The FoxReplay Analyst

Dirk Peeters, Fox-IT

What is FoxReplay Analyst?

• FoxReplay Analyst is a platform to fully benefit from intercepted Internet

• Analyst renders intercepted packets into an attractive interface for both technical and non-technical personnel

• Accepts packets from many sources

What is FoxReplay Analyst? (2)

• Multi-user, multi-team, multi-intercept, simultaneous analysis

• Support for many protocols, both classic and modern alike– Gmail, Yahoo, Maktoob, MSN

• “Virtual Replay of what really happened”

FoxReplay Analyst, an example

What is FoxReplay Analyst? (3)

FoxReplay Analyst flexibility overview

FoxReplay Analyst

PCAP, TIIT, ETSI in batched files or streaming

PCAP, User comments,

Displayed data

OS independent front-end: MS Windows, Linux, OSX

Link Analysis data

DBCustom

processing tools

FoxReplay Analyst flexibility (1)

• Accept packets from many sources:– Support for various Interception and

Collection devices– Data can be offered to FoxReplay in

batch or streaming mode

• Flexible user and wiretap administration:– Independent of organizational structure

FoxReplay Analyst flexibility (2)

• Easy to use Graphical User Interface• Export from user interface to zip-file

– PCAP of original IP data– XML file with metadata and user-made

annotations– Raw event data

• Command-line tools for export and administration

• Direct database access

Benefits for your organization

• Easy to learn content analysis of modern day Internet traffic

• Multi user, multi wiretap, with fine grained user control: Make it fit to your organization

• Many input and export capabilities• Easy integration of custom tools, with

or without telling us (i.e. special decryption tools)

Modes of Operation

• Three major operational modes:– Standalone

• to complement your current solution• to solve compliancy problems

– Small installation • Delivered together with probe, mediation function• Can serve several users

– Major deployment• Agency wide, high bandwidth• FoxReplay Analyst can work with data from almost

all vendors

FoxReplay Analyst Goals

• All authorized employees should be able to analyze intercepted internet:– Not just the technically skilled– Abilities for high-level overviews allowing

for zooming in to details

• Must support known protocols– A new protocol must be supported

instantly

• 100% natural display of intercepted data

FoxReplay Analyst: High level (1)

FoxReplay Analyst: High level (2)

FoxReplay Analyst: Mid level

FoxReplay Analyst: in-depth

Multi-language support

Seeing is believing

• Challenge: send us an example of intercepted internet traffic(PCAP/TCPDUMP for example)– We will show you the result

FOXREPLAY ANALYSTFOXREPLAY ANALYST

“It’s as easy as looking over your target’s shoulder”

http://www.foxreplay.eu

FoxReplay Analyst