Network Analysis

NinjaProbe Enterprise-Grade Network Analysis

Wireshark® has long been recognized as the gold standard for protocol decoding and dissecting. With over 900 LAN and WAN protocols currently supported, along with its powerful filtering capabilities, this community-driven network forensics application has been employed for over 10 years to troubleshoot general network problems, examine security concerns and debug protocol implementations. Lacking distributed deployment capabilities, summarized network views and a simplified user interface with pre-decode filtering, Wireshark has typically been limited to periodic use by skilled internetworking engineers.

A Powerful New Network Analysis Tool

Allowing organizations to leverage their existing expertise while expanding the reach of Wireshark’s superior protocol decoding, the NinjaProbe CACE Pilot Server component, coupled with a version of the CACE Pilot Client application unique to Endace, is a new and innovative tool designed to deliver numerous summarized views of network characteristics while providing an intuitive, user-friendly and visually-oriented interface that enhances the Wireshark experience. Straightforward drag-and-drop techniques enable even novice operators to drill-down deep into live traffic or stored files, obtaining a simplified but targeted view of explicit network segment characteristics, such as bandwidth usage, IP conversations and protocol distribution. Comprehensive filtering enables specific data to be isolated prior to being sent to the Wireshark dissector, dramatically reducing the time taken for Wireshark to open the file while essentially eliminating the need to understand Wireshark’s complex filtering constructs.

Enterprise-Grade CACE Pilot

An integral part of the Endace SmartDecode™ initiative, network analysis server components are deployed within remotely-distributed NinjaProbe platforms and interwork with one or more distinct Windows or Vista-based CACE Pilot Client instances - allocating processing demands between these two separate elements without transporting unnecessarily large amounts of data across the network. This along with Endace’s superior multi-core interface virtualization, CPU interrupt-free operation and zero-copy direct memory access technology, reduces the processing burden on the probe, thereby enabling the network analysis application to operate on heavily-loaded, 10Gbps high speed segments while NinjaProbe simultaneously provides other critical monitoring functions.

Employing a distributed client / server implementation of CACE Pilot, Endace enables analytical and forensics functions to be effectively and efficiently dispersed in permanent locations across an entire network infrastructure – from edge to core. NinjaProbe delivers an enterprise and carrier-grade solution for providing detailed network statistics along with the leading packet dissecting application at a dramatically lower cost than other commercial analyzer offerings and with additional monitoring features simply not available on proprietary hardware and software offerings.

The NinjaProbe CACE Pilot Server offers both 1GbE and 10GbE interface support and features local continuous rotating data storage from 16TB to 128TB, with optional disk expansions.

Intuitive Interface. Innovative Design

NinjaProbe CACE Pilot is the only distributed, enterprise grade, network analysis solution tightly integrated with Wireshark, enabling high-level interrogation of network activity along with the protocol decoding power afforded by the leading network forensics tool. The graphical user interface presents over 70 customizable views, which may be applied live or off-line to remote NinjaProbe interfaces or stored pcap and Endace extensible record format (ERF) files of any size – including those historically deemed too large for Wireshark to handle. These views may be stacked for successive drill-down investigation into particular internetworking attributes or anomalies, isolating areas of interest such as individual protocol activity or network behaviors during specific timeframes.

Views may be modified at any time by dynamically applying ISO/OSI layers 2-4 filtering attributes or applying Wireshark’s range of powerful capture and display filters. Triggered by the application of a view to an interface or file, the NinjaProbe CACE Pilot Client displays various interactive charts and graphs, including bar, pie, strip, conversational rings and grids, which allow easy manipulation and interpretation of displayed data.

Share Your Views

Designed as a collaborative tool, discrete CACE Pilot Client implementations can simultaneously connect to multiple NinjaProbe servers and numerous operators or administrators can concurrently connect to a single server component. Customized views and captured files can be shared between individual users using a simple point-and-click or drag-and-drop. Once an issue has been isolated through tailored drill-down views or filtered file captures, this enables network engineers to easily work together in identifying specific issues requiring further attention.

Superior Reporting Capabilities

As networks converge and become increasingly utilized by new, always-on, high-bandwidth applications and services, operations management teams are continually demanding a regular synopsis of specific segment activity and utilization. The client component extends a comprehensive suite of view-based reporting capabilities which enable the point-and-click creation of professional summaries. Reports can be created in a variety of formats, including pdf, word, excel and html. A unique zip-package option includes a text description, a pdf version of the report and a pcap file with the raw data packets used to create the report. An MD5 cryptographic hashing function ensures that the package has not been tampered with or modified since its generation, making the report suitable as evidence in legal proceedings.