FAQ: Frequently Asked Questions

Please find below a general FAQ as well as frequently asked questions about bypass, GPS timestamping and inline deployment. If the information below doesn't answer your questions, please contact us.

General FAQ

Will using an IPCopper packet capture appliance on my network slow down the speed of my internet connection or network?

No, our packet capture appliances pass through internet and network traffic without affecting transmission speed. At most, there may be a delay of a fraction of a millisecond — so small it is practically immeasurable.

Will an IPCopper packet capture appliance work with any type of Ethernet connection?

Pretty much. We manufacture both 1 Gbps and 10 Gbps models.

What if I only want to record the network activity for one computer?

Simply place the packet capture appliance between the specific computer and the rest of the network.

Do IPCopper packet capture appliances record Ethernet activity in both directions?

Yes.

I have a switch with a SPAN port. Can I connect my IPCopper unit to the SPAN port?

Yes, IPCopper appliances may be used on a SPAN/mirror port or inline (for the relative merits, please see Inline vs. SPAN / Mirror Packet Capture).

Do I need a network tap to use IPCopper packet capture appliances?

No, IPCopper functions as its own network tap, combined with storage.

How long can I record internet and/or network activity before the hard drive on my IPCopper unit is full?

That depends on your organization's level of internet activity and the size of the hard drive. For a 20-person office, 1 TB would typically last for one to four years, depending on the level of usage. For more information, see our page on storage capacity. IPCopper models with overwrite capability simply overwrite oldest data when they reach capacity.

How do I retrieve the recorded data from my IPCopper packet capture appliance?

Download data directly from IPCopper to a PCAP file on your computer using the included management utility. The PCAP format is compatible with many packet analysis utilities, such as Wireshark, NetworkMiner and tcpdump.

Will IPCopper appliances work with any type of operating system, such as Linux or MacOS?

Yes. It does not directly interact with your computer or network equipment, but simply records the internet / Ethernet / network activity that passes through it. Because of this, IPCopper will record the internet and network activity regardless of whether you are using Windows, MacOS, Linux or some other operating system. Please note, however, that the management utility is Windows-based (command line).

Do IPCopper packet capture appliances record only IP traffic?

No, they record all Ethernet-based traffic, including IP traffic.

What if somebody breaks into my office and makes a copy of the IPCopper hard drive? Would they be able to access the information on it?

Not likely.

  1. The information is mated to the physical hard drive installed in your IPCopper internet traffic recorder. This means that if the information is copied to another hard drive it would not be accessible by IPCopper.
  2. All information is encrypted with the external key that is also mated to the hard drive installed in your IPCopper. This means that the key only works on the physical hard drive that came installed in your IPCopper unit.

What if someone steals or duplicates my key?

The key is mated to the IPCopper unit that it comes with and would not work with any other unit. In order for them to gain access to your data, they must physically be able to toggle the unit to retrieve mode AND have access to the management utility that came with your unit AND know where the IPCopper unit is placed in order to be able to use the utility.

How can I make a backup copy of the data recorded on my IPCopper unit?

You can download all of the data directly from IPCopper onto your computer in PCAP format. You could also buy a separate IPCopper unit and daisychain them together for realtime backup purposes. The second unit would record exactly the same information as the first.

Can somebody tamper with the hard drive in my IPCopper unit and erase the data without me knowing about it?

Any tampering with the hard drive or attempts to destroy data on the hard drive would render the IPCopper unit unusable and probably cause visible damage to the unit, which should alert you that something happened. For example, the IPCopper USC1030, USC4060 and USC6042 feature all-metal, sealed, tamperproof cases that would require cutting tools to open up.

Can somebody insert data into my IPCopper hard drive that wasn't recorded there originally?

Theoretically it may be possible, however, the data is stored in such a fashion as to make it very difficult. There are certain sequences that must match and cross-check or else it would be very evident upon examination that the data was tampered with.

Can you help me authenticate the data on the hard drive of my IPCopper appliance?

Yes, we can examine the data sequences, checksums and data checks to see if they are consistent with properly recorded data. For more information, please contact us.

Can I export the data from my IPCopper packet capture appliance?

Yes, you can export the data from your IPCopper packet capture appliace into PCAP formatted files on your computer.

Can I use IPCopper packet capture appliances with third party utilities such as Wireshark, tcpdump and etc?

Yes, you can. You can download data from your unit into a PCAP-formatted file on your computer. The PCAP format can be used with a variety of packet capture analysis tools, including Wireshark, NetworkMiner and others.

I was under the impression that if an appliance was a 1-gigabit appliance it could operate at that speed continuously. Isn’t that the case?

That is absolutely not the case, neither for competition nor for IPCopper. GbE IPCopper packet capture appliances can capture traffic at sustained speed of 400Mbps and at 1 Gbps for about 15 seconds. In the case of our competitors in the field of packet capture, their appliances’ minimum sustained capture speed varies from under 100 Mbps to 250 Mbps. Many choose not to publish their minimum sustained rate at all, instead making vague assertions that their appliance is capable of a theoretical, maximum or peak speed of 1 Gbps.

