Unispeed Netlogger

FAQ

1. General Questions

1.0 What is Unispeed Netlogger

Unispeed Netlogger is a network traffic sniffer, and analytical device. Netlogger offers at the same time, very high sniffing capabilities (up to several GBit/s in Enterprise devices), and extremely powerful analytical capabilities Where other sniffers are most often designed with a specific application in mind (and that application usually being diagnostics), Unispeed Netlogger is more like a tool chest which can be used to build your own specialized applications to fit your exact logging and monitoring needs. At the same time, the extremely powerful and usable graphical user interface allows fast examinations of network conditions, traffic, communication, etc.

1.1 What is a sniffer

A sniffer is a tool which is used to intercept network traffic. Sniffers look at the traffic available on it's network interfaces. Most sniffers analyze the collected traffic in some way, but this is not a requirement to call something a sniffer. The most basic (but somewhat useless) sniffer could just dump all collected traffic in a file, and leave the analysis to other tools. Most sniffers however, focus on a specific type of analysis. Such as intrusion detection, network diagnostics, or similar. Unispeed Netlogger is a multiple purpose sniffer, which can replace numerous hardware and software systems on the network.

1.2 How does a sniffer work

Well, that depends on the type of sniffer - hardware or software. Unispeed Netlogger is available as both. A software sniffer will usually monitor all packets which can be seen from the standard interfaces is has available (it's network cards).

A hardware sniffer on the other hand can have many interfaces of various types. These interfaces are used only for traffic collection, and not for communicating with the sniffer itself. A special interface on the sniffer (often called management interface) is used for communicating with the sniffer.

1.3 What is deep packet inspection

Mostly it's a buzz word. The term sniffer really does not say anything about the level of processing done on the network packets collected, so while most traditional sniffers only look at packet header information like source and destination IP addresses, some sniffers also process in some manner the payload of the collected packets. This capability is referred to as 'deep packet inspection'.

Unispeed Netlogger certainly processes the payload of packets. It also reassembles the entire TCP or UDP packet stream into a whole layer 7 transmission units like HTTP transfers, FTP transfers, and emails. These data types are in term analyzed as a whole. For example, it's possible to create a Netlogger configuration, which stores all emails captured, containing the word 'mother'

1.4 How do I connect the Netlogger to my network

Netlogger will work both in passive and bridged mode. When operating in bridged mode redundancy is recommended as the Netlogger otherwise could create a single point of failure.

In passive mode the Netlogger is connected to one or more monitor ports, network tabs or light splitters. Operating only on copied traffic the Netlogger is completely invisible on the network.

The Netlogger GUI is installed on a Windows or Linux workstation and connects to the Netlogger via the management interface.

1.5 How is collected data stored

Netlogger has internal storage capability (up to 2 TByte). Otherwise data is output to any external data base. Netlogger will store data in common log file formats and pcap files simultaneously. For clustering of more devices, Netlogger have tools for streaming data to each other.

1.6 Can I use Netlogger to analyze already captured data

Netlogger will read from pcap files, log files and perform data base lookup for further data processing and mining.