Traffic Inspector, network monitoring software, was developed to integrate and complement the diversity of network capabilities of OS Microsoft Windows, so you do not have to make special settings. Everything that worked before will work after you install the program; you only need to set up user authorisations. Traffic Inspector will enable you to accomplish the majority of tasks arising when you are connecting to the Internet:
 Control Internet Access & Traffic
Users can work both directly, through NAT, or through the proxy server. A separate account is created for each user and all their actions on the Internet are displayed in simple and understandable reports.
Accounting for Traffic
Accounting for traffic is per byte for each user, and you determine the unit of accounting, limits, blocks, filters and schedules. The certified billing system guarantees precise calculations.
Proxy Server & Economy
Traffic Inspector proxy server allows caching of frequently-used Internet resources, as well as blocking banners, ads, graphics, music or videos, and the banning of unwanted sites or sections.
Network Security. Firewall
Network protection is organised at two levels: the firewall provides protection against external network attacks, and the system of locks and alarm at excessive network activity is used for internal security control.
|
Antivirus Protection
Traffic Inspector checks continuously for network infections by viruses. It checks traffic through the proxy server and the mail gateway with the help of additional modules for antivirus protection.
Speed Control & Routing
Traffic Inspector allows you to set speed limits for users or groups with dynamic load; Advanced Routing system makes it possible to send traffic to different access channels, including satellite.
Spam Filtering
The Traffic Inspector mail gateway allows you to block spam on the internal mail server. You can filter incoming email messages using “black” and “white” lists, delivery rules, etc.
Remote Control & Statistics
The program has a number of tools for the remote management and monitoring of the system. Using Traffic Inspector, you will always know about the state of the network, wherever you are.
|
Download Traffic Inspector
Buy Traffic Inspector
Networks and protocols
Supported interfaces: 802.3 (Ethernet), 802.11 (Radio Ethernet), WAN PPP, WAN VPN (PPTP, L2TP).
IEEE 802.1Q (tag-based VLAN) protocol support.
Compatibility with Windows NAT implementation. NAT is supported for interfaces: RAS (Dial-out), VPN (PPTP, L2TP), PPPoE.
Compatibility with Windows RAS server (dial-In clients). Modem and VPN connections (PPTP, L2TP) are supported.
Multiple internal interfaces and complex network topologies are supported.
Multiple external interfaces and ISP connections are supported.
Networks may be configured as internal (for example: home network) or DMZ. Different access policies may be specified for different types of networks.
Asymmetric scenarios (different interfaces are used for incoming and outgoing traffic) are supported.
Terminal server users are supported.
A sniffer operation mode is used to monitor and account traffic when Traffic Inspector is not used as a gateway.
User authorization
Authorization by IP address, range of IP addresses, MAC address, both IP and MAC address.
Authorization by username and password. User accounts may be based on Windows accounts or own Traffic Inspector accounts may be used.
NTLM authorization is used for Windows-based user accounts. HTTP and SOCKS proxy support BASIC authorization.
MAC addresses of authorized users may be added to the operating system ARP table.
Authorization by email addresses is required to use SMTP gateway services.
Authorization via API may be used by third-party software.
Authorization violations control. Traffic Inspector supports logging of authorization violation events and notifying administrators by email.
Automatic account creation. A user account can be automatically added to a certain TI group depending on the Windows group membership. TI to Windows group association is configured in a group settings.
Up to 8191 user accounts and up to 255 groups are supported.
User limits and restrictions
Based on specified date.
Based on a schedule.
Based on accessed resource. Allow or deny filtering rules may be assigned to different categories as well as to users and groups. IP filtering rules (IP addresses, protocols and ports are used as matching criteria) and web filtering rules (for traffic passing through Traffic Inspector proxy) are supported.
Based on IP and MAC address.
Based on services available to the user: routing and NAT, HTTP proxy, SOCKS proxy.
Based on number of TCP connections. The restriction can be applied to both proxy and routed traffic.
Based on VLAN ID.
Enable/disable multi-connection downloading via the proxy server.
Virus Flood Detection feature. Prevents network congestion and server overload by blocking users that generate excessive network traffic.
