Network Recorders Are A Window To The PastNetwork Recorders Are A Window To The Past
Announced at Interop, Endace Analytics Center 2000 provides network analysis for Endace's NinjaProbe, while Solera Networks announced an OEM program providing data-capture services to others. In both cases, the ability to play back captured network traffic eases troubleshooting and resolution.
September 17, 2008
Announced at Interop, Endace Analytics Center 2000 provides network analysis for Endace's NinjaProbe, while Solera Networks announced an OEM program providing data-capture services to others. In both cases, the ability to play back captured network traffic eases troubleshooting and resolution.Network monitoring software populates events that you are expressly looking for, although going back and re-forming the question or digging deeper is often not possible minutes, hours, or days after the event. Any IT or security administrator has said more than once, "I wish I had captured that data." Capturing network data at line rate, even at gigabit speeds, is not normally possible with off-the-shelf hardware, much less the ability to store full packet captures. Both Endace's and Solera's capture appliances can store terabytes of data with options for storage expansion.
Collecting data is one thing, but analysis is the motivator. Endace's Analytics Center 2000 is a client-server application that runs on the NinjaProbe and offers reporting and analysis tools using Endace's own SOAP API. The configurable dashboard offers filterable views of the captured traffic, letting administrators drill into network traffic by clicking on visual tables rather than typing in strings. For example, you can start searching from an IP address or discovered application, and continue filtering out the unwanted data. Deeper packet analysis can be conducted by downloading the captured packets and using your favorite analyzer. EAC 2000 uses Wireshark, natively. NinjaProbe is more than just a packet capture device -- Linux-based analysis programs like Snort IDS can be installed on NinjaProbe and provide analysis on the appliance, while NinjaProbe can generate multiple NetFlow outputs sent to external hosts. Solera Networks bills itself as the search engine for network analysis, and they do have an intuitive interface that can look for key words and file types, in addition to IP addresses and port numbers that ships with its DeepSee appliances. In addition to native analysis, Solera Networks has announced an OEM program around its Capture Stack technology. The program allows vendors to leverage captured data in their own products. By using Solera Networks' Capture Stack for packet capture, the OEM partners can focus on building their own products. For example, automatically capturing a snapshot of traffic between two peers before and after a security event may provide vital context for further analysis. While other network recorders like NetScout's Infinistream and Network Intruments' GigaStor appliances offer similar functionality to both Endace's NinjaProbe and Solera Networks' DeepSee, the integration API's offered by both Endace and Solera provide useful integration points for other network management and security products.
About the Author(s)
You May Also Like