> Products > Packet Capture > IPCopper USC6042

Download Datasheet

Play Video

IPCopper USC6042
Packet Capture Appliance

Price:

$5,750.00

4 GbE ports / 4 TB recording capacity / 1 Gbps peak capture speed / 400 Mbps minimum sustained capture speed

Continuous packet capture with bypass and GPS

Inline and dedicated SPAN/mirror port modes; retrieve data by date/time and IP/MAC address

Full packet capture with timestamps: all headers and payloads

Universal appliance for network monitoring, troubleshooting and debugging. Automatic/manual bypass allows traffic to traverse the appliance even when the appliance is powered off. GPS time synchronization ensures accurate timestamping to 1/1,000,000 of a second.

Overview

Our USC6042 4-port packet capture appliance combines convenient 4 TB continuous loop storage with a host of versatile features and ease of use, making it the ideal full packet recorder for any network, regardless of whether you require permanent, always-on recording or spot monitoring. 100% packet capture with minimum sustained capture speeds of 400 Mbps and minimum packet rates of 100,000 packets per second make sure you capture every packet, every time. With true bypass, the USC6042 is worry free: automatic switching into bypass mode ensures your network’s continued operation even in the event of power loss or malfunction.

When it comes to installation, the USC6042 keeps it simple. Connect the cables, connect power and the unit turns on and boots up automatically. The USC6042 requires no special accommodations, additional equipment or other changes to the network to operate. When in inline mode, it acts as its own network tap; when in SPAN mode, simply connect the cable to your router or switch’s SPAN/mirror port (read a comparison of inline and SPAN capture).

With the USC6042’s four ports come extreme flexibility and you can configure each pair of ports independently. Here are some examples:

  • Put one pair of ports in inline mode and the two other ports in SPAN mode to monitor three networks.
  • Operate one pair of ports in inline mode, with the third port in SPAN mode and the fourth in management/data retrieval mode.
  • Set three ports in SPAN mode with the fourth reserved for management and data retrieval. Or set all four ports in SPAN mode and as needed switch one into management mode.
  • Of course, simple inline mode on both pairs of ports is always a very convenient option for monitoring two networks, either permanently or occasionally by manually engaging bypass mode.

The USC6042 is particularly useful for monitoring load-balanced connections. During retrieval the unit can seamlessly merge the separate data streams into one. Regardless of which port it arrived on, the data recorded is internally synchronized, making for easier analysis (as opposed to recording each stream separately and attempting to artificially merge later on).

GPS time synchronization ensures that the data captured by the USC6042 is accurately timestamped, which, along with high-resolution timestamping to one one-millionth of a second, enables exacting event reconstruction and assists in the forensic analysis of the data. A menu-driven Windows-based management utility simplifies data retrieval, status checks and changing settings with its Q&A style interface (management utilities for Linux environments).

Like all our IPCopper packet capture appliances, the USC6042 incorporates robust security features in its compact, stylish package, including electronic invisibility, encryption and physical access controls, as well as a tamperproof metal enclosure.

Bypass

With any network appliance there is always the niggling, unwelcome question of "how big a headache will I have if it fails?" The USC6042’s bypass handily answers this question in the most delightful way. In the event the USC6042 loses power or otherwise malfunctions, it will automatically switch into bypass mode and continue passing traffic, even if it isn’t able to record it. In effect, the USC6042 removes itself from the network without any user effort required and without any damaging disruption to network operations.

Bypass mode creates exciting possibilities for deployment. You can deploy it on critical links where you need 24/7 or only occasional visibility, yet be assured that if the worst happens and the appliance fails or someone unwittingly unplugs it from power, the network will continue to function. At worst, the unit won’t be able to capture anything, but it won’t bring a halt to network traffic.

Bypass mode allows the USC6042 to be placed proactively at any network location that you may want to monitor in the future, or only monitor intermittently. You can manually turn bypass mode on and off, as needed, without sacrificing security due to our patent pending technology that allows remote access via an encrypted connection.

In the case of loss of power, bypass mode kicks in practically instantaneously, allowing the USC6042 to pass network traffic even if it is OFF. In the event the unit malfunctions, a watchdog timer ensures that the port pairs switch over into bypass mode to prevent network interruptions. Depending on the particular packets passing through at the time, it may take one to six seconds for the switch to take effect after a malfunction – ranging from unnoticeable to little more than a hiccup for most equipment communicating along the network path.

Secure OS

We built our secure operating system from the ground up, with a focus on data security, speed and accuracy of capture. The proprietary multi-core software powering the USC6042 runs in parallel directly on the IPCopper hardware.

