Continuous packet capture with bypass and GPS
Inline and dedicated SPAN/mirror port modes; retrieve data by date/time and IP/MAC address
Full packet capture with timestamps: all headers and payloads
Universal appliance for network monitoring, troubleshooting and debugging. Automatic/manual bypass allows traffic to traverse the appliance even when the appliance is powered off. GPS time synchronization ensures accurate timestamping to 1/1,000,000 of a second.
Our USC6042 4-port packet capture appliance combines convenient 4 TB continuous loop storage with a host of versatile features and ease of use, making it the ideal full packet recorder for any network, regardless of whether you require permanent, always-on recording or spot monitoring. 100% packet capture with minimum sustained capture speeds of 400 Mbps and minimum packet rates of 100,000 packets per second make sure you capture every packet, every time. With true bypass, the USC6042 is worry free: automatic switching into bypass mode ensures your network’s continued operation even in the event of power loss or malfunction.
When it comes to installation, the USC6042 keeps it simple. Connect the cables, connect power and the unit turns on and boots up automatically. The USC6042 requires no special accommodations, additional equipment or other changes to the network to operate. When in inline mode, it acts as its own network tap; when in SPAN mode, simply connect the cable to your router or switch’s SPAN/mirror port.
With the USC6042’s four ports come extreme flexibility and you can configure each pair of ports independently. Here are some examples:
The USC6042 is particularly useful for monitoring load-balanced connections. During retrieval the unit can seamlessly merge the separate data streams into one. Regardless of which port it arrived on, the data recorded is internally synchronized, making for easier analysis (as opposed to recording each stream separately and attempting to artificially merge later on).
GPS time synchronization ensures that the data captured by the USC6042 is accurately timestamped, which, along with high-resolution timestamping to one one-millionth of a second, enables exacting event reconstruction and assists in the forensic analysis of the data. A menu-driven Windows-based management utility simplifies data retrieval, status checks and changing settings with its Q&A style interface (management utilities for Linux environments).
Like all our IPCopper packet capture appliances, the USC6042 incorporates robust security features in its compact, stylish package, including electronic invisibility, encryption and physical access controls, as well as a tamperproof metal enclosure.
With any network appliance there is always the niggling, unwelcome question of "how big a headache will I have if it fails?" The USC6042’s bypass handily answers this question in the most delightful way. In the event the USC6042 loses power or otherwise malfunctions, it will automatically switch into bypass mode and continue passing traffic, even if it isn’t able to record it. In effect, the USC6042 removes itself from the network without any user effort required and without any damaging disruption to network operations.
Bypass mode creates exciting possibilities for deployment. You can deploy it on critical links where you need 24/7 or only occasional visibility, yet be assured that if the worst happens and the appliance fails or someone unwittingly unplugs it from power, the network will continue to function. At worst, the unit won’t be able to capture anything, but it won’t bring a halt to network traffic.
Bypass mode allows the USC6042 to be placed proactively at any network location that you may want to monitor in the future, or only monitor intermittently. You can manually turn bypass mode on and off, as needed, without sacrificing security due to our patent pending technology that allows remote access via an encrypted connection.
In the case of loss of power, bypass mode kicks in practically instantaneously, allowing the USC6042 to pass network traffic even if it is OFF. In the event the unit malfunctions, a watchdog timer ensures that the port pairs switch over into bypass mode to prevent network interruptions. Depending on the particular packets passing through at the time, it may take one to six seconds for the switch to take effect after a malfunction – ranging from unnoticeable to little more than a hiccup for most equipment communicating along the network path.
We built our secure operating system from the ground up, with a focus on data security, speed and accuracy of capture. The proprietary multi-core software powering the USC6042 runs in parallel directly on the IPCopper hardware.
It goes without saying that the USC6042 captures packets exactly as they arrive, in their entirety. Just as important are the speed of processing and accuracy of timestamping. Accurate timestamping is fundamental to accurate packet capture, and accurate timestamping is one of the things that sets IPCopper apart. The USC6042 can capture, relay, encrypt and record a minimum of 100,000 packets per second, which means it must respond to a packet within ten microseconds. While others may operate on a scale of milliseconds, IPCopper OS operates on a nano scale.
The unnecessary overhead generated in other systems results in lost accuracy, skewed timestamping, diminished performance, increased heat generation and, ultimately, lost packets.
