Advanced Network Packet Broker Features Explained

Solutions for Complete Access and Visibility into Network

Advanced Network Packet Broker Features Explained

In today’s modern network architecture, monitoring and security tools are required to handle traffic coming from multiple visibility devices including network TAPs or SPAN port. Each of these tools possess a different requirement. In addition, the volume and diversity of traffic can also be overwhelming to these tools. Network Packet Brokers (NPBs) are able to address this challenge by providing a more centralized and intelligent way to manage data forwarding to the monitoring tools.

To do all this, however, NPBs must be capable of managing the relentless growth in network traffic, the multiplication and constant evolution of monitoring and security appliances also the increasing complexity brought by virtualization technologies.

Introducing Next-Generation Network Packet Brokers (NGNPBs)

To accommodate the needs of digital businesses, NPBs capabilities have evolved. Aside from its core functionality such as intelligent aggregation, advanced filtering and load balancing, the NGNPBs offer the following extensive set of features:

Packet Slicing

Packet slicing is one of the most important features that NGNPBs have. Networks and servers only have a limited amount of data storage. If your network can’t cope with the amount of traffic, then packets are more likely to get lost. To prevent this from happening, you need to make sure your device isn’t being wasted on maintaining unnecessary packet payload. How? By removing payload that is irrelevant to your network monitoring and security analysis. When the payload is reduced, the system can run more efficiently.

When using packet slicing, the filter slices a packet to the size of the frame through the header. If you remove payload data from packets and leave only the header information, you ensure that only the right data is captured and sent across to the appropriate tool. As a result, the performance of your tools will be improved as the throughput and storage space are reduced. another benefit of this feature is in security compliance. With packet slicing, you will be able to take out confidential data before it reaches your monitoring tools. This to ensure that this sensitive data is not being stored outside secure boundaries.

Figure 1. Packet Slicing

GTP IP Filtering

According to Statista, mobile accounts for approximately half of web traffic worldwide and is projected to grow substantially in total of traffic volumes. Most traffic generated will be real-time video and multimedia files requiring increased bandwidth and fast connection. As this demand will continue to explode, mobile wireless networks must expand greatly in capacities.

GTP is a group of IP-based communications protocols used to carry GPRS traffic within GSM and UTMS networks. It is designed as a carrier to transport actual mobile packets over the network via tunneling. The tunnel is a channel between multiple GPRS support nodes through which the hosts exchange data. All IP addresses in the GTP packets are for mobile network elements such as the base station and the serving gateway.

When IP tunneling is used to deliver IP traffic across the core network using GTP, there can be multiple layers of encapsulation and addressing within the IP traffic. That’s where GTP IP filtering feature comes handy. This feature will allow you to filter by IP in GTP sessions based on information in the data stream to control data flows within your infrastructure. This can be done by configuring the device to pass or drop the encapsulated traffic that doesn’t match the packet policy from mobile station through identifying the source and the destination.

Figure 2. GTP IP Filtering

ERSPAN Tunneling & De-Tunneling

(GRE tunneling and de-tunneling, VXLAN de-tunneling, and ERSPAN stripping)

Beyond scalable aggregation, replication, NGNPBs provides access to traffic through a variety of complex tunneling protocols such as, Encapsulated Remote SPAN (ERSPAN), Generic Routing Encapsulation (GRE), Virtual Extensible LAN (VXLAN). These advanced tunneling features will help you to ease blind spot of multiple traffic traversing on network anywhere within your IT infrastructure whether it is locally or remotely, physically or virtually.

Track packets easily by adding IDs to packets based on the source (ingress) port and remove them as they leave the NGNPBs via exit (egress) ports. Using this approach, packets are encapsulated and directed from a switch/VLAN to a target IP endpoint with GRE or ERSPAN tunneling and send to the appropriate tools. Also, by identifying and stripping the protocol, Network Engineers can selectively dictate which types of traffic should be routed to a specific device for further analysis.

Figure 3. ERSPAN Tunneling & De-Tunneling

Packet Deduplication

Duplicate packets are very common in networks and unavoidable, especially when you are using SPAN/mirror port. When duplicate packets are transmitted to your monitoring tools, the tools can be overloaded resulting in inefficiency. For that reason, eliminating identical packets is crucial. Not only will this improve the data capacity but also enhance your network performance to achieve your monitoring goals.

