Shark Appliance
Home > Products > Shark Distributed Monitoring System > Shark Appliance

The Shark Appliance

The integration of Pilot Consoles and Shark Appliances provides a seamless distributed network analysis, recording, visualization, monitoring, and reporting system.

The Shark Appliance is a turnkey hardware and software solution providing high-performance, multi-gigabit per second, network traffic analysis, recording, monitoring, and reporting.

  • Based on CACE Technologies’ high-performance 1GbE and 10GbE TurboCap capture cards, the Shark Appliance is capable of sustained, multi-gigabit per second recording of network traffic without packet drops.
  • The Shark Appliance provides an effective and indispensable tool for the manipulation and in-depth analysis of multi-terabyte network traffic recordings.
  • Fully integrated with Wireshark, the Shark Appliance supports packet filtering based on Wireshark BPF and Wireshark Display filters.
  • The Shark Appliance seamlessly integrates with the Pilot Console (an enhanced version of CACE Pilot) supporting an intuitive drag-and-drop multi-level drill down for local and remote analysis and troubleshooting.

Shark Appliance Configurations

The Shark Appliance is available in different configurations for both 1GbE and 10GbE analysis.

Contact SalesContact Sales »

Shark Appliance Features

Wireshark Within

Wireshark Within The Shark Appliance includes the only network analysis software fully integrated with Wireshark, the world’s most popular network protocol analyzer. This integration makes the prodigious collection of Wireshark Display Filters available for use within the network analysis software engine. Using the visual selection and drill-down features of the Pilot Console, the “Send to Wireshark” feature is used to export only the selected subset of the traffic to the Pilot Console for detailed packet protocol inspection with Wireshark.

Global Network Visibility

By placing Shark Appliances at strategic vantage points in your network you will significantly improve your network visibility in geographically distributed network locations. The number and placement of Shark Appliances will be determined by factors such as your distributed network architecture, mission-critical applications, traffic recording needs, and security design.

Multi-Gigabit Per Second Ethernet Traffic Capture

The Shark Appliance includes the Shark Packet Recorder which is capable of continuous recording of multi-gigabit per second network traffic to disk without packet drops. The Shark Packet Recorder is a customized dump-to-disk utility based on the 1GbE and 10GbE TurboCap cards and a RAID-enhanced and specially designed packet storage system.

Enhanced Retrospective Analysis with Multi-Terabyte Packet Recordings

No more awkward file rotation schemes resulting in thousands of files and file boundaries representing a single recording. A multi-terabyte packet recording is represented as a single “virtual file” in the Pilot Console and, through the use of a powerful and intuitive drag-and-drop graphical user interface, the user can quickly isolate arbitrary time intervals of interest within a recording and perform in-depth analysis and traffic visualization. Trending/Indexing data is also available for high-speed analysis of terabyte traffic recordings.

Remote Live and Off-Line Troubleshooting

Remote Live and Off-Line TroubleshootingThe Shark Appliance supports a wide variety of network protocols and traffic analysis metrics (called Views) to meet all of your monitoring, reporting, and troubleshooting needs. Views can be applied to live traffic on the Shark Appliance’s local network interfaces or to off-line network traces stored in the Shark Appliance’s storage system. Typical Views include:

  • LAN and Network troubleshooting (MAC, VLAN, ARP, ICMP, DHCP, DNS)
  • Bandwidth usage (including micro-bursts, IP, TCP, WEB, VoIP)
  • Talkers and conversations (IP, subnets, countries, TCP, WEB, VoIP)
  • Performance and errors (IP, TCP, Web, VoIP)
  • User activity (Web, VoIP)

Performance Monitoring Using Triggers and Alerts on Network Metrics

Performance Monitoring Using Triggers and Alerts on Network Metrics The Shark Appliance supports “Watches,” a sophisticated triggering and alerting technology. A Watch consists of a trigger condition on a View metric and a set of actions to be carried out whenever the trigger condition is met. You can, for example, be alerted on high bandwidth usage, slow server response time, high TCP round trip time, and much more. When a Watch running on a Shark Appliance detects that a threshold has been crossed, the Shark Appliance will execute one or more actions. The available actions include sending an email/Twitter message and starting/stopping a capture job.

Navigation Through Vast Amounts of Data with a Few Mouse Clicks

Navigation Through Vast Amounts of Data with a Few Mouse Clicks The seamless interaction between the Pilot Console and Shark Appliance supports the innovative Time Control technology, whereby a user can move through View metrics calculated over extended periods of time with just a few mouse clicks. Based on the selected time interval, advanced subsampling and data aggregation techniques are used to optimize the granularity of the visual presentation and minimize the bandwidth usage between the remote Shark Appliance and the Pilot Console.

Professional Reports Generated On Demand

Professional Reports Generated On DemandThe Shark Appliance supports enhanced report generation from displayed Views. Upon request from the Pilot Console, the Shark Appliance generates the data for a report based on one or more Views. The report data is then sent to the Pilot Console for rendering and immediate presentation.

Seamless Integration with the Pilot Console

Pilot Console

The Pilot Console is an enhanced version of CACE Pilot capable of accessing and controlling one or more remote Shark Appliances.

Find Out More About the Pilot Console »