Thursday, August 28, 2008

 
Latest TR Articles:
Sandisk Cruzer Titanium Thumbdrive Review

Half-life 2 Review

Vantec NexStar USB 2.0 External Enclosure Review
Latest News Post:
"Oh, so long"

 
  View Printable Page
 





Iris Network Traffic Analyzer Review


What is Iris?

Iris is a network management tool used for monitoring a small organization's network. More than a network packet sniffer, Iris will actually reconstruct the packets that were captured, thus allowing you to view the content that other users on the network have transmitted or received. Thanks to Iris's simple GUI, almost anyone from an IT professional to a curious boss could use this tool to their advantage. In this Review, we previewed Iris v4.07.1.


Click To Enlarge

Primary Features

Here is a list of some of the basic features:

Filters

Filters can be used for receiving only the packets you might be interested in. Because of the great amount of processing power that is required to analyze large amounts of data going over a network, filters can be very helpful in focusing only on the needed data. Filters can be made for almost any kind of packet. You can create filters based on Hardware Layer, Protocol Layer, Key words, MAC address, IP address, Source and destination port, and Custom data and the size of the packets.

Logging

You can log both the raw packets, and the decoded ones, which have been reconstructed.

Display Network Stats

Iris allows you to view a wide variety of graphs and statistics according to Protocol, Top Hosts, and Size Distribution.

Data Miner

Data Miner is a very handy feature which allows you to go through large amounts of data at a time. For example, if you have a month's worth of data regarding webpages viewed, you could select the month's worth of capture files and then easily search for key words that were used on the websites. This tool can also be used for generating reports and filling traffic stats with selected data sources.

Capture/Decode

These are the primary features used in the program. "Capture" allows you to start and stop capturing data from the network. "Decode" takes the data which was captured (or is in the process of being captured) and attempts to convert it into a viewable form.

Schedules

With schedules, you can tell Iris time periods in which to start and stop capturing data.

Possible uses

Iris could be used for a variety of things (disregarding the legality of the situations):
  • Along side a network firewall, it can be used to track down intrusion attempts.
  • In an office environment, a coworker could use it to spy on another coworker.
  • A family member could use it to spy on another family member.
  • It can be used to reveal logins, passwords, and commands sent across a network, such as for e-mail, ftp, websites, etc.
  • Assisting in troubleshooting performance issues in your network, based on traffic statistics.
  • Help to enforce policies by watching client activity.
  • It can help in debugging network based programs.
  • You can view a MSN conversation going on from a user on your network.
  • And much more!

 

Limitations

Although this is a great program, it does have a few limitations. First, because of its design, it has to be run on a Hub based network. Switches will not allow Iris to function properly, because they do not send all information going over the network to all users on the network. You can, however, place the machine (with Iris installed) on a hub-port between the machine you are sniffing and a switch.

Secondly, Iris can not view graphics from webpages which are being decoded, if the images have already been cached on the client machine, because they are not actually being sent over the network. This does not create too big of a problem in most cases though.

Conclusion

It is amazing how much information a person can get by using this product. Almost every time we use a password to get access to something via the internet, it is just sitting there for someone to grab. A password could be picked up when you check for e-mail (pop3), log on to your FTP server, log onto a website, etc. With this product you can virtually be watching the client's machine when they are using the internet. For example, if they search for something on google, you will know exactly what they searched for. If they send an e-mail resume to a new company, you will be able to read exactly what it says. If you thought a family member was doing something bad, you could know exactly what they were doing, talking about, talking to, etc. Of course Iris is also great for finding data such as network stats, such as what is bogging down your network, or who is trying to hack into one of your systems.

All in all, Iris is one nice product! It is products like this which make you think twice about sending non-encrypted data across your networks and the Internet.

The average Joe will not be able to purchase this to spy on his girlfriend though, as it is being sold for a hefty price! The $995 price tag makes this a tool to be bought by serious people who want and need serious information. If your company is in need of a quality product for analyzing network traffic, then Iris is the product for you!

 
Visit the Forum!
© 2008 TechReviewer.com. All rights reserved.