Cisco Security Packet Analyzer can accelerate security incident response time and reduce or avoid any potential damage by capturing, querying, and analyzing the relevant packets. This can help to quickly identify the source of malware command and control, or the loss of sensitive company data. Cisco Security Packet Analyzer is an integral part of network security solutions such as Cisco Stealthwatch. Here are its key functions:
A large rolling buffer on disk to store packet data related to security incidents, and avoid missing the most recent data due to storage space limitation.
Ability to control the capture by pre-filtering to store only interesting network traffic and make efficient use of the storage resources.
Intelligent queries can be constructed to extract only the packets that are relevant to security incidents. Queries may be performed through a built-in user interface, or remotely through an API.
Able to queue multiple simultaneous query requests.
Able to view the last 100 queries and their results.
A local packet decoder and analyzer is available to handle large capture files and avoid large file transfers.
Secure SMB and SFTP file server support for moving critical data to long term storage for compliance and archives.
High speed SAS port for attaching large external disk storage.
Real time and in-depth network traffic analysis is performed while capturing the interesting packets to the rolling disk buffer.
For details about Cisco Cisco Security Packet Analyzer system requirements, see your respective installation documentation on Cisco.com.
Supported Device and Feature Information
This release supports Cisco Security Packet Analyzer 2400. It supports three data interface options: two 10G (2x10G) data ports, Four 1G (4x1G) Ethernet (RJ45) ports and Four 1G (4x1G) optical (SFP) ports. You need to choose one and only one interface option according to your requirement.
Packet Analyzer supports the following browsers:
Mozilla Firefox ESR 38
Microsoft Internet Explorer 11
Restrictions and Limitations
The packet query function applies only to capture to disk file sessions. To query packet from capture to memory sessions and an individual capture file, use the filters in packet decode function.
Capture query will not be applicable to the captured files which have been modified. For example, in Capture > Packet Capture/Decode > Files page, if you change the captured file name by renaming or merging, then that capture session associated capture files can no longer be used for query.
Capture query does not query packets from any file that is being written to. That means, if your query time window stretches to or beyond the current time, you may not see these packets in your query result if they are still in the file that is being written to.
Capture > Packet Capture/Decode > Query page can show only the last 100 queries in the History table.
Known Issues in Release 6.2(2)
For a complete list of known and resolved bugs and enhancements for this release, use the Cisco Bug Search tool.
Cisco Bug Search
Bug Search Tool (BST), the online successor to Bug Toolkit, is designed to improve our customers' effectiveness in network risk management and device troubleshooting.
BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The service has provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To use the BST to search for a specific bug or to search for all bugs in a release:
For platform-related software and hardware documentation, see the Related Documentation section in your Packet Analyzer installation guides.
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at the following URL:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.