1. What is continuous deep packet capture and stream-to-storage?
  2. What is the value of continuous deep packet capture and stream-to-storage?
  3. What is CALEA?
  4. How fast can the Solera DS appliances capture and stream-to-storage network traffic?
  5. Where does a Solera DS appliance fit in my network?
  6. How do I get access to the traffic (packets) captured by the DS appliance?
  7. What applications work with the Solera DS appliance?
  8. How long does the Solera DS appliance store the network packets it captures?
  9. How many capture interfaces can the Solera DS appliance products?
  10. Can I apply filters or policies to limit what traffic will be captured?
  11. Can I just buy the Solera DS capture software and not the appliance?
  12. Do the Solera DS appliances support wireless networks?
  13. Are Solera DS appliances detectable on my network?

1. Q: What is continuous deep packet capture and stream-to-storage?

A: Solera Networks technology allows you to create a continuous record of your network traffic. We capture a complete record of network traffic, the packet header and payload, and we stream it to storage at a rate faster than anyone else, without losing a single packet. With an actual recording of your network activity and traffic you can more effectively manage your network, improve network security, perform network analytics/forensics and for service providers, support lawful intercept requests.

top

2. Q: What is the value of continuous deep packet capture and stream-to-storage?

A: Today, network analysis tools are plentiful, but all rely on a sampling of data. You either analyze a sampling of data and hope to find the root cause of a problem, or you have to know what to look for while you are analyzing the active traffic. Too often, you don't know what to look for until after the traffic has already passed through your network. Having a complete record of your network traffic allows you to perform filtering, network analysis and forensics to uncover the root cause of a problem. Continuous deep packet capture adds value in a number of areas including:

Network Security – Better support Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) with a complete record of network traffic. When a firewall detects something out of policy, you have a complete record before and after the event to determine the root cause of the intrusion and quickly secure any weak points to prevent future breaches.



Network Management – Enforcing network use policies, ensuring compliance, improving the quality of service, and shaping network traffic to optimize performance are important elements of effective network management. When you have a complete and accurate record of network traffic, you can more effectively perform these tasks.



Lawful Intercept – Internet Services Providers (ISPs) and VoIP providers are required by law to have the capability to deliver network traffic data to Law Enforcement Agencies (LEA) as determined by a warrant. It's basically a wiretap on any network traffic that may pass over the provider's network. Solera Networks technology provides a cost-effective and simple way to capture specified traffic and deliver it to any LEA. Our technology supports the Communications Assistance for Law Enforcement Act (CALEA) and their equivalents in other countries.



Forensics/Analytics – A complete record of your network traffic enables your network analysis and forensics tools to deliver an accurate report, not a guess derived from a mere sampling of data. Now you can better identify weak points in your network and determine where sensitive data is being siphoned off. Perform behavioral analytics on your network and improve the quality of your business intelligence. Reconstruct any portion of your network traffic and obtain evidentiary proof of network misuse or unapproved behavior.

top

3. Q: What is CALEA?

A: CALEA stands for Communications Assistance for Law Enforcement Act. Solera Networks delivers a Solera CALEA Appliance to support service providers who must comply with this mandate. top

4. Q: How fast can the Solera DS appliances capture and stream-to-storage network traffic?

A: Solera Networks DS network forensics appliances can capture at sustained rates of 10 Gbps without packet loss. top

5. Q: Where does a Solera DS appliance fit in my network?

A: A Solera DS appliance can be added to your network in a number of ways:

  • To a SPAN (or mirrored) port off of a router. You can configure the traffic you wish to see; configure the SPAN port then connect the DS appliance directly to the SPAN port.
  • You can install a DS appliance "in-line" via an optical splitter for splicing into a fiber network.
  • For smaller networks you can install the DS network appliance via a "hub" (not a switch) so that all traffic on the hub is visible to the DS appliance.
  • In certain environments it may be preferable to use several appliances; one in the DMZ, others on critical sub-nets, or configured by policy to capture specific traffic (such as VoIP).
  • Deployment can be either through a hardened appliance specifically designed for very fast capture rates, or through the Solera Networks Virtual Appliance which can be deployed on any server platform supported by VMware™.
top

6. Q: How do I get access to the traffic (packets) captured by the Solera DS appliance?

A: The captured network packets can be viewed in three different ways:

  • Traditional file utilities can see the captured packets via the virtual file system (VFS). These are industry standard LIBPCAP or sometimes called TCPDUMP format files.
  • You can configure one of the available "virtual interface devices" that come with the DS appliance. For instance you can configure a virtual interface to be a merge of all packets, then have your application open and read from this device.
  • You can retransmit or regenerate the captured data to external network segments. This is done by using the regeneration utility or the Solera Web Console interface.
top

7. Q: What applications work with the Solera DS appliance?

A:Since the DS appliance uses open industry standard formats (pcap files and virtual Ethernet devices) for access to captured data, all commercial, custom and open source applications that support these formats work without modification. Numerous third party applications are available to analyze captured traffic. A view a sample list of software to be used in conjunction with deep packet capture devices.

top

8. Q: How long does the Solera DS appliance store the network packets it captures?

A: The DS appliance uses a least-recently-used (LRU) storage scheme. In other words, when the storage of the DS appliance is full, space is made for new packets by deleting or removing the least-recently-used packets. In this way you get a "window" of time for packet storage.

The amount of network traffic you can store depends on the volume of your network traffic, how much of your traffic you decide to capture (you may filter and capture only a portion of your traffic), and the amount of available storage. You may capture a few hours of traffic if you have an entry-level Solera Networks appliance with storage of 1.5 TB. You may capture month's worth of traffic if you chose to capture only a portion of your traffic and have more storage capacity on your appliance. The Solera DS 5150 has 16TB of storage. If you choose to store your traffic history on external storage, you are only limited by the amount of storage you have. Examples of storage windows for DS Appliances at various storage configurations.

top

9. Q: How many capture interfaces can the Solera DS appliance support?

A: The answer is dependent on the particular DS appliance. The entry level DS 1150 includes 4-port 10/100/1000 copper or 4-port 1000 Base SX Ethernet card. The DS 5150 has a 2-port 10 Gb fiber card. Other product configurations and details on capture interfaces are available at: www.soleranetworks.com/products/product-comparison.php

top

10. Q: Can I apply filters or policies to limit what traffic will be captured?

A:Yes. Packets can be filtered based on IP version 4 or 6 addresses, MAC addresses, protocols, ports, port ranges, networks, and pattern-matching. Filtering can be done as data is being captured (Ingress) or after the fact during playback (Egress). More on filtering.

top

11. Q: Can I just buy the Solera DS capture software and not the appliance?

A: Solera Networks is able to deliver unmatched capture speeds through the combination of DS capture software and commodity hardware that has been selected to provide optimal performance. While the combined software and hardware solutions provide optimal performance, customers have the option to deploy our software as a virtual appliance through a VM image or through a certified configuration for standard HP hardware. More information on our Certified Configuration and Virtual Appliance

top

12. Q: Do Solera DS appliances support wireless networks?

A: Yes.

top

13. Q: Are Solera DS appliance detectable on my network?

A: Solera DS appliances can be configured via a network mirror (SPAN port) or a network tap and can be configured without an IP address and therefore can sit undetected on your network

top