Failing Full Capture

Retaining a full packet capture of your network traffic can be a powerful tool for performing forensic investigations on your network. However, with modern high-speed networks, the possible traffic retention periods are often too short. It might not be possible to keep more than a couple of hours worth of captured network traffic.

Complimenting your full packet capture solution with a full fidelity flow analyzer, like FlowTraq, can greatly increase your ability to perform network forensic investigations far into the future. Although flow records do not contain traffic content, it is often very useful to find out that a communication took place, regardless of the content.  Watch the Scalable Flow Analysis Tutorial Video

Where full packet capture can give you hours of forensic ability, a FlowTraq install can give you months, or even years of full fidelity history. With powerful filters on things like hosts, CIDR blocks, ports, time ranges, the analyst can quickly retrieve key information on the nature, and origin of a compromise, information leak, or data theft.

The graph above shows how the growth of packets (and network bytes) per connected computer has grown strongly over the last couple of years. The growth of flows per computer, however, has grown much slower. The reason for this discrepancy is that individual flows and network communications are getting increasingly larger, with high quality video, VOIP calls, and larger content overall. This discrepancy is the reason that most full packet capture installations have increasingly shorter retention periods, while full fidelity flow products like FlowTraq are able to scale much better over time.

Get Started

• Interactive Demo
• Try FlowTraq
• Buy now

Learn More

• Schedule Call
• Watch video
• Read whitepaper

Free Flow Exporter

Export CISCO NetFlow datagrams to up to 16 flow collectors using TAP or SPAN. ProQSys Flow Exporter captures 100% of the data in an easy-to-deploy way
Download Now »