FastRecorder™ and PacketExtractor™
for Monitoring IP Networks

Overview

Packet capture and analysis is crucial for managing large and small-scale networks. Tools to capture and replay are often useful for service providers who wish to make field captures of crucial behavior and want to carefully reproduce them in a lab.

Recorded high speed data can be used not only for examining each packet in real-time, but also examining trends across packets or streams of related packets to predict potential issues or potential illicit activity. Playing back the recorded high-speed data can recreate the real-time packet network in the lab for further diagnosis.

Today's networks are built with switches, routers, and gateways interconnected with 1, 10, 25, 40, and 100 Gbps full duplex fiber optic lines. These fiber connections increasingly carry packets (vs. circuits) with data, voice, and video, interleaved, aggregated, and burst out at ever faster, bigger, and longer distances.

Diagnosing issues among these elements requires error free, non-intrusive interception at the full rate (wirespeed), then storing for post analysis with a packet analyzer. Naturally, at such high rates, capturing and storing require a unique and ingenious architecture, large RAM, and hundreds of  terabytes of storage. Additional features, like wirespeed filtering, packet slicing, storing, and later extracting intended application streams are also vital.

The application includes four modules - FastRecorder™, PacketExtractor™, PacketRecorder™ , and PacketReplay™.

FastRecorder™ and PacketExtractor™ provide extreme wirespeed IP traffic filtering and recording up to 100 Gbps direct to disk and offline filtering, extraction, and analysis. Supports 4 x 1 Gbps or 2 or 4 x 1/10/25 Gbps or 2 x 40/100 or 8 x 10 Gbps or 4 x 1/10/25 GigE Ethernet Interface.

PacketRecorder™ and PacketReplay™ provide record and playback of IP traffic up to 10 Gbps.

In FastRecorder™ mode, high rate real-time traffic can be recorded with precise hardware time stamping. The Record feature includes a powerful Hardware Filter that allows user to filter out unwanted traffic, and continuously capture the traffic of interest. The user can apply trigger conditions to Start or Stop writing to the Disk based on the Trigger criteria.

In PacketExtractor™ mode, the recorded traffic file on selected network interface ports and drives can be extracted to PCAP or PCAPNG (Wireshark® format), or HDL (GL Proprietary format) formats, and extracted trace files can be analyzed using any packet analyzer such as GL's PacketScan™. It also supports sequence number verification of extracted packets (BERT verification) Live traffic captured on a network using the Recorder utility, PacketScan™, or Wireshark® can be easily recreated in the lab.

FastRecorder™ and PacketExtractor™ applications work with GL's PacketScan™ HD (or Wireshark®) Packet Analyzers. GL's PacketScan™ HD is a complete IP traffic analyzer – similar to but more powerful than Wireshark®. For example, real time voice quality, fax quality, call and session separation, powerful ladder diagrams are included.

The traffic captured on a live network can be analyzed using packet analyzers such as PacketScan™ - All IP analyzer or Wireshark®.

Main Features

FastRecorder™

• Lossless capture of high speed IP traffic (1, 10, 25, 40, and 100 GigE) links
• Non-intrusive capture and record over Ethernet (Electrical and Optical) interfaces at nano-second time precision
• Merging traffic with high-precision timestamps for recording on multiple ports
• Provides predefined (customized filter) and advance hardware filter options
• Provides options to customize filters which provides the flexibility to select the fields and use the logical conditions more efficiently
• Up to 120 TB of total storage (NVME SSD) in the portable platform
• Record only traffic-of-interest by applying efficient hardware filters based on MAC, 802.1Q (VLANs), IPv4/IPv6, Tunnel Traffic (Tunnel 1 and Tunnel 2), TCP, UDP, SCTP, SIP, and RTP parameters
• Filter on inner layer of GTP, GRE, and VXLAN tunnel traffic like inner IPv4/IPv6 addresses and Transport Protocols (UDP, TCP and SCTP) port numbers
• User can create their own filters using custom filter option which provides flexibility to check the fields and use the logical AND, OR conditions more efficiently
• Packet Slicing on configured length to store only selected packet content
• Optimized distributed disk operation to achieve wirespeed recording to disk
• Option to record traffic continuously by retaining the latest traffic with user defined record size
• Supports recording of eCPRI traffic based on eCPRI message types and UDP port number
• Aggregated and per port statistics like captured, filtered/unfiltered, dropped frame percentage and counts
• Recording can be started with default recording name. The current time is taken as the default recording name in “YYYY-MM-DD_HH-Min-Sec” format
• Graphical display option to view the recorded statistics as well as a history of overall rate, frames/seconds, per-port rate, per-port frames/seconds, and port link status along with Zoom in and out options
• Supports Email alert for specified trigger condition
• Trigger-based condition is configured based on Date Time/Time format, Capture Rate, Filter Rate, Per-port Capture Rate, Per-port Filter Rate, and Port link status
• Provides error counters in the statistics
• Schedule the recording start/stop by setting triggering condition based on Datetime/time format

PacketExtractor™

• Extract intended traffic from previous recordings into PCAP, PCAPNG (Wireshark® format), or HDL (GL Proprietary format) output traces
• Pre-Extraction filter has been introduced to eliminate the frames which are captured due to GL’s SmartNIC™ limitation
• Display of recorded as well as aggregated statistics of overall rate, frames/seconds, per-port rate, per-port frames/seconds, and port link status from the record start time to end time
• Extracted trace can be analyzed in PacketScan™ HD or Wireshark®
• Option to extract the packets into single or multiple output traces
• Extraction filter provides option to filter UDP, TCP, SCTP port numbers, and inner IP and inner UDP IP, and other protocols
• Extract traces with file size, time period, or packet count as the limit criteria
• Packets can be sliced to limited length to optimize output trace size
• Option to compress extracted trace files using 7-Zip to optimize storage
• Supports analysis of eCPRI to monitor eCPRI traffic for packet impairments such as Missed Packets, Out of Order, Duplicate Packets, One-Way Delay etc.
• Display of recorded aggregated and per port statistics such as captured, filtered/unfiltered, dropped frame percentage and counts
• Graphical display option to view the recorded statistics as well as a history of overall rate, frames/seconds, per-port rate, per-port frames/seconds, and port link status from the record start time to end time along with Zoom in and out options
• Provides an option to view the configured hardware filters
• Extraction can be done from user-specified start and end time