IP/VoIP Analysis & Simulation

Protocol Analyzer

FastRecorder™ and PacketExtractor™
for Monitoring IP Networks

GL's FastRecorder™ and PacketExtractor™ application allows recording and extracting modes of operation. In Fast Record mode, high rate real-time traffic can be recorded with precise hardware time stamping.

  Brochure
FastRecorder and PacketExtractor for monitoring IP Network

Overview

Packet capture and analysis is crucial for managing large and small-scale networks. Tools to capture and replay are often useful for service providers who wish to make field captures of crucial behaviour and want to carefully reproduce them in a lab.

Recorded high speed data can be used not only for examining each packet in real-time, but also examining trends across packets or streams of related packets to predict potential issues or potential illicit activity. Playing back the recorded high-speed data can recreate the real-time packet network in the lab for further diagnosis.

Today's networks are built with switches, routers, and gateways interconnected with 1, 10, 25, 40, and 100 Gbps full duplex fiber optic lines. These fiber connections increasingly carry packets (vs. circuits) with data, voice, and video, interleaved, aggregated, and burst out at ever faster, bigger, and longer distances.

Diagnosing issues among these elements requires error free, non-intrusive interception at the full rate (wirespeed), then storing for post analysis with a packet analyzer. Naturally, at such high rates, capturing and storing require a unique and ingenious architecture, large RAM, and hundreds of  terabytes of storage. Additional features, like wirespeed filtering, packet slicing, storing, and later extracting intended application streams are also vital.

GL's FastRecorder™ and PacketExtractor™ application allows Record and Extract modes of operation In Fast Record mode, high rate real-time traffic can be recorded with precise hardware time stamping. The Record feature includes a powerful Hardware Filter that allows user to filter out unwanted traffic, and continuously capture the traffic of interest. The application supports HDDAT GL HD Proprietary format.

In PacketExtractor™ mode, the recorded traffic file on selected network interface ports and drives can be extracted in the formats PCAP or PcapNG (Wireshark® format), or HDL (GL Proprietary format), and HDDAT (GL HD Proprietary format) and analyzed using any packet analyzer such as GL's PacketScan™. It also supports sequence number verification of extracted packets (BERT verification) Live traffic captured on a network using the Recorder utility, PacketScan™, or Wireshark® can be easily recreated in the lab.

FastRecorder™ and PacketExtractor™ applications work with GL's PacketScan™ HD (or Wireshark®) Packet Analyzers. GL's PacketScan™ HD is a complete IP traffic analyzer – similar to but more powerful than Wireshark®. For example, real time voice quality, fax quality, call and session separation, powerful ladder diagrams are included.

The traffic captured on a live network can be analyzed using packet analyzers such as PacketScan™ - All IP analyzer or Wireshark®.

Main Features

FastRecorder™

  • Lossless wirespeed capture of IP traffic across high speed (1, 10, 25, 40, and 100 GigE) links
  • Non-intrusive capture and record over Ethernet (Electrical and Optical) interfaces at nano-second time precision
  • Recording on multiple ports by merging the traffic with high-precision timestamp
  • Up to 120 TB of total storage (NVME SSD) in the portable platform
  • Record only traffic-of-interest by applying efficient hardware filters based on MAC, 802.1Q (VLANs), IPv4/IPv6, TCP, UDP, SCTP, SIP, and RTP parameters
  • Filter on inner layer of GTP tunnel traffic like inner IPv4/IPv6 addresses
  • Slice packets to limited length to store only important packet content
  • Optimized distributed disk operation to achieve wirespeed recording to disk
  • Option to record traffic continuously by retaining the latest traffic with user defined record size
  • Aggregated and per port statistics like captured, filtered/unfiltered, dropped frame percentage and counts

PacketExtractor™

  • Extract intended traffic from previous recordings into PCAP, PcapNG (Wireshark® format), or HDL (GL Proprietary format) output traces
  • Extracted trace can be analyzed in PacketScan™ HD (HDL file format) or Wireshark® (PCAP file format)
  • Option to extract the packets into single or multiple output traces
  • Extraction filter provides option to filter IP, TCP, UDP, GTP-IP, GTP-UDP, and other protocols
  • Extract traces with file size, time period, or packet count as the limit criteria
  • Packets can be sliced to limited length to optimize output trace size
  • Option to compress extracted trace files using 7-Zip to optimize storage

