n2disk™ is a network traffic recorder application designed to capture full-sized network packets at multi-Gigabit rates (above 10 Gigabit/s on adequate hardware) from a live network interface and write them into files without packet loss. It is designed for long-term packet capture, recycling the oldest files when the maximum number of files is reached, providing a complete view of traffic within a fixed temporal window while managing disk space. The application uses the industry-standard PCAP file format, ensuring compatibility with existing third-party and open-source analysis tools like Wireshark. n2disk™ addresses the needs of network security systems that require full-size packet capture for attack analysis and problem identification, where Netflow information may be insufficient for deep-packet-inspection analysis or controlled traffic regeneration. It can be used for offline network packet analysis, communication flow reconstruction, and traffic reproduction on different network interfaces.

Features & Benefits

• Fully User Configurable
• Standard PCAP File Format
  • Uses the standard PCAP file format (regular and with nanoseconds).
• Line Rate Recording
  • Supports line-rate 64-byte packet-to-disk recording.
• Hardware Acceleration
  • Supports Intel 1/10/40Gbit commodity adapters (Intel and Myricom) and FPGA-accelerated NICs (Accolade Technology, Napatech, and Silicom/Fiberblaze).
• High-Speed Packet-to-Disk
  • Achieves 40 Gbit continuous packet-to-disk with FPGA-accelerated NICs and an adequate storage subsystem.
• BPF Filters
  • Supports BPF filters (using the same format as in tcpdump) to filter out unwanted network packets during recording.
• Optimized BPF-like Filters
  • Offers a faster replacement for BPF filters (a subset of the BPF syntax is supported) for both packet capture and post-capture filtering.
• Multi-Core Support
  • Designed for multi-core architectures, using at least two threads (packet capture and disk writing) and allowing further parallelization of packet capture with multiple threads.
• PF_RING Acceleration
  • Exploits packet capture acceleration offered by both standard PF_RING and PF_RING ZC.
• Direct-IO Disk Access
  • Uses Direct IO access to disks for maximum disk-write throughput.
• Real-Time Indexing
  • Produces an index on-the-fly during packet capture, which can be queried using a BPF-like syntax to quickly retrieve interesting packets in a specified time interval.
• Timeline Creation
  • Can produce a timeline to keep the whole captured traffic in chronological order, allowing users to query the timeline for specific packets belonging to the whole dump set in a given time interval.
• PCAP and Index Compression
  • Optionally compresses PCAP files and indexes on-the-fly, optimizing I/O throughput and disk space.