Timemachine software captures complete data for high-volume network traffic streams.
The Timemachine program is designed to store the network packets in a ring buffer in the memory first before copying it to the disk for proper retention. This helps to smoothen capture bandwidth peaks in memory and store huge amounts of traffic on the disk, covering several days worth of network traffic. This makes it a highly efficient program that is capable of working in Gbps environments.
To optimize its effectiveness, the program uses a "connection cutoff" mechanism to reduce the amount of data that needs to be processed. This eliminates the need to capture the entire load of a fully utilized Gbps link to the disk. The "connection cutoff" only records the first X bytes of every monitored connection (identified via the 5-tupel of source and destination IP and Port and the transport protocol). This approach does not impair the analysis capabilities except when the cutoff is set too low.
Another key feature of the Timemachine program is its ability to index stored packets. This makes it easier to quickly locate specific packets, such as all packets of a specific connection or all packets from an IP address. The indexes can be specified according to the user's preferences, including creating indexes for the connection 5-tupel, IP address pairs, IP addresses, and more. Users can then issue queries on specific indexes to the Timemachine program, which will then lookup the query in its index and return all stored packets matching the query.
The program also plans to add a feature that will enable it to directly interact with the Bro intrusion detection system (www.bro-ids.org), which allows the Bro system to request certain packets or connections from the Timemachine program.
This release of Timemachine greatly improves performance, and it can now interface with intrusion detection systems. The logging facilities have also been expanded, making it easier to track and manage network traffic. Overall, the Timemachine program is an excellent choice for anyone looking for a robust and efficient program for network troubleshooting and security analytics.
Version 20080814-0: N/A