We have been working hard for the past few months in getting Trisul Network Metering and Forensics ready.
I would like to explain the reason why Trisul exists and how to use it in the next few posts.
So what is Trisul ?
Trisul is a powerful network traffic metering application.
- Counts over 16 categories of traffic. From simple ones like hosts and applications to advanced ones like URL filter categories, HTTP content types, Country etc.
- Reconstructs flows and extracts resources requested of the network.
- Indexes and stores the raw packets in a highly configurable layout. This allows optimal usage of disk space.
These features enable retro analysis while investigating traffic anomalies or security incidents. When in doubt you can always drop down to the flow or the raw pcaps.
The ideas in the book “Tao of Network Security Monitoring” provided the initial inspiration for Trisul. It has been reinforced by experiences in the field where security folks today run into too many blind alleys while investigating the past.
Is this the same open-source Trisul ?
We are the original and sole authors of the open-source Trisul Network Metering and Forensics found on Google code. Unfortunately, we are unable to continue that effort. This version is not open source but can be made available to customers in a source code license form.
Platform
Trisul is available on the following platforms :
- CentOS 5.3 and above 64-bit (recommended)
- CentOS 5.3 and above 32-bit
Trisul can accept
- packets via libpcap (default)
- packets via Linux RX Ring
- netflow
How to get it ?
Send an email to info at unleashnetworks requesting for a Trisul copy.
