Interview networks solutions and Wasabi Networks develop together a common analysis platform for high speed capture and deep packet analytics
The technical integration of Sharkmon by Interview and Wasabi Network provides an excellent solution for a workflow of high speed capture and deep packet analysis.
Pain Points Industry
High speed capturing often lacks of deep data analytics - users have to know when and what an incident happened, before downloading pcap files and run manual analysis.
Wasabi solution provides unique features for users to improve and facilitate "search and filter" processes.
Wasabi Networks specializes in providing highly scalable, always-on solutions that can record network traffic at speeds from 1Gbps up to 100Gbps and at volumes up to Petabytes of storage. As all network traffic is always "on record", the system contains all performance issues, all network attacks, and all network activity back in time leading up to such incidents (as long as storage allows). Data can be searched and accessed on-the-fly through a Web-GUI, or by 3rd party solutions through an API. A sophisticated queuing and scheduling mechanism allow teams of experts sharing searches and search results interactively, to quickly zoom in on issues. 3rd party solutions can use the system as a high-speed front-end, where network traffic can be filtered and extracted for post-analysis, anomali detection, and trend predictions by such solutions
These features perfect fit for integration with Sharkmon:
- Recurring captures - capture can be autop split in short tiem _ smaller size Pcap Files
- Future / history scheduled (forward / Backward) - jobs can bed ascheduled for future monitoring / start tomorrow - stop 2 weeks later)
- Prioritized Search Queue - search queues can be prioritized, allowing urgent searches to be executed instantly despitede a possible search queue
- Separated partitions - separate partitions allow to assign disk partitions to certain search paramters, which allows a much fatser search on criticl topics - instead searching the whole storage
- Ultra fast search engine
Sharkmon can connect to capture appliances and manage search and download processes, forward filter conditions, set timing options and finally import requested data and analyse the retrieved packets on customizable conditions.
Packets from the network are capture and stored by Wasabi NTA, if required in separate partitions for criticism and standard data.
User can defines search and download conditions on Intertrace:
- Filter - so BPF
- timing - history or future data
- recurring - where user can define size or time duration of each capture file - longtime captures can be split in many smaller slices
With this solution a high-performance capture platform closely integrates into deepest packet analysis based on wireshark filters and metris
- for continuous monitoring of network segments and
- long time monitoring user-customizable metrics and protocols
- deep packet content analytics
- incident recognition and alerting
Sharkmon analysis workflow
1) Importing packets from capture appliance or pcap directories
define content, filter, time, priority
3) identify symptoms based on packet content, counters, or deviations
as incidents or raw data in logarithmic dashboards, select your critical data in dashboard
2) analysis packets
based on customizable profiles, identify incidents, organize in categories
4) forward pcap file
to local wireshark or cloudshark