IP/VoIP Analysis & Simulation

Protocol Analyzer

High Speed Ethernet and IP Capture

FastRecorder™ and PacketExtractor™ provide wirespeed Ethernet/IP traffic filtering and recording up to 320 Gbps direct to disk.

  Request a Quote   Brochure
FastRecorder and PacketExtractor for monitoring IP Network

Overview

Today's networks are built with switches, routers, and gateways interconnected with 1, 10, 25, 40, and 100 Gbps full duplex fiber optic lines. These fiber connections increasingly carry packets (vs. circuits) with data, voice, and video, interleaved, aggregated, and burst out at ever faster, bigger, and longer distances.

Diagnosing issues on these networks requires error free, non-intrusive interception at full line-rate (wirespeed) and then storing the captures for post analysis with a protocol analyzer. At such high rates, capturing and storing requires a unique architecture, large RAM, and hundreds of terabytes of storage. Additional features, like wirespeed filtering, packet slicing, storing and later extracting intended application streams are also vital.

The application includes four modules - FastRecorder™, PacketExtractor™, PacketRecorder™ , and PacketReplay™.

  • FastRecorder™ and PacketExtractor™ provide extreme wirespeed IP traffic filtering and recording up to 320 Gbps direct to disk and offline filtering, extraction, and analysis. Supports 4 x 1 Gbps or 2 or 4 x 1/10/25 Gbps or 2 x 40/100 or 8 x 10 Gbps or 4 x 1/10/25 GigE Ethernet Interface
  • PacketRecorder™ and PacketReplay™ provide record and playback of IP traffic up to 10 Gbps

In FastRecorder™ mode, high rate real-time traffic can be recorded with precise hardware time stamping. The Record feature includes a powerful Hardware Filter that allows user to filter out unwanted traffic, and continuously capture the traffic of interest. The user can apply trigger conditions to Start or Stop writing to the Disk based on the Trigger criteria.

In PacketExtractor™ mode, the recorded traffic file on selected network interface ports and drives can be extracted to PCAP or PCAPNG (Wireshark® format), or HDL (GL Proprietary format) formats, and extracted trace files can be analyzed using any packet analyzer such as GL's PacketScan™. It also supports sequence number verification of extracted packets (BERT verification) Live traffic captured on a network using the Recorder utility, PacketScan™, or Wireshark® can be easily recreated in the lab. Also, PacketExtractor™ supports monitoring and analysis of eCPRI protocol.

FastRecorder™ and PacketExtractor™ applications work with GL's PacketScan™ HD (or Wireshark®) Analyzers. GL's PacketScan™ HD is a complete IP traffic analyzer – similar to but more powerful than Wireshark®. For example, real time voice quality, fax quality, call and session separation, powerful ladder diagrams are included.

The traffic captured on a live network can be analyzed using packet analyzers such as PacketScan™ - All IP analyzer or Wireshark®.

Main Features

FastRecorder™

  • Lossless capture of high speed IP traffic (1, 10, 25, 40, and 100 GigE) links
  • Non-intrusive capture and record over Ethernet (Electrical and Optical) interfaces at nano-second time precision
  • Merging traffic with high-precision timestamps for recording on multiple ports
  • Provides predefined (customized filter) and advance hardware filter options
  • Provides options to customize filters which provides the flexibility to select the fields and use the logical conditions more efficiently
  • Up to 120 TB of total storage (NVME SSD) in the portable platform
  • Record only traffic-of-interest by applying efficient hardware filters based on MAC, 802.1Q (VLANs), IPv4/IPv6, Tunnel Traffic (Tunnel 1 and Tunnel 2), TCP, UDP, SCTP, SIP, and RTP parameters
  • Filter on inner layer of GTP, GRE, and VXLAN tunnel traffic like inner IPv4/IPv6 addresses and Transport Protocols (UDP, TCP and SCTP) port numbers
  • User can create their own filters using custom filter option which provides flexibility to check the fields and use the logical AND, OR conditions more efficiently
  • Packet Slicing on configured length to store only selected packet content
  • Optimized distributed disk operation to achieve wirespeed recording to disk
  • Option to record traffic continuously by retaining the latest traffic with user defined record size
  • Supports recording of eCPRI traffic based on eCPRI message types and UDP port number
  • Aggregated and per port statistics like captured, filtered/unfiltered, dropped frame percentage and counts
  • Recording can be started with default recording name. The current time is taken as the default recording name in “YYYY-MM-DD_HH-Min-Sec” format
  • Graphical display option to view the recorded statistics as well as a history of overall rate, frames/seconds, per-port rate, per-port frames/seconds, and port link status along with Zoom in and out options
  • Supports Email alert for specified trigger condition
  • Trigger-based condition is configured based on Date Time/Time format, Capture Rate, Filter Rate, Per-port Capture Rate, Per-port Filter Rate, and Port link status
  • Provides error counters in the statistics
  • Schedule the recording start/stop by setting triggering condition based on Datetime/time format