IPCopper’s operating system, on the other hand, is like a well-tuned orchestra. Many things are taking place simultaneously, yet are synchronized in a highly precise fashion to deliver optimal performance and accuracy in a compact power-efficient package.
When capturing network traffic, you don’t want to create an open treasure trove of data for anyone who may be browsing. Therefore, during the capture and record process, the USC6042 also encrypts the captured data twice using a very long key before writing it to disk. Additionally, the unit features a stealthy network profile that keeps its presence invisible on the network and safe from prying eyes.
So, what really makes IPCopper OS secure? It’s a very simple: the weakness in using other operating systems as platforms for packet capture (and other dedicated tasks), is the necessity of eliminating unwanted functions so that they are not accessible to hackers, but without destabilizing their systems. This is a challenging, if not impossible, task. In the case of IPCopper OS, we have a purpose-built system, with the purpose of secure performance.
Keeping accurate time is a challenge on even the most modern computing and networking equipment, primarily due to the tendency of computer clocks to drift. Even if a computer clock is accurate to 30/1,000,000 of a second, after one million seconds the clock will have drifted 30 seconds (the specification for HPET 1.0 — high precision event timers — which are used in modern computers, expects drift of less than 500/1,000,000 seconds). In computing, keeping clocks synced is a constant task.
The IPCopper USC6042 includes a very accurate GPS-powered timestamping system that allows for a timestamp resolution of 1/1,000,000 of a second. Accurate time is important when examining packet capture data or reconstructing network events forensically, therefore, it is important to know exactly when a packet arrived – not simply within a minute or two.
The USC6042’s GPS time sychronization is fully automatic. Simply hook up the included external antenna and the unit will synchronize its time with the broadcast GPS time every time it boots up. If for whatever reason GPS time synchronization is not desired, simply disable it either for one boot cycle or permanently. For those curious, the USC6042 comes with high accuracy clock. Our tests of a live IPCopper unit showed that the clock was off by less than 1½ seconds after 20 weeks. That is equivalent to a drift of 0.125/1,000,000 seconds. The best strategy to keep the clock accurate is to allow the IPCopper unit to resynchronize with GPS time at regular intervals, to avoid deviations over time.
The USC6042 is accessible via Ethernet using the management utility for data retrieval and status checks. If the unit is configured in inline mode, it can be accessed from either direction. If a port is set to SPAN mode, that port can no longer be used for access (except for a situation when all four ports are in SPAN mode), however, you may assign a dedicated port for management, or keep one pair of ports in inline mode and also utilize them for data retrieval.
Accessing the USC6042 is satisfyingly simple, even though the unit does not have its own IP or MAC addresses. Instead, it relies on patent-pending technology that enables secure access via an encrypted connecting, using the supplied Windows utility and its simple instructions. When the unit is inline, retrieval is a one-command process. When a port is designated as management, you may assign an IP address if desired, however, the unit will not respond to any communications except for the utility or ARP requests.
The unit also incorporates a manual security feature, by means of the retrieve button on the front panel. Until retrieve mode is engaged by pressing the retrieve button, the unit will not respond to any management commands. This gives you very close access control for when you need the extra security. It also provides flexibility when remotely deploying the unit; if you need to access a unit remotely because it is in an unmanned location, you can permanently engage retrieve mode using the management utility.
Because the USC6042 and its utility use encryption and disguise the traffic as something else when communicating, even when actively accessing the unit, it remains hidden from digital prying eyes.
During data retrieval sessions, the USC6042 continues to operate as normal, recording all the packets passing through. It also keeps a log of access requests for later review.
The standard management utility that comes with your IPCopper packet capture appliance is a Windows-based menu-driven utility that allows for easy data retrieval for general users through a Q&A session. The utility may be customized for deployment in a Linux environment.
When recording anything, you want ensure that you stay in control over the data. IPCopper has you covered, in a multitude of ways:
IPCopper packet capture appliances may be deployed in a variety of locatons around a network. Where you should place your unit depends on the type of network traffic you intend to capture.
It is highly recommended to connect the unit to power via a UPS (uninterruptible power supply) and/or surge protector for protection against power spikes and other fluctuations in the electrical grid.
Error light is illuminated.
Nothing happens when attempting to power up the unit.
One year from date of purchase. For more information, see our warranty page.
3/11/15 — 6 Ways The Sony Hack Changes Everything
3/9/15 — Shortage of security pros worsens