Leveraging the power of DAG technology.

EndaceProbe Capabilities

EndaceProbe™ Network Analytics Platforms are based on high-performance server hardware tightly integrated with Endace DAG™ Cards, our hardened, linux-based operating system (OSm) and an application layer comprising EndaceVision™ and custom or third-party applications running in the EndaceProbe's Application Dock™ VM based hosting environment.

100% accurate line rate packet capture

Leveraging the power of DAG technology, EndaceProbes capture every packet from the wire, regardless of packet size or line rate, at speeds up to 40Gbps natively. When used with EndaceAccess™ Network Visibility Head-Ends, EndaceProbes can also provide full visibility into 100Gbps links.

Unlike NIC-based solutions, DAG technology uses direct memory access (DMA) to acquire and move packets from the wire directly into host memory using minimal CPU resources. By reducing the processing cycles required to acquire packets, applications hosted on the system can be given more resources to work with.

Learn more about DAG.

Highly accurate time stamping at the interface

For traders concerned with minimizing latency, and anyone interested in forensic packet reconstruction, highly accurate time stamping of captured packets is essential.

The DAG technology that underpins every EndaceProbe attaches a nanosecond accurate time stamp to every packet. Time stamps have a resolution of +/- 7.5 nanoseconds and an accuracy of +/- 50 nanoseconds. Using a timing input source, such as GPS, the time stamps on many EndaceProbes can be synchronized to within a few nanoseconds.

At 10Gbps, it's possible for anything up to 1500 packets to be given the exact same time stamp unless you have nanosecond-level accurate time stamps, which makes accurate reconstruction and forensic examination of traffic very challenging.


EndaceProbes allow captured packets to be recorded to local disk for retrospective analysis using a range of different analytics tools. Writing packets to disk at high line rates is a significant technical challenge and requires careful selection and optimization of system components.

EndaceProbes support up to 192TB of local storage (offering days to weeks of storage) and can write-to-disk at up to 40Gbps. A range of either SAS or SSD based EndaceProbe models are available to suit a wide range of throughput performance, storage, and space requirements.

Real-time protocol identification

Knowing exactly which application a packet relates to is essential for effective diagnostics and troubleshooting. The integrated Deep Packet Inspection (DPI) engine makes EndaceProbes "application aware". Every flow captured by EndaceProbes is given an application classification which is added into the metadata database that underpins EndaceVision.

The application identification algorithm can accurately identify nearly 600 different applications.

About DPI on EndaceProbes

Packet filtering, replication and de-duplication

Different tools require different packet inputs to provide visibility into different things. To ensure that applications operate at maximum efficiency, EndaceProbes can filter (and drop) packets based on a wide range of different parameters at all levels of the OSI stack.

Because EndaceProbes are multi-application capable there's often a requirement to send the same packet to two different places. To fulfill this requirement, EndaceProbes support packet replication and, where necessary, de-duplication.

Traffic indexing

As packets are recorded from the network they are indexed in real-time. The index is stored locally on every EndaceProbe and includes a wide range of essential metadata including application type, IP addressing, MAC address, time stamp, etc. that enables engineers to quickly isolate packets of interest from anywhere across the network.

The packet index is the power behind EndaceVision, the powerful, browser-based investigation application bundled with every EndaceProbe.

Find out more

Central Management and Access Security

Every element of an Endace Monitoring and Recording Fabric shares a common management interface that enables the health, status and performance of every system to be monitored from a central point. Central management enables all Endace Systems (EndaceProbes, EndaceFlow™ NetFlow Generators and EndaceAccess™ Network Visibility Head-Ends) to reside comfortably in a lights-out, data center environment.

At the heart of a monitoring and recording fabric is the EndaceCMS™ Central Management Server which provides the central management capability.

In addition to central management, every Endace System supports RBAC and TACACS access as well as full audit reporting of end-user activity and Syslog.

Learn more

Support for custom and third-party applications

Endace Application Dock™ allows virtual images of commercial, open-source and custom third-party applications to be hosted on EndaceProbes.

Hosted applications can access real-time traffic or, using Playback, historical traffic for analysis. . EndaceProbes allow up to four applications to be hosted simultaneously depending on the specification of the EndaceProbe model and the resource requirements of the hosted application.

Find out more.

NetFlow Generation

For a complete packet-and-flow monitoring fabric, EndaceFlow™ NetFlow Generators, or the EndaceFlow Application running in Application Dock, can deliver highly accurate NetFlow® V5, V9 or IPFIX. NetFlows can be either pure (unsampled) or sampled NetFlows and can be exported as a TCP stream via the management LAN.

EndaceFlow AppliancesEndaceFlow Application