Billing system
Charge for different traffic directions: only incoming, only outgoing, sum of incoming and outgoing, the highest value of incoming or outgoing.
Ability to specify prepaid traffic in a tariff settings.
Ability to specify daily, weekly and monthly limits in a tariff settings.
Ability to charge users at the hourly or daily rate.
Ability to backdate new tariff rate. Changing a tariff rate results in recalculation of billing data.
Ability to change cost for cached traffic or SMTP traffic.
Ability to charge differently for different types of traffic and different time periods.
Users with insufficient balance may be allowed to access the Internet.
Collective bills are supported. Multiple users and groups may be added to a collective bill.
Current status of the client as well as tariff parameters and account balance are displayed in real time.
Traffic accounting
Traffic accounting is implemented for separate users and counters.
Controlled counters allow to monitor Internet traffic consumption
Controlled counters allow to set traffic consumption limits. Reaching the limit may trigger an administrator notification or block the external traffic.
An external program may be run when the external traffic is blocked.
Information counters may be used for traffic accounting based on IP protocol ID numbers, port numbers.
External counters data can be displayed in real time or logged for generating reports at a later time.
Proxy server
Supported protocols: HTTP/1.1 (HTTP keep-alive, HTTP pipelining), FTP, SOCKS 4/5.
HTTP CONNECT method for forwarding SSL connections.
HTTP GET method for accessing FTP servers. Both active and passive FTP modes are supported.
Transparent proxy: redirection of TCP traffic that uses port 80 to the proxy.
Proxy chaining: HTTP, FTP and SOCKS.
Authentication: BASIC or Windows integrated authentication (NTLM v. 1/2).
Pass-through authorization. If a user is not authorized, authorization is requested through proxy or SOCKS server.
Various settings allow to fine-tune the proxy server to ensure optimal caching behaviour. Flexible caching options for various web resources. Cache fragmentation is prevented by storing cache in a single file.
Packet filtering and web filtering rules (based on content type, URLs, WOT ratings, etc.) can be applied to proxy traffic. URLs may be specified in the form of regular expressions.
Proxy auto-config. A web server hosts a standard configuration file config.script that contains JavaScript code allowing automatic browser configuration.. Local Address Table (LAT) may also be set up.
Firewall
The external firewall requires no initial setup and is by default configured to block inbound traffic while allowing outbound TCP, UDP and ICMP traffic.
The internal firewall prevents unauthorized access from the internal network.
Dynamic UDP filtering allows to pass the incoming UDP traffic corresponding to outgoing requests while filtering all other requests.
FTP traffic processing (parsing PORT and PASV FTP commands) allows to dynamically open appropriate TCP ports. Both active and passive FTP modes are supported.
Filtering rules may permit traffic of specified types.
Information counters allow accounting of filtered incoming traffic (suitable for analyzing flood attacks, port scanning, etc.).
SMTP gateway
Using SMTP gateway allows to make an internal SMTP server available for clients in the external network.
SMTP gateway can be configured to check a DNS MX resource record for the domain specified in the email address of the sender.
SMTP gateway can be configured to reject email messages addressed to disabled or blocked users.
Flexible email filtering rules.
Only email messages for known email addresses are accepted and charged for.
Public RBL services are accessed via a module plugin. DNS-based public RBL services allow to verify IP address of the email message sender or IP addresses of all SMTP servers participating in the message delivery.
Traffic shaping
Any type of traffic passing through the server can be processed by the traffic shaping system (including HTTP proxy and SOCKS proxy traffic).
Rate limits may be set individually for each user, both download and upload rate limits may be set.
Summary rate limit for a group, both download and upload rate limits may be set.
Limits on the number of packets. Useful for preventing network congestion resulting from virus infection.
Rules allow to specify the type of traffic that is exempt from the traffic shaping system.
Rules allow to set rate limits for a certain type of traffic.
Rules allow set priority for a certain type of traffic.
Rules allow to set a schedule. This enables administrator to set up a dynamic change of rate limiting settings based on time.
Rate limits may be set on the basis of a type of web content for traffic that passes through the proxy.