PacketExtractor™

  • Extract intended traffic from previous recordings into PCAP, PCAPNG (Wireshark® format), or HDL (GL Proprietary format) output traces
  • Pre-Extraction filter has been introduced to eliminate the frames which are captured due to GL’s SmartNIC™ limitation
  • Display of recorded as well as aggregated statistics of overall rate, frames/seconds, per-port rate, per-port frames/seconds, and port link status from the record start time to end time
  • Extracted trace can be analyzed in PacketScan™ HD or Wireshark®
  • Option to extract the packets into single or multiple output traces
  • Extraction filter provides option to filter UDP, TCP, SCTP port numbers, and inner IP and inner UDP IP, and other protocols
  • Extract traces with file size, time period, or packet count as the limit criteria
  • Packets can be sliced to limited length to optimize output trace size
  • Option to compress extracted trace files using 7-Zip to optimize storage
  • Supports analysis of eCPRI to monitor eCPRI traffic for packet impairments such as Missed Packets, Out of Order, Duplicate Packets, One-Way Delay etc.
  • Display of recorded aggregated and per port statistics such as captured, filtered/unfiltered, dropped frame percentage and counts
  • Graphical display option to view the recorded statistics as well as a history of overall rate, frames/seconds, per-port rate, per-port frames/seconds, and port link status from the record start time to end time along with Zoom in and out options
  • Supports Encapsulating Security Payload (ESP) protocol to decrypt ESP packets on both IPv4 and IPv6 by providing ESP SAs value
  • Provides an option to view the configured hardware filters
  • Extraction can be done from user-specified start and end time

Specifications

Hardware Requirements

Requires GL's HD Network Interface adapters

High Density Network Adapters can be any of the following types -

  • 4x 1 Gbps – requires 850/1310 nm SFP Module; Ethernet/Optical SFP modules
  • 2x 10 Gbps – requires 10GBASE-SR SFP+; Optical only
  • 2x 40 Gbps – requires MTP/MPO Connector for CFP2; Optical only
  • 2x 40/2x 100 Gbps – requires MTP/MPO Connector for CFP2; Optical only

Hard Disk: SSD hard disk (For faster I/O operations) compatible with SATA verIII or RAM Disk

System Configuration: 2U system with 32 GB to 128 GB RAM
Hardware Filters

    Supports defining up to 10 filters at Layer 2, 3, 4, and 5

  • MAC: Frames can be filtered out based on Source MAC address, destination MAC address, Ether Type and FCS Error
  • VLAN 0, 1, 2: Filters frames based on Tag protocol ID, User Priority, CFI, and VLAN ID
  • IPV4: Frames can be filtered based on Source IP Address, Destination IP Address, Protocol Type, Header Length, Differentiated Services, Ds_ECN, DS_CodePoint, Total Length, Check Sum Error, IP Datagram ID, Fragmentation Offset, Flag_DontFragment and Flag_MoreFragments
  • IPv6: Frames can be filtered based on Source IP address, Destination IP address, Next Header, and Payload Length
  • Tunnel Traffic: Tunnel filter provides a method to filter the packets of one protocol within the protocols. Supported tunneling methods are GTP, GRE and VXLAN and Hardware filters can be applied to Tunnel 1 and/or Tunnel 2 layer fields
  • ARP: Frames can be filtered based on Sender MAC Address, Target MAC Address, Sender IP Address, Target IP Address and Option Code
  • TCP: In TCP layer Frames, can be filtered based on source port, destination port and check sum error
  • UDP: In UDP layer Frames can be filtered based on source port, destination port, check sum error, UDP length and payload
  • SCTP: SCTP packets can also be filtered based on source port or destination port
  • SIP and RTP: SIP and RTP packets can also be filtered based on source port or destination port
Record Rate Max Rate is 320 Gbps

FastRecorder™ Architecture

Fast Recorder working principle

The traffic is captured on the selected port at the hardware level. The captured traffic will be timestamped and sent to the Host Buffer within the hardware. If the Hardware Filters are applied, then only the filtered traffic will be sent to the Host Buffer. In case of multiple port selection, the filtered traffic from the selected ports is aggregated and presented as a single stream.

