PacketAnalyst High Performance Network Sensors
Accelerated Servers offers the PacketAnalyst (tm) line of high performance, cost-efficient sensors which have been deployed in small and large networks covering hundreds of POPs since 2003. Our sensors are based on an open, standards-based Linux platform, and support multiple concurrent cybersecurity applications running at line rate. They are easy to port your applications to because they run standard Linux (RedHat or Debian), use standard CPUs (x86), and have a standard PCAP interface. For additional capabilities, our sensors integrate well with Accelerated Servers-supplied central storage and analytics platforms.
How it Works
The PacketAnalyst platform manages data flow from one or more 10Gigabit full-duplex ports and allows multiple applications to run over some or all of the captured data in real time or in playback mode. The PacketAnalyst API is standard PCAP and DAQ. Any program that can be compiled or has a binary available for x86 and uses the PCAP or DAQ external libraries can be supported with a simple compile. Any Debian or RedHat package that uses PCAP ro DAQ will work without additional integration. The PacketAnalyst platform also includes optional included components you can use to support automated log compression, rotation, and upload to central analytics cluster(s); automated application startup, management, and monitoring; and traffic monitoring of capture and/or dropped data from every port and each application.
PacketAnalyst Products
PacketAnalyst-x64
Flexible 2u platform supporting 10Gigabit full-duplex line-rate operation with a suite of typical flow, DPI, IDS, and discovery, applications.
PacketAnalyst-x80
Flexible 2u platform supporting 20-30 Gigabit full-duplex line-rate operation with a suite of typical flow, DPI, IDS, and discovery, applications.
PacketAnalyst-x32
Flexible 1u platform supporting 10 Gigabit full-duplex line-rate operation with flow, DPI, and packet capture applications. Additional applications can be run on the PacketAnalyst-Lite but might impact line rate functionality of the lighter-weight applications.
PacketAnalyst-DS12
Flexible 4u platform supporting 10Gigabit full-duplex line-rate operation with 12 hours of line-rate data storage, supporting a suite of typical flow, DPI, IDS, and discovery, applications.
PacketAnalyst Addons
PacketStor
12-48 hour Data Storage addon for 10Gigabit full-duplex line-rate.Clustered Storage
For longer data storage and processing functionality, Accelerated Servers can provide custom multi-Petabyte storage clusters which seamlessly integrate with the PacketAnalyst OS to allow running analytics applications over multiple days or weeks of data.Additional Ports
The PacketAnalyst-x32, -x64, and -x80 appliances, optionally configured with local or remote PacketStor storage can take up to 6 10Gigabit ports, supporting up to 40 Gigabits of aggregate throughput.Applicable Application Missions
IDS/IPS
Runs Snort, Suricata, and other PCAP/DAQ-based IDS/IPS suites in both bypass and in-line modes.Netflow/sFlow/IPFix Export
Supporting 100% accurate, un-sampled netflow, sFlow, or IPfix collectors.Deep Packet Inspection
Runs DPI applications for lawful intercept, proprietary and confidential information protection, and other missions.Cloud and Edge Data Processing
Edge sensors can be statelessly provisioned for scale (and run diskless), and support edge data processing natively or via on-sensor VMs.Network and Application Performance Analysis
TCP Statistics, network and application transactional latency analysis.Passive Device Fingerprinting
p0f and other OS/device fingerprinting applications discover hosts and identify them by OS.Distributed Packet Capture
Real time distributed tcpdump functionality captures matching traffic samples in real time or across stored history across the entire network.Billing, Accounting, and Usage Auditing
Netflow data supports tracking usage to the port or beyond to the customer/user level for billing or re-billing.Identity Management Integration
Flow tagging using real-time feeds of user/identity to IP address usage mappings. Can be integrated with Identity Management and Tracking infrastructures.Link Fault Discovery
Detecting sources of bad frames, unicast broadcast, and MAC/ARP spoofing.Available Sensor Applications
- Snort
- Suricata
- AMP
- YAF
- tcpperf
- p0f
- tcpdump
- Argus
- Any x86 binary application using PCAP or DAQ
- Any source-available application using PCAP or DAQ
Industry Applications
- Cyber Security - Providing line-rate processing of multiple analytics applications
- Service Providers - NetFlow for top talkers, billing, dDoS detection
- Finance - Security as well as latency verification
- OEM - Our platform supports any source-available application