CyberPro NUC

COMPLETE PACKET CAPTURE SYSTEM FOR CYBER ANALYSTS

CyberPro NUC is the perfect system for today’s Cyber Analysts, Cyber-Hunters, and any other cybersecurity professional who needs to take all the functionality of a complete packet capture system into the field with them. CyberPro NUC offers you all the features of NextComputing’s exclusive Packet Continuum packet capture architecture at your fingertips. Lightweight and small, you will not be burdened with heavy equipment to gain all the benefits of packet capture analysis. Add a CyberPro NUC to your arsenal to keep modern digital IP networks up and running – and fully protected. Arrive on-site, plug CyberPro NUC into the network, without disrupting IT operations, and get productive fast!

Federated, CyberPro NUC can be used at multiple sites from a central hub for monitoring offsite, as well as providing the ability for SOC teams to update security policies remotely. 

Based on our Packet Continuum packet capture workflow, the CyberPro NUC offers high-speed capture, indicators-of-compromise (IoC) alerting, and fully integrated analytics workflow. View long PCAP forensic timelines based on inline data compression. Find critical incidents for full-session analytics and reconstruction. CyberPro NUC is ideal for network performance monitoring, cyber forensics, compliance enforcement, lawful intercept, and packet data analytics.

Click thumbnails to enlarge



Download CyberPro NUC Datasheet

Key Features

  • Lossless Capture

    Up to 500 Mbps via 1G RJ-45 copper capture interface

  • Small Form Factor

    Complete packet capture feature set in the palm of your hand. Connect with your laptop or run standalone. Fits in a laptop bag.

  • Active Triggers

    Use real-time, dynamic, user-defined Active Triggers and real-time analytics to rapidly direct critical PCAP data for post-processing, using any of multiple third-party open source DPI software packages, conveniently pre-installed and ready-to-use within CyberPro NUC.

  • Extensive Logging Features

    RFC anomaly logging, file download event logging, multi-protocol event / metadata logging. The Log Investigator also allows for search, cross-correlation and extraction: HTTP, files, DNS, email, user agents, NetFlow, TLS/SSL, and VOIP.

  • Efficient Data Management

    CyberPro NUC’s built-in PCAP streaming means that no third-party software will “choke” on too much data throughput during PCAP post-processing.

  • Unified GUI

    CyberPro NUC’s interactive dashboard drives your investigation workflow. You control capture operations, check the scrolling alert log, and quickly extract PCAP or NetFlow data into Wireshark, or log/metadata findings results into CSV or text. Streaming results are also remotely accessible, both from a host-based WebGUI over the REST interface, and even from a streaming output port into any 3rd party forensics tool.

  • Visualization

    Visualization is pre-installed and hard-wired into the CyberPro NUC workflow, using open industry-standard data file formats: PCAP & NetFlow v9 records open in WireShark; log searches open as CSV files; reports as TXT/RTF files.

CyberPro NUC Workflow


Click Image to Enlarge

CyberPro NUC lets you jump quickly between PCAP actions and your tools-of-choice. Gain new insight from DPI analytics tools, and generate graphical incident reports. Then iterate new Active Trigger alerts and PCAP searches, to conclude your investigation quickly.

Real-Time Analytics Features

Open simultaneous BPF-based “Active Triggers”. Adjust them dynamically.

Log Investigator events, all with search, cross-correlation and extraction:

  • HTTP
  • File event logging, with file size and URL or SMTP reference
  • DNS
  • Email
  • User agents
  • TLS/SSL
  • VOIP
  • NetFlow
  • Active Triggers (BPF signature)
  • 1000 Snort rules (emerging-DNS, emerging-ftp
  • System events

Log Investigator search actions:

  • All logs are time-correlated with PCAPs and NetFlow data
  • Text string search of logs
  • NetFlow v9 record logging and search
  • Choose your results for any search: PCAP, NetFlow, logs, etc.
  • One-click searches auto-populate time period and search filter (BPF), based on context

CyberPro NUC Capture Process


Click Image to Enlarge

Continuous lossless packet capture into a rolling FIFO capture store. A separate extraction store retains PCAP file query results.

4-tuple indexing in real time — IP address source/destination, port source/destination — with time stamping as low as 150 nanoseconds

PCAP compression in real time — Overall storage amplification up to 20x (depending on % of captured traffic that is SSL or video)

Search PCAP data from a convenient web GUI, using easy BPF+ descriptors, immediately streaming the results from capture store to persistent extraction store.

To Get started, Contact a NextComputing Sales Engineer at
1-603-886-3874 or contact us online