Network Packet Broker can eliminate duplicate packets before forwarding the traffic to the monitoring tools. With this packet deduplication technology, similar copies will be dropped from the data stream to reduce overhead. When your network monitoring tools don’t have to deal with problems associated with duplicate packets, they can store and process as much useful data without the unwanted duplicates being transmitted to them. This will increase the visibility across your network and allow your tools to accurately perform its tasks.

Figure 4. Packet Deduplication
Network Packet Broker X2-3200G
Network Packet Broker X2-6400G

Profitap IOTA Use Case: Quickly isolating cloud-based application issues

Solutions for Complete Access and Visibility into Network

Profitap IOTA Use Case: Quickly isolating cloud-based application issues


Users at a remote office experience poor application performance with a cloud-hosted application.


The IT organization feels the server is under resourced. The provider says the problem is the client network. Neither side has proof.

Information needed

The server ping roundtrip time seems to be ok, at least when engineers run occasional tests from the central office. However, this test only validates the network path between the client network and the cloud environment. They needed packet-level detail of the problem while it was happening. This was difficult to get because the problem was not always happening while engineers were onsite. They needed a way to simply and persistently capture traffic from the client side so the problem could be caught in the act.

The application was recently migrated to the cloud, so the network engineering team no longer had access to capture on the server side.

Once the problem was properly captured during a problem period, statistics like the network roundtrip time, server response time, TCP retransmission frequency, and other TCP outliers can be measured to isolate the true problem domain – whether client, network, or cloud-server

Profitap IOTA All-In-One Network Analysis Solution

IOTA Made Things Easy

IT engineers were able to install the IOTA at the remote site by putting it inline between the client network and the edge router. This vantage point allowed them to see the activity of several clients, not just one. They could contrast client activity between problem periods and times with good performance.

After a few hours, clients reported that they again experienced the performance problem. Engineers were able to immediately access the IOTA using the web-based interface from the central office and begin troubleshooting. Within minutes they had access to the core details needed to isolate the problem domain.

Read the full use case (pdf) by clicking the following link: Profitap IOTA Use Case
Link to product pages: Profitap – Network Visibility Solutions

Introducing Profitap vTAP – Scalable and easy to manage Virtual TAP

Solutions for Complete Access and Visibility into Network

Introducing Profitap vTAP – Scalable and easy to manage Virtual TAP

Packet-level visibility into your virtual traffic

Profitap vTAP provides complete visibility of VM traffic (including inter-VM) for security, availability, and performance monitoring.

Within the span of a decade, the use of server virtualization has become a standard industry practice. This shift has dramatically improved IT efficiency in companies around the world, benefiting from improved scalability, high availability and greater workload portability. Businesses can now do more with less.

This shift also means that you need a new, scalable and easy to manage approach to get complete visibility into (inter-) VM traffic, in order to monitor for performance, security and availability.

To gain visibility in virtual traffic and forward filtered network traffic to network security and network monitoring tools, you need a Virtual TAP (vTAP).

Virtual TAP

Complete visibility of VM traffic (including inter-VM east-west traffic flows) for security, availability, and performance monitoring. Profitap vTAP taps directly on the VMware infrastructure, which means no extra privileged access to the hypervisors is required.

The vTAP controller is able to manage visibility of thousands of VMs in a simple and comprehensive way. Based on your requirements, Profitap vTAP can scale at the click of a button and grow with your network.

Flexible filters with L3 and L4 criteria and exclude & include filters can be set up to make efficient use of available bandwidth, ultimately preventing network congestion. Filtered data can be forwarded to any available interface.

One single interface to manage visibility of all your virtual datacenters. This enables you to set up and manage your virtual monitoring system quickly and easily.

Filtered traffic flows of interest can be forwarded to any type of traffic collector, analyzer, located in the same virtual datacenter or remote, as well as Profitap physical Packet Brokers.


  • Enables security, availability, and performance through proactive monitoring of virtual data centers
  • Complete visibility of traffic in virtual environments, eliminating blind spots
  • Central management interface for a single overview of the entire virtual visibility system
  • Filtering helps bring down the virtual traffic to actionable data and prevent network congestion
  • Easily scalable
  • Forward virtual traffic back into physical network for analysis

The Importance of Network TAPs Recovery Time

Solutions for Complete Access and Visibility into Network

The Importance of Network TAPs Recovery Time

When it comes to network monitoring, Ethernet TAPs are crucial because SPAN ports on switches may have been compromised and drop packets because of overload. TAPs are the one and only way to get access to see what’s really happening on the physical link without dropping packets.

