• What is the difference between the Personal Edition and the Full Edition?
• I've started VisualLookout and it doesn't do anything?
• How do I decide what I monitor?
• Why can't I monitor "some" machine?
• What does the name "pending" mean?
• What is it that VisualLookout is monitoring?
• What should I be monitoring in AutoSentry?
• What do the different colors mean in the agent window?
• What should I set the Interval and History values to?
• What do "Goto" and "Hide" mean?
• What does the agent window do?
• Will starting SnmpService on my machine expose me to hackers?
• How can I tell if someone is on my machine? and what can I do about it?
• How can I tell if there's an attempted access to a non-public area of a monitored machine?
• What are the key things to look out for?
• What if I need Support?

• Is the interface data of any value to hacker detection?
• How can I monitor for hacker intrusion?
• Will the interface display alone help with hacker detection?
• What are the different interfaces in the drop-down menu?
• Which interface should I be monitoring?
• Why can't I set the interval the same as for TCP data?
• Will interface data show up when I look at historical data?
• Is interface data saved so that I can import it into a spreadsheet along with the other data?  

Q: What is the difference between the Personal Edition and the Full Edition?

A: The Personal Edition only monitors the system where it is installed, which is normally sufficient for home use. The full edition enables monitoring of up to 100 remote systems, and is licensed according to the number of monitored systems.

Q: I've started VisualLookout and it doesn't do anything?

A: The first time you run the product it will add an entry in the list of servers (agents) for the machine upon which you are running on. This appears as "localhost". This name, as well as the IP address 127.0.0.1, is like saying, "monitor this machine." The monitoring will start by selecting the "localhost" entry in the list of agents and then clicking on File, Run (or by right-clicking on the selection and choosing, "Run").

Q: How do I decide what I monitor?

A: It is always a good idea to monitor your own machine; plus any other machines that are accessible to the Internet. You are, of course, limited to machines to which you have access. Access requires the name, or IP address, of the machines to monitor as well as the SNMP community. Community is like a password.

Q: Why can't I monitor "any" machine?

A: The machine must be visible to your machine and supporting SNMP access. You must also have a valid community (like a password) to request data from the machine. Some platforms, such as Windows ME, do not generally provide an SNMP Service. In such a case you can run the VisualLookout SnmpService. This will be automatically started if requested.

Q: What does the name "pending" mean?

A: Each connection to, or from, an agent machine will have a "remote" address expressed as an IP address. The remote address can be the same machine or a machine anywhere on the Internet. A DNS (Domain Name Service) lookup will provide the "name" associated with the remote IP address. For example the IP address 195.167.164.13 is associated with the name 'www.visualware.co.uk'. While DNS is resolving the name, VisualLookout will display "pending..." until the name is resolved.

Q: What is it that VisualLookout is monitoring?

A: VisualLookout examines the performance metrics, or statistics, and connections for the TCP protocol. This is the protocol used to service the Internet and web pages and browsers. An example of a metric is "Output Traffic". This metric represents the number of messages going out from your machine or another machines or servers. Connections represent a connection from the machine being monitored to another machine on the Internet. The traffic across that connection from the machine being monitored would be depicted in the "Output Traffic" metric.

Q: What should I be monitoring in AutoSentry?

A: VisualLookout examines the performance metrics, or statistics, and connections for the TCP protocol. This is the protocol used to service the internet and web pages and browsers. An example of a metric is "Output Traffic". This metric represents the number of messages going out from your machine to another machines, or server. Connections represent a connection from the machine being monitored to another machine on the internet. The traffic across that connection from the machine being monitored would be depicted in the "Output Traffic" metric.

Q: What do the different colors mean in the agent window?

A: The colors indicate whether the conditions for the associated metric are acceptable or not. Clicking Options, Colors, sets the values associated with each color.

Q: At what value should I set the Interval and History metrics?

A: The interval is how often you want to sample the machine being monitored. The history is the accumulation of those samples into an agent history view and an agent plot. The default values are 5 seconds per interval and 12 intervals of history. This provides data for the past minute and keeps network traffic at a reasonable level. If a more detailed history is required the intervals can be adjusted as required.

Q: What do "Goto" and "Hide" mean?

A: The "Goto" command brings the associated agent view to the top of the desktop. The "Hide" command removes the window from the desktop but continues sampling the machine. These commands are provided to allow users to reduce the number of open windows on the desktop. The "Cycle" command (click on File, Cycle in the Server window) will cause VisualLookout to bring each agent, and the server window, to the top of the desktop, in turn, every few seconds.

