Corvil Capture

A core requirement for the network team is to be able to provide fast access to packet captures on-demand. Compliance, Security and Operations functions all benefit from access to packet captures. Corvil Capture delivers exceptional drop-free capture rates, coupled with an intuitive UI for fast retrieval. The Corvil Capture UI offers a powerful responsive experience that requires no training or support, with familiar filters and syntax for finding and exporting packet captures, fast. Corvil Capture is built on top of the core packet-acquisition architecture of the Corvil platform, to give you continuous, reliable capture in the most demanding environments.

Benefits

  • Network Ops personnel have fast access to packet captures with zero learning curve
  • Vendor agnostic support for all network packet brokers port tagging and time-stamping capabilities
  • Maximises use of on-board storage with real-time compression at line rate
  • Centrally managed for software upgrades, fault notification and diagnostics
  • Full API support for retrieval and filtering of captures
  • Easy upgrade path to full Streaming Analytics capability

DATA COLLECTION

Corvil Capture provides high-rate capture to disk with accurate hardware timestamping. Leveraging Corvil’s core packet processing architecture, Corvil Capture offers reliable glitch-free capture with many additional capabilities.

Capture Appliance Range

Corvil Capture is available on a range of high-performance capture and storage appliances, with support for up to 40G traffic rates without drops.

Network Packet Broker Support

Support for all network packet brokers (NPB) port tagging and time-stamping capabilities, including Apcon, Arista, Cisco, cPacket, Gigamon, Ixia, Netscout and VSS. Port-tagging support allows you to filter, deduplicate and export traffic arriving on different upstream NPB ports. Timestamping support allows you to make use of upstream timestamps to get precision even when there is congestion in your data collection path.

Deep Data Buffering

Absorb extended line-rate traffic bursts without drops, with up to 32GB of ingress buffering.

External Synchronization

Support for sub-microsecond synchronization to external sources using Pulse Per Second (PPS) and Precision Time Protocol (PTPv2 / IEEE 1588).

Streaming Compression

All data is compressed before being written to disk, maximising the available capture history.

Data Quality Assurance

Corvil Capture continuously monitors the completeness and accuracy of the captured data. Missing TCP data is reported, as this is symptomatic of drops upstream of the Corvil appliance. Also, overloaded SPAN sessions are detected and reported, as these can affect the accuracy of packet timestamps.

Leading Support For Duplicate Traffic

Optionally deduplicate traffic either at the level of the entire frame, or at the level of IP packets. Where traffic is deliberately captured at multiple points, easily filter your exports by physical Corvil port, or by ‘virtual’ upstream network packet broker port.

DATA ACCESS & EXPORT

Packet Capture Export

For immediate access to captures, the Packet Capture Export screen provides a simple yet powerful interface. Select a time period, optionally choose physical ports and filtering, and press the export button to download pcap to your desktop. Filtering supports industry standard Berkeley Packet Filtering (BPF) and Wireshark™ syntax, for maximum productivity and ease of use.

Corvil Capture Event Inspection Interface

Visibility and access to the packet capture details is possible through the Event Inspection interface which allows for drilling down into packets and time series views. Filtering and time period selection for export is also possible using the Packet Capture Export feature.

Power Users

For power users, a command-line interface provides access to all export and filtering options, and also provides access to the industry-standard tshark utility, offering a wealth of analysis and visibility to assist in troubleshooting and targeted export. For example, use tshark to identify all HTTP traffic with TCP zero-window alerts and identify top-conversations before doing a filtered export.

API Support

Corvil Capture offers comprehensive API access to capture and analytics. Use the API to retrieve PCAP files, with support for all the filtering available at the GUI. Or retrieve a text file of packet headers, or retrieve a timeseries of microburst for all traffic to a particular host.

Corvil Center

Corvil Center leverages Corvil’s distributed analytics to provide a unified view of all application and network performance over Data Center / LAN and Cloud Services / WAN infrastructure. It provides a single point of access to Corvil deployment for click-through root cause analysis and simplified configuration/administration of the appliances. Corvil Center offers a single point of configuration and maintenance including automated configuration management, remote upgrades, and a real-time view of the health status for all managed Corvil appliances.

Key Use Cases

  1. Immediate access to captures with one click export to download standard pcap files to your desktop using the Packet Capture Export UI
  2. Drilldown into packets and timeseries via the Corvil Capture Event Inspection interface
  3. Power User Analysis via the Command-line interface, including the ability to interrogate and pre-analyse captures before export with familiar tshark utility