Colasoft

 © Copyright 2017 All Rights Reserved   | Mboneni Teledata
Products NetBrian Palo Alto NetScout Fluke Networks Ekahau Rajant
Services | Consulting Wireless Security Analysis | Troubleshooting • Design • Airmagnet Enterprise • Lan • Analysis • Penetration Testing • Survey Auditing Wired Audits • PCI / Iso 27001 • Palo Alto • Hippa Design • Defense • Vlans • Subnetting
Colasoft nChronos Network Performance Analysis Solution
Overview Colasoft   nChronos,   integrating   real-time   surveillance   with   back-in-time   analysis,   is   an   enterprise-class   network   monitoring   and   performance   analysis   solution.   Designed   for   24x7   network   packets capturing,   analysis   and   storage,   dedicated   to   the   sustainable,   efficient   and   safe   running   of   networks,   Colasoft   nChronos   provides   a   reliable   data   basis   for   determining   constructive   suggestions   for enterprise   profit   growth.   Excellent   in   data   drilldown,   data   tracing   and   locating,   and   security   forensics,   nChronos   makes   it   possible   to   troubleshoot   historical   network   issues   by   rewinding   and zooming   in   to   any   previously   recorded   time   period.   This   feature   saves   a   tremendous   amount   of   time   and   effort   that   would   be   required   to   reconstruct   network   scenarios.   Besides   troubleshooting network issues, Colasoft nChronos can also be used to evaluate and benchmark long term network performance along with auditing user activity.
Benefits for Network Engineers Traffic Visibility  The real-time trend charts show traffic status graphically, to give users a clear  understanding of network traffic. Comprehensive statistics tell network traffic distribution. Intelligent Alerts – Wit rich alarm types and alarm triggers, nChronos is able to find abnormal network traffic at the very first time, which is helpful to prevent application and service interruption. Forensics Truth  When faults happen, nChronos can provide the proof whether the faults are caused by  networks or applications, so as to stop finger pointing. Scenario Reproduce – With the back-in-time analysis, it is convenient to reproduce the original scene how the issues happen. No need to wait for the issues to happen again.
Value and Advantages With   an   analysis   performance   of   up   to   20   Gbps,   Colasoft   nChronos   is   able   to   capture   large   traffic   of   backbone   links   in   line   speed,   and   to   analyze   and   store   the   traffic   in   real-time,   and   able   to   monitor several   network   adapters   simultaneously   to   aggregate   the   traffic   from   multiple   links.   With   a   storage   capacity   of   hundreds   of   TB,   Colasoft   nChronos   is   able   to   store   the   real-time   analysis   results   and packets. Together with a storage filter and splicing storage technology, nChronos is able to store only the interested and useful information, which makes the storage space utilized effectively.
Features Long-term capturing and recording With     the     huge     storage     capacity,     the     original packets,    data    stream,    conversations,    application logs,   and   all   analysis   statistics   can   be   stored   for long term. Real-time monitor & analysis Colasoft      nChronos      offers      real-time      network statistics.    With    the    Real-time    statistics,    network administrators      can      instantly      understand      the current pattern of the network. Drill-down analysis Colasoft     nChronos     offers     complete     access     to application    level    traffic    flows,    network    statistics and    data    links    information    across    all    seven    OSI layers level Packet decoding Colasoft nChronos offers a powerful ability to help IT professionals to conduct in-depth network analysis and optimize the entire network performance so as to increase enterprise network productivity.
Retrospective analysis Colasoft    nChronos    can    fast    retrieve    the    traffic packets   at   any   time   period   and   simultaneously   drill down for data-mining and full analysis.
Schedulable, user-defined reports Colasoft   nChronos   provides   both   system   and   user - defined   reports.   Reports   can   be   sent   to   specified email   recipients.   Users   can   schedule   hourly,   daily, weekly and monthly reports. Alerts and abundant alarm parameters Colasoft nChronos helps users to create a network baseline, setup online triggered alerts for network events for warning and preventing network  outrages. Application performance analysis and transaction analysis Colasoft nChronos can define custom application monitoring functions as well as transaction monitoring based on the application data.
