eEye Iris Network Traffic Analyzer

The Iris Network Traffic Analyzer is eEye's award-winning vulnerability forensics solution addressing the network traffic analysis and reporting needs that security professionals face today. Iris provides the technology for continuous, automated problem identification, reporting, and integrated filtering capabilities that go beyond the capture, filter, and decode capabilities of traditional network analysis.

Iris captures network traffic and can automatically reassemble it to its native format, making it much easier to analyze the data going across the network. Security and IT professionals can read the actual text of an email exactly as it was sent, or reconstruct exact HTML pages that a user has visited. Iris also provides a variety of statistical measurements allowing companies to proactively identify — and take the steps to eliminate — performance issues before they can result in downtime.

Protocol Decoding
Iris organizes captured packets and categorizes them by protocols such as HTTP, PPoE, and SNMP, providing a list of all web-browsing sessions, all email grouped by incoming and outgoing, and more.

Continuous Traffic Capture
Iris’ Traffic Capture Engine™ (TCE) runs as a service, allowing security professionals to gather forensic information while performing other tasks in parallel. This approach ensures that all targeted traffic is captured, regardless of whether the user is logged in to the actual Iris application or not.

Create Custom Filters
Develop specialized packet filters to help pinpoint the existence of specific network traffic (such as Code Red and Nimda). Different configurations allow you to capture only the traffic matching the applied filter, or to capture all network traffic and flag the sessions containing the filtered words.

Complete Packet Reconstruction
Reconstruct files into their original format. Reconstruct Web-browsing sessions on a local network, even simulating cookies for entry into password protected Web sites, thus capturing a clear and concise image of the integrity of an organization's network.

Powerful Sniffing and Spoofing Engine
Iris can handle as much traffic as your network generates and still write logs and decode traffic in real time. The Iris engine can handle up to 9,000 packets per second.

Screen Traffic by Key Criteria or Time Frame
Monitor network traffic by setting numerous screening criteria, including specific MAC address, IP address, keyword, port, protocol layer or hardware layer. Additionally, Iris is easily configured to automatically run and capture packets in specific time frames.

Alerting Capabilities
Proactively guard against illegal program usage on your network by creating alerts to notify you when a specific connection is detected on your network.

Reconstruct TCP Sessions
Iris support several Protocol Decoders through an open plugin-based architecture, including: ARP, CIFS, DNS, Ethernet II, 802.3, 802.2, ICMP, IP, TCP, UDP, Novell NetBIOS (IPX), SAP (IPX), RIPX (IPX), BCAST (IPX), NBDGM, NBNS, NBSS, NetBIOS, SMTP, AOL AIM, MSN Messenger, BOOTP/DHCP, RARP, POP3, SMTP, LCP (Link Control Protocol) (PPP), PAP (Password Authentication Protocol (PPP), PPPoE (PPP over Ethernet) (PPP), SMB, NNTP.

Packet Manipulation/Forging
Create custom packets or spoof packets and send them across the Internet or your network. Test firewalls to ensure they are blocking and filtering packets correctly. You can also test the load-bearing capabilities of a system or server.

Log Foreign Connection Attempts
Capture evidence of network intrusions, reconstructing every keystroke and movement an attacker has made, creating a complete log of any malicious attempt.

Comprehensive Reporting
Generate comprehensive traffic reports that can be viewed in a browser window, printed out or copied into another program, such as Crystal Reports or SAS, maximizing your software investments. Graphing functionality helps you understand the happenings of your network and generate reports detailing network activity for management review.

Monitor Web-Based Email and Instant Messenger Services
Monitor non-encrypted Web-based email traffic and instant messages. This greatly complements normal email control, audit and monitoring procedures.