THE SHARK DISTRIBUTED MONITORING SYSTEM

10 GbE Shark Appliance Model SA-10G2P-208

The Shark Appliance

The Shark Appliance is a turnkey hardware and software solution providing high-performance, multi-gigabit per second,
network traffic analysis, recording, monitoring, and reporting.

Wireshark Within
The Shark Appliance includes the only network analysis software fully integrated with
Wireshark, the worlds most popular network
protocol analyzer. This integration makes the
prodigious collection of Wireshark Display
Filters available for use within the network
analysis software engine. Using the visual
selection and drill-down features of the Pilot
Console, the Send to Wireshark feature is
used to export only the selected subset of the traffic to the Pilot
Console for detailed packet protocol inspection with Wireshark.

Based on CACE Technologies high-performance 1GbE

and 10GbE TurboCap capture cards, the Shark Appliance
is capable of sustained line-rate, multi-gigabit per second
recording of network traffic without packet drops.
The Shark Appliance provides an effective and
indispensable tool for the manipulation and in-depth
analysis of multi-terabyte network traffic recordings.
Fully integrated with Wireshark, the Shark Appliance
supports packet filtering based on Wireshark BPF and
Wireshark Display filters.

Global Network Visibility

By placing Shark Appliances at strategic vantage points in your
network you will significantly improve your network visibility in
geographically distributed network locations. The number and
placement of Shark Appliances will be determined by factors
such as your distributed network architecture, mission-critical
applications, traffic recording needs, and security design.

The Shark Appliance seamlessly integrates with the Pilot

Console (an enhanced version of CACE Pilot) supporting
an intuitive drag-and-drop multi-level drill down for
local and remote analysis and troubleshooting.
Example deployment of Shark Appliances and Pilot Consoles
10GbE Span Port

1GbE Span Port

Shark Appliance
Datacenter

Pilot Console

Helpdesk

Shark Appliance
Manufacturing

Internet
or
Corporate
Network

HQ
1GbE Span Port

Shark Appliance

1GbE Span Port

Pilot Console

Shark Appliance
C A C E Te c h n o l o g i e s

Remote
Site

Multi-Gigabit Per Second Ethernet Traffic Capture

The Shark Appliance includes the Shark Packet Recorder which
is capable of continuous recording of multi-gigabit per second
network traffic to disk without packet drops. The Shark Packet
Recorder is a customized dump-to-disk utility based on the 1GbE
and 10GbE TurboCap cards and a RAID-enhanced and specially
designed packet storage system.

Enhanced Retrospective Analysis with Multi-Terabyte

Packet Recordings
No more awkward file rotation schemes resulting in thousands
of files and file boundaries representing a single recording. A
multi-terabyte packet recording is represented as a single virtual
file in the Pilot Console and, through the use of a powerful
and intuitive drag-and-drop graphical user interface, the user
can quickly isolate arbitrary time intervals of interest within a
recording and perform in-depth analysis and traffic visualization.
Trending/Indexing data is also available for high-speed analysis
of terabyte traffic recordings.

Remote Live and Off-Line Troubleshooting

The Shark Appliance supports a wide variety of network protocols and traffic analysis metrics (called Views) to meet all of
your monitoring, reporting,
and troubleshooting needs.
Views can be applied to live
traffic on the Shark Appliances
local network interfaces or to
off-line network traces stored
in the Shark Appliances storage
system. Typical Views include:
LAN and Network troubleshooting (MAC, VLAN, ARP, ICMP,
DHCP, DNS)
Bandwidth usage (including micro-bursts, IP, TCP, WEB, VoIP)
Talkers and conversations (IP, subnets, countries, TCP, WEB,
VoIP)
Performance and errors (IP, TCP, Web, VoIP)
User activity (Web, VoIP)

Navigation Through Vast Amounts of Data

with a Few Mouse Clicks
The seamless interaction between the Pilot Console and Shark
Appliance supports the innovative Time Control technology,
whereby a user can move
through View metrics calculated over extended periods
of time with just a few mouse
clicks. Based on the selected
time interval, advanced subsampling and data aggregation techniques are used to optimize the granularity of the visual
presentation and minimize the bandwidth usage between the
remote Shark Appliance and the Pilot Console.