Using network TAPs will allow you to get in the path of the packets and to relay traffic to the monitoring device without altering the timing between packets. Most importantly, network TAPs provide a fault-tolerant means of getting inline. As a network administrator, you need to be alert for the case when the network TAPs fail, for instance, due to loss of external power.

In the case of power loss, some TAPs are designed to fail-over and continue to pass packets through. The main challenge here, however, is about selecting a network TAP that can recover the fastest, after power outage.

When measuring your network’s performance while dealing with power loss conditions, you should consider looking at the network recovery time especially in mission-critical environments. This is to prevent any interruption in traffic flow to or from the network. The question is, how long does it take for a network TAP to recover from a power failure? Well, this can vary greatly depending on the TAP vendor.

Let’s have a look at the test results of Profitap Gigabit Copper TAPs recovery time compared to other Gigabit TAP vendors on the market. The test was done by Mike Pennacchi to measure the recovery time of the Gigabit TAPs by calculating the amount of time it takes for each TAP to recover from a power failure and then to recover from regaining power.

Profitap Network TAP
TAPs Recovery Time Test Results

Ensuring short network recovery time

As you have seen in the video, when being compared with other network TAPs, Profitap’s network TAPs can perform recovery between 27-289 milliseconds. A faster recovery time when a single fault occurs on the network than other TAPs vendor. Sure, it’s milliseconds-fast, but does it matter? YES! Most of network TAPs are typically used in inline applications, which is why any delay above 300 milliseconds will cause the network link to renegotiate.

In designing and creating our network TAPs, we wanted to ensure on a very short network recovery time. Profitap’s network TAPs has a functionality which dramatically reduce fail-over time. This means, the traffic received from the network will pass through the network TAPs even when the power is disrupted.

Profitap X2-6400G – Next-Generation Network Packet Broker with Extensive Set of Features

Solutions for Complete Access and Visibility into Network

Profitap X2-6400G – Next-Generation Network Packet Broker with Extensive Set of Features

The new Profitap X2-6400G is a Next-Generation Network Packet Broker (NGNPB) with a total throughput of 6.4 Tbps. It offers an extensive set of features, such as packet slicing, GTP IP filtering, ERSPAN tunneling & de-tunneling, GTP Correlation, packet deduplication, and timestamping.

X2-6400G NGNPB provides aggregation, replication, powerful filtering and load balancing in very high bandwidth port monitoring and analysis scenarios.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Feature Highlights

  • Packet Slicing: Remove payload that is irrelevant to network monitoring and security analysis, conserving disk space and load on capture devices.
  • GTP IP Filtering: Filter by IP in GTP sessions based on information contained in the data stream, identifying source and destination.
  • Timestamping: Leverage accurate timing information for accurate forensic analysis, legal and criminal investigation.
  • ERSPAN Tunneling & De-Tunneling: Integrate the X2-6400G as a single, centralized point for ERSPAN stripping in a new or already existing monitoring system based on data ERSPAN encapsulation.
  • GTP Correlation: Stateful detection of mobile data sessions using subscriber ID (IMSI) to filter, replicate and forward to the appropriate monitoring tools.
  • Packet Deduplication: Optimize network efficiency and traffic storage eliminating redundant packet copies.

Powerful All-in-One Multi-Technology Handheld Network Testing Solution

NetAlly - Wired and Wireless Network Test Solutions

Powerful All-in-One Multi-Technology Handheld Network Testing Solution

NetAlly EtherScope™ nXG Portable Network Expert is a powerful handheld network tester that enables network engineers and technicians to quickly discover, test, verify and troubleshoot enterprise access networks.

As the first handheld tool to offer a single user interface (UI) that fully integrates both wired and wireless network test data, the EtherScope nXG dramatically increases network visibility, accelerates and simplifies testing, and simplifies team collaboration. This is the first portable tool with the right combination of capabilities to “break the Layer 2 ceiling” – allowing users to easily identify wireless clients not just by MAC address, but by IP, name and type, delivering visibility most Wi-Fi tools cannot provide.

