Sluiten

FlexaMiner Packet Filter

FlexaMiner® Packet Filter FM800PF

FlexaMiner FM800PF packet filterFlexaMiner FM800PF is an aggregating Data Monitoring Switch, a.k.a. a Network Packet Broker or Packet Filter. It is a powerful data filtering solution that reduces the amount of network traffic to only that data which is relevant to network security tools, network performance tools, or network monitoring tools.

FlexaMiner FM800PF offers selective traffic aggregation and user-configurable packet filtering. It transfers filtered data over Ethernet to an existing monitoring tool for further processing. It eliminates the bottlenecks in data ingestion capabilities of existing tools, and averts the investment in extra monitoring servers with a limited number of data inputs.

Technical specifications

Reducing data streams with user-defined criteria

Reducing data streams with user-defined criteria

The FlexaMiner Packet Filter FM800PF receives and filters communication data streams. If a packet in the data stream matches the user-defined filter criteria, its content and the intercept related metadata is forwarded for further processing.

Input

  • 16 x 10 Gbps monitoring inputs (RJ45 copper Ethernet)
  • Applies up to 300 filters per channel to Ethernet traffic
  • Supports IPv4 and IPv6 traffic
  • Supports jumbo frames
  • Received packets can be limited in size with user-defined maximum capture length.

User-defined filters

The user controls FlexaMiner with a 1 Gbps RJ45 copper Ethernet port and can construct filter rules to only pass data that meet one or more of the following criteria:

  • IP version (IPv4 or IPv6)
  • IP protocol number
  • Source IP address, destination IP address, or both.
    Passing on network traffic from a range of IP addresses, similar to subnet masking, is also possible.
  • TCP/UDP source or destination port
  • 3-tuple hash
  • 5-tuple hash (TCP/UDP traffic only)

Output

  • 2 x 10 Gbps data output (RJ45 copper Ethernet)
  • Content of communication of the packets that meet the filter criteria, for further processing. The user defines which information is forwarded:
    • Layer 2/3/4 header and Layer 4 payload, or
    • Layer 3/4 header and Layer 4 payload, or
    • Layer 3/4 header.
  • Intercept related metadata such as:
    • Information on which filter rules caused the packet to be forwarded (up to 5 rules).
    • Metadata on the forwarded Ethernet packets to facilitate further processing, such as 64-bit timestamp indicating the arrival time in the Ethernet processing block, Ethernet frame length and double VLAN header.
    • IP related metadata, such as IP version, protocol number, source/destination address, and 3-tuple hash
    • TCP/UDP related metadata such as source/destination port/address, 5-tuple hash, and offset of L4 header/payload for fast payload processing.
  • Filter statistics (e.g. number of filtered packets, packets not meeting filter criteria, malformed frames and size limited packets (SNAP_LEN))

 Applications

FlexaMiner Packet Filter FM800PF is extremely suitable for use as a network packet broker for lawful interception, to reduce input data streams.