Capture Replay and Traffic Generation demo at FloCon 2012
At FloCon 2012 Napatech is demonstrating how a
Napatech NT20E2 network adapter can be used for highly accurate regeneration of captured traffic.
Affordable network traffic generation and high performance packet replay
Napatech intelligent adapters for network analysis, combined with the latest generation of standard PC servers, can be used to build high-performance
capture and replay appliances, or
traffic generation appliances, for 1 Gbps, 10 Gbps and 40 Gbps networks.
Security analysis
Napatech network adapters are also used in IDS/IPS appliances, including appliances based on
Snort or Suricata, preventing network attacks by dropping malicious frames while still allowing all other traffic to pass.
The demonstration at
FloCon illustrates several of the built-in Napatech features, including:
Hardware time stamp captured packets
Accurate traffic regeneration requires packets to be retransmitted with the same time spacing as the original packet stream. When the Napatech adapter replays the captured traffic, it uses the
hardware time stamp (10 nanosecond resolution) of the captured traffic to accurately reproduce the inter-frame gap of the original stream.
Replay traffic exactly as captured
A host application passes the packet stream to the adapter for transmission, and the adapter computes the delta in the time stamps of the sequential packets. The adapter then waits the appropriate amount of time before releasing each packet. In this way, the regenerated packet stream is a high-fidelity reproduction of the original real-world traffic.
Synchronized replay from different appliances
When simulating network load, traffic can be replayed from multiple adapters with exactly the same timing as recorded. The synchronized replay can be between adapters within the same appliance as well as between different appliances at remote locations.
PCAP descriptor
The Napatech NT20E2 adapter is capable of adding a PCAP descriptor or an extended descriptor to each packet as it is captured, and before it is transferred to host memory. The descriptor includes a highly accurate time stamp as well as substantial meta-information about the packet.
Parameters for flow analysis
The meta-information within the extended descriptor includes flow identifying parameters (IP addresses, ports, and traffic type), protocol type, VLAN tags, MPLS tags, and more. This information can be used for advanced functions such as redistributing packets from a single merged capture stream across multiple transmit ports, which has the effect of preserving the exact flow and timing structure of an original multi-port capture. Additionally, the flow and timing information can be used to build a comprehensive index of large volumes of traffic.
