EndaceVision and Packets
EndaceVision™ is a browser-based application, bundled with every EndaceProbe™ Analytics Platform, that helps IT teams investigate and resolve a wide range of network related problems. It enables network engineers and security analysts to search, visualize and interrogate historical network packet data recorded by EndaceProbes deployed across the network.
For organizations that rely on their network for business continuity, EndaceVision is an essential element of any security and network management solution set.
The ability to quickly isolate and examine the exact packets relating to an incident dramatically increases analyst productivity, reduces response times, improves network uptime and security and drives down operational costs.
- 100% packet visibility on network links from 10Mbps to 100Gbps
- Segment-specific and network-wide intelligence
- A wide range of visualizations including accurate microburst detection, bandwidth over time and top talkers
- Application-aware browser-based client that runs on any browser
- Integrated event resolution workflow.
Searching and Filtering
Users can search recorded traffic based on a wide range of parameters including link name, application classification, IP address, MAC address, port number, time stamp etc.
Application Awareness through DPI
EndaceProbes provide built-in Deep Packet Inspection (DPI) which classifies captured traffic by application. This makes it easy to filter and search on traffic by application to see what's happening on your network.
Network-Wide Search and Data-Mining
EndaceVision can be used with InvestigationManager™ to provide fast, network-wide traffic visualization, search and data-mining across an entire connected fabric of EndaceProbes - known as an EndaceFabric™
The ability to concurrently query some or all of the EndaceProbes in a monitoring fabric reduces the time to visibility on critical issues and avoids the need to do repetitive sequential searches of different systems.
EndaceVision uses metadata generated from network traffic recorded by EndaceProbes deployed throughout the network to create traffic visualizations.
It delivers detailed network visibility that makes it possible to quickly and accurately investigate and remediate issues identified by security and network monitoring tools on the network,.
Working out what happened in the event of an outage or suspected breach is typically a process of discovery, iteration and elimination. To facilitate this process EndaceVision allows users to visualize traffic in a number of different ways. Users can move between views seamlessly, add new filters and zoom in/zoom out to help find the cause of a problem.
Click on the images below to view the Visualizations.
IP Bandwidth-over-time Breakdown and Burst Analysis
Bandwidth over time is typically the starting point for many investigations and allows the user to see bandwidth utilization at different resolutions, from days or months to 1000 μs where the real microbursts can be seen. The bandwidth view quickly highlights unusual traffic spikes that often explain application performance issues.
The conversations visualization allows users to identify and isolate specific conversations at MAC, IP or transport layers. It is typically used in conjunction with Top Talkers to examine the behavior of a given host. Conversations can be sorted by total bits, packets, sessions and bit rate.
Traffic over Time
Traffic over time offers a blend of IP bandwidth over time and traffic breakdown, allowing users to visualize how much bandwidth a specific application, IP protocol, VLAN, MPLS, Port IP or MAC consumed over any given time period. This view helps to identify bandwidth hogs and diagnose performance issues.
MicroVision - See the Detail that Matters
Leveraging the nanosecond resolution time stamps on traffic captured by EndaceProbes, EndaceVision’s MicroVision™ feature enables users to visualize events on a 10-microsecond scale – small enough to investigate the cause of disruptive microburst activity.
Microbursts can disrupt a network in multiple ways:
- A sudden synchronous burst can flood port buffers on a switch, triggering packet drops that slow transactions.
- Real-time traffic such as voice or video works best with constant latency values, but microbursts of other traffic can create jitter that disrupts calls.
- Even network attackers are starting to use microbursts, making quick connections to targets that simply can’t be seen in a 30-second monitored sample.
EndaceVision makes it easy to find microburst locations with a user-friendly bandwidth visualization that displays both the average and maximum values for every sample point.
The sampling window for bandwidth depends on the time source used by the EndaceProbe and is 0.1 second for a standard time source, and 0.01 second for a precision time source such as PTP or PPS. For each point, the maximum value is displayed as a red dot. To zoom in, either click and drag the time range or just click the dot. MicroVision processing starts automatically, with no additional user action required.
EndacePackets - browser-based Packet Decoding
Network engineers and analysts often need to access raw packet data in order to establish the root cause of a problem. The tool of choice for most is Wireshark, however, this can cause compliance problems - particularly for financial institutions.
Organizations have a legal responsibility to minimize the risk of information loss. This means ensuring raw packet data never leaves the capture system or the data center confines. For analysts needing to use Wireshark on their laptop, this is a challenge that is quietly overlooked by many organizations.
EndaceVision solves this by providing a browser-based, protocol decode tool, called EndacePackets™, that supports Wireshark filters. This means packets of interest can be decoded without ever leaving the EndaceProbe, and network load is reduced by avoiding the need to transfer large capture files across the network for analysis.