200 likes | 303 Vues
The FoxReplay Analyst. Dirk Peeters, Fox-IT. What is FoxReplay Analyst?. FoxReplay Analyst is a platform to fully benefit from intercepted Internet Analyst renders intercepted packets into an attractive interface for both technical and non-technical personnel Accepts packets from many sources.
E N D
The FoxReplay Analyst Dirk Peeters, Fox-IT
What is FoxReplay Analyst? • FoxReplay Analyst is a platform to fully benefit from intercepted Internet • Analyst renders intercepted packets into an attractive interface for both technical and non-technical personnel • Accepts packets from many sources
What is FoxReplay Analyst? (2) • Multi-user, multi-team, multi-intercept, simultaneous analysis • Support for many protocols, both classic and modern alike • Gmail, Yahoo, Maktoob, MSN • “Virtual Replay of what really happened”
FoxReplay Analyst flexibility overview OS independent front-end: MS Windows, Linux, OSX PCAP, User comments, Displayed data PCAP, TIIT, ETSI in batched files or streaming FoxReplay Analyst Link Analysis data Custom processing tools DB
FoxReplay Analyst flexibility (1) • Accept packets from many sources: • Support for various Interception and Collection devices • Data can be offered to FoxReplay in batch or streaming mode • Flexible user and wiretap administration: • Independent of organizational structure
FoxReplay Analyst flexibility (2) • Easy to use Graphical User Interface • Export from user interface to zip-file • PCAP of original IP data • XML file with metadata and user-made annotations • Raw event data • Command-line tools for export and administration • Direct database access
Benefits for your organization • Easy to learn content analysis of modern day Internet traffic • Multi user, multi wiretap, with fine grained user control: Make it fit to your organization • Many input and export capabilities • Easy integration of custom tools, with or without telling us (i.e. special decryption tools)
Modes of Operation • Three major operational modes: • Standalone • to complement your current solution • to solve compliancy problems • Small installation • Delivered together with probe, mediation function • Can serve several users • Major deployment • Agency wide, high bandwidth • FoxReplay Analyst can work with data from almost all vendors
FoxReplay Analyst Goals • All authorized employees should be able to analyze intercepted internet: • Not just the technically skilled • Abilities for high-level overviews allowing for zooming in to details • Must support known protocols • A new protocol must be supported instantly • 100% natural display of intercepted data
Seeing is believing • Challenge: send us an example of intercepted internet traffic(PCAP/TCPDUMP for example) • We will show you the result
FoxReplay Analyst “It’s as easy as looking over your target’s shoulder” http://www.foxreplay.eu FOXREPLAY ANALYST