2x10GbE ports / 4xGbE ports / 24 TB / 10 Gbps peak capture speed / 5 Gbps minimum sustained capture speed at 6 million packets per second
Continuous packet capture with bypass and GPS
Inline and dedicated SPAN/mirror port modes; retrieve data by date/time and IP/MAC address
Full packet capture with timestamps: all headers and payloads
10-Gbps network appliance for troubleshooting, security monitoring, auditing and diagnostics. Automatic/manual bypass keeps your network humming even in the event the appliance loses power or malfunctions. Integrates with IPCopper's management and analytics server.
The USC10G3 provides full wirespeed packet capture up to 10Gbps and its uses are numerous. Whether deployed in corporate, banking, healthcare, university or government settings, the USC10G3ís secure and flexible operation aids in the management, auditing and troubleshooting of data networks, easing the workload and increasing the effectiveness of busy IT network administrators. An indispensable cybersecurity and diagnostics tool that reduces the time-to-resolution of network events, the USC10G3 remains effective and relevant for the long-term, through and beyond the development of new malware variants and hacking techniques.
Combining 2 10-Gbps ports, 4 1-Gbps ports and 24 TB continuous-loop storage with ease of use, the USC10G3 is a packet capture powerhouse with extreme flexibility, capable of monitoring up to six networks in dedicated SPAN/mirror mode and up to three in inline mode (read a comparison of inline and SPAN capture). A peak capture speed of 10 Gbps and minimum sustained capture speed of 5 Gbps (at 6 million packets per second) ensure reliable, full capture of every packet header and payload.
The USC10G3 is truly operational straight out of the box: connect it to the network, power it up and it automatically starts passing and recording traffic Ė no configuration required. Launch the supplied Windows-based menu-driven management utility when ready and answer the simple questions to retrieve data or check status (management utilities for Linux environments). The USC10G3 is technology at its best: it handsomely fulfills a complex task, has broad usability and integrates easily into the existing network environment. Its key features include:
GPS time synchronization ensures that the data captured by the USC10G3 is accurately timestamped, which, along with high-resolution timestamping to one one-millionth of a second, enables exacting event reconstruction and assists in the forensic analysis of the data. For additional data management and analytics features, the USC10G4 integrates with our management and analytics server.
Like all our IPCopper packet capture appliances, the USC10G3 incorporates robust security features in its compact, stylish package, including electronic invisibility, encryption and physical access controls, as well as a tamperproof metal enclosure.
*How we tested the USC10M2's speed: We conducted two tests, using a separate IPCopper unit to create a sampling of 2 billion UDP packets with 64-byte payloads. For the first test the USC10M2 was in inline mode (both receiving and sending). We observed that the packets were received by the test unit, correctly sequenced, and subsequent analysis of the captured data showed that the packets were encrypted, indexed and stored in the correct sequence. For the second test, the USC10M2 was placed in SPAN/mirror mode (receiving only). With both tests we observed zero errors and also observed that the count of good packets matched the total number of packets sent. During testing we observed that the unit was able to successfully capture, forward, encrypt, index and store over 6 million packets per second, with an observed, sustained storage rate of up to 5.925 Gbps (including timestamps and other overhead) and a useful payload of over 5 Gbps (including headers for ARP, IP and UDP).
With any network appliance there is always the niggling, unwelcome question of "how big a headache will I have if it fails?" The USC10G3ís bypass handily answers this question in the most delightful way. In the event the USC10G3 loses power or otherwise malfunctions, it will automatically switch into bypass mode and continue passing traffic, even if it isnít able to record it. In effect, the USC10G3 removes itself from the network without any user effort required and without any damaging disruption to network operations.
Bypass mode creates exciting possibilities for deployment. You can deploy it on critical links where you need 24/7 or only occasional visibility, yet be assured that if the worst happens and the appliance fails or someone unwittingly unplugs it from power, the network will continue to function. At worst, the unit wonít be able to capture anything, but it wonít bring a halt to network traffic.
Bypass mode gives you great flexibility, allowing the USC10G3 to be placed proactively at any network location that you may want to monitor in the future, or only monitor intermittently. You can also manually turn bypass mode on and off, as needed, without sacrificing security due to our patent pending technology that allows remote access via an encrypted connection.
In the case of loss of power, bypass mode kicks in practically instantaneously, allowing the USC10G3 to pass network traffic even if it is OFF. In the event the unit malfunctions, a watchdog timer ensures that the port pairs switch over into bypass mode to prevent network interruptions. Depending on the particular packets passing through at the time, it may take one to six seconds for the switch to take effect after a malfunction Ė ranging from unnoticeable to little more than a hiccup for most equipment communicating along the network path.