For the capabilities of our 10 GbE models, please see their individual product pages.

Why should I care about the minimum sustained capture speed?

The minimum sustained capture speed is really only of concern if you have a network that is over-utilized. A general rule of thumb is to keep sustained network traffic at 40% or less of total available bandwidth, so that usage spikes will not overwhelm your networking equipments’ buffers (causing packet loss).

Does minimum sustained speed mean that it will slow down my network to 400 Mbps?

No. Unlike the competition, IPCopper products introduce less than 1ms (0.001 sec) of a delay with typical delay pegged at about 0.2ms (0.0002 sec).

The minimum sustained speed is the the speed at which the unit can operate continuously without dropping packets. IPCopper GbE units are capable of peak speeds of 1 Gbps and can manage speeds in between for a period of time (for more on this, please see minimum sustained capture speed).

What about other types of traffic, such as VoIP?

VoIP is actually a lot easier to manage because it flows at a fixed rate, without “bursts.” Achieving a VoIP utilization of 400 Mbps requires several thousand simultaneous SIP sessions.

What does “continuous-loop data storage” mean?

IPCopper units with continuous-loop data storage capture and record packets continuously, overwriting the oldest data with the newest. The data storage basically operates in a loop.

Why would I want a unit with forensic storage?

Our forensic-class units have one-time only storage, meaning that the data, once captured, cannot be deleted, changed or overwritten. This is useful for situations where you need to retain a permanent, unmodifiable record of Ethernet/IP activity.

Bypass

Two of our models feature bypass, the 1 GbEUSC6042 and the 10 GbE USC10G3, which prevents disruption to the the network should the appliance lose power or malfunction.

I would like to use your packet capture appliance inline, however, I am concerned about the possibility of disruption to my network. What can I do?

Use one of our models with bypass, such as the USC6042. In the event of power loss or malfunction, a unit with bypass capabilities automatically switches into bypass mode to avoid interrupting network traffic and network operations (bypass mode may also be engaged manually, if desired).

So, if an IPCopper unit with bypass loses power, it can still pass the traffic through?

Yes.

What if the firmware malfunctions and, say, gets stuck in a loop or corrupts?

The watchdog timer engages bypass and attempts to restart the firmware.

How long does it take for the network to resume passing traffic once a unit switches into bypass?

A matter of milliseconds. If the network was under heavy load when bypass was triggered, is is possible for a few packets to get lost, but for most applications there would be no noticable effect. While some applications/equipment may not notice the switchover, others will simply reinitiate connectivity and proceed with communications in very short order.

GPS Timestamping

Some of your models feature GPS time synchronization. Why would I want this?

GPS time synchronization ensures the accuracy of the clock on the unit by synchronizing it to the time broadcast from GPS satellites, which is crucial for accurate timestamping. Accurate timestamping is important when it comes to analyzing packet capture data and reconstructing events.

If my unit has a GPS antenna, does that mean that someone can tell where it is when I connect the antenna?

No. The GPS antenna on the IPCopper appliances is for receiving the broadcast time from the GPS satellites only.

I need a longer antenna than is supplied in the box. Can I use my own antenna?

Yes, please see your particular model's manual for the necessary antenna specifications.

Inline Deployment

What are the advantages of deploying an IPCopper unit inline?

Deploying packet capture inline gives great accuracy both in capturing the packets and timestamping them, since there is no intermediary equipment between the IPCopper appliance and the wire. Follow the link to learn more on inline vs SPAN / mirror deployment.

I would like to use your packet capture appliance inline, however, I am concerned about the possibility of disruption to my network. What can I do?

Use one of our models with bypass, such as the USC6042. In the event of power loss or malfunction, a unit with bypass capabilities automatically switches into bypass mode to avoid interrupting network traffic and network operations (bypass mode may also be engaged manually, if desired).

Resources

News & Resources

The Gloves Fit, But Aren’t Yours: When Someone Else Uses Your IP Address

Why Close the Curtains? Your TV Is Showing Your Dirty Underwear to the World

When Your Irreplaceable Software Reaches End-of-Life

The Secret Life of Computer Networks

When Too Many Bytes Leave You with Fragments

Packet Capture

Report: Marketing Cybercrime to Infect America

Report

© 2024 IPCopper, Inc. All rights reserved. Contact | Warranty | Where to Buy IPCopper | Resellers | Privacy Policy | Legal | About Us

IPCopper is a trademark of IPCopper, Inc. All other company names, brand names and product names are the property and/or trademarks of their respective companies and are used here for reference purposes.
*The information provided on this website is for informational purposes only. For details about any products or services, please refer to your sales agreement. Not all features are available in all markets or to all customers.