Flowmon Traffic Recorder 10.0 – Revolution Continues

New major release of Flowmon Traffic Recorder is now available. Whenever you need to go beyond flow visibility level, Traffic Recorder is here to help with scale from 1G up 100G networks. Version 10.0 comes with fully flexible capture criteria and in-memory rolling buffer for raw packets. Don’t miss a packet and don’t miss this blog post.

Posted on

Flexible Capture Criteria

Nobody wants to waste time by going through tons of packets while investigating or troubleshooting network related issues. Traffic Recorder version 10.0 comes with completely redesigned capture engine that enables flexible capture criteria definition. You are able to target your captures better than ever before. Use filters for individual attributes, combine simple filters using and and or operators, simplify your work with not operator to exclude specific traffic and combine everything together using brackets in nested filters. Multiple rules within one capture task are still available so you can structure your capture filters while keeping everything easy to understand and visible.

Flowmon Traffic Recorder 10.0 also comes with revised GUI in line with new Flowmon 10.0 concept for excellent user experience and intuitive workflows.

Don’t Miss Important Packets with Rolling Buffer

As the flow technology is near-real time, starting a packet capture based on what you see in flow data also means missing start of the communication. Well, not anymore. Traffic recorder now has in-memory rolling buffer which stores first several packets for each flow and adds the packets to captured traffic when matching filter for particular capture task. As the first packets of each flow are the most important ones, you will not miss any important information.

Rolling buffer does not only add packets to on demand packet capture. It also works with packet capture triggered by Flowmon ADS. Based on event detection in Flowmon ADS, packet capture can be automatically initiated in Flowmon Traffic Recorder to provide full trace of malicious communications for forensic analysis including the most important first packets where you can usually observe command and control communication or base of data exfiltration.

Rolling memory stores first N packets of flow record. You can configure N, so how many packets of each flow will be stored in the memory. Packets can be stored either for each flow record or you can define filter to narrow down the desired range of flows. Packets are stored for specified period of time (time to live, in seconds) or until allocated memory is full. Than oldest packets are overwritten. 

Explore the Flowmon interactive demo

Experience a fully interactive product demo to see what issues Flowmon can tackle for you.

Launch Demo