The FastRecorder™ application has two modules such as Capture Module and Write Module. In the host buffer, the packets are segmented into different frames based on segment sequence number and segment sequence length and these stream of frames are captured from the selected network interface and the write module will save the captured traffic in the trace files in metadata format in to the SSD/RAM Disk.

PacketExtractor™ Architecture

Extractor working principle

The pre-recorded captured files (.dat format) stored in SSD/RAM disk will be fed to PacketExtractor™ application.

It reads the metadata file which contains the information of the recorded data on each drive with time stamp. The filters can be applied for extracting traffic of interest. The trace files segments are reassembled based on segment sequence number. The segment sequence number and segment length are used while analyzing or reassembling the segments.
The Extractor module extracts the packets from the reassembled segments. The write module will write the extracted packets to HDL or PCAP or PcapNG. The BERT verify option can be used to analyze the sequence number of extracted packets.

FastRecorder™ Application

FastRecorder™ application provides various options to capture the high density real-time traffic on disk drives and store the recorded traffic into a file. The application can capture the traffic continuously until user stops the recorder or specify the size limit to stop the traffic capture.

Fast Recorder and Packet Extractor Application


Hardware Filters

The Hardware Filter option allows user to easily set up filter conditions to filter out unwanted traffic at line rate, continuously capture only the traffic of interest, and modify filters on the fly.

Example: Filtering Tunnel Traffic
Up to 10 filters can be defined based on various parameters in the protocol layers. As an example, GTP is configured in the below figure.

Hardware filter


FastRecorder Statistics

Recorder statistics displays the statistics information of

  • Filter Match Frames
  • Filter Not Match Frames, Total Frames
  • Filter Match Frames %
  • Dropped Frames (Due to Buffer Overflow)
  • Recorded Bytes (Gbytes)
  • Capture Rate (Mbps)
  • Filtered Rate (Mbps)
  • Capture Frame Rate (Frames/Sec)
  • Filtered Frame Rate (Frames/Sec)
  • Record Duration (hr:min)
  • Available Host Buffer Size (Kbytes)
  • Utilized Host Buffer Size (Kbytes)
  • Available OnBoard Memory Size (Mbytes)
  • Utilized OnBoard Memory Size (%)
  • Utilized OnBoard Memory Size (Mbytes)
  • Disk Write Fail Count
  • Port Link Status
  • Port Link Down Count
  • L1/L2 ERROR Counters:
    • L2 Drop Events
    • CRC
    • Alignment
    • Code Violation
    • Fragments
    • Jabbers
    • Collisions
Recorder Statistics

Overall Graph View

User can observe the real time display of graph (Time v/s Rate), Capture Rate, Filter Rate, and Port link Status from past 7 days.

Overall Graph View

Per Port Graph View

User can observe the real time display of port graph (Time v/s Frames/Sec), Capture and Filtered Frames from past 7 days

Per Port Graph View

Trigger Conditions

User can specify the triggers to perform action based on the following conditions.

  • CaptureRate (Mbps)
  • FilterRate (Mbps)
  • Port[n].CaptureRate (Mbps)
  • Port[n].FilterRate (Mbps): where n is port number
  • TimeStamp.DateTime, TimeStamp
  • Time (min)
Trigger Conditions


Recording Time Table

Packet Length

512

Bytes

Overhead

20

Bytes

12 bytes minimum IFG + 8 bytes Preamble+SFD

Napatech Overhead

16

Bytes

Packet Header Overhead

Actual Overhead

-4

Link Speed

10

Gbps

Number of Links

4

Disk Space/sec

4.620233085

GB

Duration (minutes)

18

Minutes

 

Total Disk Space

4.872902082

TB

 

PacketExtractor™ Application

PacketExtractor™ application consists of configuration settings that allows user to extract recorded files on the selected HD NIC interface port with or without applying filters and by specifying the different limit criteria (Time, Packet Count and Size) into required output file format to analyze the results using PacketScan and Wireshark application . User can also save the extracted traffic in multiple files by providing the file size to create a new file after every specified file size.

In the packet extraction from the stored recordings without filter the Extractor Filter option is unchecked and no filter configurations are done to extract the traffic.

Packet Extractor without filter

In the packet extraction from the stored recordings with filter the Extractor Filter option is checked and required filter configurations are done to extract the traffic.

Packet Extractor with filter


ESP Deciphering

FastRecorder™ and PacketExtractor™ analyzer supports ESP protocol to decrypt ESP packets on both IPv4 and IPv6 by providing ESP SAs value.