With Packet Capture, Speed and Accuracy Go Hand in Hand

It goes without saying that the USC6042 captures packets exactly as they arrive, in their entirety. Just as important are the speed of processing and accuracy of timestamping. Accurate timestamping is fundamental to accurate packet capture, and accurate timestamping is one of the things that sets IPCopper apart. The USC6042 can capture, relay, encrypt and record a minimum of 100,000 packets per second, which means it must respond to a packet within ten microseconds. While others may operate on a scale of milliseconds, IPCopper OS operates on a nano scale.

The unnecessary overhead generated in other systems results in lost accuracy, skewed timestamping, diminished performance, increased heat generation and, ultimately, lost packets.

IPCopper’s operating system, on the other hand, is like a well-tuned orchestra. Many things are taking place simultaneously, yet are synchronized in a highly precise fashion to deliver optimal performance and accuracy in a compact power-efficient package.

And Don’t Forget Security

When capturing network traffic, you don’t want to create an open treasure trove of data for anyone who may be browsing. Therefore, during the capture and record process, the USC6042 also encrypts the captured data twice using a very long key before writing it to disk. Additionally, the unit features a stealthy network profile that keeps its presence invisible on the network and safe from prying eyes.

So, what really makes IPCopper OS secure? It’s a very simple: the weakness in using other operating systems as platforms for packet capture (and other dedicated tasks), is the necessity of eliminating unwanted functions so that they are not accessible to hackers, but without destabilizing their systems. This is a challenging, if not impossible, task. In the case of IPCopper OS, we have a purpose-built system, with the purpose of secure performance.

GPS Time Synchronization

Keeping accurate time is a challenge on even the most modern computing and networking equipment, primarily due to the tendency of computer clocks to drift. Even if a computer clock is accurate to 30/1,000,000 of a second, after one million seconds the clock will have drifted 30 seconds (the specification for HPET 1.0 — high precision event timers — which are used in modern computers, expects drift of less than 500/1,000,000 seconds). In computing, keeping clocks synced is a constant task.

The IPCopper USC6042 includes a very accurate GPS-powered timestamping system that allows for a timestamp resolution of 1/1,000,000 of a second. Accurate time is important when examining packet capture data or reconstructing network events forensically, therefore, it is important to know exactly when a packet arrived – not simply within a minute or two.

The USC6042’s GPS time sychronization is fully automatic. Simply hook up the included external antenna and the unit will synchronize its time with the broadcast GPS time every time it boots up. If for whatever reason GPS time synchronization is not desired, simply disable it either for one boot cycle or permanently. For those curious, the USC6042 comes with high accuracy clock. Our tests of a live IPCopper unit showed that the clock was off by less than 1½ seconds after 20 weeks. That is equivalent to a drift of 0.125/1,000,000 seconds. The best strategy to keep the clock accurate is to allow the IPCopper unit to resynchronize with GPS time at regular intervals, to avoid deviations over time.

Data Retrieval

The USC6042 is accessible via Ethernet using the management utility for data retrieval and status checks. If the unit is configured in inline mode, it can be accessed from either direction. If a port is set to SPAN mode, that port can no longer be used for access (except for a situation when all four ports are in SPAN mode), however, you may assign a dedicated port for management, or keep one pair of ports in inline mode and also utilize them for data retrieval.

Accessing the USC6042 is satisfyingly simple, even though the unit does not have its own IP or MAC addresses. Instead, it relies on patent-pending technology that enables secure access via an encrypted connecting, using the supplied Windows utility and its simple instructions. When the unit is inline, retrieval is a one-command process. When a port is designated as management, you may assign an IP address if desired, however, the unit will not respond to any communications except for the utility or ARP requests.

The unit also incorporates a manual security feature, by means of the retrieve button on the front panel. Until retrieve mode is engaged by pressing the retrieve button, the unit will not respond to any management commands. This gives you very close access control for when you need the extra security. It also provides flexibility when remotely deploying the unit; if you need to access a unit remotely because it is in an unmanned location, you can permanently engage retrieve mode using the management utility.

Because the USC6042 and its utility use encryption and disguise the traffic as something else when communicating, even when actively accessing the unit, it remains hidden from digital prying eyes.

During data retrieval sessions, the USC6042 continues to operate as normal, recording all the packets passing through. It also keeps a log of access requests for later review.

The standard management utility that comes with your IPCopper packet capture appliance is a Windows-based menu-driven utility that allows for easy data retrieval for general users through a Q&A session. The utility may be customized for deployment in a Linux environment.