Specifications

Hardware Requirements

Requires GL's HD Network Interface adapters

High Density Network Adapters can be any of the following types -

  • 4x 1 Gbps – requires 850/1310 nm SFP Module; Ethernet/Optical SFP modules
  • 2x 10 Gbps – requires 10GBASE-SR SFP+; Optical only
  • 2x 40 Gbps – requires MTP/MPO Connector for CFP2; Optical only
  • 2x 40/2x 100 Gbps – requires MTP/MPO Connector for CFP2; Optical only

Hard Disk: SSD hard disk (For faster I/O operations) compatible with SATA verIII or RAM Disk.

System Configuration: 2U system with 32 GB to 128 GB RAM
Hardware Filters

    Supports defining up to 10 filters at Layer 2, 3, 4, and 5

  • MAC: Frames can be filtered out based on Source MAC address, destination MAC address, Ether Type and FCS Error.
  • VLAN 0, 1, 2: Filters frames based on Tag protocol ID, User Priority, CFI, and VLAN ID.
  • IPV4: Frames can be filtered based on Source IP Address, Destination IP Address, Protocol Type, Header Length, Differentiated Services, Ds_ECN, DS_CodePoint, Total Length, Check Sum Error, IP Datagram ID, Fragmentation Offset, Flag_DontFragment and Flag_MoreFragments.
  • IPv6: Frames can be filtered based on Source IP address, Destination IP address, Next Header, and Payload Length.
  • ARP: Frames can be filtered based on Sender MAC Address, Target MAC Address, Sender IP Address, Target IP Address and Option Code.
  • TCP: In TCP layer Frames, can be filtered based on source port, destination port and check sum error.
  • UDP: In UDP layer Frames can be filtered based on source port, destination port, check sum error, UDP length and payload.
  • SIP and RTP: SIP and RTP packets can also be filtered based on source port or destination port
Record Rate Max Rate is 80Gbps

FastRecorder™ Architecture

The traffic is captured on the selected port at the hardware level. The captured traffic will be timestamped and sent to the Host Buffer within the hardware. If the Hardware Filters are applied, then only the filtered traffic will be sent to the Host Buffer. In case of multiple port selection, the filtered traffic from the selected ports is aggregated and presented as a single stream.

The FastRecorder™ application has two modules such as Capture Module and Write Module. In the host buffer, the packets are segmented into different frames based on segment sequence number and segment sequence length and these stream of frames are captured from the selected network interface and the write module will save the captured traffic in the trace files in metadata format in to the SSD/RAM Disk.

PacketExtractor™ Architecture

The pre-recorded captured files (.dat format) stored in SSD/RAM disk will be fed to PacketExtractor™ application.

It reads the metadata file which contains the information of the recorded data on each drive with time stamp. The filters can be applied for extracting traffic of interest. The trace files segments are reassembled based on segment sequence number. The segment sequence number and segment length are used while analyzing or reassembling the segments.
The Extractor module extracts the packets from the reassembled segments. The write module will write the extracted packets to HDL or PCAP or PcapNG. The BERT verify option can be used to analyze the sequence number of extracted packets.

FastRecorder™ Application

FastRecorder™ application provides various options to capture the high density real-time traffic on disk drives and store the recorded traffic into a file. The application can capture the traffic continuously until user stops the recorder or specify the size limit to stop the traffic capture.



Hardware Filters

The Hardware Filter option allows user to easily set up filter conditions to filter out unwanted traffic at line rate, continuously capture only the traffic of interest, and modify filters on the fly.

Example: Filtering GTP Traffic
Up to 10 filters can be defined based on various parameters in the protocol layers. As an example, GTP is configured in the below figure.



Recorder Statistics

Recorder statistics displays the statistics information of Filter Passed Frames, Filter Failed Frames, Total Frames, Filter Passed Frames % , Dropped Frames (Due to buffer overflow), Capture Rate (Mbps) ,Filtered Rate (Mbps) ,Capture Rate (Frames\Sec ,Frame Rate (Frames\sec), Captured Frames, Dropped Frames, Recorded Frames, Recorded Files, Current Recording Files, Recorded Duration.