“As today’s networks continue to grow in complexity, network teams often struggle to keep pace. They need better solutions that help streamline their network testing and troubleshooting process,” said Mike Parrottino, CEO at NetAlly. “To help address these challenges, we designed EtherScope nXG to be the most comprehensive and powerful portable network tester available.”

EtherScope nXG’s all new UI combines wired and wireless data analysis and purpose-built hardware to support a broad range of technologies like line-rate 10G (over copper and fiber), NBASE-T, Wi-Fi 5/Wi-Fi 6, and high-power PoE (Power over Ethernet).

Parrottino continues, “With EtherScope nXG’s advanced out-of-the-box auto-testing capabilities, network engineers and technicians get unprecedented visibility that accelerates testing and drives collaboration, all in a truly portable, light weight tool that can easily be brought to problem areas. With it, teams will simply get more done, faster.”

According to a recent Spiceworks survey, IT professionals face a variety of challenges that include implementing planned changes, managing unexpected changes, ensuring network security, and a lack of time and resources. These challenges are caused primarily by the disparity in staff skills and tool sets (between engineers and technicians), and visibility gaps across wired and wireless networks. The EtherScope nXG was designed to overcome these issues with key features and capabilities that enable users to:

  • Test, Validate and Troubleshoot the Latest Network Technology – Users can assess support for NBASE-T, 10G, Wi-Fi 5/Wi-Fi 6, with advanced Android-based troubleshooting apps and purpose-built test hardware. Additional test capabilities include packet capture at line-rate to 10G, network discovery and path analysis, 24-hour RF traffic analysis, cable testing, and PoE TruePowerTM load testing.
  • Quickly Verify Performance – The product offers 10G line-rate performance testing for critical servers, uplinks and key end devices over Ethernet, iPerf testing over Wi-Fi or wired links, and testing against another EtherScope nXG or other NetAlly tools for end-to-end tests.
  • Bridge the Gap Between Engineer and Technician – Users can dive deep to verify, troubleshoot and document complex networks with multiple VLANs and Wi-Fi SSIDs, or take advantage of out-of-the-box AutoTests that require minimal skill and training. Through the EtherScope nXG, offsite engineers can extend their expertise via remote control to collaborate with technicians at distant sites to solve tough problems without the need for travel.
  • Assess the Health of the Network – With Wi-Fi air quality tests for over-subscribed channels, Wi-Fi channel utilization analysis, and network discovery, EtherScope nXG can help “prove it’s not the network” or pinpoint root cause faster than other non-integrated methods.
  • Discover Security Risks – EtherScope nXG’s powerful network discovery technology identifies unknown switches, hidden SSIDs and probing Wi-Fi devices, while categorizing devices by security status, detecting rogues and more.
  • Seamlessly Capture and Manage Field Test Data – Users can enjoy automated and centralized reporting and analysis, documentation, and integration with network management systems via NetAlly’s complimentary Link-Live cloud service.

“NetAlly continues a long history of putting ever more troubleshooting power in the palm of your hand with EtherScope nXG,” says Lee Badman, wireless network architect at Wirednot. “It’s not easy finding a tool that goes deep enough for senior engineers and developers, while also being junior technician-friendly, but EtherScope hits that sweet spot effectively. Combined with Link-Live, EtherScope is a new top-tier weapon in the war on wired and wireless network problems.”

About NetAlly
NetAlly® offers testing you can trust, from your new ally. Our family of network test solutions have been helping network engineers and technicians better deploy, manage, and maintain today’s complex wired and wireless networks for decades. From creating the industry’s first handheld network analyzer in 1993 to being the industry pacesetter – first as Fluke Networks®, then as NETSCOUT® – NetAlly continues to raise the bar for portable network analysis. With tools that include LinkRunner®, OneTouch™, AirCheck™ and more, NetAlly simplifies the complexities of network testing, provides instant visibility for efficient problem resolution, and enables seamless collaboration between site personnel and remote experts.

Link to product pages: NetAlly – Network Test Solutions

Capturing in Time-Sensitive Networking Environments with ProfiShark 1G

Solutions for Complete Access and Visibility into Network

Capturing in Time-Sensitive Networking Environments with ProfiShark 1G

Time-Sensitive Networking (TSN) is a set of standards defining mechanisms for the time-sensitive transmission of data over Ethernet networks. Deterministic communication is critical to multiple industries (Audio Video Bridging, Automotive, Industrial and Power automation, Mobile Fronthaul Networks).