Traffic consisting of data taken from proxy cache or downloaded from the integrated web server is exempt from the traffic shaping system.
Advanced routing
Routing user traffic via the specified external interface
Routing group traffic via the specified external interface
Routing decisions may be based on traffic type and web content type
Processing traffic by the advanced routing system may be used as a criterion for filtering rules
Administration
Administration console is implemented as a Microsoft Management Console snap-in. This approach provides a flexible administration environment that is smoothly integrated with other Windows Microsoft administration features.
Remote administration: DCOM technology is used for providing remote administration access. Multiple simultaneous remote administration sessions are supported.
Different levels of administration access: manager and cashier accounts are only granted restricted access to program settings.
The built-in web server implements a set of administration tools
A collection of program settings can be easily exported and imported as a settings package
Network statistics
Logging network statistics can be enabled for users and external counters.
Statistics can be displayed in real time or logged for the needs of generating reports.
Various logging levels (sampling interval or the number of logged TCP connections) may be set resulting in a more or less detailed statistics.
WHOIS and NetGeo services are utilized for getting additional information on hosts and networks.
Databases and reports
Configuration settings are stored in xml files. The program features the embedded SQLite database that does not require installation of ODBC drivers, configuration, etc.
Traffic Inspector features built-in functionality for data backup and cleanup.
Supported SQL servers: Microsoft SQL Server, MySQL, PostgreSQL. In case an external database is used, the embedded database serves as an intermediate data storage.
Multiple Traffic Inspector servers may use a single external database for centralized data storage. Internally, an ID is used to uniquely identify each database stored by a single DBMS software.
Report generation uses ASP.NET applications that run as part of the built-in web server.
API allows to implement new report types.
Web server
Integrated HTTP/SSL web server is used to implement a set of features:
User access control: web agent, personal user page, user reports.
Web administration interface, admin reports.
Additional applications.
Web server characteristics:
Supported protocols: HTTP/1.1. HTTP keep-alive, resume download, cache tagging.
Supported SSL protocols: TLS (SSL 3.1), SSL 3.0, SSL 2.0. SSL 1.0.
Securing access from the external and the internal networks with different SSL certificates
CA (Certification Authority) implementation
ASP.NET application use .NET Framework 2.0. Multiple virtual hosts (web sites) may be set up. One process architecture allows for easy debugging.
Flexible physical to virtual directory mappings
Both users and administrators can be authorized
Flexible permissions assignment for directories. Authorization in ASP.NET.
ASP.NET sessions based on cookies
User and group profiles: a repository for application settings.
Client Agent
Integrated web server allows users to access their personal pages in order to view reports and statistics. Client Agent features:
supported protocols: UDP, HTTP or SSL;
automatic configuration: automatic server location and protocol selection;
automatic Internet Explorer configuration;
installation file for the client agent program is available for download on the personal user page;
Client Agent is a small program installed on user hosts that allows a user to:
view the current account balance;
view the amount of spent traffic or money;
be notified when the account balance is reaching a certain value;
be notified by the Traffic Inspector administrator;
switch content filtering levels: various degrees of bandwidth conservation may be achieved by selecting an appropriate filtering level;
switch caching levels: fine-tune caching behavior that is both appropriate for accessing frequently updated web sites and conserving network bandwidth;
Non-Windows users may use web agent which is a web-based substitution for the Client Agent.
Automation API and extension plugins
Documented API allows creation of scripts performing tasks not supported by the program out of the box.
Plugins may be used to extend the functionality of the program.
Program usage restrictions
Traffic accounting and billing is difficult to implement when a user logs on to the Traffic Inspector server and uses it to access the Internet, especially when other network services run on that server.
Traffic accounting and billing is difficult to implement for terminal server users (unless a special Terminal server mode is enabled and terminal users use the HTTP or SOCKS proxy to access the Internet).
SMTP gateway is only capable of processing SMTP traffic directed to it from the external network.
Application layer filtering is only applied to traffic that is processed by the HTTP proxy.
Traffic Inspector cannot co-exist with programs that use custom NAT implementation (WinGate, WinRoute) and some networking tools.
IPv6 is not supported.
Download Traffic Inspector
Buy Traffic Inspector