Security

When recording anything, you want ensure that you stay in control over the data. IPCopper has you covered, in a multitude of ways:

  • The units are permanently sealed when it ships to you in tamperproof, all-metal enclosures that can only be opened with power tools.
  • The captured data is encrypted using a 20,000 bit key and dual encryption. The key is located on a removable USB stick, which must be present at power on or the unit will not boot up (however, absence of the key will not affect bypass).
  • The unit keeps a log of all access requests and status checks from the management utility.
  • All communications between the unit and the management utility are encrypted. Even if communications between the unit and the management utility are intercepted, they are disguised to appear as ping or other mundane traffic.
  • The unit is electronically invisible, with a stealthy network profile. What that means is that the unit acquires neither IP nor MAC addresses; you cannot ping it or elicit a response from the unit except from the unit's management utility.
  • You may assign an IP address to a specific port when it is configured as a management port, however, even then the unit will not respond to any communications except for those from the management utility or ARP requests.

Support

Manuals and Documentation

Suggestions for Deployment

IPCopper packet capture appliances may be deployed in a variety of locatons around a network. Where you should place your unit depends on the type of network traffic you intend to capture.

  • A very common location is at the perimeter of the network, where the internet connection(s) come in from outside. Placement may occur on either side of the firewall. If placed before the firewall (i.e., between the firewall and the public internet), the IPCopper appliance will capture all traffic directed into the network, including activity that the firewall would filter out, as well as all traffic leaving it. If placed after the firewall (i.e., between the firewall and the rest of the network), the appliance would capture all inbound internet traffic allowed through the firewall and all outbound traffic.
  • IPCopper packet capture appliances may also be placed between a network asset and the rest of the network. In this fashion, the IPCopper appliance would capture all internet/network traffic between the network asset and the rest of the network.
  • For monitoring a workgroup, you could place the IPCopper packet capture appliance between the router to which the workgroup is connected and the rest of the network, however, with the router in between the appliance and the member computers of the workgroup, the MAC addresses of the individual computers would obscured. To capture the MAC addresses, place the appliance with the router on one side and a switch connecting to the individual workgroup members on the other.
  • For comprehensive monitoring that would enable panaoramic forensic analysis, place IPCopper packet capture appliances at several locations around the network: at the perimeter, in front of network assets and in front of workgroups.
  • Inline vs. SPAN/mirror deployment
  • Management utilities for Linux environments

General Installation Instructions

  1. Connect Ethernet cables.
  2. Insert external key (Note: you must use the key that came in box with unit — the key is mated to the unit it comes with and is not interchangeable with other IPCopper keys).
  3. Connect power. The appliance will boot up automatically. During boot up, the unit will synchronize its time to GPS time, indicated by the flashing green GPS light (the closer it is to completing synchronization, the more rapidly the LED blinks). To forego GPS time synchronization at boot up, press the RET button while the green GPS light is blinking. When the green REC light illuminates steadily the unit is fully operational.

It is highly recommended to connect the unit to power via a UPS (uninterruptible power supply) and/or surge protector for protection against power spikes and other fluctuations in the electrical grid.

Troubleshooting

Error light is illuminated.

  • Re-boot the unit by pressing the reboot button.
  • Turn off the unit, change the power cable and/or connect to a different power outlet then re-boot.
  • Change the Ethernet cables and re-boot the unit.
  • Disconnect all Ethernet cables and re-boot the unit.
  • If the error light persists after re-booting the unit three or four times, changing power and ethernet cables and changing the power outlet, please contact technical support for further assistance.

Nothing happens when attempting to power up the unit.

  • Verify that the power cables is securely connected both to the back of the unit and the power source.
  • Connect to a different electrical outlet.
  • Use a different surge protector or UPS (uninterruptible power supply).
  • Use a different power cable.
  • If the unit's nonresponsiveness persists after trying the above, please contact technical support for further assistance.

Warranty

One year from date of purchase. For more information, see our warranty page.

Resources

patent pending

 

News & Resources

The Gloves Fit, But Aren’t Yours: When Someone Else Uses Your IP Address

Why Close the Curtains? Your TV Is Showing Your Dirty Underwear to the World

When Your Irreplaceable Software Reaches End-of-Life

The Secret Life of Computer Networks

When Too Many Bytes Leave You with Fragments

Packet Capture

Report: Marketing Cybercrime to Infect America

Report

© 2020 IPCopper, Inc. All rights reserved. Contact | Warranty | Where to Buy IPCopper | Resellers | Privacy Policy | Legal | About Us

IPCopper is a trademark of IPCopper, Inc. All other company names, brand names and product names are the property and/or trademarks of their respective companies and are used here for reference purposes.
*The information provided on this website is for informational purposes only. For details about any products or services, please refer to your sales agreement. Not all features are available in all markets or to all customers.