IP Fabrics Logo
About IP Fabrics | News & Events | Careers

DeepProbe-1 and DeepProbe-10

The industry's only intelligent network surveillance probes for 1Gbps and 10Gbps IP data retention and intercept solutions!

The DeepProbe™ is IP Fabrics' most advanced data retention and intercept system and functions as an intelligent probe under the control of a separate surveillance element such as a mediation system.  Designed to be used in distributed data retention and intercept solutions, the DeepProbe is ideal for monitoring large and complex networks. 

DeepProbe has the capability to fully inspect every network packet, so the controlling mediation systems don’t need to rely on CMTSs, switches, routers or other probes for filtering and intercept.

DeepProbe products are subject to US export controls and are classified under ECCN 5A002A1. DeepProbe products are authorized for export under provision (b)(1) of License Exception ENC (740.17) as CCATS G136966. DeepProbe can be exported without delay to all counties (excluding Cuba, Iran, North Korea, Sudan and Syria) with No License Required (NLR) (eligible for license exception ENC).

Support for Data Retention, Intercept, and Cyber Security Applications

DeepProbes flexible output modes make it ideal for several important network monitoring and surveillance applications. For example, DeepProbe can be configured to deliver Internet usage events/metadata/IPDR which can be used for data retention solutions. Alternatively, DeepProbe can be configured to deliver a specific target's full communications session/stream, common in intercept solutions. Finally, DeepProbe can be configured to detect specific network content and deliver pertinent information to SIEM for cyber security/insider threat solutions.

Unique Discovery Model

Target discovery in the DeepProbe is provided via the innovative Surveillance Module ™ architecture.  To the user, Surveillance Modules (SMs) are a series of well-defined, secure ASN.1 commands, which are designed for specific surveillance techniques.  For example, there are SMs for discovering webmail traffic, user-id login (e.g., radius or DHCP), and VoIP traffic.  These are termed ‘application-level’ SMs, since they deal with specific target applications/usages.

Other SMs include those geared towards monitoring more generic flows (conversations) based on specific packet header or content characteristics.  These are termed ‘protocol-level’ SMs since these require the user to be somewhat knowledgeable of specific packet header and/or content values.   Table 1 provides a summary of the DeepProbe Surveillance Modules.


DeepProbe Surveillance Module


IP Traffic

IP traffic discovery and data collection.  Discovery includes RADIUS, DHCP, DHCP option 82, and static IP/subnet

VoIP Traffic

SIP-Based VoIP discovery and data collection

Email Traffic

SMTP, POP3, and IMAP4-based email discovery and data collection



Application-level decode and data collection of Hotmail, Yahoo, and Maktoob, facebook, and other popular webmail services



Application-level decode and data collection of MS Live, yahoo, ICQ/IC2GO!, twitter, facebook, and other popular IM/chat services

Scan Schema Plugin

Extensions to Email, Webmail and IM/Chat SMs to discover and collect data based on keywords in body, subject, and attachments.  Keywords can be specified as simple strings, regex, or large signature databases

Web Traffic

Application-level discovery and data collection based on DNS and HTTP/HTTPS

Web Application

Application-level discovery and data collection based on popular web-based applications such as vBulletin

File Transfer

Application-level discovery and data collection of popular file transfer/sharing protocols

Encrypted Traffic

Encrypted traffic discovery and data collection of applications and protocols such as Skype, IPSEC, SSL/TLS, and others

Dark Traffic

Malformed and unusual traffic discovery and data collection

Future SMs

Application-Level analysis for new, emerging, and other applications


Once the target is discovered, the DeepProbe offers flexible intercept options, including the ability to deliver the entire data stream a summary and key events, or just IPRDs.. DeepProbe also incorporates sophisticated reconstruction logic to deliver only pertinent information when monitoring complex applications such as webmail and chat/IM, greatly reducing the processing required by the monitoring, data retention, and analytic systems.


1Gbps and 10Gbs Models

DeepProbe comes in two basic models. The first is for monitoring 10/100/1000Mbps networks and is available with four surveillance ports.  The second is for monitoring 10Gbps networks and is available with four 10Gbps and six 10/100/1000Mbps surveillance ports.  Both models support multiple, dynamically updatable targets and also come with two 10/100/1000Mbps system ports.


High Performance, Scalable Architecture

IP Fabrics’ Surveillance Module™ architecture and  underlying patent-pending multi-core virtualization technology give DeepProbe many unique advantages over basic “PC-based” surveillance systems or hard-wired ASIC-based systems. DeepSweep’s internal host processors and multi-core packet inspection accelerators allow it to monitor multiple 1Gbps and 10Gbps Ethernet links at true wire-speed with full layer 2-7 deep packet inspection (DPI) capabilities. 


Secure, Reliable Provisioning

The DeepProbe is typically provisioned and managed by a centralized mediation via the system ports using a set of simple, yet powerful commands.  Each provisioning command is securely authenticated to prevent use by an unauthorized system.  Consistent with other DeepSweep systems, an easy-to-use, secure web-based interface is also included.

For complete specifications, please refer to the DeepProbe Datasheet or the DeepProbe IP Intercept Probe Datasheet.

For more information about Network Surveillance using DeepProbe, please refer to the IP Network Surveillance Whitepaper.

Learn more about IP Fabrics products and technology by visiting the Resource Center or Contact Us to have an IP Fabrics sales representative provide you further information.