InfiniStream Takes Closer Look at Nets

Network Associates' sniffer sets new standard in forensic analysis.

Network Associates Technology Inc. has issued a controlled release of InfiniStream, a Carnivore-like sniffer on steroids that will significantly up the ante for forensic network analyzers when it enters general release.

During eWeek Labs exclusive test of the latest version, slated for general release in the next quarter, we were impressed with the huge capture storage capacity—a bit more than 2.5 terabytes in RAID 5 configuration. Equally remarkable was the full-line data rate, which we attained using a Gigabit Ethernet link from a mirror port off a Summit 48 switch from Extreme Networks Inc.

Security managers charged with investigating high-value network incidents will likely get quite a bit of use out of the product. Aside from the high capture rate and large storage capacity—capabilities that Network Associates gained in its August 2002 acquisition of Traxess Inc.—new replay and analysis features make InfiniStream a tempting tool.

The product is still far from complete, however, which is why Network Associates is keeping the product in limited release.

Our tests showed that the single-Xeon-processor InfiniStream still has some kinks to work out when it comes to processing the tremendous amount of data it captures. In one test scenario, we used the product to search for specific communication between two IP addresses. We systematically shrunk the time window of our search because the data mining process ate up huge chunks of time—on the order of 2 minutes to 10 minutes per search.

InfiniStream costs $70,000 for the hardware and data mining console software. A five-license, data reconstruction module (see screen) is also available for $15,000. Annual support contracts start at $4,500 per site and can be enhanced to provide next-day, on-site technician support.