Network and security analysis with Trisul

Trisul is a new kind of network monitor that supplements fine grained traffic metering with flows, packets, and alerts. You can carry out any kind of network and security analysis.

Trisul is designed from the ground up to meter your network traffic. Not just simple host or application bandwidth usage but over 100 parameters across all network layers.

For each host seen Trisul meters 12 items such as Total, In, Out, Established Connections, Connection attempts, alerts as attacker, as victim, TCP stats, internal vs external transfers, among others. Similarly you get dozens of stats by MAC layer, by Country / ASN, per VLAN, at Layer 2, at Layer 3, IPv6, internal & external hosts.

Trisul continuously compares your traffic against millions of blacklisted IPs, domains, and URLs. It can also pull alerts from an IDS system and place them in context of network traffic. Flow trackers alert you when suspicious things happen at a flow level, say if someone uploads > 100MB from your network. All these alerts bubble up to a dashboard so you can view them at a glance.

Release 2.1 is a major step up both in terms of usability and features:

  • A brand new user interface that is designed to improve your workflow. The menus have been enhanced to support multiple opens, keyboard shortcuts and much more. Check out our demo to get a feel for it.
  • Have you ever wanted to see traffic conditions right now ? Not 1-minute or 5-minutes ago. Real Time Stabbers give you that capability. Using the latest WebSockets technology you can watch real time traffic conditions (5-sec) right from your browser. You can even watch all flows from a particular IP or an application in real time – much like the display in various torrent software.
  • Ubuntu 10.04 32-bit support is now official. You may download 32-bit packages from the same page as the 64-bit ones.
Share this