ESP Deciphering


eCPRI Analysis

FastRecorder™ and PacketExtractor™ analyzer supports eCPRI analysis to monitor eCPRI traffic for packet impairments such as Missed Packets, Out of Order, Duplicate Packets, One-Way Delay etc. GL’s eCPRI protocol analysis tool supports eCPRI message types such as IQ Data, Bit Sequence, Generic Data Transfer, Remote Memory Access, One-way Delay Measurement, Remote Reset, and Event Indication for analysis and statistics

eCPRI Analysis


Analysis of Extracted Traffic

The extracted files can be analyzed using PacketScan™ HD and Wireshark application

Traffic analysis in Packetscan™ HD

Traffic Analysis using PacketScan™ HD application

Traffic analysis using wireshark

Traffic Analysis using Wireshark application



BERT Verification

The BERT verification analyzes the received BER pattern and provides various vital measurements such as Status, Mismatch SeqNum, Sync Loss, Bit Error, Bit Error Rate, and Byte Count.

Bert Analysis


Record Statistics

Display the information of recorded file:

  • Filter Match Frames
  • Filter Not Match Frames
  • Total Frames
  • Filter Match Frames %
  • Dropped Frames (Due to Buffer Overflow)
  • Record Duration (hr:min:sec)
Record Statistics


Recorder Graph View

User can view the Capture and Filter rate of the recorded file.

Recorder Graph View


Hardware Filter Used while Recording

User can view the configured hardware filters. In this example, UDP layer is configured.

Hardware Filter Used

Resources

Item No. Item Description

PKV123

FastRecorder™ and PacketExtractor™
(requires any one of PKV120, PKV120p, PKV122, PKV122p, PKV124, PKV124p)

PacketRecorder™ and PacketReplay™
(requires any one of PKV120, PKV120p, PKV122, PKV122p)

Related Software

PKV120

PacketScan™ HD - High Density IP Traffic Analyzer w/ 4x1GigE 
includes PKV100 - Online (not Offline) for temporary audio codec support

PKV120p

PacketScan™ HD w/4 x 1GigE - Portable

PKV122

PacketScan™ HD - High Density IP Traffic Analyzer w/ 2x10GigE

PKV122p

PacketScan™ HD w/2 x 10 GigE - Portable

PKV124

PacketScan™ HD w/40/100 GigE

PKV124P

PacketScan™ HD w/40/100 GigE - Portable

PKV121

PacketScan™  FB - (Offline Analyzer)

PKV100

PacketScan™ (Real-time and Offline)

PKV101

PacketScan™ - Offline

PKV170

NetsurveyorWeb™ (Perpetual License, Unlimited Users/Nodes)
– Includes Oracle 11g Standard Edition One and Standard Server-Grade Computing Platform

PKV169

NetsurveyorWeb™ Lite
- Probe Level WebServer, PacketScan™, and Oracle 11g Express Edition;
Traffic Options
GTP Mobile Traffic Options

ETH101
ETH102
ETH103

MobileTrafficCore - GTP
MobileTrafficCore - Gateway
MobileTrafficCore for Gb Interface
  RTP Traffic Options

PKS102

RTP Soft Core (additional)

PKS103

RTP IuUP Softcore

PKS200
PKS202
PKS203
PKS204
PKS205
PKS206

RTP Pass Through Fax Emulation
Fax Port Licences - 2 Fax Ports, RO
Fax Port Licences - 8 Fax Ports, RO
Fax Port Licences - 30 Fax Ports, RO
Fax Port Licences - 60 Fax Ports, RO
Fax Port Licences - 120 Fax Ports, RO

PKS211

T.38 Fax Simulation

PKS107

RTP EUROCAE ED-137B

PKS108

RTP Voice Quality Measurements

PKS106

RTP Video Traffic Generation

PCD103

Optional Codec – AMR – Narrowband (requires additional license)

PCD104

Optional Codec - EVRC (requires additional license)

PCD105

Optional Codec – EVRC-B (requires additional license)

PCD106

Optional Codec – EVRC-C (requires additional license)

PCD107

Optional Codec – AMR - Wideband (requires additional license)

PCD108

Optional Codec  - EVS (requires additional license)

PCD109

Optional Codec  - Opus (requires additional license)
Brochures
FastRecorder™ and PacketExtractor™ Brochure
PacketScan™ Brochure
PacketScan™ HD Brochure
eCPRI Protocol Analysis Brochure
Supported Codecs
GL Product Lists
Presentations
FastRecorder™ and PacketExtractor™ - Presentation
PacketScan™ HD - Presentation
eCPRI Protocol Analysis Presentation
Webinars