The FoxReplay Analyst
description
Transcript of The FoxReplay Analyst
The FoxReplay Analyst
Dirk Peeters, Fox-IT
What is FoxReplay Analyst?
• FoxReplay Analyst is a platform to fully benefit from intercepted Internet
• Analyst renders intercepted packets into an attractive interface for both technical and non-technical personnel
• Accepts packets from many sources
What is FoxReplay Analyst? (2)
• Multi-user, multi-team, multi-intercept, simultaneous analysis
• Support for many protocols, both classic and modern alike– Gmail, Yahoo, Maktoob, MSN
• “Virtual Replay of what really happened”
FoxReplay Analyst, an example
What is FoxReplay Analyst? (3)
FoxReplay Analyst flexibility overview
FoxReplay Analyst
PCAP, TIIT, ETSI in batched files or streaming
PCAP, User comments,
Displayed data
OS independent front-end: MS Windows, Linux, OSX
Link Analysis data
DBCustom
processing tools
FoxReplay Analyst flexibility (1)
• Accept packets from many sources:– Support for various Interception and
Collection devices– Data can be offered to FoxReplay in
batch or streaming mode
• Flexible user and wiretap administration:– Independent of organizational structure
FoxReplay Analyst flexibility (2)
• Easy to use Graphical User Interface• Export from user interface to zip-file
– PCAP of original IP data– XML file with metadata and user-made
annotations– Raw event data
• Command-line tools for export and administration
• Direct database access
Benefits for your organization
• Easy to learn content analysis of modern day Internet traffic
• Multi user, multi wiretap, with fine grained user control: Make it fit to your organization
• Many input and export capabilities• Easy integration of custom tools, with
or without telling us (i.e. special decryption tools)
Modes of Operation
• Three major operational modes:– Standalone
• to complement your current solution• to solve compliancy problems
– Small installation • Delivered together with probe, mediation function• Can serve several users
– Major deployment• Agency wide, high bandwidth• FoxReplay Analyst can work with data from almost
all vendors
FoxReplay Analyst Goals
• All authorized employees should be able to analyze intercepted internet:– Not just the technically skilled– Abilities for high-level overviews allowing
for zooming in to details
• Must support known protocols– A new protocol must be supported
instantly
• 100% natural display of intercepted data
FoxReplay Analyst: High level (1)
FoxReplay Analyst: High level (2)
FoxReplay Analyst: Mid level
FoxReplay Analyst: in-depth
Multi-language support
Seeing is believing
• Challenge: send us an example of intercepted internet traffic(PCAP/TCPDUMP for example)– We will show you the result
FOXREPLAY ANALYSTFOXREPLAY ANALYST
“It’s as easy as looking over your target’s shoulder”
http://www.foxreplay.eu
FoxReplay Analyst