Unispeed logo Unispeed

Unispeed Probe specifications

Common probe features and capabilities:

  • Passive real-time capture of frames from Multiple  GbASE,10 GBASE  or 40 GBASE Ethernet.

  • Hardware accelerated channel merging for capture on GBASE and 10 GBASE Duplex links offering full 20 Gbit/s capability

  • Hardware accelerated pre filtering and load distribution to host memory for parallel processing using 2 tuple and 5 tuple sorted/unsorted hash algorithms up to 32 CPU cores

  • Precise time sync between probes ( capture adapter feature ) for scalability on multiple 10 Gbit/s links

  • High performance Linux based zero copy architecture

  • Schedule and Targeting of LI targets based on IP-address, MAC-number, Content strings, Regular expressions, DNS requests and E-mail addresses.

  • Support for any encoding e.g. UTF7, UTF8, UTF16, UTF32, Latin, Hebrew, Arabic, BIG5, Guobiao (GB..), Japanese, etc

  • Real time extract and reassembly of common protocols from Duplex networks.

  • Flexible API for easy expansion of supported protocols

  • Real-time aggregation, classification, double coverage and transition analysis

  • Embedded scripting engine for custom configurations and analysis

  • High-performance Real-time GEO targeting using binaries from Maxmind or QUOVA (optional)

  • GUI, CLI and XML-RPC interfaces

Interceptor module features

  • Pattern matching in full packet payload. The pattern search algorithm accepts any string or HEX value with automatic conversion of supported encodings.

  • REGEX matching in full packet payload

  • 10 million pps / Duplex 10 Gbit/s on single commodity server - scalable to 32 million pps with server clustering

  • Above 50.000 target strings in pattern match filter

  • Above 20 million simultaneously tracked targets

  • Packets back-logged in available memory, to recover and forward packets with the same hash value as the matched packet and forwarded together with consecutive captured packets until the “session” is timed out.

  • Matched packets re-transmitted as original Ethernet traffic or streaming UDP/RTP or made available for the analytic tool set for further filtering and post processing.

  • Matched session marked by target ID

  • both packets / sessions matched by the pattern matching engine and all captured frames are made available for the post processing functionalities

  • Precise logging of packet loss and interceptor performance

Blue Shield Probe

Auxiliary input methods and formats include:

  • Net-flow, CALEA UDP/IP, DHCP Option-82

  • Replay and analysis / extract of stored PCAP and Raw IP files

  • Lookup from Internal and external data bases over ODBC

  • Binary data files (GeoIP)

  • CSV and common log files

Supported output methods include:

  • Internal and external data bases over ODBC

  • PCAP and Raw IP

  • Binary log files (CDR)

  • Extracted and reassembled log files (packet header and content files)

  • SCV and W3C log files

  • Streaming RTP/UDP with ntp and lawful ID number (Packet cable specs.)

  • Regular Ethernet forwarding / transmit

© Unispeed A/S
Last modified on May 22 2014