NextComputing has announced automated PCAP extraction workflow capability for its widely-used, real-time, open PCAP solution, Packet Continuum. Automated PCAP workflow capability presents a great benefit to the Wireshark community, as well as other open-source network forensics software tools such as the Security Onion suite.
“The challenge for users of Wireshark and other widely-used open source packages is they have wonderful features for PCAP analytics and visualization, but you can only visualize a finite amount of PCAP at once, and the real-time front end capture modules just can’t keep up – resulting in lost packets and wasted time,” said John H. Ricketson, Executive Vice President of NextComputing. “What these users really need is a fully open, real-time PCAP infrastructure they can depend upon, and from which they can control a stream of PCAP query results into Wireshark, and simultaneously into other open source tools-of-choice. This is what we have built.”
The Packet Continuum can scale for lossless capture at any line speed, from 1Gbps to 40Gbps, and can further scale to over 100Gbps. Packet Continuum’s real-time packet analytics provide the first level of information in the form of a real-time event log. User-defined Active Trigger events are dynamically adjustable. These real-time features ensure a user will never lose a packet, and route only the most important transactions into Wireshark.
Packet Continuum’s automated PCAP workflows provide Wireshark users with an interactive investigative environment for retrospective packet analytics. For example, a user may discover a list of IP addresses with suspect activity, from which the user can make a BPF-based query for packet data and get immediate streamed results. Even for a query with very large results that may take seconds or minutes to complete, Packet Continuum will begin streaming PCAP results almost instantly in 100MB “chunks” into Wireshark. At the same time, the same PCAP results stream to other open-source packages from the Security Onion suite, for log collection, data visualization and further investigative review. This new information will lead to more PCAP queries against the large capture store, as the investigative team narrows their focus to the target “bad guy” event.
(click to enlarge)
NextComputing is the developer of an open, scalable, and high-performance software framework for capture and managing big data on the wire including lossless packet capture, NetFlow and metadata generation, and fast packet retrieval. We also offer solutions based on enterprise-class industry-standard Linux servers such as those by DELL, as well as our own developed and manufactured appliances for portable and small form factor rack deployable use cases. We are focused on enabling enhanced workflows for OEMs, solutions providers, and enterprise users who are looking for an open framework to support a range of potential tools. We also offer a complete suite of services that can add value to your business such as optimizing workflows to meet your needs, connector development integration with your analytics tools, software branding, various configuration options, and more.