Tracking Network Traffic

New forensics analysis appliance from Network Associates can capture, inspect, reconstruct and replay network traffic.

Network Associates Inc.s Sniffer Technologies division on Monday introduced a new forensics analysis solution that has the ability to capture, inspect, reconstruct and replay network traffic.

The solution is designed to allow administrators to delve into security events and other network anomalies in order to trace their origins, find their intended targets and assess any potential damage. Known as InfiniStream Security Forensics, the new solution is delivered on a Linux-based appliance. The operating system is stripped of all but its bare-bones components in order to maximize speed and efficiency.

The appliance is installed at the core of a companys network and is capable of capturing 100 percent of the traffic moving across a full duplex network, Sniffer officials said. The appliance performs all of the packet-capture and storage functions and can store up to 2.9 terabytes of traffic.

Once the data is captured, an administrator or security analyst can retrieve it by using the main user interface, called the Mining Console. The console, which runs on a desktop PC, enables users to sift through the captured data in just about any manner.

The data can be filtered by IP address, time or port number.

The InfiniStream appliance also includes software capable of reconstructing and replaying traffic, including FTP and Web sessions, e-mails and voice over IP conversations.

Sniffer, based in Santa Clara, Calif., is using a controlled release process for InfiniStream, under which about 25 target customers will get the solution first. It will then be released for general sale in the third quarter at a price of $85,000.

  • Read more articles by Dennis Fisher
  • Read more articles about security