All features
Capture
- Supported capture:
- ISO 2 layer : Ethernet, Linux SLL, VXLan.
- ISO 3 : IPv4.
- ISO 4 : TCP, UDP.
- ISO 5 - 7 : TLS, HTTP.
- Distributed capture of remote hosts.
- Agents remote configuration from the UI.
- Agents deployment from the UI
- ‘Applicative cluster’ mode: capture of many probes on the same system are merged in a single view.
- Automatic discovery and tracking of hosts DNS names.
- Packet filtering: PCAP standard filters + regular expressions on hosts FQDN.
- Circuit breakers in place to limit capture impact on spikes.
- Continuous monitoring of probes.
PCAP
andPCAP-NG
standard files may be injected directly on the web interface.- Limit capture size for big communications download.
- Deduplicate packets and communication when capturing both side of the communication.
- Capture only data packets to lower CPU and network usage
- Understand and manage duplicated packets arriving late
- Capture of TLS keys from OpenSSL memory to decipher and TLS ciphered TCP session.
Decoding
- Real time decoding of communications.
- Rebuilding of TCP flows.
- TCP flows decoding by plugins on the UI.
- Real time deciphering of TLS encrypted TCP sessions.
- On the fly payload content rebuilding content and decompressing.
- High level protocols analysis.
- Only HTTP for now.
- Modular architecture to quickly add new protocols.
- Clients identification and customisable tagging for specific filtering.
- Filtering and removal of sensitive data by defining rules in configuration.
Analysis and reporting
- Customisable layout.
- Automatic refresh of data.
- Dynamic and intuitive time travel in data with a time resolution from many days to microseconds.
- Timezone management to observe in the time of the capture
- Dynamic and customisable dashboard to show global metrics, latency, size, errors... grouped by technical and business axes.
- Save and reload dashboard dispositions.
- Dynamic and customisable map of network services that presents, in real time, the load and quality of systems communications.
- Combined data analysis of as many agents as needed, even with different systems using the same IP address range.
- Clients identification and tracking of their communications.
- Support of JWT, Certificates and Basic Auth. Extensible.
- Merged or split representation of services replicas.
- Hide proxies jumps to reveal true clients of calls.
- Multi level communication analysis:
- Statistics panel with customisable metrics and pivot tables.
- Sequence diagrams.
- Customisable grid.
- Map view of services with aggregated statistics.
- Detailed views from rebuilt communications to the unitary packets they are built from.
- Compute and display differences between communication.
- Easy tracking of correlation and tracing tokens.
- Multi criteria searches and dynamic filtering of communications.
- Graphical view and edition of filters.
- Autocompletion of filters.
- Save and reload queries.
- Continuous saving of users view for best user experience. The application comes back as it was before on reconnection.
- Powerful display of communication payload
- Pretty print and color syntaxing of:
- HTML, XML, JSON, JS, CSS
- Native display of captured pictures and videos.
- Pretty print and color syntaxing of:
- Instantaneous creation of shared URL links to exchange your findings with your peers, and reference them in tracking systems.
- Publication feature with Public links to share an analysis session to external users. With limited time and data access.
- Communications export:
- PCAP, PCAP-NG, JSON & XLSX
- PCAP-NG includes host resolution and TLS keys of the TCP session for deep analysis in Wireshark
- Sequence diagram export:
- Statistics export:
- Hosts import & export:
- Settings copy, import & export:
- JSON
- Dark mode available!
User management
- Authenticated solution.
- Multi tenant solution.
- Scalable solution with team management for centralised user management.
- Access sharing options for users.
- Role based access control for users.
- User creation:
- By SSO with OpenId Connect
- By LDAP link.
- By the user himself with an integrated web form with email validation process.
- Option to validate manually new accounts.
- Password recovery with email validation.
- Email notifications of mail / password change.