You are here: Home Software WANGUARD Sensor for Sniffing & Port Mirroring

Packet Sniffing and Port Mirroring Sensor for WANGUARD and WANSIGHT

OVERVIEW: In switched networks only the traffic for a specific device is sent to the device's network card. If the traffic monitoring server is not deployed in-line, in the main data-path, then a network TAP, or a switch or router that offers "Port Mirroring" must be used. In this case, the network device sends a copy of data packets traveling through a port or VLAN to the monitoring port. The Sniffing Sensor contains a packet sniffer that inspects every packet it receives in order to do traffic analysis. It can be used by WANGUARD and WANSIGHT.
At its core, the Sniffing Sensor has a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.
KEY
FEATURES:
  • The Sniffing Sensor is completely scalable and can monitor and generate graphs for thousands of IP addresses every 5 seconds
  • Traffic graphs accuracy can be defined between 5 seconds and 10 minutes
  • It detects bandwidth-related traffic anomalies in under 5 seconds:
    • ICMP floods, SMURF attacks
    • SYN floods, LOIC
    • Peer-to-peer attacks
    • DNS attacks, UDP floods
    • Distributed Denial of Service ( DDoS ) attacks
    • Volumetric DoS attacks
    • Scans and worms sending traffic to illegal or unallocated addresses
  • Can be used together with the WANGUARD Filter to mitigate DDoS attacks
  • The Sniffing Sensor can save individual packets to help the troubleshooting of networks
  • It can use PF_RING to improve 10 Gigabit Ethernet traffic monitoring with no packet loss
  • The packet sniffer supports MPLS and VLAN tag stripping
  • Any number of instances / probes can be deployed across the network
  • Easy and non-disruptive installation on commodity hardware
  • The most cost-effective distributed packet sniffing-based traffic monitoring solution on the market
DATASHEET:
Capturing Technology
  • Port Mirroring ( SPAN - Switched Port Analyzer, RSPAN, Roving Analysis Port )
  • Network TAP
  • In-line Packet Sniffer
Maximum Traffic Capacity 10 GigE, >150,000 endpoints*
DDoS Detection Time <= 5 seconds
IP Graphs Accuracy >= 5 seconds
Traffic Validation Options IP classes, MAC addresses, VLANs, BPF
* An endpoint is an IP address that belongs to your network. The software is not limited by the number of connections between IPs.
MINIMUM HARDWARE
REQUIREMENTS:
Packet Sniffing Capacity     1 Gigabit Ethernet 10 Gbit Ethernet
Architecture x86 ( 32 or 64 bit ) x86 ( 64 bit )
Core x CPU 1 x Xeon 2.0 GHz 2 x Xeon 2.8 GHz
RAM 500 MB 1 GB
Network Cards 1 x Gigabit Ethernet with NAPI Support 
1 x Fast Ethernet for management		 1 x 10 GbE card. Intel 82599 chipset recommended
1 x Fast Ethernet for management
Operating System*  RHEL 5 / CentOS 5, RHEL / CentOS 6, Debian 6, Ubuntu Server 12, OpenSUSE 12 RHEL 5 / CentOS 5, RHEL / CentOS 6, Debian 6, Ubuntu Server 12, OpenSUSE 12
Disk Space 10 GB ( including OS ) 10 GB ( including OS )
* Other Linux distributions might work but haven't been tested yet.

TRY IT !

 You can download and try the Sniffing Sensor for 30 days by requesting an evaluation license.
Sensor licenses can be purchased directly from our on-line store.
If you have any questions or requests, please don't hesitate to contact us.