Technologies Solutions News and Events About Us

Click here to go to the eEye Digital Security website

Iris Network Traffic Analyser

The Iris Network Traffic Analyzer is eEye's award-winning vulnerability forensics solution addressing the network traffic analysis and reporting needs that security professionals face today. Iris provides the technology for continuous, automated problem identification, reporting, and integrated filtering capabilities that go beyond the capture, filter, and decode capabilities of traditional network analysis.

Iris captures network traffic and can automatically reassemble it to its native format, making it much easier to analyse the data going across the network. Security and IT professionals can read the actual text of an email exactly as it was sent, or reconstruct exact HTML pages that a user has visited. Iris also provides a variety of statistical measurements allowing companies to proactively identify — and take the steps to eliminate — performance issues before they can result in downtime.

Features and Benefits

Statistics and Reports
Iris provides DNS names and comprehensive statistical measurements. The metrics can be viewed in an assortment of graphical formats (e.g. pie charts, bar graphs, etc.) and
include:

  • Protocol Distribution Stats
    • Reports network usage based on MAC, IP and IPX layer protocols.
       
  • Top Host Statistics
    • Provides an analysis of the IP Layer traffic statistics collected for each host in real time and is ordered by the most “talkative” hosts.
       
  • Size Distribution Statistics
    • Displays the number of packets with sizes in six different ranges.
       
  • Bandwidth Usage
    • Charts the number of packets per second and bytes per second flowing across the network in real time.
       
  • Traffic Reports
    • Complete traffic data that can be viewed in a browser, saved, printed, or copied into another program

Data Reconstruction
Iris takes raw data in packets and turns it into complete HTTP, SMTP and POP3 sessions in their original format.  The following are some of the protocols Iris reconstructs:

  • Outgoing and incoming email messages
    • The text of the message is readable as well as the subject and recipient. Iris will launch an email client to open the message, as well as any attachments, exactly as they were sent.
       
  • Web browsing sessions
    • Reconstruction of HTML pages in their original format.
       
  • Instant messenger exchanges
    • Iris will reconstruct all IM communications from both sides of the conversation.
       
  • Non-encrypted web-based email
  • FTP transfers

Packet Manipulation and Forging Capabilities
Iris provides the ability to create custom packets to send across the network.

Extensive Filtering Options
Iris allows you to capture specific data through packet filters based on hardware or protocol layers, keywords, MAC or IP addresses, source and destination port, custom data and packet size.

Post-Capture Data Analysis
The Iris Traffic Capture Engine can process any amount of data, from a single traffic file to large amounts of captured data, at one time. This feature is available for comprehensive
analysis of saved traffic.

Scheduling Function
Iris is easily configured to automatically run and capture packets in specific time frames.

Alerting Capabilities
The Iris Traffic Capture Engine module monitors all connections to the local machine and can alert when a specific connection is detected.