The 100 Gbit Continuous Packet Recorder
nBox Recorder is a network traffic disk recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems that we are trying to find.
nBox Recorder uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open-source analysis tools like ntopng, Wireshark, Suricata, Zeek, Snort.
nBox Recorder can be effectively used to perform:
- Off-line network packets analysis by feeding a specialized tool (such as snort or ntopng).
- Reconstruct specific communication flows or network activities.
- Reproduce the previous captured traffic to a different network.
Open Source Technologies
nBox relies on Open Source high-performance technologies for capturing and processing traffic, including our PF_RING framework, delivering Line-Rate packet capture up to 100 Gbit/s. nBox Recorder uses the industry standard PCAP file format to dump packets into files, so the resulting output can be easily integrated with existing third party and Open Source analysis tools like ntopng, Wireshark or Snort.
100% Visibility, Nanosecond Precision
nBox provides 100% visibility with sustained Line-Rate loss-less packet capture, which is a requirement in network security. Loss-less packet capture up to 100 Gbit, combined with nanosecond accuracy, delivers the best visibility in any condition. Full packets are stored, indexed and organized in a timeline to enable on-demand retrieval, specifying time interval and BPF criteria to fully reconstruct past events.
The nBox Recorder is based on n2disk, a 100 Gbit Network traffic recorder with indexing capabilities.
- High performance full packet capture to disk.
- BPF filters support. You can specify any filters you want to filter out the unwanted network packets from the dumping process.
- Conditional dump: save packets on disk based on traffic conditions (e.g. when traffic is above threshold X) and time of the day.
- Detailed dump statistics.
- Fully integrated in the nBox appliance. From the nBox web interface you can browse the dumped files and open them within nTop.
- Ability to reproduce dumped files onto a physical interface, or using tools such as ntop and nProbe.
The nBox UI is based on Cockpit. The pictures below show the nBox Recorder Web user interface.
The nBox recorder is available as physical appliance in the models below. All models:
- 19″ Rack-mount
- Use NVMe as storage for no drops.
- Operate at line rate with minimal packet size
- All models are Dell-based and include up to 3 years on-site hardware guarantee.
- Additional storage, software and hardware options available on demand.
|Monitoring Port Options
|Certified Dump Performance
|8 x 0.96 TB
|8 x 1.6 TB
|8 x 1.6 TB