Q: What does the agent window do?

A: The agent window displays the information that is being monitored by VisualLookout. Several different elements of information are presented and the user can choose how some of that data is presented. Closing an agent window, by clicking on File, Exit or by clicking on the "X" in the upper right corner of the window, causes sampling for that agent to stop and the window to be removed from the desktop. The information about the agent is maintained and sampling can be resumed by selecting the agent in the server window and then clicking on Agent, Run.

Q: Will starting the SnmpService on my machine expose me to hackers?

A: Yes, opening any new port exposes you to a hacker; but SnmpService does not allow changes to be made to your machine. VisualLookout, or anyone else who knows the community password, can request data via the port that SnmpService uses. This port will be the same number as you configured for the agent; normally this is the SNMP standard, 161. If you expect to use SnmpService on a regular basis, it would be best to set the community password to something other than the standard, "public".

Q: How can I tell if someone is on my machine? and what can I do about it?

A: If your system is a private system then anyone visiting your machine is unwelcome. Simply monitor and lookout for "established incoming" connections in the agent list panel. It is advisable to just monitor incoming traffic. The action you should take is to locate the visitor using our IP tracking tool by entering the IP address or the domain name in the VisualRoute input field. VisualRoute will then trace the location of the address on a world map and provide the "whois" information so you can report the unwanted visit to the hosting provider.

Q: How can I tell if there's an attempted access to a non-public area of monitored machine?

A: First if your machine is a private machine which most at-home systems are (i.e. your system is not a Web Server) then anyone visiting is unwelcome. If you do offer public services such as being a Web Server then you need to be aware of what ports are being used. A Web Server usually uses port 80. If you see an "established incoming" connection on another port then this should concern you. You should identify the port being used to validate the service is not a public service. This appears in the agent list window. The action you should then take is to identify the visitor using our IP tracking tool by entering the IP address or the domain name in the VisualRoute input field. VisualRoute will then trace the location of the address on a world map and provide the "whois" information so you can report the unwanted visit to the hosting provider.

Q: What are the key things to look out for?

A: If your system is a private system then anyone visiting your machine is unwelcome. Simply monitor and lookout for "established incoming" connections in the agent list panel. If you do offer public services like being a Web Server then you need to be aware of what ports are being used. A Web Server usually uses port 80. If you see an "established incoming" connection on another port then this should concern you. Also any visitor that visits often or for long periods of time should be cause for concern especially if that is uncharacteristic for the service being offered.

Q: What if I need support?

A: Simply submit a Support Request  and we would be more than pleased to help you implement VisualLookout or answer any questions you may have.

Q: Is the interface data of any value to hacker detection?

A: Absolutely! Any traffic to or from your machine should only result from a request made by you.

Q: How can I monitor for hacker intrusion?

A: Monitor incoming calls using the AutoAlert feature of VisualLookout. When alerted to such an intrusion, immediately watch for any traffic on the interface connecting you to the internet. If the interface display shows that nothing is being sent to or from your machine then the alert was merely a 'probe' and you can make note of the IP address. If the VisualLookout interface display shows traffic and there is an active incoming connection, you are being hacked!

Q: Will the interface display alone help with hacker detection?

A: Yes! If you are surfing the Internet, the actual speed and utilization will reflect your requests -- but when you are not transferring data, the actual speed and utilization should zero. This is similar to the speedometer in your car showing a speed if you are just coasting without the engine being engaged, the engine isn't doing any work but you are still moving.

Q: What are the different interfaces in the drop-down menu?

A: Each computer can have zero or more 'connections to the outside world'. This can be in the form of a dial-up, or a DSL line, or even a network or LAN connection. Some servers support multiple connections each having their own network card. Each of these is an interface. Any interface can be monitored by VisualLookout.

Q: Which interface should I be monitoring?

A: On most personal computers you should watch your connection to the internet. For dial-up connection this can appear as interface type (23) WAN (PPP/SLIP) Interface, for a network or LAN connection it could be: (6) 3Com EtherLink PCI.

Q: Why can't I set the interval the same as for TCP data?

A: Interface data is not updated by the operating system at the same rate as TCP data and this results in inaccurate displays. The minimum of 15 seconds works for the majority of platforms.

Q: Will interface data show up when I look at historical data?

A: No, only live interface data is currently available.

Q: Is interface data saved so that I can import it into a spreadsheet along with the other data?

A: No, the interface data is not currently stored in the database. This is a feature planned for a future release when the format of the database will change to allow for easier export and import to other software.