Professional Reports Generated On Demand

The Shark Appliance supports enhanced report generation from
displayed Views. Upon request from the Pilot Console, the Shark
Appliance generates the data
for a report based on one or
more Views. The report data is
then sent to the Pilot Console
for rendering and immediate
presentation.

Seamless Integration with

the Pilot Console
The Pilot Console is an enhanced version of CACE Pilot designed
to seamlessly and securely connect with one or more remote
Shark Appliances. All of the features of CACE Pilot are available in
the distributed environment, including an extensive collection of
Views, drill-down analysis, retrospective visualization and analysis of long-duration traffic statistics, a flexible trigger-alerting
mechanism, and simplified professional report generation. Once
connected, the interaction between the Pilot Console and Shark
Appliance appears as if it were local, and remote traffic sources
appear as local sources to which Views can be applied.

Performance Monitoring Using Triggers and Alerts on

Network Metrics
The Shark Appliance supports Watches, a sophisticated triggering and alerting technology. A Watch consists of a trigger condition on a View metric and a set of actions to be carried out whenever the
trigger condition is met. You can, for
example, be alerted on high bandwidth usage, slow server response
time, high TCP round trip time, and
much more. When a Watch running
on a Shark Appliance detects that
a threshold has been crossed, the Shark Appliance will execute
one or more actions. The available actions include sending an
email/Twitter message and starting/stopping a capture job.

Pilot Consoles Interactive and Intuitive User Interface

C A C E Te c h n o l o g i e s

Sample Shark Appliance Configurations

(does not include a Pilot Console)

1GbE Shark Appliance

(SA-1G2P-104)

10GbE Shark Appliance

(SA-10G2P-208)

Network analysis and monitoring engine

yes

yes

Shark Packet Recorder

yes

yes

Form Factor (rack mount)

1U

2U

Processors

2 x Intel Nehalem Quad Core

E5520 2.26GHz

2 x Intel Nehalem Quad Core

E5520 2.26GHz

Memory

6GB

12GB

DVD-ROM

1 (one)

1 (one)

OS File system

500GB (7200 rpm)

500GB (7200 rpm)

Raid Controller

Hardware RAID level 0 (8-lane PCIe)

Hardware RAID level 0 (8-lane PCIe)

Storage

4 x 1TB (SATA II, 7200 rpm)

8 x 1TB (SATA II, 7200 rpm)

Packet Capture Interface

1 x TurboCap 2-port Adapter

(2 copper 1 GigE ports)

1 x 10GbE TurboCap 2-Port Fiber Adapter

(2 SFP+ ports w/o inserts)

Pilot Console GbE Management Interfaces

Operating System

Customized Linux-based OS

Customized Linux-based OS

2 Gbps to disk, any frame size, without

packet drops

4 Gbps to disk, any frame size, without

packet drops

Software

Hardware

Shark Packet Recorder Storage System

Performance Specifications
Record-to-disk performance

About CACE Technologies, Inc.

CACE Technologies Inc. is the sponsor and innovative force behind Wireshark and WinPcap, the worlds most widely used Open Source network
traffic capture and analysis tools. The company develops cutting-edge
network analysis and troubleshooting products that complement
Wiresharks prodigious packet inspection capabilities. The CACE Shark
Distributed Monitoring System provides enterprise-class, end-to-end
network monitoring and analytics capabilities and extends the Wireshark experience into distributed network environments. Known for its
user-friendly modular products, the company offers the most cost-effective analysis solutions for modern enterprise networks.
CACE Technologies, CACE Pilot, Shark Distributed Monitoring System (SDMS), Shark Appliance, Shark
Appliance Kit and CACE Pilot Console are registered trademarks of CACE Technologies. All trademarks, registered trademarks, service marks or registered service marks are the property of their respective owner/s.
Information in this document is subject to change without notice.
2010 CACE Technologies, Inc. All rights reserved.

C A C E Te c h n o l o g i e s

CACE Technologies
1949 5th Street, Suite 103
Davis, CA 95616
tel: 530.758.2790
fax: 530.758.2781
www.cacetech.com