Login | Help | Retrieve Data


Home > Support > FAQ


Will using an IPCopper packet capture appliance on my network slow down the speed of my internet connection or network?

No, our packet capture appliances pass through internet and network traffic with affecting transmission speed. At most, there may be a delay of a fraction of a millisecond — so small it is practically immeasurable.

Will an IPCopper packet capture appliance work with any type of Ethernet connection?

Pretty much. The ethernet ports are capable of 1 Gbps, which exceeds the connection speed of most offices. 10 GbE packet capture models are also available.

What if I only want to record the network activity for one computer? Can I do that?

Yes. Simply place the packet capture appliance between the specific computer and the rest of the network.

Do IPCopper packet capture appliances record Ethernet activity in both directions?


I have a switch with a SPAN port. Can I connect my IPCopper unit to the SPAN port?

Yes, IPCopper works as both a SPAN and pass-through packet capture appliance automatically. When changing from pass-through to SPAN (or vice-versa) no re-configuration is required.

Do I need a network tap to use IPCopper packet capture appliances?

No, IPCopper can function as its own network tap, combined with storage.

How long can I record internet and/or network activity before the hard drive on my IPCopper unit is full?

That depends on your organization's level of internet activity and the size of the hard drive. For a 20-person office, 1 TB would typically last for one to four years, depending on the level of usage. For more information, see our page on storage capacity. IPCopper models with overwrite capability simply overwrite oldest data when they reach capacity.

It seems to me that I use the internet a lot. Is it still possible that IPCopper can record months and even years of my activity?

Yes. Even though it may feel like you browse and download or upload a lot, 1 TB (1000 GB) is a lot of storage and would require a very large quantity of data to fill. Follow the link for more information on storage capacity.

How do I retrieve the recorded data from my IPCopper packet capture appliance?

You can download data directly from IPCopper to a PCAP file on your computer using the included utility. The PCAP format is compatible with many packet analysis utilities, such as Wireshark, NetworkMiner and tcpdump.

Will IPCopper appliances work with any type of operating system, such as Linux or MacOS?

Yes. It does not directly interact with your computer or network equipment, but simply records the internet / Ethernet / network activity that passes through it. Because of this, IPCopper will record the internet and network activity regardless of whether you are using Windows, MacOS, Linux or some other operating system.

Do IPCopper packet capture appliances record only IP traffic?

No, they record all Ethernet-based traffic, including IP traffic.

What if somebody breaks into my office and makes a copy of the IPCopper hard drive? Would they be able to access the information on it?

Not likely. 1) The information is mated to the physical hard drive installed in your IPCopper internet traffic recorder. This means that if the information is copied to another hard drive it would not be accessible by IPCopper. 2) All information is encrypted with the external key that is also mated to the hard drive installed in your IPCopper. This means that the key only works on the physical hard drive that came installed in your IPCopper unit.

What if someone steals or duplicates my key?

The key is mated to the IPCopper unit that it comes with and would not work with any other unit. In order for them to gain access to your data, they must physically be able to toggle the unit to retrieve mode AND have access to the data retrieval utility that came with your unit AND know where the IPCopper unit is placed in order to be able to use the utility.

How can I make a backup copy of the data recorded on my IPCopper unit?

You can download all of the data directly from IPCopper onto your computer in PCAP format. You could also buy a separate IPCopper unit and daisychain them together for realtime backup purposes. In effect, the second unit would be recording exactly the same information as the first.

Can data from my IPCopper unit be accessed without my cooperation?

No. Somebody has to physically toggle the unit into retrieve mode AND have access to the data retrieval utility that came with the unit in order to retrieve data from your IPCopper appliance.

Can somebody tamper with the hard drive in my IPCopper unit and erase the data without me knowing about it?

Any tampering with the hard drive or attempts to destroy data on the hard drive would render the IPCopper unit unusable and probably cause visible damage to the unit, which should alert you that something happened. For example, the IPCopper USC1030 and USC4060 feature an all-metal, sealed, tamperproof case that would require cutting tools to open up.

Can somebody insert data into my IPCopper hard drive that wasn't recorded there originally?

Theoretically it may be possible, however, the data is stored in such a fashion as to make it very difficult. There are certain sequences that must match and cross-check or else it would be very evident upon examination that the data was tampered with.

Can you help me authenticate the data on the hard drive of my IPCopper appliance?

Yes, we can examine the data sequences, checksums and data checks to see if they are consistent with properly recorded data. For more information, please contact us.

Can I export the data from my IPCopper packet capture appliance?

Yes, you can export the data from your IPCopper packet capture appliace into PCAP formatted files on your computer.

Can I use IPCopper packet capture appliances with third party utilities such as Wireshark, tcpdump and etc?

Yes, you can. You can download data from your unit into a PCAP-formatted file on your computer. The PCAP format can be used with a variety of packet capture analysis tools, including Wireshark, NetworkMiner and others.

I was under the impression that if an appliance was a 1-gigabit appliance it could operate at that speed continuously. Isn’t that how it is?

That is absolutely not the case for competition or IPCopper. IPCopper packet capture appliances can capture traffic at sustained speed of 400Mbps until full and at 1 Gbps for about 15 seconds. In the case of our competitors in the field of packet capture, their appliances’ minimum sustained capture speed varies from under 100 Mbps to 250 Mbps. Many choose not to publish their minimum sustained rate at all, instead making vague assertions that their appliance is capable of a theoretical, maximum or peak speed of 1 Gbps.

Why should I care about the minimum sustained capture speed?

The minimum sustained capture speed is really only of concern if you have a network that is over-utilized. A general rule of thumb is to keep sustained network traffic at 40% or less, so that usage spikes will not overwhelm your networking equipments’ buffers (causing packet loss).

Does minimum sustained speed mean that it will slow down my network to 400 Mbps?

No. Unlike the competition, IPCopper products introduce less than 1ms (0.001 sec) of a delay with typical delay pegged at about 0.2ms (0.0002 sec).

What about other types of traffic, such as VoIP?

VoIP is actually a lot easier to manage because it flows at a fixed rate, without “bursts.” Achieving a VoIP utilization of 400 Mbps requires several thousand simultaneous SIP sessions.

IPCopper: Achieving Data Security through Knowledge