WhalePipe - Best Traffic Recognizer/Traffic Monitoring/Network Forensic Tools
Advantages
True Application Identification: Automatically identify over 3,000 applications to expedite network forensics with advanced classification methods and deep packet inspection.
SmartFlow™ Session Classification: Recover Layer 7 application details and packet data for all sessions.
Deep Packet Analytics (DPA): Automate threat detection by correlating against full packet payload and SmartFlow data using out-of-the-box rules and customizable scripts.
Full Packet Capture: See every bit that crosses your network with Layer 2–7 packet capture stored in industry-standard PCAP format.
SmartCapture™: Automatically capture sessions based on application or packet content to preserve the information you need. Unstructured Search: Drill down to critical packet and flow data with our Elasticsearch backend to streamline your investigation.
File Reconstruction: Reconstruct email file attachments to support malware analysis and data loss monitoring.
Alerts & Dashboards: Surface continuous, automated analysis on saved searches through customizable analyst dashboards.
API Integration: Provide third-party tools access to session-based packet captures and reconstructed files.
Flexible Deployment for Network Monitoring: Choose the right NetMon deployment for your environment
Highly scalable 10 Gbps appliances: Appliances that can keep up as the demands of your network grow
Software appliances for remote sites: A cost-effective and flexible solution for monitoring low-bandwidth remote sites starting at 10 Mbps
Integrate with existing monitoring infrastructure: Whether via span port, tap, or network packet broker, our passive sensors easily integrate with your infrastructure or SIEM
Virtual sensor: A virtual sensor for virtual switches improves your visibility into your cloud infrastructure
Features
Live sniffing upto 800 Mbps
Parse PCAP files
Parse PcapNG files
IPv6 support
Extract files, emails from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3 and IMAP traffic
Extract X.509 certificates from SSL encrypted traffic like HTTPS, SMTPS, IMAPS, POP3S, FTPS etc.
Decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS
Receive Pcap-over-IP
Runs in Windows and Linux
OS Fingerprinting (*)
Audio extraction and playback of VoIP calls
OSINT lookups of file hashes, IP addresses, domain names and URLs
Port Independent Protocol Identification (PIPI)
User Defined Port-to-Protocol Mappings (decode as)
Export to CSV / Excel / XML / CASE / JSON-LD
Configurable file output directory
Configurable time zone (UTC, local or custom)
Geo IP localization (**)
DNS Whitelisting (*)
Advanced OS fingerprinting
Web browser tracing
Online ad and tracker detection
Host coloring support
Command line scripting support
High-Speed PCAP parsing speed (**): Gui version (Upto 10 MB/s) - CLI version (Upto 20 MB/s)