MONOSEK Network Analyzer
MONOSEK Network Analyzer
Monosek is a high-end Network Packet Processing and Protocol Analysis System. The product can analyse incoming traffic in Real-time at 1gbps and above (up to 40gbps), using specialized dedicated network processor card. The card has built-in time- stamping in micro-seconds, detection of flows and extraction of fields in each network packet layer. Bundled libraries such as Protocol library, flow library, Application detection and Virus/content detection libraries provide excellent development platform for students and researchers to understand network packets and do further research in network security and Network Protocols.
Enquiry about MONOSEK Network Analyzer
Product Description
Card Highlights
- Flow Identifier for each packet with new-flow/existing-flow indicator
- User Rule Context
- Flow timeout and Each flow with individual Programmable flow timeout
- Timestamp on packet arrival with 11ns accuracy
- Static rules in TCAM
- Dynamic flow control in Micro-engines
- Packet drop/forward in micro-engines
- Load Balancing of flows to host
- Jumbo Frames
- Ethernet Encapsulation
- Stealth mode – No network activity, making it difficult to hack.
Flow Processor panel
“It can identify and segregate the packets belonging to more than one million concurrent Flow”.
Programmable Processing Cores
- 40 multi-threaded flow processing cores operating at up to 1.4 GHz
- 320 threads
- Microengine v2.7 (8k instructions or 16k shared between 2 MEs; 1k-word local memory)
- ARM11 core @ 700MHz, 500MHz and 325MHz/32-bit data path
Memory
- SRAM interface (QDR) (two channels) with peak bandwidth of 2GBytes/sec per channel using 250MHz SRAMs (1GByte/sec Read, 1GByte/secWrite)
- DDR3 DRAM (two channels) with peak bandwidth 8.5GBytes/sec (68.2 Gbps) for 64-bit channel
Card Features
- Up to 40 flow processing cores
- OpenFlow 1.3 support with 42 match fields
- OVS 2.0 acceleration
- Packet classification and filtering
- Stateful flow analysis and action processing for up to 8 million flows in hardware
- Hardware-based cryptography and PKI operations
- Extremely low latency
- I/O virtualization
- Packet timestamping with 11ns accuracy
- GPS time synchronization
- Dynamic load balancing to parallelize application performance
- Layer 2 switching
- Layer 3 routing
- Network address and port translation (NAPT)
- Full programming flexibility to support network or protocol changes
- APIs controlling flow processing cores
PCIe
PCIe Gen2 interface x 8 offering up to 40 Gbps of bandwidth to the x86
Network Interfaces
- 2x10GigE, SFP+
- 6x1GigE, RJ-45
Memory
- TCAM, up to 36Mb TCAM
- SRAM, up to 32MB @ 300Mhz
- DDR3 DRAM, up to 8GB
Power
- 40W (average)
- 65W (maximum)
Operating Temperature
0-70°C ambient
SOFTWARE
- Comprehensive software and hardware development tools
- Comprehensive library of application software building blocks
Operating Systems
- Ubuntu Server LTS 64-bit (currently 12.04)
- CentOS 6.x 64-bit
Compatible Hardware Platforms
Intel Xeon host CPUs (PCIe Gen2 and Gen3)
Licensing
“20 user licence with speed support upto 6*1 Gbps.”
Research Interests
- Virus signatures – Study and analysis.
- Network attacks – Known attacks – Identifying and alerting, creating statistics.
- Network attacks – Behavioral pattern matching to estimate possible new threats.
Real Time & Forensic – Applications and Services
- Monitoring the high speed network traffic.
- Developing own pattern of traffic with API calls.
- Enables us to understand protocols practically.
- To study various protocol traffic patterns.
- To have in-depth analysis of all protocols.
- To create sessions and perform session reconstruction of analyzed protocols.
- Vast scope for Research and Development in Protocols using API calls.
- API-calls serve us to build our own application.
Programmable Filters
- Monosek provides programmable filters, so that only packets of interest can be observed.
- Filters provide deep packet inspection. So programs can be written to analyse not only headers but also contents of the packets (DPI).
- Monosek provides for dynamic filters so that depending on how network traffic is behaving, the interfacing C/C++ program can add, modify or disable any/some of the filters.
SDK
- Practical work, extensive observations, observe network traffic with readily available GUI.
- C/C++ programmable interface enables Developers to access analysed packet information as well as raw packets in real time, Develop C programs to work on real-time packets, making use of analysis already carried out by Monosek.
- API calls serve you to build your own application. By using our API calls, you can get the information like Packet Arrival time, size of the packet, packet number, Source and Destination IP address, MAC address etc
Packet Analysis and Session Analysis Module
- Captures entire header information for each packet, such as IP addresses of source and Destination, port addresses of TCP and UDP protocols, MAC addresses of previous and next network elements, number of bytes per packet ,etc. and time stamp for each packet with Hour-Minute-Seconds –Milliseconds-micro seconds.
- Experiments for the students for understanding of Computer Networks. Enables students to develop applications in network domain with C and C++ on our SDK.
- Users can develop new algorithms and recreate sessions for a protocol based on n-Tuple flow criteria
- Applications can be built by the users which can make use of Monosek powerful analysed data such as viewing of web sites visited, viewing mail contents and contents of the files sent as attachment in the mails, listen to VoIP sessions and watch videos that were streamed into the network under analysis by Monosek.
- These module contains Protocol Library, Flow Library, GEOIP Library, and Application Service Detection (ASD) Library, Virus Signature Detection(VSD) Library and Session Library.
| Sl No. | Sample Experiments for students ( available with SDK library and Source code) |
|---|---|
| 1 | Display all packets (irrespective of Transport Protocol) in a table format. |
| 2 | Display all TCP packets in a table format. |
| 3 | Display all UDP packets in a table format. |
| 4 | Display all TCP packets in a table format. |
| 5 | Display all SMTP packets in a complete packet format.. |
| 6 | Display all POP3 packets in a table format. |
| 7 | Display all HTTP packets in a table format. |
| 8 | Display list of all captured IPv4 addresses being monitored. |
| 9 | Display list of all captured IPv4 addresses using HTTP services. |
| 10 | Display all packets (irrespective of Transport Protocol) in a complete packet format. |
| 11 | Display all TCP packets in a complete packet format. |
| 12 | Display all UDP packets in a complete packet format. |
| 13 | Display all packets with layer wise information display ( TCP/IP model based) |
| 14 | Display a Flow Analysis of TCP Handshake mechanism. |
| 15 | VoIP Analysis using SIP/RTP protocols and performs VoIP session reconstruction. |
| 16 | Deep Packet Inspection techniques to detect XSS, SQLI vulnerabilities. |
| 17 | IP Trace back to map an IPv4 addresses to Geo locations. |
| 18 | Deep Packet Inspection techniques to detect Flow based Application protocols. |
| 19 | Pattern matching filter for the analyzed and reconstructed sessions (HTTP, SMTP, POP3). |
| 20 | Detect IPv4 addresses from the session reconstructed data of POP3 mail containing details of Origin, Receiver and Proxies involved. |
“Monosek on Cloud”, for people to learn, develop, perform Research in the cloud or on-premise in their own environment.
Prof and HOD at a Premiere Institute of Technology in India –
Monosek is a great tool for students and people who want to do research. This is an ideal tool for network labs. Students can conduct experiments and do projects in network protocol or flow and network security domains for understanding of Firewalls, IDS and IPS, with simple C or C++ Callable library functions