Features
100G+ Scalable Line-Rate Performance
Always-On (Flight Recorder Mode)
The NTA is designed to be the “flight recorder” for your enterprise: Always on 24/7, and ready to provide answers instantly while still continuing to record everything. The storage space is always contains the latest network traffic on disk – it records everything in a loop and overwrites the oldest data.
Scalable Storage
The more retention time you want, the larger storage capacity you need. The NTA can be seamlessly extended by Storage Extension servers up to a maximum of 6.5 PB.
Storage Partitions (Storage Tiers)
Some network traffic are more important than others, and the NTA offers to record network traffic in two storage partitions. Each partition has its own recording loop, and is holding only the types of traffic assigned for that partition. It is like have two systems in one, with two individual retention times, but with a search engine that can span both. The size of the partitions can be chosen as a fraction of the total storage capacity, and can even be modified on-the-fly.
Protocol Decoding (L2, L3, L4, L5-7, Custom)
Real-time decoding of protocols is key to many of the advanced functions of the NTA such as filtering and indexing for fast search. From the lowest OSI layers and up to applications, the NTA provides decoding of more than 100 protocols and encapsulations.
Statistics
A broad selection of statistics for the network traffic as seen on the wire (even if it is recorded or not) is provided on an easy-to-use dashboard. Statistics includes traffic volume, packet size distribution and distribution of protocols found. On search results, further statistics on flows (top talker hosts), and full flow decoding information are provided.
Easy to use browser based GUI
User interaction with the NTA is provided through a GUI based web interface, and thereby accessible by any device with a browser. No need to install any proprietary software on the client.
Recording And Slicing Filters
The NTA can be set to record everything on the wire – without packet loss. If some types of traffic are not needed to be recorded, it can be selectively discarded using the recording filter function. Filters can be set based on protocols, protocol fields, time, or physical network interface. Slicing based on fixed length, encryption or header length can be added to the filters. Filters can be combined by using Boolean AND/OR.
Ultra Fast Search Engine
Getting fast search results is the cornerstone of the NTA, and is achieved by indexing the recorded traffic based on advanced protocol decoding. Search criteria can be combined by using Boolean AND/OR. If a search is needed for traffic types not supported by the fast indexing structure, BPF filtering is provided.
Multi-User And Team Support
As the NTA can be used for many different purposes, a number of different users can be configured to access the system in different ways. Teams of users can work together and share search scenarios and search results, and thereby efficiently combine individual areas of expertise to solve network issues.
Application Flow Identification
All search packets in the results are decoded and identified as belonging to one of the more that 100 protocols supported by the protocol decoder, and can then be grouped into flows on the highest level of decoding, and be identified correctly when tunneled and encapsulated (VLAN, MPLS, etc.). This is much more precise and valuable than the standard 2- and 5-tuple flow identification found by most other solutions.
Scheduled Search
As an addition to interactive search, a built-in scheduler can be used to run specific searches at specific times. The scheduled search jobs can be set up to run once, or in a recurring pattern, e.g. to create a PCAP files every hour with some traffic of interest. In this way you can create an automated tool chain, with an output from the NTA that are manageable for post analysis by most 3rd party tools.
Prioritized Search Queue
With interactive search jobs from different users, scheduled jobs, and queries from 3rd party applications through the API, the searches can be prioritized according to the importance of the search. Each user (including access through the API) can be assigned a range of priorities within to be able execute searches, and then select the appropriate priority for each specific search.
REST API And 3rd Party Integration
The NTA is highly interactive for both users and 3rd party applications, and a comprehensive REST API gives full access to the advanced search functions of the NTA. The NTA can therefore be used as a data source for NetOps, SecOps, AI analytics tools, and indeed any analysis or forensics solution in the organisation.
Time Zone Support
All traffic is recorded by the NTA with UTC time zone time stamps, so to facilitate a more intuitive search, all local time zones are supported. In a global setup, searches across multiple time zones is handled consistently, and easier to manage.
Export to PCAP, CSV or Replay File
In addition to the built-in Packet Viewer and Flow Viewer, it is possible to export all search results to standard PCAP files for analysis by Wireshark, or any other proprietary or open source tool. Flows and statical data can be exported in CSV format for further off-line analysis and visualization.
Replay
The NTA can be used as a powerful traffic generator, replaying actual traffic that were recorded earlier, or uploaded PCAP files. Multiple files can be combined and replayed in sequence, and the replay rate and pattern can be modified. This is especially useful for stress-testing the network infrastructure or specific network devices with real-world traffic or previously encountered network attacks. The NTA is capable of accelerating the traffic replay all the way up to 100% line speed, in order to simulated a fully saturated network.
RFC Help Integration
With the comprehensive protocol decoding capabilities of the NTA, it is useful to have a reference guide to help the analysis of the search results. Therefore, a library of the relevant RFCs are provided as an easy contextual help source.
