nBox Recorder is a network traffic disk recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems that we are trying to find.
nBox Recorder uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open-source analysis tools like ntop, Wireshark. or Snort.
nBox Recorder can be effectively used to perform:
- Off-line network packets analysis by feeding a specialized tool (such as snort or ntop).
- Reconstruct specific communication flows or network activities.
- Reproduce the previous captured traffic to a different network.
- High performance full packet capture to disk.
- BPF filters support. You can specify any filters you want to filter out the unwanted network packets from the dumping process.
- Conditional dump: save packets on disk based on traffic conditions (e.g. when traffic is above threshold X) and time of the day.
- Detailed dump statistics.
- Fully integrated in the nBox appliance. From the nBox web interface you can browse the dumped files and open them within nTop.
- Ability to reproduce dumped files onto a physical interface, or using tools such as ntop and nProbe.
The nBox recorder has been designed to keep up with Gigabit speeds on commodity hardware. The table below shows some typical performance figures when dumping full packets to disk:
|Packet Size ||Throughput ||Packets/sec
|Random size 64-1500 bytes
|Fixed 512 bytes
|Fixed 256 bytes
|Fixed 64 bytes
Models and Performance
The nBox recorder is available in three models:
|Product Name ||Certified Dump|
|Storage Size ||RAID|
|R1||250 Mbits/s||350 Kpps||1 TB||None|
|R3||600 Mbits/s||500 Kpps||3 TB||Software RAID 0.|
Optional HW RAID 0, 5.
|R8||1 Gb/s ||750 Kpps||8 TB||HW RAID: 0, 5, 10|