The purpose of this article is to demonstrate the benefit of ProfiShark 1G in TSN environments and to describe its usage. In order to support TSN, a TAP has special requirements in terms of latency, jitter and capture capability.

Time-Sensitive Networking

Transparent In-Line

Like all Profitap’s in-line TAPs, the ProfiShark is protocol agnostic and L1 passthrough for all frames, tags, and encapsulations. This includes preempted frames (IEEE 802.1Qbu/802.3br), fragmented and CRC-invalid frames.

The in-line latency and the jitter introduced by the in-line circuit is minimal, making it suitable for IEEE 802.1AS and 1588 v2.

ProfiShark 100M
2 ns
100 ns
ProfiShark 1G/1G+
400 ns
32 ns
ProfiShark 10G/10G+
300 ns
40 ns

Capture Capabilities

The ProfiShark 1G is capable of capturing any type of frame, including preempted frames (IEEE802.1Qbu/802.3br), fragmented and CRC-invalid frames.

Standard / Express
SMD-lx Premptable frame start
0xE6, 0x4C, 0x7F or 0xB3
SMD-Cx Non-initial fragment
0x61, 0x52, 0x9E or 0xAD
CRC ^ 0xFFFF0000

Moreover, the ProfiShark Manager offers an option to capture the entire L1 Ethernet frame in direct capture. When ‘capture full frames’ option is enabled, the frames are captured with the preamble (0x55), the SMD and the CRC.

Wireshark Integration

With ‘capture full frames’ option enabled, the PCAP-NG Link-Layer Header is set to LINKTYPE_ETHERNET_MPACKET. This Link-Layer type is fully supported by Wireshark since 2.6.0 and allows proper dissection of L1 frames (see Wireshark view below). Once dissected, the additional L1 data is displayed in the Packet detail view and doesn’t conflict with higher protocols. Additionally, fragmented preempted frames can be reassembled in Wireshark.

The ProfiShark Manager offers different capture options. The different capture options and their effect are listed below.

All-In-One Advanced Gigabit Network TAP

ProfiShark 1G is one of the most powerful, compact portable network tap devices. It’s a portable troubleshooter dedicated to network monitoring, combining both performance and flexibility.

This pocket-sized Gigabit TAP is the equivalent of an aggregator tap and two NICs, requiring only a laptop or a desktop PC with a free USB 3.0 port. ProfiShark 1G is the ultimate solution for your field testing and monitoring performance.

All our ProfiShark products also include other important features, as are hardware filters, statistics and configuration options, through our own ProfiShark Manager application.

ProfiShark 1G+ combines all the features of ProfiShark 1G but with added GPS and PPS features for advanced timestamping.

All-In-One Advanced Gigabit Network TAP
ProfiShark 1G+ with laptop
Link to product pages: ProfiShark Portable Network TAPs

Allegro Network Multimeter – Simultaneous historical and real-time data traffic analysis

Allegro Packets - Network Multimeter Analysis Tools

Allegro Network Multimeter – Simultaneous historical and real-time data traffic analysis

Allegro Packets Network Multimeter is the only device on the market capable of simultaneously analysing historical traffic and real-time data. The Allegro Network Multimeter is a powerful real-time network multimeter for detecting network problems. It measures many performance parameters from Layer 2 to Layer 7 and is used for troubleshooting and network analysis.

All information recorded by the device is available in real-time, including traffic history graphs (per MAC address, IP address, protocol, per connection). In addition, the graphics can be clicked to zoom into a specific time window and display the results only for this time window. The Allegro Network Multimeter uses two different databases to display and process the recorded information:

  • the in-memory database and
  • the packet ring buffer on the hard disk or SSD.

In-Memory Database

The Allegro Network Multimeter uses an in-memory database to store the metadata of the processed packets. This means that all recorded measurement data is available without time-consuming disk access and can be called up for instant searches.

The Allegro Multimeter can operate without an internal or external hard disk and only use in-memory for the metadata, i.e. no data is written to the hard disk.

The in-memory database capacity varies between 2 GB and 1.5 TB depending on the model. As an approximation, the history of about 150,000 connections and their aggregations can be stored per gigabyte in-memory database.

