Designed for Network Operations Center (NOC) and Security Operations Center (SOC) environments, HammerHead is a high-speed, continuous recording solution that provides full packet capture of traffic for retrospective network analysis and replay.

HammerHead Network Recorder combines flow-based session analytics with stream-to-disk recording at up to 20 Gbps, delivering an easily-searchable, back-in-time view of network trends and events.

Full Packet Capture with Flow Indexing

Even on the busiest networks, HammerHead captures 100% of the traffic, timestamping every packet with nanosecond resolution, and extracting flow identification parameters. As traffic is streamed to disk, HammerHead generates a flow and time-based index that allows rapid search and retrieval of targeted traffic from many terabytes of capture records. HammerHead’s browser-based drill-down interface allows remote analysis of selected packets without the need to export entire PCAP files. Alternatively, traffic can be retrieved in industry-standard PCAP format for analysis by external tools such as Wireshark ™.

Key Features

• Nanosecond time-stamping
• Up to 20Gbps sustained write-to-disk
• Real-time indexing of flows
• Web-based GUI
• Up to 64 TBytes storage, plus expansion options
• Replay at captured, or scaled up or down rates
• Fast forward to any point in a replay sequence
• Dual-port “stereo” mode for bidirectional replay
• Dynamic rewrite of MAC/IP addresses during replay
• Store and export in ndustry-standard PCAP format
• Simple RESTful API for custom integration

Target Applications

• Forensic analysis and trending
• Root-cause analysis with fine-grained traffic history
• Post-event troubleshooting and analysis
• Application performance monitoring
• Service verification and analytics
• Flow-based accounting and reporting
• Network and capacity planning

Network Probe

HammerHead Network Probe is a flow-based meter designed for wire-speed network auditing and security monitoring. The flow exporter supports Neflow v5, v9, and IPFIX. In addition, the flow engine supports a plug-in architecture for easy integration with third-party or custom applications.

Boost traffic analysis and visibility

Boost traffic analysis and visibility by tracking hundreds of thousands of flows per minute. Using hardware-accelerated monitoring ports, HammerHead Probe captures 100% of network traffic — up to 14.8 million packets per second on 10-Gigabit links – without having to sample. As a result, it delivers higher performance and finer reporting granularity than is typically possible with standard Netflow exporters or software agents built into many network devices.