High-capacity packet capture
etherExtractor
Secure your network with confidence
As mobile devices and multimedia content consumption becomes more and more widespread, the volume of data traffic from mobile phones, tablets, PCs, and other smart devices is expected to continue increasing rapidly. Data centers must expand and strengthen their networks to handle this surge in traffic. Application processing and data storage are critical services, and securing a network’s functionality requires effective monitoring of the data flowing through it. Artiza Networks developed etherExtractor to make securing backbone networks more reliable and efficient through high-capacity, lossless packet capture.
Concept
The challenges of maintaining network quality and security
- Ensuring subscribers’ promised bandwidth requires monitoring network quality
- Creating a monitoring system that accurately gauges usage status in real time to prevent issues before they occur
- If a problem does occur, minimizing the time required to pinpoint the cause and respond
- Efficient and effective service management
The right packet capture tool overcomes all of these challenges
- Fully captures 100% of packets from ever-increasing traffic loads and makes the capture data usable as fast as possible
- Connects easily to other monitoring and anomaly detection systems
- High reliability with excellent cost performance
- Flexible enough to customize the system for individual use cases
- Speedy support after installing the system
▼
From functionality to usability,
the etherExtractor series evolves
to meet engineers’ needs.
Zero-loss data storage
The etherExtractor series uses high-endurance storage for the enterprise model that enhances reliability and durability with an optimized write method. To guarantee the etherExtractor can write 100% of capture data to storage, the product is rigorously tested through multiple long-duration testing regimens with combinations of short and jumbo packets, ensuring high performance even in the most challenging network environments.
Improve efficiency with support for
remote operation and easy compatibility with
security devices and network monitoring systems.
In addition to the streamlined GUI, the etherExtractor supports remote operation via a web API. Use log outputs from other monitoring systems to establish a flexible and efficient configuration and workflow.
eE-NEO
A new standard for reliability and cost performance
Stability that lasts
The latest model of etherExtractor, eE-NEO is built on the knowledge gained from previous models’ extreme long-term operation in commercial network installations. Telecom carriers, data centers, and financial institutions demand stable, constant capture performance over extended periods of time, and the eE-NEO delivers.
IDS for industrial networks
eE-NEO is optimized for secure monitoring of mission-critical control networks. Customizing the parameters to an individual networks’ environment and traffic makes it possible to quickly and accurately identify network problems.
Compact 1U size
All the eE-NEO’s functionality and capture capabilities for interface speeds from 1GbE to 100GbE are condensed into a compact 1U device.
All-flash storage
NVMe-compatible SSDs are used for all capture storage and the OS, enabling dramatic improvements in reliability, speed, latency, and failure prediction compared to previous models.
Supports multiple users
Security enhancements allow user authentication and simultaneous operation by multiple users. Each user can operate each capture port from their own dedicated workspace.
5G fronthaul support
Capable of full capture in the highly time-sensitive 5G fronthaul environment (O-RAN), and supports time synchronization using PTPv2 (IEEE1588).
Detect "microbursts"
Microbursts are caused by highly concentrated traffic over a very short period. Accurately grasp the time, content, and frequency of traffic concentration, to optimize the investment of server resources.
Advanced GUI
Start capturing with just 3 clicks
After logging in from the browser:
1. Select a connection port
2. Select a port to capture
3. Start capturing
Capture screen
Based on the popular eE GUI, the capture operation screen has been reconfigured in an easy-to-use wide screen format. The settings screen has also been simplified with tabs for each usage scenario. The “capture profile” feature makes it easy to switch between environment settings.
Monitoring screen
Monitor the status of each component from a single screen.
Example uses:
- Check the device for temperature abnormalities
- Confirm link speed and link status of capture ports
- View internal storage usage rate and operating status
Options
Intrusion detection engine powered by
Suricata
Customizable security rules
Specify parameters for customized security rules. This makes it possible to support dedicated control protocols used in factories.
Standard rules
Standard rules can be used as soon as the system is installed, including:
- IP header / IP length errors
- Specific protocol detection such as Telnet, SSH, ICMP, FTP, etc.
- Port scan detection
What are the benefits for checking packet integrity on a control network?
During system maintenance, simply connect to the mirror port to accurately collect diagnostic data related to the control system. This method introduces no new load to the existing network, and eliminates the danger of unexpected malfunctions when adding new devices to the network.
Specifications
| Model | NEO Lite | NEO Lite 20G | NEO Basic | NEO Pro |
|---|---|---|---|---|
| Product image | |
|||
| Configuration | 1U | |||
| Number of ports | 1GbE/10GbE SFP/SFP+ x 4 ports |
10GbE x 4 ports or 25GbE x 2 ports or 40GbE x 2 ports (option) or 100GbE x 2 ports (option) |
10GbE x 4 ports or 25GbE x 2 ports or 40GbE x 2 ports or 100GbE x 2 ports |
|
| Capture interface | 10G Base-SR/LR 1000 Base-T/SX/LX |
10G Base-SR/LR 25G Base-SR/LR 40G Base-SR4/LR4 100G Base-SR4/LR4 |
||
| Capture performance | 4Gbps | 20Gbps | 50Gbps | 100Gbps |
| Capture packet | 64byte - 9600byte | |||
| Capture resolution | 7ns | 1ns | ||
| Effective storage capacity | 5.0TB | 60TB | 70TB | |
| RAID configuration | RAID 5 | RAID 10 | ||
| OS | Linux | |||
| Power consumption | 200W | 350W | 550W | 700W |
| Dimensions(W×H×D mm) | 437x43x597 | |||
| Weight (kg) | About 15kg | |||
Cost reduction and flexibility with Wireshark*
The entire etherExtractor series outputs captured packet data as highly versatile PCAP files, allowing for full compatibility with Wireshark, a popular and free open-source software used for detailed network analysis. Utilizing open-source software reduces the initial installation cost, and solves the issue of high operational cost and performance instability found in some expensive capture products by eliminating the need for costly, continuous software updates. Wireshark, a favorite tool of network engineers in many industries, also provides operational flexibility even if network analysis is outsourced.
Wireshark* Overview
- Analyze captured files
- Packet filter function
- Statistics function
- TCP session stream recovery function
* Wireshark is a registered trademark of Wireshark Foundation, Inc.
