Medical procedures today are characterized by precision. Thirty years ago, most cancer surgeries involved general anesthetic, “opening up” the patient, invasive and radical procedures, extended hospital stays for recovery, and in many cases. significant side effects. Today, a surgeon can make a small incision, insert a laser probe, and “zap” the tumor, in many cases under no more than a local anesthetic. The benefits are faster recoveries and little to no side effects.
Today marks the launch of Endace Packets, a protocol analyzer for EndaceProbes, which brings the same level of “laser precision” to the Network Operations (NetOps) and Security Operations (SecOps) process. Many of you are familiar with Wireshark, the open source network analysis tool. Wireshark has been the de facto standard for packet analysis in the Ethernet world for nearly a decade, and is used extensively by both NetOps and SecOps personnel. However, the file sizes of traces produced from 10Gb Ethernet (10GbE) networks is a challenge for Wireshark, as anyone who has used Wireshark on such a trace can attest. Like surgeries of old, you need to “open up” the patient to find the particular data of interest, which slows issue resolution
Enter EndaceVision, the keystone analysis tool for Endace’s network recording and search products. EndaceVision tools allow you to “take a bite” (or perhaps more fittingly “take a byte”) out of large 10GbE trace files by finding the specific packets of interest in a trace for a given network issue. These packets can then be exported in a Wireshark format for further analysis. By helping NetOps and SecOps personnel to find and isolate the specific packets that are of interest, EndaceVision can reduce time to resolution for network and security issues. Like today’s surgical procedures, EndaceVision lets you laser-focus on the specific packets that are relevant to your network issue.
One of the “side effects” of Wireshark has been that sensitive information often ends up being taken out of the data center and analyzed on someone’s laptop. This is where Endace Packets, the newest edition to the EndaceVision suite of tools, comes in. Endace Packets, which is based on TShark (the terminal version of Wireshark), provides the same rich capabilities that Wireshark provides. However, Endace Packets runs directly on the EndaceProbes that are in your data center. The value of this is that the sensitive information inside the packets never leaves the data center, and hence is not susceptible to compromise. You get speedier recoveries from network issues, with no side effects.