WANGuard Sniff

OVERVIEW WANGuard Sniff is the sniffer-based WANGuard Sensor module that does both incoming and outgoing traffic monitoring and accounting, as well as traffic anomalies detection ( feature unavailable in the Lite version ).

At it’s core, WANGuard Sniff has a highly scalable traffic correlation engine capable of continuously monitoring hundred of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.

FEATURES
  • Any number of instances can be deployed across the network and all collected data will be centralized and available through a single web interface that you can quickly access from any location (screenshots)
  • You can access various historic or real-time parameters ( top talkers, number of IP addresses, top protocols, protocols distribution etc. ) of the data flowing through router interfaces and switch ports (screenshots)
  • Provides on-demand MRTG-style traffic graphs for every IP address or IP class in your network, for any time frame. Traffic graphs accuracy can be defined between 5 seconds and 10 minutes (screenshots)
  • WANGuard Sniff can use PF_RING ( if available ) to improve 10GigE traffic monitoring with no packet loss. It also supports MPLS and VLAN traffic.
  • WANGuard Sniff is completely scalable and can monitor and generate graphs for hundreds of thousands of IP addresses
  • Detects traffic anomalies and provides per endpoint flexible threat management tools and an easy to use API for configuring the reaction to traffic anomalies:
    • activate WANGuard Filter for DoS, DDoS and DrDoS mitigation or additional threat information (screenshot)
    • alert the NOC staff by email using user-defined email templates (screenshot)
    • send custom syslog messages to remote log servers (screenshot)
    • send BGP announcements for blackholing targeted endpoints (screenshot)
    • execute custom scripts (screenshot) that extend the built-in capabilities such as:
      • configure ACLs or execute PIX "shun" commands to drop traffic towards targeted endpoints
      • send SNMP TRAP messages to SNMP monitoring stations
      • display the routers that are being transited by the anomalous traffic
  • Includes a very flexible billing system for bandwidth based billing (screenshots)
  • Easy and non-disruptive installation on commodity hardware
  • The most cost-effective traffic monitoring, analysis and accounting solution on the market
DATASHEET
WANGuard Sniff
Traffic Capturing Technology Port Mirroring, Network TAP, In-line Deployment
Maximum Traffic Capacity 10 GigE, >150,000 endpoints*
Traffic Parameters Accuracy Highest ( 5 seconds averages )
Traffic Anomalies Detection Time
 < 5 seconds
Traffic Validation Options IP classes, MAC addresses, VLANs, BPF
 
Minimum System Requirements for analyzing 1 Gigabit Network Interface
 
Architecture x86 ( 32 or 64 bit )
CPU 1 x Pentium IV 2.0 GHz
RAM 500 MBytes
Network Cards 1 x Gigabit Ethernet ( with NAPI Support )
1 x Fast Ethernet
Operating System** Red Hat Enterprise 5, CentOS 5.x, OpenSuSE 11,
SUSE Linux Enterprise 11, Debian Linux 5, Ubuntu Server 10, FreeBSD 8.x ( 64bit only )
Installed Packages tcpdump
WANGuard-Sensor 4.x
WANGuard-Controller 4.x
Disk Space 5 GB ( including OS )

* An endpoint is an IP address that belongs to your ASN / clients / servers. The software is not limited by the number of connections between your IPs and remote IPs. You can deploy multiple sensors to monitor traffic over 10GigE.
** Other Linux / BSD distributions should work but haven't been tested yet.
DOWNLOAD You can download WANGuard Sniff here.