Unispeed Netlogger

Tool Overview

Input

Tool name Description Input Output
Packets from Network Collects packets from network interfaces packets packets
Packets from File Reads File packets packets
Records from File Reads record File records records

Lookup

Tool name Description Input Output
Lookup DNS Extracts sequences containing DNS traffic into record streams. nrtwork packets Record Streams containing DNS traffic.
Lookup/ODBC reads a record stream from a database. ODBC record stream
Lookup Static user defined table user defined user defined

Output

Tool name Description Input Output
Log to Database/ODBC Logs a record stream to a database. Record stream ODBC.
Log to File Logs a record stream to a file. Record stream. File
Write Packets Writes packets to a file, which can be replayed by the Packets from file tool. Network packets A Pcap file.

Packet Operations

Tool name Description Input Output
Detect Protocol Detect application level protocol based on a configuration file. Packet stream Packet stream and protocol info.
Extract Packet Headers Extracts Header information from each packet Packet Header information and packet
Filter Packets Filters packets according to port IP prototype, IP addresses, interface and max length. Packets to be filtered. Either (1) accepted or (2) rejected packets.
Traffic measurement Extracts traffic load information Packet Records

Packet Operations/Lookup

Bandwidth measurement Extracts bandwidth information Packet Records

Protocol Extractors

Tool name Description Input Output
Extraxt DNS Extracts sequences containing DNS traffic into record streams. Network packets. Record Streams containing DNS traffic.
Extract FTP Extracts sequences containing FTP traffic into record streams. Network packets Record Streams containing FTP traffic.
Extract HTTP Extracts sequences containing HTTP traffic into record streams. Network packets. Record Streams containing HTTP traffic.
Extract SMTP Extracts sequences containing SMTP traffic into record streams. Network packets Record Streams containing SMTP traffic.
Extract IMAP Extracts sequences containing IMAP traffic into record streams. Network packets. Record Streams containing IMAP traffic.
Extract POP3 Extracts sequences containing POP3 traffic into record streams. Network packets Record Streams containing POP3 traffic.
Extract IM Extracts sequences containing Instant messaging traffic into record streams. Network packets. Record Streams containing IM traffic.
Extract NNTP Extracts sequences containing NNTP traffic into record streams. Network packets Record Streams containing NNTP traffic.
Extract Syslog Extracts sequences containing Syslog traffic into record streams. Network packets Record Streams containing Syslog traffic.
Extract NNTP Extracts sequences containing VoIP SIP traffic into record streams. Network packets Record Streams containing VoIP traffic.

Record Operations

Tool name Description Input Output
Aggregate Aggregates records over time. Records to aggregate over time. Aggregated records.
Change Fields Renames fields. Records with fields to rename. Records with new names.
Classify Matches records against a binary tree of rules and classifies each record according to the rules. Records . Record stream with an extra field used for the class.
Double Coverage Detects relations between to data sets. Record stream to count double coverage over time. record stream with the double coverage count matrix.
Filter Records Filters records based on field values. Records to filter. Accepted or rejected records.
Join Joins a record stream with a record set. A record stream and a record set. Record stream with new field.
Merge Merges two record streams. (1) Stream one and (2) Stream two. Merged record stream.
Script Realtime Python script engine, enables the user to do advanced data manipulation Any Any
Transition Monitors users movements, typically on a web site.. Record stream to count transitions over time. record stream with the transition count matrix.

© 2007 Unispeed A/S. All rights reserved.