PacketAnalyst High Performance Network Sensors
Accelerated Servers offers the PacketAnalyst (tm) line of high performance, cost-efficient sensors which have been deployed in small and large networks covering hundreds of POPs since 2003. Our sensors are based on an open, standards-based Linux platform, and support multiple concurrent cybersecurity applications running at line rate. They are easy to port your applications to because they run standard Linux (RedHat or Debian), use standard CPUs (x86), and have a standard PCAP interface. For additional capabilities, our sensors integrate well with Accelerated Servers-supplied central storage and analytics platforms.
How it Works
The PacketAnalyst platform manages data flow from one or more 10Gigabit full-duplex ports and allows multiple applications to run over some or all of the captured data in real time or in playback mode. The PacketAnalyst API is standard PCAP and DAQ. Any program that can be compiled or has a binary available for x86 and uses the PCAP or DAQ external libraries can be supported with a simple compile. Any Debian or RedHat package that uses PCAP ro DAQ will work without additional integration. The PacketAnalyst platform also includes optional included components you can use to support automated log compression, rotation, and upload to central analytics cluster(s); automated application startup, management, and monitoring; and traffic monitoring of capture and/or dropped data from every port and each application.
Flexible 2u platform supporting 10Gigabit full-duplex line-rate operation with a suite of typical flow, DPI, IDS, and discovery, applications.
Flexible 2u platform supporting 20-30 Gigabit full-duplex line-rate operation with a suite of typical flow, DPI, IDS, and discovery, applications.
Flexible 1u platform supporting 10 Gigabit full-duplex line-rate operation with flow, DPI, and packet capture applications. Additional applications can be run on the PacketAnalyst-Lite but might impact line rate functionality of the lighter-weight applications.
Flexible 4u platform supporting 10Gigabit full-duplex line-rate operation with 12 hours of line-rate data storage, supporting a suite of typical flow, DPI, IDS, and discovery, applications.
PacketStor12-48 hour Data Storage addon for 10Gigabit full-duplex line-rate.
Clustered StorageFor longer data storage and processing functionality, Accelerated Servers can provide custom multi-Petabyte storage clusters which seamlessly integrate with the PacketAnalyst OS to allow running analytics applications over multiple days or weeks of data.
Additional PortsThe PacketAnalyst-x32, -x64, and -x80 appliances, optionally configured with local or remote PacketStor storage can take up to 6 10Gigabit ports, supporting up to 40 Gigabits of aggregate throughput.
Applicable Application Missions
IDS/IPSRuns Snort, Suricata, and other PCAP/DAQ-based IDS/IPS suites in both bypass and in-line modes.
Netflow/sFlow/IPFix ExportSupporting 100% accurate, un-sampled netflow, sFlow, or IPfix collectors.
Deep Packet InspectionRuns DPI applications for lawful intercept, proprietary and confidential information protection, and other missions.
Cloud and Edge Data ProcessingEdge sensors can be statelessly provisioned for scale (and run diskless), and support edge data processing natively or via on-sensor VMs.
Network and Application Performance AnalysisTCP Statistics, network and application transactional latency analysis.
Passive Device Fingerprintingp0f and other OS/device fingerprinting applications discover hosts and identify them by OS.
Distributed Packet CaptureReal time distributed tcpdump functionality captures matching traffic samples in real time or across stored history across the entire network.
Billing, Accounting, and Usage AuditingNetflow data supports tracking usage to the port or beyond to the customer/user level for billing or re-billing.
Identity Management IntegrationFlow tagging using real-time feeds of user/identity to IP address usage mappings. Can be integrated with Identity Management and Tracking infrastructures.
Link Fault DiscoveryDetecting sources of bad frames, unicast broadcast, and MAC/ARP spoofing.
Available Sensor Applications
- Any x86 binary application using PCAP or DAQ
- Any source-available application using PCAP or DAQ
- Cyber Security - Providing line-rate processing of multiple analytics applications
- Service Providers - NetFlow for top talkers, billing, dDoS detection
- Finance - Security as well as latency verification
- OEM - Our platform supports any source-available application