Technical Specification nChronos Appliance Small Office Mid-size Office Large Office or ISP  Series 500 Series 2500 Series 3500 Series Model NS504T-D NS2504T-D NS2504ST-D NS3504T-D NS3504ST-D NS3514T-D Profile 1U 1U 2U 
Throughput Capacity
1Gbps 2Gbps 5Gbps 
Conversation Capacity
50,000/s 70,000/s 300,000/s 
pps 200,000pps 350,000pps 800,000pps  CPU 1*E3 1*E3 2*E5 Storage 2T 4T 8T 16T  RAID RAID1 RAID5 RAID5 RAM 16G 32G 64G  Ports 4*1Gb RJ45 4*1Gb RJ45
2*1Gb RJ45 +2*1Gb SFP
4*1Gb RJ45
2*1Gb RJ45 +2*1Gb SFP
4*1Gb RJ45 Power 250W 350W in 1+1 redundant 750W in 1+1 redundant nChronos Appliance Large Office or ISP ISP  Series 3500 Series 4500 Series 9000 Series Model NS3522X NS4528ST NS4522X NS4526SX NS9022X  Profile 2U 2U 2U+2U 
Throughput Capacity
5Gbps 10Gbps 20Gbps
Conversation Capacity
300,000/s 500,000/s 700,000/s 
pps 800,000pps 3,000,000pps 5,000,000pps  CPU 2*E5 2*E5 2*E5  Storage 16T 24T 48T  RAID RAID5 RAID5 RAID5 RAM 64G 128G 128G
Ports 2*10Gb SFP
4*1Gb RJ45 +4*1Gb SFP
2*10Gb SFP
4*1Gb SFP +2*10Gb SFP
2*10Gb SFP Power
750W in 1+1 redundant
750W in 1+1 redundant
750W in 1+1 redundant
Colasoft Case Studies
Abnormal Traffic Analysis
Problem Description A business system of an ISP machine room had abnormal traffic for a time period. There will be a traffic burst every 1 hour, the burst lasted about 5 to 10 minutes, and the traffic were mainly sent by the business system hosts. In order to determine the cause of the problem, nChronos Server is deployed bypass on the distribution switch of the business system for long-term packet capture analysis. Analysis Procedure Analyze traffic during normal period First, we analyzed the traffic of the business system during normal period. It can be seen from the figure below that the peak traffic of normal period is 13.65Mbps (second-level accuracy) and the average traffic is 8.47Mbps.
During normal period, the traffic volume between 10.199.90.51 and xx.125.96.36 was obviously greater than other communication pairs, as shown in the figure below. Analyzed the traffic between the two hosts, checked with the business system people and found that the traffic was normal for business communication.
Analyze traffic during abnormal period At around 15:55 on the day when nChronos Server was deployed, there was a traffic burst, with peak traffic reaching 85.53 Mbps (second-order accuracy), as shown below:
At that moment, the IP conversation with the largest traffic volume was happening between 10.199.90.51 and 10.199.72.168, and the traffic volume far exceeded that of the communication between 10.199.90.51 and xx.125.96.36, as shown in the figure below:
Extracted the packets of the IP conversation, and found that 10.199.90.51 accessed 10.199.72.168 through the TCP port 3181, and the data were almost sent from 10.199.90.51 to 10.199.72.168. The conversation contained a lot of information similar like system, but the log entries are all for May 2014, as shown in the figure below.
After verification, 10.199.72.168 is a network management platform, and the port 3181 is also the service port of the network management system. Analysis Conclusion Through the above analysis, the periodical traffic burst was the communication between the business system in the machine room and the network management server. It can basically rule    out    the   possibility   of    direct   attacks    from   external    networks. From the communication content, it should be 10.199.90.51 reporting the history logs to the network management system. To further locate it, it is recommended to check the host 10.199.90.51 and the network management system to determine whether the data content and the volume are normal or not.
Tel: +2712 386 9000 Fax +2786 589 1036 Cell: +2782 326 0405 Email: leon@mboneni.co.za 3-231 Rust Building Frikkie Meyer Street Pretoria Industrial