NetWitness Investigator gathers network data captured by the RSA NetWitness network-monitoring platform, providing the tools you need to analyze packets and identify potential threats that might affect the functionality of the interconnected computers.
Making use of the WinPcap capture driver, this application can identify all packets that are transmitted throughout your network, also providing options for analyzing existing raw network data (PCAP, TCP, PCAP.GZ, TCP.GZ files).
The application can process the input file or the real-time captured data and generate complete security-related reports concerning various aspects, such as the informational risk, hostname aliases, source and destination addresses of each transferred packet, events and users, along with data on the connected computers (operating systems, languages, ports, network configurations etc.). Also, you can view the Ethernet source and destination and IP addresses.
Each dataset or capturing session is saved as a separate 'collection' of data, allowing you to easily navigate and manage items.
NetWitness Investigator supports rules for packet capturing and file importing and allows you to configure custom actions (for instance, to look for data on Google or send it to a whois service). Data collections can be easily exported to your computer for later use.
The integrated bookmark manager enables you to quickly access desired sessions, while the 'History' section enables you to search for a previous collection. Provided you have Google Earth installed, you can display the capture locations and the traffic flow on a map.
To summarize, NetWitness Investigator helps you get an overview on the data that travels throughout the network, in the attempt to identify possible threats. Its intelligible GUI, along with the analysis capabilities make it a great tool for network administrators.