Skip to main content

Network Forensics at 40G and 100G Speeds

Mandana Javaheri

The 40G and 100G market will generate tens of billions of dollars in revenue in the next few years according to a recent Infonetics market forecast. Growth in traffic, which some analysts estimate will reach 50 to 60 percent annually, enables new opportunities but also puts enormous pressure on networks and creates new challenges.

Network forensics is one of these new challenges. Although network forensics is most commonly associated with investigating security incidents and breaches, it is also very valuable for providing visibility into network activities, troubleshooting issues quickly and diagnosing common network problems such as connectivity, unexpected change in utilization, or poor VoIP call quality.

Here are some of the ways you can prepare for successful network forensics as network speeds increase.

Know your Network

To identify anomalies, first you need to define or benchmark what is "normal" for your network. Your network performance solution is your best friend here. Baselining key business applications as well as measuring important network-based metrics such as packet size distribution, protocol and node usage will build an accurate model to know the normal behavior so you have something to compare to in case of problems.

Prepare for Everything

It is not just about having the right network forensics solution; you need the right infrastructure for your new, fast network as well. From your switches to your routers to your network packet brokers to your filtering criteria to your monitoring and forensics tools, everything has to be fast-speed compatible.

And most importantly you need to know your network and ask yourself the right questions:

What is your strategy?

Does it make sense to load-balance your traffic across multiple network forensics devices to get the full visibility?

Does it make sense to filter out the traffic you don't need?

What is your use case?

How do you usually find out there is an issue?

Is it by constantly monitoring the network or by receiving trouble tickets about performance?

Every network has its own specific needs, so make sure you know what those needs are and pick a network forensics partner that will help you meet them.

Smart Storage

One of the important components of making sure you have the network level data available to you when needed is defining the storage requirements. The faster the network becomes, the more storage is required to store what you need.

A fully utilized 1G network will generate 11TB of data per day. To control storage costs, you will need to get smarter about what is stored. This is only possible by knowing the network and your specific use cases. Techniques like filtering, packet slicing and load-balancing will help you use your storage more efficiently, while extended storage, SAN, and cloud-based technologies are also available if needed.

Depending on your network traffic, forensics and storage requirements, you should pick the amount and type of storage you require today and make sure it can scale to meet your needs in the future.

Intelligent Forensics

Searching through large amounts of packet data to find that essential little trace can be a frustrating process. So pick your search criteria and the type of analytics you need to run on your traffic wisely. Use your knowledge about the network baseline to define the forensics criteria. Make your search as focused as possible using filters. Define the time range, the application, the server or client which is experiencing the issue and drill down to as much detail as needed for troubleshooting. For example, if your problem is not VoIP or wireless related, don't use hardware resources to analyze those.

By knowing your network, using the right techniques and planning ahead, you can turn 40G and 100G network challenges into new opportunities.

Mandana Javaheri is CTO of Savvius.

The Latest

Industry experts offer predictions on how AI will evolve and impact technology and business in 2025. Part 3 covers AI's impact on employees and their roles ...

Industry experts offer predictions on how AI will evolve and impact technology and business in 2025. Part 2 covers the challenges presented by AI, as well as solutions to those problems ...

In the final part of APMdigest's 2025 Predictions Series, industry experts offer predictions on how AI will evolve and impact technology and business in 2025 ...

E-commerce is set to skyrocket with a 9% rise over the next few years ... To thrive in this competitive environment, retailers must identify digital resilience as their top priority. In a world where savvy shoppers expect 24/7 access to online deals and experiences, any unexpected downtime to digital services can lead to significant financial losses, damage to brand reputation, abandoned carts with designer shoes, and additional issues ...

Efficiency is a highly-desirable objective in business ... We're seeing this scenario play out in enterprises around the world as they continue to struggle with infrastructures and remote work models with an eye toward operational efficiencies. In contrast to that goal, a recent Broadcom survey of global IT and network professionals found widespread adoption of these strategies is making the network more complex and hampering observability, leading to uptime, performance and security issues. Let's look more closely at these challenges ...

Image
Broadcom

The 2025 Catchpoint SRE Report dives into the forces transforming the SRE landscape, exploring both the challenges and opportunities ahead. Let's break down the key findings and what they mean for SRE professionals and the businesses relying on them ...

Image
Catchpoint

The pressure on IT teams has never been greater. As data environments grow increasingly complex, resource shortages are emerging as a major obstacle for IT leaders striving to meet the demands of modern infrastructure management ... According to DataStrike's newly released 2025 Data Infrastructure Survey Report, more than half (54%) of IT leaders cite resource limitations as a top challenge, highlighting a growing trend toward outsourcing as a solution ...

Image
Datastrike

Gartner revealed its top strategic predictions for 2025 and beyond. Gartner's top predictions explore how generative AI (GenAI) is affecting areas where most would assume only humans can have lasting impact ...

The adoption of artificial intelligence (AI) is accelerating across the telecoms industry, with 88% of fixed broadband service providers now investigating or trialing AI automation to enhance their fixed broadband services, according to new research from Incognito Software Systems and Omdia ...

 

AWS is a cloud-based computing platform known for its reliability, scalability, and flexibility. However, as helpful as its comprehensive infrastructure is, disparate elements and numerous siloed components make it difficult for admins to visualize the cloud performance in detail. It requires meticulous monitoring techniques and deep visibility to understand cloud performance and analyze operational efficiency in detail to ensure seamless cloud operations ...

