Network Traffic Analyzer

"Network Traffic Analyzer" - system for telecom operator's network monitoring and surveillance, failure tracking and traffic analysis in real time.



  • Background statistical control of network metrics aiming at malefactor’s profile detection;
  • Automatic blocking of malefactor’s traffic in all controlled network;
  • Configured levels and verification regimes for the selected subnets, personal account for operator's subscribers;
  • Blocking of attacks originating from subscribers;
  • Special functions of protection against highly distributed attacks;
  • Possibility of manual analysis and setting rules;
  • Possibility of distribution of network probes;
  • Possibility of active protection of WEB-services at the level of applied sessions;
  • Detecting of a broad spectrum of DDoS-attacks;
  • Reports in the real time mode;
  • Automatic recording of traffic attack dumps, retrospective analysis.

Basic list of detected attacks:

  • Information telecommunication resources scanning;
  • Illegitimate traffic on the unclaimed protocol and/or port (UDP Flood, ICMP Flood);
  • Attack by IP-packets fragments with incorrect contents;
  • Slow DoS attacks, SlowLoris, SlowPost and their analogs;
  • Initiation of connection at the transport layer of TCP/IP stack (TCP Syn Flood);
  • Installation of full TCP-connection with its further dropping without data exchange inside the socket (TCP Connection Flood);
  • Attack with the use of DNS protocol and generation of legitimate queries/ answers, including DNS Amplification;
  • Attack with the use of NTP protocol and generation of legitimate queries/ answers, including NTP-Amplification;
  • Sending data on HTTP/1.0 or HTTP/1.1 protocol without protocol specification;
  • SIP-service attack;
  • SMTP-service attack;
  • FTP-service attack;
  • Spoofing attacks of any level of complexity, such as TCP and UDP;
  • Highly distributed TCP, UDP attacks (including HTTP flood);
  • Distributed attack on the Customer’s specific service.

Technical characteristics:

  • 1RU probe with a possibility of processing up to 10 Gbit/sec of transit traffic, including different  flood options;
  • Possibility of safe inline connection or BGP routing scheme;
  • Hardware connection devices with fault tolerance function;
  • Possibility of hardware balancing of loading from 40 Gbit/sec and 100 Gbit/sec channels.

The system is intended for use in the network core of telecom operator/Internet service provider. Integration of DDoS-protection services into the range of services of the telecom operator is also possible.

NORSI-TRANS offers 10G 40G 100G 1000G network systems for implementation. The company provides 24/7 support and participation of the specialists in the development of the strategy of communication network protection.