SYNESIS by Toyo Corporation
1 – High Performance and Quality
The application developed by TOYO Corporation can capture and directly stream to storage high volume traffic — even at a line rate 100Gbps — without incurring any packet loss. This allows TOYO Corporation the ability to offer packet capture systems, a 100Gbps packet capture appliance and an innovative 100Gbps packet capture portable, that were not possible to implement until now.
SYNESIS guarantees high performance capture regardless of packet size – whether short or long packets. Using disk optimization, SYNESIS captures at a higher capture speed than existing packet analyzers and in a more compact package. The result for our valued customers is a cost effective packet analyzer.
- General packet analyzer
Capturing properties using 64-bytes (short packet)
- SYNESIS Distributed / Portable
Capturing properties using 64-1518 bytes
2 – Detection of microburst traffic
SYNESIS will detect occurrences of microbursts against user defined threshold values during capture sessions. Related packets may be saved to trace files for more detailed analysis.
3 – Greatly reduces the extraction time of trace files (AANPM analysis)
SYNESIS incorporates the Application Aware Network Performance Method (AANPM) which can greatly reduce the time to detect and extract the target packet by saving a higher volume of information than current packet analyzers. This includes saving indexing information such as the IP address and ports concurrently during packet capture.
1 – The implementation of “extended indexing” improves packet analysis and reduces overall analysis time.
Using extended indexing to significantly reduce the time required for extracting trace files
Today’s corporate information systems utilize applications that connect numerous business offices. When communication quality deteriorates or a security issue arises, a system administrators troubleshooting workflow includes going through massive volumes of timestamped packets, typical of conventional packet analyzers. This task can easily take tens of hours per issue.
With a SYNESIS deployment, system administrators will be able to easily find and extract the corresponding packet data for network issues by using connection flows, including timestamp information, alerts based on thresholds, as well as site addresses, applications, and selected server information.
SYNESIS Distributed Installation Example 1
2 – Integrated network monitoring tool: Comprehensive communication content analysis of multiple agents and network lines.
Comprehensive Analysis of Data from Multiple SYNESIS Distributed Components
The system administrator is able to comprehensively analyze traffic collected by the various SYNESIS Distributed consoles. By creating a list of the most used applications ordered by site during a designated period, the system administrator can perform detailed analysis of a selected connection at the packet-level.
With SYNESIS, it is possible to set a three-level threshold volume in order to supervise frequent data re-transmission and low-response occurring with a certain site or server. The system administrator can ascertain disruptions even before receiving complaints from users via the alerts sent by SYNESIS. This allows system administrators to start troubleshooting straight from the packet data related to the alerts.
SYNESIS Distributed Installation Example 2
3 – Working with external security devices: Protection of captured data
Packet data lock function using SNMP trap as a trigger
This enables packet data from a few minutes before and after an incident to be locked, preventing it from being overwritten. This in turns allows system managers to obtain the actual attacking packets and leaked data, in order to analyze the risks that have actually occurred.
The system administrator can schedule automatic backups of SYNESIS data to external storage devices (i.e. NAS).
SYNESIS Distributed Installation Example 3
The packets will be continuously captured and accumulated without omissions. Not missing any packet in a device is the most crucial aspect in troubleshooting.
SYNESIS is a capture appliance compatible with 10M/100M/1G/10G/100G networks that can capture traffic at wire speed without data loss. SYNESIS users can perform packet analysis without having to stop capture.
A backup function allows saving to PCAP files automatically while capturing. The storage destination can either be a local or remote file system.
The filter slicing function of SYNESIS can limit capture to only store required data or layers (model dependent) insuring sensitive information is never compromised. Since the slicing process is conducted on a specialized capture card, critical data is never lost regardless of the traffic load.
Captures only the data that meet a user defined criteria (IP Address, TCP/UDP Port#, MAC, VLAN ID)
Captures only the data after a specified number of bytes relative to the start of the frame header
When storage is full, the oldest data will be overwritten by newer data. Critical data may be protected from being overwritten by the “lock” function.
