The Packet-to-Disk Continuous Packet Recorder
nBox Recorder is a network traffic disk recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems that we are trying to find.
nBox Recorder uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open-source analysis tools like ntop, Wireshark. or Snort.
nBox Recorder can be effectively used to perform:
- Off-line network packets analysis by feeding a specialized tool (such as snort or ntop).
- Reconstruct specific communication flows or network activities.
- Reproduce the previous captured traffic to a different network.
- High performance full packet capture to disk.
- BPF filters support. You can specify any filters you want to filter out the unwanted network packets from the dumping process.
- Conditional dump: save packets on disk based on traffic conditions (e.g. when traffic is above threshold X) and time of the day.
- Detailed dump statistics.
- Fully integrated in the nBox appliance. From the nBox web interface you can browse the dumped files and open them within nTop.
- Ability to reproduce dumped files onto a physical interface, or using tools such as ntop and nProbe.
The following figures shows you the nBox Recorder web user interface.
The nBox recorder is available as physical appliance in the models below.
|nBox Recorder||Form Factor||Monitoring Ports||Certified Dump Performance||Storage Size||RAID|
|R8||1U 19″ rackmount||1 x 10 Gbit Intel ZC Fiber or Myricom 10 Gbit Adapters with Hardware Timestamps||10 Gbit/s
|8 x 1.2 TB||HW RAID|
|R24||2U 19″ rackmount||3 x 1 Gbit Intel ZC Copper
||24 x 1.2 TB||HW RAID|