Net.Hunter: Handheld Packet Capture Appliance for Security/Forensics

Net.Hunter is a handy Handheld Packet Capture device ideal for many applications including those within the Security and Forensic sector.

In the past, testing was restricted to high end and costly rack mounted devices based in laboratories. Nowadays, mobility is vital and Net.Hunter offers the flexibility for both field and laboratory testing in a simple to use, compact handheld solution with built-in screen, keyboard and batteries. Net.Hunter is a capturing/recording tool that offers you EXACTLY the same performance as high end rack mounted appliances and, in some cases, even better. Net.Hunter is capable of analysing absolutely ALL packets in a GbE full duplex line because all features are implemented by hardware (FPGA). Consequently, the aggregated throughput is at the FULL 2Gbit/s and, interestingly, Net.Hunter includes an embedded TAP that captures those packets that are compliant with a trigger condition, or with any of the 15+15 programmable L1/L2/L3/L4 filters.Suspicious packets can either be saved in a local hard disk drive or saved to a LAN, always at full wirespeed. As Net.Hunter has no IP or MAC address, it is undetectable whilst operations are executed, again at FULL bit rate in both directions [Tx+Rx], with ZERO delay [ns] and ZERO loss to the live traffic.

A TIRELESS & VIGILANT SNIFFER

In summary, Net.Hunter can filter, capture, tap and save packets to a local hard-disk at FULL wirespeed, wherever you are. Net.Hunter is a stream-to-disk device that can filter, copy, save and eventually tap packets at FULL wirespeed to assist those who need to monitor, tap and record any data, protocol or conversation without disturbing the live traffic or generating jitter, delay and loss.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Why Net.Hunter? Standard testers and probes are NOT able to provide the complete view that network experts need.

CASE STUDIES

· DEFENSE: ‘suspicious messages must be decoded seamlessly at any place of the network’
· SECURITY: ‘the firewall is not fast enough, we need a tool capable to filter & record potential hackers, malware and unauthorized access’
· OPERATOR: ‘go to the client premises and capture and time-stamp PTP traffic in both directions’
· NETWORKING: ‘how can we tap the packets in a live line without disturbing the rest of the traffic?’
· LAWFUL FORENSIC: ‘the courts have requested the police to capture all the messages from this IP address’
· ENGINEERS: ‘my protocol analyser does not work at that bit rate, what can I do?’
· MAINTENANCE: ‘we need to filter and tap from one splitter in the subway, but there is no power plug available!’

FEATURES & BENEFITS

Built as a field device it captures data at any point – Optic, Electric & Wireless:

– 100% firmware/hardware operation means wirespeed & nanosecond accuracy
– Non-stop packet capture 24/7/365
– Filter/Capture/Record at full duplex G/bit
– Captures at 2 x SFP (o/e) + 2 x RJ45
– WiFi captures by external accessory
– Capture to Storage at full wirespeed (1+1 GbE)
– Storage size: 60 or 120 G/Bytes hard disk drive
– 100% Filtering, Capture, Decoding, Recording & Aggregation by FPGA
– NTP synchronisation
– Synchronised PCAP Time Stamp
– Wireshark friendly for protocol analysis
– VoIP, IPTV, Data, TCP/IP and more
– Real time Multistream captures for IPTV
– No MAC, no IP: Undetectable
– No MAC, no IP: Cannot be hacked
– Monitor and Pass through oeration modes
– 1 Trigger Conditions
– Built-in Tap to 1000BASE-T
– 15+15 Programmable Filters
– Smart recording: first Filters and then Records
– VNC remote control
– Access via standard web browser
– IPv4 and IPv6
– Fault tolerant to AC power loss
– 4.5 hours of operation with batteries
– 2.6 lbs.

(+) MORE INFO: www.albedotelecom.com/products/nethunter/nethunter_zz_news1.html
(!) CHANNELS / OEM wanted
@ CONTACT : [email protected]

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...