Features

Implemented protocols

  • Lvl 2: Ethernet, Linux SLL, VXLan
  • Lvl 3: IPv4
  • Lvl 4: TCP, UDP
  • Lvl 5 – 7: HTTP

Current features

Capture

  • Remote host network capture
  • Cluster compatibility to monitor all replicas of the same service with a single configuration
  • Remote configuration, web based
  • DNS names discovery and change tracking
  • Pcap filtering and FQDN filtering
  • VXLan decryption
  • Tcpdump Pcap manual uploading

Decoding

  • Scalable real time decoding
  • TCP session reconstruction
  • Automatic high level protocol analysis
    • HTTP only for now
  • Payload reconstruction and decompression
  • Communication identification and tagging for filtering and grouping
  • Fine grained filtering to avoid storing confidential information

Analysis & display

  • Time zoom from statistical analysis over days to packet emission in microseconds, with all the steps in between
  • Time selection and replay
  • Self construct and editable network map
  • Cluster view (as many servers as needed)
  • Servers replicas aggregation on all views
  • Clients identification and tracking through JWT and Basic Auth decoding
  • Clients multi connections aggregation on network map
  • Proxy hiding (reveal true clients)
  • Drill down into services communications in :
    • Customizable statistics panel
    • Sequence diagrams
    • Customizable grids
  • Communications diff
  • Full blown search with lots of helpers and filters to track related communications and filter anything
  • Correlation tokens follow up
  • Autocomplete search input
  • HTML, XML, JSON, JS, CSS payloads pretty print + browser view of images, videos…
  • Analysis sharing
  • Exports:
    • Pcap for packets, tcp sessions and http communications
    • JSON for high level communications
    • SVG and PNG for sequence diagrams
    • Excel for statistics (graphics included)
  • Imports:
    • Pcap
    • Spider own JSON format

Managing

  • Multitenant solution
  • Data access sharing capabilities
  • Users rights management
  • Self user creation with email validation and optional admin activation
  • Mail notifications on email or password change, on account activation…
  • LDAP integration
  • Blent-in top class self monitoring

And more!

  • And many other small and big nice stuff for efficient experience 🙂

What’s coming?

    • Tools customization (temporal selection, custom parsing…)
    • Decoders tools (ex: base 64, url decode)
    • Time markers
    • Injection & replay

What’s next?

    • Protocols:
      • HTTPS
      • Websockets
      • HTTP2
      • Thrift
      • Protobuf
      • Quic
      • Oracle, PostgreSQL, Mongo, Redis
    • Cross protocols views
    • Map enhancers
    • Custom parsing and search
    • Automated analysis

And more !