Common probe features and capabilities:
Passive real-time capture of frames from Multiple GbASE,10 GBASE or 40 GBASE Ethernet.
Hardware accelerated channel merging for capture on GBASE and 10 GBASE Duplex links offering full 20 Gbit/s capability
Hardware accelerated pre filtering and load distribution to host memory for parallel processing using 2 tuple and 5 tuple sorted/unsorted hash algorithms up to 32 CPU cores
Precise time sync between probes ( capture adapter feature ) for scalability on multiple 10 Gbit/s links
High performance Linux based zero copy architecture
Schedule and Targeting of LI targets based on IP-address, MAC-number, Content strings, Regular expressions, DNS requests and E-mail addresses.
Support for any encoding e.g. UTF7, UTF8, UTF16, UTF32, Latin, Hebrew, Arabic, BIG5, Guobiao (GB..), Japanese, etc
Real time extract and reassembly of common protocols from Duplex networks.
Flexible API for easy expansion of supported protocols
Real-time aggregation, classification, double coverage and transition analysis
Embedded scripting engine for custom configurations and analysis
High-performance Real-time GEO targeting using binaries from Maxmind or QUOVA (optional)
GUI, CLI and XML-RPC interfaces
Interceptor module features
Pattern matching in full packet payload. The pattern search algorithm accepts any string or HEX value with automatic conversion of supported encodings.
REGEX matching in full packet payload
10 million pps / Duplex 10 Gbit/s on single commodity server - scalable to 32 million pps with server clustering
Above 50.000 target strings in pattern match filter
Above 20 million simultaneously tracked targets
Packets back-logged in available memory, to recover and forward packets with the same hash value as the matched packet and forwarded together with consecutive captured packets until the “session” is timed out.
Matched packets re-transmitted as original Ethernet traffic or streaming UDP/RTP or made available for the analytic tool set for further filtering and post processing.
Matched session marked by target ID
both packets / sessions matched by the pattern matching engine and all captured frames are made available for the post processing functionalities
Precise logging of packet loss and interceptor performance
Auxiliary input methods and formats include:
Net-flow, CALEA UDP/IP, DHCP Option-82
Replay and analysis / extract of stored PCAP and Raw IP files
Lookup from Internal and external data bases over ODBC
Binary data files (GeoIP)
CSV and common log files
Supported output methods include:
Internal and external data bases over ODBC
PCAP and Raw IP
Binary log files (CDR)
Extracted and reassembled log files (packet header and content files)
SCV and W3C log files
Streaming RTP/UDP with ntp and lawful ID number (Packet cable specs.)
Regular Ethernet forwarding / transmit