Sandstorm Enterprises® : NetIntercept® Features
Sandstorm Enterprises® Niksun

Directional arrowsSandstorm Home

Directional arrowsPress

Directional arrowsProducts

Directional arrowsSales

Directional arrowsSupport

Directional arrowsPartners

Directional arrowsBlog

Directional arrowsAbout Sandstorm

Get a Quote
Print View
NetIntercept® Features

Prior Releases of NetIntercept

New Features in NetIntercept 4.1

  • Investigator's Notebook
    • The ultimate in time stamped "chain of custody" evidentiary data.
    • New application allows users to store entries related to the investigation of a single incident, or establish an ongoing incident log
    • Entries can contain links to NI database objects Connections, images, bookmarked items, full databases
    • Click to open linked database and objects in NI GUI
      • Drag & Drop NI objects and bookmarks into the Investigator's Notebook
    • Each entry can be associated with one or more detailed notes
    • Report feature allows text, HTML or CSV export of entire notebook or selected entries
  • Support for 8-bit universal search strings
    • Microsoft Word, Microsoft Powerpoint, Microsoft Excel, PDF, RTF and Plain Text parse modules have been updated to produce UTF-8 output, with conversion from character sets.
    • New iCalendar file recognizer/harvester
    • Icon (.ico) file recognizer
    • Allows users to search for non-ASCII strings using FINDWORD, FINDPHRASE
    • Full UTF-8 support, with conversion from many character sets
  • Improved Export Management: monitor and control multiple concurrent exports through a new Export Manager, including expanded error notification if an error occurs during an SSH or scp export.
  • FINDBYTES module to search for hex sequences in file objects
  • Enhanced "Copy to Clipboard" support
    • Allows customers to copy and paste NI windows and panes onto the clipboard and into applications on their local system
    • Copy images, list views, host map, traffic map, labels and table rows
  • TCP parse module handles ahead-of-sequence data
  • New Automatic Operations (autoops) features - nicmd_mail and nicmd_note
  • SIP and RTP connections are now established.
  • RTP can now save file objects.
  • New modules now save VCard files, PGP-encrypted files and other objects in the ELF format.
  • New SSN modules recognizes US Social Security Numbers in text objects and generates alerts if found.
  • Kerberos authentication traffic is now recognized.
  • Upgraded operating system to FreeBSD 7.1-RELEASE.

Features in NetIntercept 4.0

  • Hardware configurations featuring:
    • 64-bit Intel-based platform
    • Dual-core processors
    • Up to 3TB storage space
    • Up to 4GB memory
  • VoIP data parsing and display including:
    • Tab for review and playback of captured audio data
    • Protocols: RTP, RTCP, RTSP and SDP
    • Correlation of VoIP control and data streams
    • Export of captured audio files
  • Graphical User Interface Improvements:
    • Time-domain Traffic Map of captured sessions w/comprehensive filtering
    • Complete IPv6 traffic support, including UI displays, sessionization filters, and reports
  • Recognition and Capture Modules for:
    • TNEF - Transport-Neutral Encapsulation Format
    • VCF - VCard objects
    • PGPFile - PGP-encrypted files

Features added in NetIntercept 3.2

  • User Interface improvements:
    • Save Event List characteristics to file
    • Save images of host maps and the traffic chart to file
    • Save one or more captured images in GIF, JPEG, or PNG format
    • Context-sensitive menus in many more areas
    • Support for setting fonts & font sizes
  • Can filter (include or exclude) a MAC address, IP address, or TCP/UDP port when sessionizing.
  • Can now sessionize 802.2, 802.11, IPv6, and PPP/PPPoE traffic.
  • Generally improved parsing, with more robust error reporting. New parsing capabilities include:
    • Google Talk (via XMPP)
    • BitTorrent
    • 802.11 dump files from Kismet
    • IPv6 / ICMPv6
  • Improved reporting, including a summary of Unknown traffic and support for IPv6 address space information.
  • Support for USB license management devices.
  • One-disk upgrader will update any NetIntercept installation with the current set of NetIntercept and FreeBSD changes.

Features added in NetIntercept 3.1

  • Graphical User Interface
    • The Summary -> Hosts by Packets and Hosts by Bytes sub-tabs can be displayed as printable graphs, and clicked to display detailed sub-graphs and Connection Lists.
    • Context-sensitive right-click menus in several windows give access to details and navigation to other GUI windows.
    • EXIF data (internal information) extracted from JPEG and TIFF files can now be displayed under the Image View window.
    • The Packet View window now includes:
      • Filters to search for TCP duplicate segments
      • Parsers for Cisco's HSRP and Microsoft's SMB on TCP port 445
    • Restore Defaults button installed on the Configure -> Profiles tab.
    • Web pages and text-only email using non-ASCII character sets are displayed, provided corresponding X Window System fonts have been installed.
  • Parse Engine
    • New content recognizer modules include multipart/form-data (MPFD) and Yahoo Messenger File Transfer (YMSG_FILE).
    • XWindows and IRC modules extract text streams for interactive session streams.
    • The SSL module recognizes and decrypts resumed sessions for available decryption key.
    • The PDF and RTF modules have expanded data type handling.
  • The "Discovery" report includes new sections listing user names by source protocol and application protocols found running off their normally assigned port.Kernel capture made more robust in response to issues encountered with the "em" network interface driver$
  • The operating system is FreeBSD version 5.3.

