Sandstorm Enterprises® : NetIntercept® Features
Sandstorm Enterprises®

Sandstorm Home

Press

Products

Sales

Support

Partners

About Sandstorm

Get a Quote
Print View
NetIntercept® Features

Prior Releases of NetIntercept

Features added in NetIntercept 3.2

  • User Interface improvements:
    • Save Event List characteristics to file
    • Save images of host maps and the traffic chart to file
    • Save one or more captured images in GIF, JPEG, or PNG format
    • Context-sensitive menus in many more areas
    • Support for setting fonts & font sizes
  • Can filter (include or exclude) a MAC address, IP address, or TCP/UDP port when sessionizing.
  • Can now sessionize 802.2, 802.11, IPv6, and PPP/PPPoE traffic.
  • Generally improved parsing, with more robust error reporting. New parsing capabilities include:
    • Google Talk (via XMPP)
    • BitTorrent
    • 802.11 dump files from Kismet
    • IPv6 / ICMPv6
  • Improved reporting, including a summary of Unknown traffic and support for IPv6 address space information.
  • Support for USB license management devices.
  • One-disk upgrader will update any NetIntercept installation with the current set of NetIntercept and FreeBSD changes.

Features added in NetIntercept 3.1

  • Graphical User Interface
    • The Summary -> Hosts by Packets and Hosts by Bytes sub-tabs can be displayed as printable graphs, and clicked to display detailed sub-graphs and Connection Lists.
    • Context-sensitive right-click menus in several windows give access to details and navigation to other GUI windows.
    • EXIF data (internal information) extracted from JPEG and TIFF files can now be displayed under the Image View window.
    • The Packet View window now includes:
      • Filters to search for TCP duplicate segments
      • Parsers for Cisco's HSRP and Microsoft's SMB on TCP port 445
    • Restore Defaults button installed on the Configure -> Profiles tab.
    • Web pages and text-only email using non-ASCII character sets are displayed, provided corresponding X Window System fonts have been installed.
  • Parse Engine
    • New content recognizer modules include multipart/form-data (MPFD) and Yahoo Messenger File Transfer (YMSG_FILE).
    • XWindows and IRC modules extract text streams for interactive session streams.
    • The SSL module recognizes and decrypts resumed sessions for available decryption key.
    • The PDF and RTF modules have expanded data type handling.
  • The "Discovery" report includes new sections listing user names by source protocol and application protocols found running off their normally assigned port.Kernel capture made more robust in response to issues encountered with the "em" network interface driver$
  • The operating system is FreeBSD version 5.3.

Features added in NetIntercept 3.0

  • Graphical User Interface
    • A new Significant Events tab on the Session List shows Email, Web pages and Images found.
    • Improved Report creation and management tab.
    • Re-analyze existing raw packets or sessionized traffic, allowing different parse parameters and module settings.
    • The Packet View window now displays:
      • 802.1q VLAN tags.
      • Parsers for PPPoE, PPTP, SSDP, IGMP and X Windows
    • X.509 security certificates are displayed symbolicly
    • Improved Capture filter management.
    • The Traffic tab can be set to use a logarithmic Y axis.
  • Parse Engine
    • New content recognizer modules include Microsoft Messenger, Jabber, SIP (internet telephony), DICOM, SSDP, PPTP and Multicast DNS.
    • 802.1q VLAN tqags are handled in sessionization and analysis.
    • Alerts can be enabled or disabled depending on site and mission.
    • Sessionized data streams are stored in container files for improved speed.
  • New "By-MAC-Address" report details activity by a particular MAC address.New "File Object" reports show trasferred Media Type and computed MD5 value.

    Features added in NetIntercept 2.0

    • Automatic operations allows users run NI "hands-free." Schedule and run NI operations such as immortalizing, parsing, exporting, deleting data, and generating reports.
    • Packet View (integrated LANWatch®) allows users to load dump files and view, filter, and mark individual packets. View packets from a specified time range, from a given database, or from an individual connection.
    • Bookmark feature allows users to mark connections, web pages, and images to form a personal "hot list."
    • Includes seven new parse modules
      • PostScript
      • RTF
      • terminal traffic
      • lpr
      • Java
      • RTSP
      • WinZip
    • Many improved modules/recognizers.
    • Now decrypts all current versions of SSH and SSL.
    • New, more powerful hardware configurations.
    • The GUI is faster and easier to use, with:
      • scrolling Traffic tab and more data points displayed in each time granularity
      • improved Content Search configuration
      • new SSL key management interface
      • enhanced summary information
      • sortable host map (sort host map nodes by connections, packets, or bytes)
      • ability to limit data shown by Host/IP address, time range, or netmask
    • The operating system is FreeBSD version 4.8.

    Features added in NetIntercept 1.2

    • SSL session decryption and analysis
    • Many new parse modules, including
      • VNC
      • BGP
      • Gnutella
      • YMSG
      • BZIP2
      • RADIUS
      • SMB
      • Basic VoIP detection via parse of RTP and RTCP protocols
      • Recognizes Unix "remote" commands: rexec, rlogin, and rsh
    • Improved content search capabilities
      • Search text recovered from Word, Excel, and PowerPoint
      • Search of text content not otherwise recognized
      • Improved FindWord module capable of searching for up to 200 strings
      • New FindPhrase module capable of searching for up to 8 phrases
    • Netmask Management Interface
      • Improved netmasking capabilities allow you to mask on connection endpoints
    • Improved connection display, including more summary and DNS information
    • Improved connection traffic search options
    • Option to write to DVD archive media
    • SNMP support for standard Unix MIB

    Features added in NetIntercept 1.1

    • Save selection queries
    • Display reconstructed web pages from captured sessions
    • Graphical display of client-server interactions between hosts on the monitored network
    • Hierarchical display of LDAP sessions
    • SSH session decryption/analysis via key escrow available with optional server software
    • Recognizes common multimedia formats: AVI, Flash, WAV, TIFF
    • Recognizes common Microsoft file types: Word, PowerPoint, Excel, EXE
    • Parse operations controllable on a per-module basis
      • Search strings for "Known Content" recognition
      • Whether or not to pass extracted data streams to child parsers
    • Four new overview reports
      • Most active by various different measures
      • Network activity for a named user
      • Network activity for a given IP address
      • Network activity for a given hostname
    • One new "graph" report shows a parse graph for the current database
    • Two new database tabulation reports available
      • Web activity by host and requested URI, grouped by type of activity
      • Connections whose start/end were not captured in the database
    • Generate initial private-key encryption key on the license management device
    Request a NetIntercept Whitepaper
    Read the NetIntercept Whitepaper         		Request a NetIntercept Demo
    Request a NetIntercept Demonstration

    Sandstorm's Products
    Order / Get a Quote
    Contact Us
    Back to top
    Sandstorm Enterprises develops
    tools with sharp edges®
    for information security professionals.
Site materials © 1998 - 2008 Sandstorm Enterprises, Inc. The Sandstorm logo®, LANWatch®, NetIntercept®, PhoneSweep®, Sandtrap®, TCP.demux™, Single Call Detect™, Tools with sharp edges®, Rapid Event Analysis™, and Sandstorm Enterprises® are all trademarks or registered trademarks of Sandstorm Enterprises, Inc.