Distributed PCAP Monitoring

Who decides on „what“ and „where“ of the packet monitoring

Packet monitoring is usually. Appliance-based, either physical or virtual.
You have to install an appliance somewhere that reads and interprets the network data.
An appliance can only evaluate the data that it can „read“, it must be connected directly to the network connection to be measured, or the network data must be actively sent to the appliance via the network, which represents an additional load or additional security weak point .
If you use appliances, you accept that you cannot measure at many critical points where you are „blind“.

The alternative
At the same time, a packet-reading process runs on every server, client, Linux OS, firewall, load balancer, etc., free of charge and error-free. This is usually. used on demand, but can also be used for monitoring.
All you need is software that analyzes the files and detects weak points.
Of course, it should support the protocols and fields that Wireshark network analysts are used to

InterTrace imports the data in realtime whenever PCAP files are generated and evaluates them with the same syntax as Wireshark – but now for long-term, aggregated, evaluated – and this in the cloud or in the local network.
Since SLIC uses Tshark-Diaply Fitler, all metrics and protocol fields that Wireshark knows can be used, an estimated 250,000.
In SLIC, the user organizes his scenarios as he needs it: the web service including LDAP, database, web server in a web scenario, the security analysis of a service in one security – and the WAN monitoring in another.
Scenarios can be summarized or assessed separately and correlated with one another.

Conclusion

InterTrace can help you
• to import 100s of pcap files on the fly
• organize them that you can clearly identify the different scenario
• Use the input of pcap files for long time monitoring
• Analyze the files by easy customizable metrics
• Create alerts and incidents that you see on the sport your critical issues
• just monitoring
o based on your data anywhere
o focusing on you critical object
o using your logic to evaluate your data