HARDWARESHARK™ - HIGH-SPEED NETWORK TRAFFIC CAPTURE
What is the problem?
Wireshark is the preeminent tool for analyzing network traffic. But the hardware and associated software drivers hosting Wireshark cannot maintain the required buffering speed to support the full bandwidth of 10GbE, resulting in lost or dropped packets. This means that the debug tool, as good as it is, becomes part of the problem, making debug more difficult. Also, all packets get dropped if the hosting computer crashes. The problem intensifies at 40GbE and 100GbE.
What is the solution?
This problem is solved by adding hardware buffering as a front end to Wireshark. HardwareShark™ is an FPGA-based front end to Wireshark and adds a high-performance hardware sniffing buffer to 10GbE, 40GbE, and 100GbE, assuring no dropped packets with a large depth. Since HardwareShark™ runs independently of the operating system it is immune to crashes.HardwareShark™ automatically interleaves RX and TX packets according to when the first byte is received. The resulting data buffer will be saved as a single interleaved file that can be later split into two non-interleaved files based on destination and source MAC addresses. The output is stored in the standard .erf (extensible record format) file format and can be viewed or analyzed by the Wireshark GUI or any other compatible tool.
How does it work?
HardwareShark is an observer and not a man-in-the-middle (MitM) device. A PCIe hosted FPGA card is configured with a proprietary program and an optical splitter is used to gain access. This hardware acts as a sniffer and does not show up on your network. Here is an example for 10GbE:10GbE Optical splitter. This or an equivalent splitter for 10GbE is included. The acquisition is triggered using the command line. We support Windows and several variations of LINUX. Firmware updates for 12 months are included in the price. These updates take less than 5 minutes and can be done in the field. Physical access to the FPGA card is necessary for the update.
Consult the factory for custom triggering and filtering options.
· Hardware buffering assist for network protocol analysis via Wireshark.
Ø Live capture for offline analysis
· TCP/IP troubleshooting with 100% packet capture
Ø 0% (zero!) packet loss
· Via optical splitter (figure 1) or re-buffering (figure 2), support for
· Recording memory depths of 4GB, or 8GB for 10GbE/40GbE
Ø 40GB for 100GbE
· Ethernet packet timestamping to 6ns resolution.
· Windows or Linux via command line