Network Forensics at 40G and 100G Speeds

Mandana Javaheri

The 40G and 100G market will generate tens of billions of dollars in revenue in the next few years according to a recent Infonetics market forecast. Growth in traffic, which some analysts estimate will reach 50 to 60 percent annually, enables new opportunities but also puts enormous pressure on networks and creates new challenges.

Network forensics is one of these new challenges. Although network forensics is most commonly associated with investigating security incidents and breaches, it is also very valuable for providing visibility into network activities, troubleshooting issues quickly and diagnosing common network problems such as connectivity, unexpected change in utilization, or poor VoIP call quality.

Here are some of the ways you can prepare for successful network forensics as network speeds increase.

Know your Network

To identify anomalies, first you need to define or benchmark what is "normal" for your network. Your network performance solution is your best friend here. Baselining key business applications as well as measuring important network-based metrics such as packet size distribution, protocol and node usage will build an accurate model to know the normal behavior so you have something to compare to in case of problems.

Prepare for Everything

It is not just about having the right network forensics solution; you need the right infrastructure for your new, fast network as well. From your switches to your routers to your network packet brokers to your filtering criteria to your monitoring and forensics tools, everything has to be fast-speed compatible.

And most importantly you need to know your network and ask yourself the right questions:

What is your strategy?

Does it make sense to load-balance your traffic across multiple network forensics devices to get the full visibility?

Does it make sense to filter out the traffic you don't need?

What is your use case?

How do you usually find out there is an issue?

Is it by constantly monitoring the network or by receiving trouble tickets about performance?

Every network has its own specific needs, so make sure you know what those needs are and pick a network forensics partner that will help you meet them.

Smart Storage

One of the important components of making sure you have the network level data available to you when needed is defining the storage requirements. The faster the network becomes, the more storage is required to store what you need.

A fully utilized 1G network will generate 11TB of data per day. To control storage costs, you will need to get smarter about what is stored. This is only possible by knowing the network and your specific use cases. Techniques like filtering, packet slicing and load-balancing will help you use your storage more efficiently, while extended storage, SAN, and cloud-based technologies are also available if needed.

Depending on your network traffic, forensics and storage requirements, you should pick the amount and type of storage you require today and make sure it can scale to meet your needs in the future.

Intelligent Forensics

Searching through large amounts of packet data to find that essential little trace can be a frustrating process. So pick your search criteria and the type of analytics you need to run on your traffic wisely. Use your knowledge about the network baseline to define the forensics criteria. Make your search as focused as possible using filters. Define the time range, the application, the server or client which is experiencing the issue and drill down to as much detail as needed for troubleshooting. For example, if your problem is not VoIP or wireless related, don't use hardware resources to analyze those.

By knowing your network, using the right techniques and planning ahead, you can turn 40G and 100G network challenges into new opportunities.

Mandana Javaheri is CTO of Savvius.

The Latest

Industry experts offer predictions on how AI will evolve and impact technology and business in 2025. Part 3 covers AI's impact on employees and their roles ...

Industry experts offer predictions on how AI will evolve and impact technology and business in 2025. Part 2 covers the challenges presented by AI, as well as solutions to those problems ...

In the final part of APMdigest's 2025 Predictions Series, industry experts offer predictions on how AI will evolve and impact technology and business in 2025 ...

E-commerce is set to skyrocket with a 9% rise over the next few years ... To thrive in this competitive environment, retailers must identify digital resilience as their top priority. In a world where savvy shoppers expect 24/7 access to online deals and experiences, any unexpected downtime to digital services can lead to significant financial losses, damage to brand reputation, abandoned carts with designer shoes, and additional issues ...

Efficiency is a highly-desirable objective in business ... We're seeing this scenario play out in enterprises around the world as they continue to struggle with infrastructures and remote work models with an eye toward operational efficiencies. In contrast to that goal, a recent Broadcom survey of global IT and network professionals found widespread adoption of these strategies is making the network more complex and hampering observability, leading to uptime, performance and security issues. Let's look more closely at these challenges ...

Image
Broadcom

The 2025 Catchpoint SRE Report dives into the forces transforming the SRE landscape, exploring both the challenges and opportunities ahead. Let's break down the key findings and what they mean for SRE professionals and the businesses relying on them ...

Image
Catchpoint

The pressure on IT teams has never been greater. As data environments grow increasingly complex, resource shortages are emerging as a major obstacle for IT leaders striving to meet the demands of modern infrastructure management ... According to DataStrike's newly released 2025 Data Infrastructure Survey Report, more than half (54%) of IT leaders cite resource limitations as a top challenge, highlighting a growing trend toward outsourcing as a solution ...

Image
Datastrike

Gartner revealed its top strategic predictions for 2025 and beyond. Gartner's top predictions explore how generative AI (GenAI) is affecting areas where most would assume only humans can have lasting impact ...

The adoption of artificial intelligence (AI) is accelerating across the telecoms industry, with 88% of fixed broadband service providers now investigating or trialing AI automation to enhance their fixed broadband services, according to new research from Incognito Software Systems and Omdia ...

 

AWS is a cloud-based computing platform known for its reliability, scalability, and flexibility. However, as helpful as its comprehensive infrastructure is, disparate elements and numerous siloed components make it difficult for admins to visualize the cloud performance in detail. It requires meticulous monitoring techniques and deep visibility to understand cloud performance and analyze operational efficiency in detail to ensure seamless cloud operations ...