generated with PCAP vs a topology generated with bro/zeek logs.

Do you process wireless collections?

Yes! We process 802.11/Wi-Fi wireless collections.

How do you handle NAT'd devices?

The analytics engine distinguishes devices behind the NAT and provides a summary of the different devices observed within network topology.

How do you deal with encrypted traffic?

The analytics engine will fingerprint the encrypted devices and provide contextual awareness about the encrypted session(s) if available. This information will appear within the Timeline.

How do you deal with very large networks?

We just do it. And we do it well.

What graph database are you using?

Teleseer utilizes a custom graph database. The graph is constructed in memory for maximum performance within any web browser.

How do you deal with cloud environments?

In the near future, we will be implementing secure access to cloud shares to allow users to directly upload content from their cloud environment.

How are you securing the data that I provide to you?

There are two types of data that we store: (1) uploaded data and (2) project data.

(1) Uploaded data gets stored encrypted at rest in GCP buckets.

Your data is fully purged 30 days after deleting it from your account. This grace period lets us support undeletion requests. We delete everything immediately if you close your account.

(2) Your project data contains metadata we extracted from your uploaded data and gets stored in a separate database. This database has high-availability replications across multiple datacenters, and is snapshotted hourly and stored for 30 days.

We secure data via industry standard best practices: data at rest encryption, SSL connections for all Teleseer interactions, and secure authentication providers.

We don't look at traffic, only collect endpoint and application logs, can you do mapping?

We sure can! You can take a look here at the files we currently support. We will be supporting more file types in the future. Please let us know which logs are most valuable to you!

How is this different than active scanning for devices and vulnerabilities?

Actively scanning devices is no doubt a very helpful way to determine what's running on your network, but this also requires the installation and maintenance of these "agents" on every connected device. As you can guess, this not only takes a large amount of time to achieve but also these agents may take up valuable resources on your end users' machines.

Passively analyzing a network allows us to identify what's running on your network without the need to install and maintain these agents.

So what's the catch? There's always a catch. As a result of no agents being installed on end user devices, we rely solely on the traffic that is going across the wire. If the traffic doesn't traverse the network, we will not know much about the device(s) in question. The more traffic that traverses the network, the more we will know about the devices on the network.

How do you handle tunneled traffic (VPN, GRE, MPLS)?

The analytics engine is able to unpack tunnels of various types as long the tunnel(s) are not encrypted. The edges between endpoints will have a specific demarcation within the network topology.

How do you handle SCADA traffic?

The analytics engine is able to fingerprint SCADA traffic and display the corresponding protocols within the Timeline.

Why don't you have a self-hosted option?

We will have a self-hosted option for select users. Stay tuned!

How do you handle VMs?

VMs are handled with fingerprinting technologies and to the best of our ability we connect them to the host they are on.

How do you handle merging multiple tap points on the same network?

Teleseer will soon have the ability to correlate a collection file and a tap point. This allows the user to gain different viewpoints into the network under assessment. If the tap point is not identified, then the resulting network topology may require manual modification.

How do you handle tcpdump cooked PCAPs? (SLL layer)

"cooked" collections occur when a user collects data from "any" device. As a result, the generated collection file does not contain any layer 2 (MAC address) content.

We do not currently support cooked PCAPs. Good news! We will in the near future.

See https://wiki.wireshark.org/SLL.md for more information on supported files.

Is my capture cooked?

To determine if your capture is cooked, you can run the capinfos application.

On Linux, the application should be on your path if Wireshark is installed.

image

Example cooked pcap output on Linux

On Windows, the application will exist in your Wireshark directory.

Within Wireshark, users can determine if a pcap is cooked by selecting Statistics > Capture File Properties.

image

Exampled cooked pcap output from Wireshark

Can I import multiple collection files into a single Project?

Yes! Click on the Import tab within the Inspector panel to import additional files.

I've got a ton of data/files I want to upload...

Did you know you only need a few MB of PCAP data to map the network? You may not need to have such a large number of collection files.

Additionally, we process bro/zeek logs, which are a lot smaller than PCAP.

If you still want to upload large files, create a compressed archive (if possible) with the desired files you'd like to upload.

Down the road, we're going to provide a binary that you can drop at different tap points on your network that will sample data to keep the map updated.

Stay tuned!

How do I download the topology?

Users can download the topology hosts as a CSV file as well as a graphical image of the topology via the Export Network Graph button within the topology.

Is Teleseer a web-based tool only, or does it also offer offline or app-based analysis capabilities?

Teleseer is a web-based tool only. At this time, there are no offline capabilities.

Can I upload PCAP files directly to the web interface, or are there other methods for submitting data?

PCAP files must be directly loaded into the web interface. We are in the process of implementing direct network input into the application.

How does Teleseer process uploaded PCAP files? Are the files analyzed entirely within the platform, or are any components sent elsewhere?

All data is processed entirely within the Teleseer platform.

How can I contact support?

Support can be reached via email at support@cyberspatial.com or via the Live Chat option on the bottom right of the screen (after you've logged in).

TABLE OF CONTENTS
Creating and deleting projects
How to add additional files to your project
How to add project notes
How to change the mouse tracking speed
How to export the Credentials table
How to export the External Hosts inventory
How to filter tables by selected hosts
How to filter the timeline by selected host(s)
How to filter the topology
How to identify a host's physical location
How to make a custom view
How to pin table columns
How to search for hosts
How to see which protocols are using the most traffic
How to sort inventory tables
What is Cyberspatial Teleseer?
Which Teleseer plan should I pick?
How to sign-up and register for an account
What are the system requirements?
What kind of file types can Teleseer analyze?
Overview of the Teleseer user interface
Publicly available PCAP repositories
How to manage your account
How to reset your password
Uploading files on the home page
Navigating the network map
Editing and rearranging the network map
Understanding the host inventory
Understanding the external host inventory
Understanding the Connections table
Understanding the Credentials table
Understanding the Dashboard
Exploring the Inspector panel
Exploring the event timeline
How to extract PCAP from your timeline
How to identify malicious IP addresses
How to find vulnerable hosts
How to find plaintext credentials
How to export the host inventory
How to export a screenshot of your network map
How to splice PCAPs
How to add PCAPs to a compressed archive
Contact support
Glossary
Frequently Asked Questions
Troubleshooting
Careers
Terms of Service
Privacy Policy
Contact us
Docs
Copyright © 2024 All rights reserved.