Real-Time Network Protocol Analysis
The Network Protocol Demultiplexer option (NPD) adds the capability to filter and demultiplex standard Ethernet packets; it integrates both capabilities seamlessly with the NetAcquire Data Flow framework. This option is usually used in conjunction with the NetAcquire Ethernet packet capture device. The NPD component accepts components of the standard display filter language that is used by the Wireshark Network Protocol Analyzer as its filter specification and outputs matching packets at a choice of protocol layers.
The NetAcquire Data Flow framework is used to process record-based input streams. Input data can be arbitrarily transformed. Data records can be decommutated into individual measurands, published on the network, commutated into records of arbitrary formats, and output to a variety of hardware devices or to the network.
The NetAcquire Network Protocol Demultiplexer option consists of two parts:
- Extension software for the NetAcquire Data Flow Engine (DFE)
- A Java component to seamlessly integrate the NPD component with the NetAcquire Data Flow Designer (DFD)
The Java component allows the convenient setup and configuration of data flows including network filtering and demultiplexing. The Data Flow Engine handles all runtime data processing, reformatting, and publishing activities. The Data Flow Designer is used for the graphical setup of the runtime elements that are utilized by the Data Flow Engine.
Highlights
- Available in flight-ruggedized or ground-based hardware configurations
- Can accept raw Ethernet MAC packets as input
- Performs IP protocol processing including fragment reassembly
- Supports components of the Wireshark display filter language
- Offers multiple output options when a filter matches: whole Ethernet packets, payload portion of a UDP datagram, or TCP segments
- Advanced “man in the middle” TCP protocol processing, including:
- Checksum validation
- Segment reordering
- Duplicate segment elimination
- Lost segment notification (gap-in-stream)
- Provides integration with Data Flow to perform payload decommutation, reformatting, recording, and network publishing
- Accepts Ethernet packets in VLAN and libpcap format as input
- Displays statistics about the number of processed and matched packets
- Reports detailed statistics, including per-filter counts, in XML format