The Allegro Network Multimeter adapts its memory configuration to the quantity of traffic. It always stores all data. If the memory is full, the longest inactive connections and IP addresses are deleted. This means that in smaller networks the device stores historical data for a longer period, while in larger networks the device stores more IP addresses and associated information, but only for a shorter period of time.

The Allegro system’s memory fills up automatically over time (except for a memory reserve) to provide measurement data for as long as possible. Afterwards, old data is automatically deleted to ensure optimal system memory.

Ring Buffer Database

If a packet ring buffer is used, the packets are stored on a connected storage medium. The following systems can be used for this purpose:

  • Internal hard disks or SSDs (Allegro 500 and higher),
  • External hard disks via USB3 (all Allegro Multimeters),
  • iSCSI systems via the management port (all Allegro Multimeters).

The ring buffer makes it possible to create a fixed size packet buffer on which all recorded packets are stored – on one or more external storage devices. When the buffer is full, the oldest packets in the buffer are replaced by new packets.

The ring buffer can also be created over several hard disks. Up to 64 hard disks with a ring buffer of several petabytes are supported. Additionally, a data redundancy with 0 up to 3-fold redundancy is supported.

To prevent misuse, the storage device can be formatted with AES256 encryption (Caution: subsequent access to the disk without a password is not possible).

Whitepaper: In-Memory-DB and Packet Ring Buffer

Download full content as PDF by clicking this link.

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

Solutions for Complete Access and Visibility into Network

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

SPAN ports were the preferred approach to network visibility for years. However, when the limitations of using SPAN became clear, the adoption of network TAPs started to increase. As we all know, network TAPs are more reliable than SPAN ports, and provide complete visibility into the network. But SPAN ports and network TAPs are just one link in the network visibility chain.

As enterprises have grown more dependent on networks for success, network architectures are being challenged by the evolution of digital business. More and more people and devices find their way to the connected world. All wanting their fair share of bandwidth. As a result, more tools are deployed in order to help the visibility and security to the network, increasing the network complexity. So, how do you make sure your visibility and cybersecurity appliances get the right data to look at, from any point in your IT infrastructure? A Network Packet Broker will help you out here. Read on to learn how this device can help optimize the performance of your network analysis and security tools.

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

Efficient traffic management with Network Packet Brokers

Network Packet Broker (NPB) is a device that helps optimize the access and visibility of a variety of network monitoring, security and acceleration tools to traffic from one or many network links. This device plays a critical role in gaining visibility into complex networks.

Deployed between the network TAPs and the traffic analysis hardware, the main function of the packet broker is to filter specific network traffic to a specific monitoring tool. It receives data from multiple network links and then acts as a “broker” sending the right packet data out to all devices that need it. By maintaining a many-to-many (M:M) port mapping of network ports to monitoring ports, Network Packet Broker can direct network traffic more efficiently.

One thing that sets NPBs apart from other standard aggregation devices is the set of advanced packet manipulation features this device offers, such as packet slicing, GTP IP filtering, GRE tunneling & de-tunneling, VXLAN de-tunneling, ERSPAN stripping and timestamping. This enables network engineers to filter actionable data only, allowing the network tools to analyze in a more efficient way.

NPBs are not all made equal and quite costly, however. Therefore, in selecting the right NPBs for your network, you should opt for the one that performs all functions required for an optimally performing network architecture.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Optimizing your NPB's ports

With the NPB deployed between tools and infrastructure layers, its ports can fill up quickly when connecting all infrastructure elements. That’s where Profitap’s Booster Aggregation TAP comes into play. This device is specially designed to improve your Network Packet Broker’s ports efficiency.

By connecting 4 1G in-line links or 8 1G SPAN connections to one 10G SFP+ monitoring port (M:1), the Booster optimizes the number of used ports on your Network Packet Broker, without any impact on the performance and packet loss a standard aggregation would face. This way you will be able to monitor traffic from 4 full-duplex in-line or 8 SPAN connections on a single port on your NPB. A significant saving in port space on your device and ultimately in costs.

The optimal solution

A Network Packet Broker paired with a Booster are key in managing and securing the network infrastructure that’s rapidly evolving. It is a cost efficient and easy to deploy solution to help you improve the density performance of your monitoring system.

