Hack attempts and other attacks from the Internet are becoming increasingly complex and better-concealed. As a result many common firewall solutions are simply not sophisticated enough to detect them. Realising the need for a packet-level network traffic monitoring system that can detect these types of malicious activities, Qbik embarked on a development effort to provide a tool for network administrators aimed at just this need. Qbik is now proud to provide its solution - called NetPatrol.

Intrusion detection system
From the experience gained with WinGate - Qbik's comprehensive proxy server solution, Qbik realised that a logical and necessary complement would be an intrusion detection system that could monitor, analyse and report on suspicious network and Internet traffic behaviour to and from the WinGate Internet server. Currently NetPatrol operates as a stand alone monitoring system, providing relevant traffic information, and raising alerts about suspected network intrusions or attacks.

Monitor a single machine or an entire network
NetPatrol can be set to monitor all network connections on the machine on which it is installed, and provide a detailed report on network data that is addressed to those interfaces. Or it can be set to "promiscuous mode" where it will monitor all network traffic on all the ethernet segments that the NetPatrol machine is connected to.

With a "danger level" monitor, NetPatrol will attempt to gauge the behaviour and severity of the data activity, and respond accordingly. It can be configured to handle certain types of network behaviours based on a set of rules that administrators are able to configure depending on their security reporting requirements.

Scalable Modular system
NetPatrol is built on top of installable modules, with certain tasks assigned to each. Because of this, NetPatrol can be used as a distributed IDS system, allowing for higher performance and better ratio of handled/lost packets on highly-loaded networks.

Session reconstruction and investigation tools
All IP Traffic can be logged and sessions reconstructed. A graph of attacks level indicates current threat level. From the main display, Source or Destination computers can be investigated.

Port Monitor tool allows you to see what your applications are doing
Also included is the Qbik PortList tool, allowing easy real-time monitoring of all connections to and from the local machine and the processes responsible. Connections and processes can be easily terminated from the main screen. Even system services can be terminated.

NetPatrol is available in two "flavours" - Standard and Enterprise. These are basically identical except that Enterprise allows you to monitor the whole of your network from one machine by putting the network interface into promiscuous mode, whereas Standard allows only the monitoring of traffic to and from the NetPatrol machine itself.