Directory
NetIntercept
NetIntercept 3.0 captures LAN traffic using a standard Ethernet interface card placed in promiscuous mode and a modified UNIX kernel. Long-term archival storage of captured data in NetIntercept is accomplished by storing the raw dump files. Depending on the hardware options selected, the archived dump file can be written directly to a removable media device attached to the NI machine, or transferred over the network to other machines for archiving. NetIntercept performs stream reconstruction on demand. When the user selects a range of captured network traffic to analyze, NetIntercept assembles those packets into network connection data streams. The reconstructed streams are then presented to the NetIntercept analysis subsystem for identification and analysis. The protocol recognition system is fully modular, making the parsing of data streams clean and easily extensible. The modules are arranged in a hierarchical tree. Each module specializes in a particular protocol, and may pass portions of the data stream to child modules for lower-level analysis. Modules that extract data useful as search criteria or for statistical purposes store that information in an SQL database.
Reviews (0)
Be the first to review this listing!