The Benefits of Using ProfiSight Network Traffic Analyzer

Solutions for Complete Access and Visibility into Network

The Benefits of Using ProfiSight Network Traffic Analyzer

As networks get faster and more complex, new performance issues appear. Conventional network monitoring takes too much time, that’s why network analysts are looking for tools that not only help them get to the source of problems as fast as possible, but also optimize their workflow.

So, how can we get from a broad view of the network to a pinpoint view of the traffic, anywhere, in seconds, drill down and find the potential weak spots, server congestion, ports usage and more?

With a network traffic analyzer

Before getting into how this type of traffic analyzer can make a difference to your network forensics and troubleshooting techniques, let’s talk first about the most common methods used these days: packet analysis and flow analysis.

Packet analysis technology is widely used to dig down into what is happening over a network by focusing on the individual packets that cross your traffic rather than on the flow of the network.

Even though this method generally provides the most insights into your network traffic, as complete packets can be captured and further analyzed, it also gives you huge amounts of data. This makes it almost impossible for you to take real-time decisions and immediately expose the worst-performing parts of the network. You need time to shift through a lot of data for evidence of an issue or an intrusion, just like finding a needle in a haystack.

Also, in high-speed networks, packet analysis requires expensive hardware and substantial infrastructure for storage and analysis.

And that’s where a flow analysis tool can come in handy

Instead of giving you loads and loads of data that will also come with added cost, a flow-based tool focuses on the flow of the network, the “who,” “what,” and “when” of network transactions.

Flow analysis tools are based on a technology that provides insights about who is communicating with whom, with which devices or end-points, and which protocol. It gives you a lot of visibility of your network’s traffic without the added weight of a packet analysis tool.

It makes it easier to dig into certain conversations, giving you a fast and efficient way to understand what type of traffic is traversing the network. Also, since this data is so light, you can store it for as long as you want, and network forensics and security monitoring tools can make use of it to monitor and alert for traffic abnormalities.

For all those reasons and more, our engineers created ProfiSight

ProfiSight is Profitap’s Network Traffic Analyzer, specially built to give you fast visibility into the traffic that matters. What does that mean? Its accurate insights about your network bandwidth utilization, application usage and statistics, LAN, talkers and conversations, performance and errors, or user activity will tell you how your network resources are allocated and used in real-time.

Basically, it’s a network monitoring tool that tracks the flow of applications and key services over all areas of the network — devices, servers, link connections — and offers insights into network bandwidth utilization, helping you adjust resources for optimal performance.

It’s optimized for fast indexing and has the ability to filter large amounts of network traffic, improving your monitoring workflow and saving valuable troubleshooting time.
All its dashboards support flexible user queries by fields and timestamps to allow a faster analysis of the problems. ProfiSight covers a large array of network troubleshooting indicators, designed to help you pinpoint issues or highlight trends that would otherwise pass unnoticed.

Moreover, when a deep packet-level analysis of the traffic flow is needed, you can choose to pair it with top packet analyzers (like Wireshark) for multiple visual histograms, graphs and statistics.

So, can I use packet analysis and flow analysis together?

Profitap ProfiSight Network Traffic Analyzer

Yes, you can. As you know, even though flow analysis is perfect for determining traffic statistics overall, it can fall short when you need to analyze a specific issue in depth.

For example, in the event of a data breach, you need to be able to quickly understand what or how it happened, and which systems or data sources have been compromised. Packet capture and analysis provides a complete and accurate historical record of network traffic, giving you the means to reconstruct events and dig down to the actual network packets to pinpoint exactly what took place.

That’s why ProfiSight can be integrated with any of our ProfiShark portable packet capture devices (or any other capture tool of your choice). In this way, it allows for a quick view of the flow data by extracting the metadata of a captured packet stream. This can help you get an overview of the main talkers in a few clicks and determine if they are a security or performance issue.

When combined with our portable packet capture devices, you can capture every packet on the line and get a complete overview of the network for in-depth analysis. Also, you can easily connect to your ProfiShark remotely so that you can track down network issues anywhere, anytime.

For a hands-on experience of how you can capture, monitor and analyze network traffic with ProfiSight, watch the video below made by Chris Greer:

The benefits of a network traffic analyzer paired with the deep-dive of a packet capture device are multiple, but one of them is that you can reduce the load that a packet capture requires while still providing the raw data when you need it. Time is essential in most of the cases, and pairing these tools will help you spot network issues in minutes rather than in hours or days.