HammerHead Packet Capture and Replay

 nPulse Hammerhead Packet Capture and Replay




Real World Network Traffic Testing at up to 20 Gbps

nPulse Hammerhead Packet Capture and Replay Chassis

Designed for Network Operations Center (NOC) and Security Operations Center (SOC) environments, HammerHead is a high-speed, continuous recording solution that provides full packet capture of traffic for retrospective network analysis and replay. HammerHead Network Recorder combines flow-based session analytics with stream-to-disk recording at up to 20 Gbps, delivering an easily-searchable, back-in-time view of network trends and events.

Packet Capture

Even on the busiest networks, HammerHead captures 100% of the traffic, timestamping every packet with nanosecond resolution, and extracting flow identification parameters. As traffic is streamed to disk, HammerHead generates a flow and time-based index that allows rapid search and retrieval of targeted traffic from many terabytes of capture records. HammerHead’s browser-based drill-down interface allows remote analysis of selected packets without the need to export entire PCAP files. Alternatively, traffic can be retrieved in industry-standard PCAP format for analysis by external tools such as Wireshark ™.

nPulse Hammerhead Packet Capture and Replay UI

Hammerhead UI

 

Packet Replay

With hhreplay, an accelerated, multi-threaded tool similar to tcpre- play, HammerHead provides high-fidelity, wire-speed, transmit capabilities. It can generate Ethernet traffic with standard or custom protocols, and replay with preserved nanosecond (or microsecond) packet timing and inter-frame gaps. Traffic can be replayed across multiple interfaces (“stereo” mode) using hhcapture-encoded PCAP files. HammerHead also allows the insertion of network impair- ments such as invalid frames or packet loss with custom crafted PCAP files.

The 2.x release of HammerHead supports dynamic replacement of source and destination MAC addresses and on-the-fly CIDR-based IP address translation. This facilitates traffic capture in one network location or configuration, and replay into a different configuration such as a test or compliance lab. Release 2.x also provides new replay controls such as fast-forward and speed-scaling.

Analyze & Manage

Because HammerHead records traffic in PCAP format, retrospective traffic analysis is simple with PCAP-aware applications such as Wire- shark and other standard Linux tools. For example, custom PCAP processing utilities can be implemented with scripting languages such as Perl or Python, and trending reports can be generated with gnuplot or matplotlib. SSH tools ensure secure system manage- ment and the downloading, uploading, or deletion of PCAP files.

The HammerHead 2.0 workbench deliv- ers simple 10 Gbps capture and replay capabilities, yet is versatile enough to meet demanding requirements of network engineers, who desire the control of the Linux command line and the scripting flexibility to build and deploy custom network monitoring, test, and measure- ment solutions. Unlike conventional “test and measurement” platforms incorporat- ing an overwhelming number of fixed, seldom-used features, the HammerHead workbench is designed with a pragmatic, less-is-more philosophy. The result is a cost-effective, high-performance platform that can easily be adapted to implement sophisticated solutions at full line rate.

nPulse Hammerhead Packet Capture and Replay Architecture

Target Applications

  • Network test and measurement, network monitoring, and traffic forensics
  • Measure performance limits and ensure functionality of 10 Gbps network devices under full load
  • Confirm that new network deployments deliver the performance and reliability required
  • Verify that security devices block internal and external threats under heavy loads
  • Advanced customization options for network test engi- neers and developers

Key Features

  • Line-rate 10 Gbps Ethernet traffic recording in micro- second or nanosecond PCAP file format
  • Line-rate 10 Gbps Ethernet traffic replay of microsecond or nanosecond PCAP files
  • Aggregate multi-port record or replay speed up to 20 Gbps
  • Protocol independent, retaining full timing, content, and flow integrity
  • Capture and record up to 32 TBytes of live traffic for replay
  • Replay all or selected subsets of captured traffic
  • Preconfigured with Wireshark for analysis of captured traffic
  • Advanced hh-tools provide full nanosecond, 10 Gbps performance
  • Multiple 1 Gbps or 10 Gbps capture/replay ports
  • Standards-based hardware platform with multi-core processors
  • Security-hardened, Linux-based kernel
  • Familiar Linux CLI interface for configuration and file management

 

Model Configuration Performance Storage Dimensions Power
HH104 4 x 1Gbps
SFP or RJ45		 3 Gbps
write-to-disk		 4 TBytes
(2.9 hrs at max rate)		 1U rack height
1.7 x 17.2 x 25.6 in. 4.3 x 43.7 x 65.0 cm
46.0 lbs (20.9 kg)		 650W high-efficiency (1+1) redundant AC power
100-240 V, 60-50 Hz auto-ranging
230-280 W typical
HH120 44 x 1Gbps
SFP or RJ45		 3 Gbps
write-to-disk		 4 TBytes
(2.9 hrs at max rate)		 1U rack height
1.7 x 17.2 x 25.6 in. 4.3 x 43.7 x 65.0 cm
46.0 lbs (20.9 kg)		 650W high-efficiency (1+1) redundant AC power
100-240 V, 60-50 Hz auto-ranging
230-280 W typical
HH304 4 x 1Gbps
SFP or RJ45		 4 Gbps
write-to-disk		 16 TBytes
(8.5 hours)		 3U rack height
5.2 x 17.2 x 25.5 in. 13.2 x 43.7 x 64.8 cm
98.0 lbs (44.5 kg)		 800 W high-efficiency (1+1) redundant AC power
100-240 V, 60-50 Hz auto-ranging
390-480 W typical
HH320 2 x 10 Gbps
SFP+		 10 Gbps
write-to-disk		 16 or 32 TBytes
(3.5 or 7 hours)		 3U rack height
5.2 x 17.2 x 25.5 in. 13.2 x 43.7 x 64.8 cm
98.0 lbs (44.5 kg)		 800 W high-efficiency (1+1) redundant AC power
100-240 V, 60-50 Hz auto-ranging
390-480 W typical
HH420 2 x 10 Gbps
SFP+		 20 Gbps
write-to-disk		 32 or 64 TBytes
(3.5 or 7 hours)		 4U rack height
7 x 17.2 x 27.5 in. 17.8 x 43.7 x 69.9
cm 130.0 lbs (59.1 kg)		 1400 W high-efficiency (1+1) redundant AC power
100-240 V, 60-50 Hz auto-ranging
550-680 W typical

 

For more information, please contact us