Lock specified by time and SNMP trap
Lock specified by time
SYNESIS manages the capture as a single record from the start to the termination of capture. Users can perform management operations such as locking important records while deleting those that have already been analyzed. Operations such as locking, deleting, saving trace files, and exporting statistics, can be performed rapidly via the record list.
Being able to swiftly retrieve the target packet or communications from a large volume of accumulated data is a crucial matter.
With SYNESIS, packets are visualized from various angles, allowing the users to perform analysis with different approaches to suit their objectives.
Corresponding traffic statistics are created and saved in one-second granularity while data is captured. With a single glance, users can determine usage differences by time and port source. Furthermore, users can create customizable dashboards that display Layer 2 and Top N statistics.
- L2 Traffic
-Usage rate, bytes/sec, packets/sec, throughput
- TOP N application and application group
-in/out traffic, throughput
- TOP N host
-in/out traffic, throughput
Packets can be decoded in real-time during capture. Since this function allows you to get an overview of the network status while capturing, it is a function that will prove indispensable, whether on the field or in a lab.
Detection of microbursts
SYNESIS detects microbursts that cannot be detected with conventional network supervisors and packet analyzers. Microbursts refer to a phenomenon that that triggers the convergence of network devices and can be a significant cause of packet loss. With SYNESIS, users can set the threshold value at an interval of a minimum of 100μsec, making it easy to identify and analyze packets and to see when and where microbursts occurred.
SYNESIS can issue alerts by detecting any abnormalities in traffic. In order to display the alerts, users must set corresponding threshold values for each item.
The AANPM alert can have its threshold values set to three different levels (Critical/Important/Normal). Furthermore, only sessions that become an issue can be saved as a trace file.
- Alert items
- Alert actions
Finding communication issues by investigating each individual packet from a large volume of data is a time-consuming, laborious task. With SYNESIS, users can visualize network trends over a large volume of data and, furthermore, identify problematic connections by indexing captured data.
By using the capture indexing function, the KPI (Key Performance Indicator) network status can be ascertained at a trend level basis.
- Items to be analyzed
Displays for each site (subnet)
Displays for each application
Displays for each server group (IP combinations)
Displays for each server
Number of communication packets
Number of bytes communicated
ART (Application Response Time)
The time it takes for the server application to respond to a client request
CRT (Client Response Time):
The time it takes for the client to initiate a request
NRT (Network Round-trip Time):
The average time it takes for the packet to make a round trip across the network
PTT (Payload Transfer Time):
The time it took for the server to send a response to the client request
SRT (Server Response Time):
The time it took for the server to respond to the client request and complete responding.
The average time it takes for a packet to pass through a one-way network
The number of TCP packet sequences that has been retransmitted
Values calculated by [Received bytes + sent bytes]/sample time [Kbit/sec]
The maximum throughput during a certain time period. If the period is 10 minutes, then 10 throughput values would exist. The highest value among those is the burst throughput.
SYNESIS may be deployed to capture and store packet data in either of the following methods:
1. Connect using a network TAP
2. Connect using a SPAN (mirror) port on a switch
- TAP connection
TAP is inserted into the network in order to extract the packet.
• Packets can be extracted by separating full-duplex line traffic into incoming and outgoing.
• When inserting a TAP, the network needs to be disconnected first.
- SPAN (mirror) port connections
The packet is extracted by setting the appropriate SPAN (mirror) port on the switch
• It has no impact on the communication network performance.
• Since networks communicating using full-duplex line traffic are extracted in a semi-duplex packet, packet loss may occur as a result.
Packets can be sent at the same link speed during the capturing of the pcap file (1GbE supported). Users can set the number of replays using the options.
Furthermore, the following items can be replaced from the packet header within the PCAP file.
-IP address (v4/v6)
Support teams may use SYNESIS to capture intermittent issues found at customer sites and recreate them in a more controlled lab environment.
1. Deploy SYNESIS in an Operating environment and set to capture continuously.
2. When the failure occurs save the corresponding packets to a trace file.
3. Redeploy SYNESIS in a Test environment that duplicates the Operating environment. Replay the saved trace file to recreate the fault.
The support team may also test engineering fixes before applying them in the Operating environment.