FoxStat - product description

 

FoxStat is a tool for recording and analyzing data traffic. Allows detailed measure of data lines bandwidth usage, detection of unwanted or increased traffic and may prevent their complete congestion and subsequent loss or restriction operation of critical applications.

FoxStat can be used to tracing and disabling unwanted programs, check of running network applications and transmitted files, watching loads of lines and can generally to optimize overall network traffic with respect to the current needs of users.

FoxStat is an ideal tool not only to debug actual problems, but thanks to sophisticated recording without loss of detail can do reverse debug as well.

Creating custom queries

An indisputable advantage for rapid problem detection in your network is creation of your own queries. Large number of queries can be generated on currently monitored data. The obtained data can be analyzed in various ways:

  • Connection statistics - available in the form of pie charts, time curves and contingency tables.
  • Decoded content of each connection (most important web, mail and file protocols are decoded).
  • Details of individual packets and possibility to download in form .pcap file for further analysis using Wireshark.

Aside own monitoring probes FoxStat supports data collection from routers and NetFlow probe protocol. Thanks to that we are able to meet many different requirements for monitoring data streams and generate large-scale distributed systems

 

Key Features

1. passive interception

  • only "intercepts" the network traffic as a source for recording and analysis
  • no interference in the network operations
  • more connection options

2. real time analysis

analyza v realnem case.JPG
  • current protocol flow
  • currently transmitted / transferred data
  • current size of transmitted data
  • Current connections

3. browsing history

pohled do historie - casove pravitko.JPG
  • Historical traffic logs
  • Transferred data at any time in the past
  • Connection history
  • Tracing and assembling communication a few months back

4. protocol detection

detekce protokolu.JPG
  • regardless of port number and complexity of the protocols
  • protocol determination is based on packet headers
  • detection of variable P2P ports (DC + +, BitTorrent, Kazza, ...)
  • RTSP, ICQ, SIP, HTTP, ...

5. recording network traffic

pcap foxstat pcap foxstat
  • detail of the packet (header, the entire contents)
  • grouping of related packets (communication)
  • route of packet
  • report of connection sources and destinations
  • Export to. pcap
  • usage of WireShark

6. NAT address decoding

nat foxstat
  • addressing each connection
  • readable link to each connection source and destination IP
  • Addressing runs before passing NAT

FoxStat modules

1 2 3 4

 

Scanners - connection options

 

  • Network Tap: "listens" and captures on both directions of traffic lines, monitors traffic on the line / interface, and forwards the packets to probe.
  • SPAN / Port Mirror:uses the existing switch that can mirror the operation of one or more ports on a dedicated port, supports VLAN tag distinguish.
  • NetFlow:existing Cisco routers or dedicated devices are used as sensor and probe, communication data is sent directly to collector by NetFlow protocol.
  • LinuxBox/SecureBox server:watches the existing server network interfaces.

snimac.JPG
Detailed involvement of the various scanners HERE

Probe

Receives packets from the transmitter, decodes them and saves the data communication in the collector.

  • LAN interfaces:2 x 100 Mb or 4 x 1 Gb, 2 x 10Gb, options can be alternated by customer's needs.
  • Detection:144 protocols in 19 groups (based on content, ports, types of files transferred, ...).
  • Decoding: (SMB share name, user, file); FTP, HTTP (name and file type), SMTP, POP3, IMAP(From, To, subj, attachment file names), SIP (calling / called number) etc.
  • The information obtained in 3 levels:
    • • IP (src / dst IP, protocol, src / dst port, detected protocol, the number of packets and bytes per second);
    • • information about contents (file names, users, ...);
    • • optionally record all communications, filter based on parts (storing the entire packet or just their heads)

sonda.JPG

Collector

Receives data from the probe, stores it in database, provides web application FoxStat.
  • Array: standard models from 500 gigabytes to 6TB RAID5 or RAID1, other options available.
  • SQL server: PostgreSQL, no additional licensing costs.
  • Accuracy: second samples of all transmissions • sufficient capacity to store data for several months • no more data aggregation (same precision as historical data).
  • Analysis: IP to DNS translation • translation of IP to country / city (GeoIP database).
  • FoxStat app: encrypted HTTPS • unlimited number of concurrent clients.
  • Monitoring: result analysis by SNMP protocol and connection to monitoring SW.

kolektor.JPG

Client

Web-based user interface.

  • Supported clients: all common browsers (IE, FireFox, Opera, Chrome, Safari) • no dependency on any 3rd party client software or plug-in.
  • Analysis: 6 basic types (analysis, time step, analysis time, contingency table, a listing of links with information about the content, detailed listing of packets).
  • Export: list of packets can be saved as .Pcap file for further analysis using software such as Wireshark.
  • Reports: in combination with an integrated editor, you can create complex reports.
  • Usage of tabs - always open a new one without losing work in progress
  • Tree structure - allows you to work with queries and group conditions

kolektor.JPG

 



Ordinance on electronic communications has been removed from the statute book

 

For companies that provide  publicly available services, saved by law obliged to organizeinformation about electronic communication in the order of several months (who when joined with whom to communicate, etc.). This obligation was introduced December 7, 2005 pursuant to Decree No 485/2005. FoxStat tool allows fulfillment the conditions of this Decree and similar data storage for business purposes.