Iris® is a highly sophisticated yet simple-to-operate network traffic analyzer. Iris allows you to easily examine the inner workings of your network, making the detective work of pinpointing a security breach or resolving a performance problem quick and effortless.

Unrivaled Ease of Use
Despite its highly sophisticated functioning, Iris was designed to be the easiest-to-operate network traffic analyzer on the market. Iris functions in much the same way as a VCR, recording communications data traveling across your network and playing it back at a later time (or in real time). Rather than looking at raw data in packets and trying to understand what it represents, Iris gives you the ability to reconstruct network traffic — such as emails, instant messages, web pages and more — back into its original format with the simple click of a button. In addition, the simple-to-navigate, graphical user interface provides easy point-and-click control over all functions of Iris.

Comprehensive Traffic Statistics and Reports
Iris provides a larger variety of statistical measurements than any other traffic analyzer available. These metrics can be viewed in an assortment of graphical views, such as pie charts and bar graphs, and provide information on protocol distribution, top hosts, packet-size distribution and bandwidth usage. Iris also allows you to generate comprehensive traffic reports that can be viewed in a browser window, printed out or copied into another program. Iris even provides detailed protocol distribution reports to analyze individual IP traffic.

Advanced Data Reconstruction
Iris’ powerful data reconstruction capabilities take raw data in packets and turn it into complete HTTP, SMTP and POP3 sessions in their original format. With Iris, you will have the ability to view both outgoing and incoming email messages, web browsing sessions, instant messenger exchanges, non-encrypted web-based email and FTP transfers.

Sophisticated Packet Manipulation and Forging Capabilities
Iris’ Packet Editor gives you the ability to create custom or spoof packets and to send them across the Internet, to specific ports or addresses, or repeatedly across the network. By analyzing the ensuing traffic patterns, you can troubleshoot and stress-test your network, test the integrity of your firewalls and more.

Extensive Filtering Options
Iris can be easily configured to only capture specific data through any combination of packet filters. Packet filters can be based on the hardware or protocol layer, any number of key words, MAC or IP address, source and destination port, custom data and size of the packets. When setting up filters, you can have Iris either capture only those packets matching the filter condition or to exclude those packets when capturing data. When filtering for keywords, Iris can be configured to capture only the traffic matching the applied filter, or to capture all network traffic and flag the sessions containing the filtered keywords.

Valuable Post-Capture Data Analysis (Data Mining) Capabilities
Iris’ Data Miner feature allows you to analyze saved capture files created by Iris or any other network traffic analyzer. Data Miner can process any amount of data, from a single traffic file to large amounts of captured data at one time. All of Iris’ key features — including decoding, searching for keywords, generating traffic statistics, creating traffic reports and more — are available for you to make a comprehensive analysis of the saved traffic. With Iris’ Keyword Search feature, you can also have previously captured sessions containing specific words or strings marked for easy identification.

Network VCR

Iris records communication data traveling across your network and plays it back either in real time or at a later time.

Iris provides the ability to create custom packets to send across the network.

Iris allows you to capture specific data through packet filters based on hardware or protocol layers, keywords, MAC or IP addresses, source and destination port, custom data and packet size.

Iris' Data Miner can process any amount of data, from a single traffic file to large amounts of captured data, at one time. This feature is available for comprehensive analysis of saved traffic.

Iris organizes captured packets and categorizes them by protocol such as HTTP, PPoE, and SNMP, providing a list of all web-browsing sessions, all email grouped by incoming and outgoing, and more.

Iris can handle as much traffic as your network generates and still write logs and decode traffic in real time. The Iris engine can handle up to 9,000 packets per second.

Iris is easily configured to automatically run and capture packets in specific time frames.

Iris' Guard module monitors all connections to the local machine and can alert when a specific connection is detected.

Iris support several Protocol Decoders through an open plugin based architecture, including: ARP, CIFS, DNS, Ethernet II, 802.3, 802.2, ICMP, IP, TCP, UDP, Novell NetBIOS (IPX), SAP (IPX), RIPX (IPX), BCAST (IPX), NBDGM, NBNS, NBSS, NetBIOS, SMTP, AOL AIM, MSN Messenger, BOOTP/DHCP, RARP, POP3, SMTP, LCP (Link Control Protocol) (PPP), PAP (Password Authentication Protocol (PPP), PPPoE (PPP over Ethernet) (PPP), SMB, NNTP. 

Iris provides DNS names and comprehensive statistical measurements. The metrics can be viewed in an assortment of graphical formats (e.g. pie charts, bar graphs, etc.) and include:

- Protocol Distribution Stats

Reports network usage based on MAC, IP and IPX layer protocols.

- Top Host Statistics

Provides an analysis of the IP Layer traffic statistics collected for each host in real time and is ordered by the

most "talkative" hosts.

- Size Distribution Statistics

Displays the number of packets with sizes in six different ranges.

- Bandwidth Usage

Charts the number of packets per second and bytes per second flowing across the network in real time.

- Traffic Reports

Complete traffic data that can be viewed in a browser, saved, printed, or copied into another program.

Iris takes raw data in packets and turns it into complete HTTP, SMTP and POP3 sessions in their original format. The following are some of the protocols Iris reconstructs:

- Outgoing and incoming email messages

The text of the message is readable as well as the subject and recipient. Iris will launch an email client to open the message, as well as any attachments, exactly as they were sent.

- Web browsing sessions

Reconstruction of HTML pages in their original format.

- Instant messenger exchanges

Iris will reconstruct all IM communications from both sides of the conversation.

- Non-encrypted web-based email

- FTP transfers

Screenshots

Datasheets

• Iris Data Sheet 

Product Requirements

Windows 95/98/Me/NT/2000/XP

Internet Explorer 4.01 with comctl32.dll v5.0+ or Internet Explorer 5.0+

Minimum System — Pentium 166, 32MB RAM, 1GB HDD

Recommended System — Pentium 400, 128MB, 10 GB HDD

Technical Overview

Iris® is a powerful yet intuitive network traffic analyzer which allows system administrators to examine the inner workings of their network, simplifying the detective work of pinpointing a security breach or resolving a performance problem.

Iris captures all data passing through a network and allows network administrators to trace the actions of any network user. Iris completely reconstructs captured data, allowing administrators to see network activity exactly as end users see it on their workstations. Utilizing advanced filtering, searching and graphing capabilities, Iris functions as a complete system monitoring solution.

Iris takes network traffic and returns it to its original format, dramatically reducing the time previously spent examining individual packets. Utilizing Iris, security professionals are able to: read the actual text of an email — as well as any attachments — exactly as it was sent, reconstruct the actual HTML pages that users have visited and even simulate cookies for entry into password-protected websites.

Iris provides automated filters that can be set up to flag and record specific network traffic that contains a particular MAC or IP address, unacceptable words or websites, and more, to ensure whether company security is being compromised or corporate policies are abused. Iris also provides a variety of statistical measurements allowing administrators to proactively identify — and take the steps to eliminate — performance issues before they can result in downtime.