Recording Time Table

Packet Length

512

Bytes

Overhead

20

Bytes

12 bytes minimum IFG + 8 bytes Preamble+SFD

Napatech Overhead

16

Bytes

Packet Header Overhead

Actual Overhead

-4

Link Speed

10

Gbps

Number of Links

4

Disk Space/sec

4.620233085

GB

Duration (minutes)

18

Minutes

 

Total Disk Space

4.872902082

TB

 

PacketExtractor™ Application

PacketExtractor™ application consists of configuration settings that allows user to extract recorded files on the selected HD NIC interface port with or without applying filters and by specifying the different limit criteria (Time, Packet Count and Size) into required output file format to analyze the results using PacketScan and Wireshark application . User can also save the extracted traffic in multiple files by providing the file size to create a new file after every specified file size.

In the packet extraction from the stored recordings without filter the Extractor Filter option is unchecked and no filter configurations are done to extract the traffic.
.



In the packet extraction from the stored recordings with filter the Extractor Filter option is checked and required filter configurations are done to extract the traffic.



Analysis of Extracted Traffic

The extracted files can be analyzed using PacketScan™ HD and Wireshark application

Traffic Analysis using PacketScan™ HD application

Traffic Analysis using Wireshark application

BERT Verification

The BERT verification analyzes the received BER pattern and provides various vital measurements such as Expected-Seq-Num, Received-Seq-Num, Packet-Num, Sync State and In-Sync Error Count and others size.

Resources

Item No. Item Description

PKV123

FastRecorder™ and PacketExtractor™ (Optional with PacketScan™ HD)
Related Software

PKV120

PacketScan™  HD - High Density IP Traffic Analyzer w/ 4x1GigE 
includes PKV100 - Online (not Offline) for temporary audio codec support

PKV120p

PacketScan HD™ w/4 x 1GigE - Portable

PKV122

PacketScan™ HD - High Density IP Traffic Analyzer w/ 2x10GigE

PKV122p

PacketScan HD™ w/2 x 10 GigE - Portable

PKV124

PacketScan HD™ w/40/100 GigE

PKV124P

PacketScan HD™ ™ w/40/100 GigE - Portable

PKV121

PacketScan™  FB - (Offline Analyzer)

PKV100

PacketScan™ (Real-time and Offline)

PKV101

PacketScan™ - Offline

PKV170

NetsurveyorWeb™ (Perpetual License, Unlimited Users/Nodes)
– Includes Oracle 11g Standard Edition One and Standard Server-Grade Computing Platform

PKV169

NetsurveyorWeb™ Lite
- Probe Level WebServer, PacketScan™, and Oracle 11g Express Edition;
Traffic Options
GTP Mobile Traffic Options

ETH101
ETH102
ETH103

MobileTrafficCore - GTP
MobileTrafficCore - Gateway
MobileTrafficCore for Gb Interface
  RTP Traffic Options

PKS102

RTP Soft Core (additional)

PKS103

RTP IuUP Softcore

PKS200
PKS202
PKS203
PKS204
PKS205
PKS206

RTP Pass Through Fax Emulation
Fax Port Licences - 2 Fax Ports, RO
Fax Port Licences - 8 Fax Ports, RO
Fax Port Licences - 30 Fax Ports, RO
Fax Port Licences - 60 Fax Ports, RO
Fax Port Licences - 120 Fax Ports, RO

PKS211

T.38 Fax Simulation

PKS107

RTP EUROCAE ED-137B

PKS108

RTP Voice Quality Measurements

PKS106

RTP Video Traffic Generation

PCD103

Optional Codec – AMR – Narrowband (requires additional license)

PCD104

Optional Codec - EVRC (requires additional license)

PCD105

Optional Codec – EVRC-B (requires additional license)

PCD106

Optional Codec – EVRC-C (requires additional license)

PCD107

Optional Codec – AMR - Wideband (requires additional license)

PCD108

Optional Codec  - EVS (requires additional license)

PCD109

Optional Codec  - Opus (requires additional license)
Brochures
FastRecorder™ and PacketExtractor™ Brochure
PacketScan™ Brochure
PacketScan™ HD Brochure
Supported Codecs
GL Product Lists
Presentations
FastRecorder™ and PacketExtractor™ - Presentation
PacketScan™ HD - Presentation