Packet storage and recall
As Trisul meters network traffic, it continuously saves raw packets for future analysis.The ability to call upon raw packets, or full content, is key to the practice of Network Security Monitoring. Raw packets is not just useful for security applications but also for network performance troubleshooting. For example, you can pull up ARP/Spanning Tree packets which can help you nail a layer 2 issue.Packet Capture Basics describes the design of in greater detail.
Optimized packet storage requirements
One of the major challenges of real time packet storage is concerns about the disk throughput and storage requirements when handling busy links. Make use of Trisul’s sophisticated techniques to dramatically reduce the packets you need to store. Using the Trisul LUA API you can even control packet storage policy at a granularity of flow.
Streamlined PCAP drilldown workflows
Most objects in Trisul can be drilldown to raw packets with the click of a single button.
Quickly dive to PCAPs
Flows, alerts, resources to PCAP
Merged PCAP
Consolidate results of investigation into a single merged PCAP automatically
Reduce disk of older PCAPs
Built in pruning tool compresses older PCAPs by flow size
Encrypted by default
Stay secure ! Trisul stores packets encrypted