Features added in NetIntercept 3.0

  • Graphical User Interface
    • A new Significant Events tab on the Session List shows Email, Web pages and Images found.
    • Improved Report creation and management tab.
    • Re-analyze existing raw packets or sessionized traffic, allowing different parse parameters and module settings.
    • The Packet View window now displays:
      • 802.1q VLAN tags.
      • Parsers for PPPoE, PPTP, SSDP, IGMP and X Windows
    • X.509 security certificates are displayed symbolicly
    • Improved Capture filter management.
    • The Traffic tab can be set to use a logarithmic Y axis.
  • Parse Engine
    • New content recognizer modules include Microsoft Messenger, Jabber, SIP (internet telephony), DICOM, SSDP, PPTP and Multicast DNS.
    • 802.1q VLAN tqags are handled in sessionization and analysis.
    • Alerts can be enabled or disabled depending on site and mission.
    • Sessionized data streams are stored in container files for improved speed.
  • New "By-MAC-Address" report details activity by a particular MAC address.New "File Object" reports show trasferred Media Type and computed MD5 value.

    Features added in NetIntercept 2.0

    • Automatic operations allows users run NI "hands-free." Schedule and run NI operations such as immortalizing, parsing, exporting, deleting data, and generating reports.
    • Packet View (integrated LANWatch®) allows users to load dump files and view, filter, and mark individual packets. View packets from a specified time range, from a given database, or from an individual connection.
    • Bookmark feature allows users to mark connections, web pages, and images to form a personal "hot list."
    • Includes seven new parse modules
      • PostScript
      • RTF
      • terminal traffic
      • lpr
      • Java
      • RTSP
      • WinZip
    • Many improved modules/recognizers.
    • Now decrypts all current versions of SSH and SSL.
    • New, more powerful hardware configurations.
    • The GUI is faster and easier to use, with:
      • scrolling Traffic tab and more data points displayed in each time granularity
      • improved Content Search configuration
      • new SSL key management interface
      • enhanced summary information
      • sortable host map (sort host map nodes by connections, packets, or bytes)
      • ability to limit data shown by Host/IP address, time range, or netmask
    • The operating system is FreeBSD version 4.8.

    Features added in NetIntercept 1.2

    • SSL session decryption and analysis
    • Many new parse modules, including
      • VNC
      • BGP
      • Gnutella
      • YMSG
      • BZIP2
      • RADIUS
      • SMB
      • Basic VoIP detection via parse of RTP and RTCP protocols
      • Recognizes Unix "remote" commands: rexec, rlogin, and rsh
    • Improved content search capabilities
      • Search text recovered from Word, Excel, and PowerPoint
      • Search of text content not otherwise recognized
      • Improved FindWord module capable of searching for up to 200 strings
      • New FindPhrase module capable of searching for up to 8 phrases
    • Netmask Management Interface
      • Improved netmasking capabilities allow you to mask on connection endpoints
    • Improved connection display, including more summary and DNS information
    • Improved connection traffic search options
    • Option to write to DVD archive media
    • SNMP support for standard Unix MIB

    Features added in NetIntercept 1.1

    • Save selection queries
    • Display reconstructed web pages from captured sessions
    • Graphical display of client-server interactions between hosts on the monitored network
    • Hierarchical display of LDAP sessions
    • SSH session decryption/analysis via key escrow available with optional server software
    • Recognizes common multimedia formats: AVI, Flash, WAV, TIFF
    • Recognizes common Microsoft file types: Word, PowerPoint, Excel, EXE
    • Parse operations controllable on a per-module basis
      • Search strings for "Known Content" recognition
      • Whether or not to pass extracted data streams to child parsers
    • Four new overview reports
      • Most active by various different measures
      • Network activity for a named user
      • Network activity for a given IP address
      • Network activity for a given hostname
    • One new "graph" report shows a parse graph for the current database
    • Two new database tabulation reports available
      • Web activity by host and requested URI, grouped by type of activity
      • Connections whose start/end were not captured in the database
    • Generate initial private-key encryption key on the license management device
    Request a NetIntercept Whitepaper
    Read the NetIntercept Whitepaper         		Request a NetIntercept Demo
    Request a NetIntercept Demonstration

    Sandstorm's Products grey arrow
    Order / Get a Quote grey arrow
    Contact Us grey arrow
    Back to topgrey arrow
    Sandstorm Enterprises develops
    tools with sharp edges®
    for information security professionals.
Site materials © 1998 - 2010 Sandstorm Enterprises, Inc. The Sandstorm logo®, LANWatch®, NetIntercept®, PhoneSweep®, Sandtrap®, TCP.demux™, Single Call Detect™, Tools with sharp edges®, Rapid Event Analysis™, and Sandstorm Enterprises® are all trademarks or registered trademarks of Sandstorm Enterprises, Inc.