Tracking Network Traffic
New forensics analysis appliance from Network Associates can capture, inspect, reconstruct and replay network traffic.Network Associates Inc.s Sniffer Technologies division on Monday introduced a new forensics analysis solution that has the ability to capture, inspect, reconstruct and replay network traffic. The solution is designed to allow administrators to delve into security events and other network anomalies in order to trace their origins, find their intended targets and assess any potential damage. Known as InfiniStream Security Forensics, the new solution is delivered on a Linux-based appliance. The operating system is stripped of all but its bare-bones components in order to maximize speed and efficiency. The appliance is installed at the core of a companys network and is capable of capturing 100 percent of the traffic moving across a full duplex network, Sniffer officials said. The appliance performs all of the packet-capture and storage functions and can store up to 2.9 terabytes of traffic.
Once the data is captured, an administrator or security analyst can retrieve it by using the main user interface, called the Mining Console. The console, which runs on a desktop PC, enables users to sift through the captured data in just about any manner.