We built our secure operating system from the ground up, with a focus on data security, speed and accuracy of capture. The proprietary multi-core software powering the USC10G3 runs in parallel directly on the IPCopper hardware.
It goes without saying that the USC10G3 captures packets exactly as they arrive, in their entirety. Just as important are the speed of processing and accuracy of timestamping. Accurate timestamping is fundamental to accurate packet capture, and accurate timestamping is one of the things that sets IPCopper apart. The USC10G3 can capture, relay, encrypt and record a minimum of 6,000,000 packets per second. While others may operate on a scale of milliseconds, IPCopper OS operates on a nano scale.
The unnecessary overhead generated in other systems results in lost accuracy, skewed timestamping, diminished performance, increased heat generation and, ultimately, lost packets.
IPCopperís operating system, on the other hand, is like a well-tuned orchestra. Many things are taking place simultaneously, yet are synchronized in a highly precise fashion to deliver optimal performance and accuracy in a compact, power-efficient package.
When capturing network traffic, you donít want to create an open treasure trove of data for anyone who may be browsing. Therefore, during the capture and record process, the USC10G3 also encrypts the captured data twice, using a very long key, before writing it to disk. Additionally, the unit features a stealthy network profile that keeps its presence invisible on the network and safe from prying eyes.
So, what makes our IPCopper OS secure? Simple: the weakness in using other operating systems as platforms for packet capture (and other dedicated tasks), is the necessity of eliminating many unwanted functions so that they are not accessible to hackers, but without destabilizing the system. This is a challenging, if not impossible, task. In the case of IPCopper OS, we have a purpose-built system, with the purpose being secure performance.
Keeping accurate time is a challenge on even the most modern computing and networking equipment, primarily due to the tendency of computer clocks to drift. Even if a computer clock is accurate to 30/1,000,000 of a second, after one million seconds the clock will have drifted 30 seconds (the specification for HPET 1.0 — high precision event timers — which are used in modern computers, expects drift of less than 500/1,000,000 seconds). In computing, keeping clocks synced is a constant task.
The IPCopper USC10G3 includes a very accurate GPS-powered timestamping system that allows for a timestamp resolution of 1/1,000,000 of a second. Accurate time is important when examining packet capture data or reconstructing network events forensically, therefore, it is important to know exactly when a packet arrived Ė not simply within a minute or two.
The USC10G3ís GPS time sychronization is fully automatic. Simply hook up the included external antenna and the unit will synchronize its time with the broadcast GPS time every time it boots up. If for whatever reason GPS time synchronization is not desired, simply disable it either for one boot cycle or permanently. The USC10G3 comes with a high accuracy clock. Our tests of a live IPCopper unit showed that the clock was off by less than 1½ seconds after 20 weeks. That is equivalent to a drift of 0.125/1,000,000 seconds. The best strategy to keep the clock accurate is to allow the IPCopper unit to resynchronize with GPS time at regular intervals, to avoid deviations over time.
The USC10G3 is accessible via Ethernet using the management utility for data retrieval and status checks.
Accessing the USC10G3 is satisfyingly simple, even though the unit does not have its own IP or MAC addresses. Instead, it relies on patent-pending technology that enables secure access via an encrypted, disguised connection, using the supplied Windows utility and its simple instructions — all the while the unit remains hidden from digital prying eyes.
The unit also incorporates a manual security feature, by means of the retrieve button on the front panel. Until retrieve mode is engaged by pressing the retrieve button, the unit will not respond to any management commands. This gives you very close access control for when you need the extra security. It also provides flexibility when remotely deploying the unit; if you need to access a unit remotely because it is in an unmanned location, you can permanently engage retrieve mode using the management utility.
During data retrieval sessions, the USC10G3 continues to operate as normal, recording all the packets passing through. It also keeps a log of access requests, if needed for later review.
The standard management utility that comes with your IPCopper packet capture appliance is a Windows-based menu-driven utility that allows for easy data retrieval for general users through a Q&A session. The utility may be customized for deployment in a Linux environment.
For additional data management and analytics features, the USC10G4 integrates with our management and analytics server.
When recording anything, you want ensure that you keep control over the data. IPCopper has you covered, in a multitude of ways:
IPCopper packet capture appliances may be deployed in a variety of locatons around a network. Where you should place your unit depends on the type of network traffic you intend to capture.
It is highly recommended to connect the unit to power via a UPS (uninterruptible power supply) and/or surge protector for protection against power spikes and other fluctuations in the electrical grid.
Error light is illuminated.
Nothing happens when attempting to power up the unit.
One year from date of purchase. For more information, see our warranty page.
3/11/15 — 6 Ways The Sony Hack Changes Everything