Network Intelligence ToolKit: NIT is a unique network intelligence gathering and analysis platform. It is based on the deception-based DoD network protection implementation associated with Responder, but augmented for TSCM network analysts to replace noisier tools. It is completely passive, like the Logging Server but it also has the capabilities to:

Extract and correlate content from passing traffic:
• Operating system identification indicators
• Service and server identification indicators
• User IDs and passwords for communicating partners
• Select covert channel detection
• Identification of distant NAT gateways
• Timing information and sequential pattern identification
• Regular expression and general purpose parser analysis
• Extracts related data like domain names from DNS surveillance
• Correlates content across functions for search and investigation
• Logs desired network traffic at any level of detail

Optional active emulation of other devices for covert exfiltration

• Network disruption and selective enablement capabilities
• Record and replay of select network traffic on multiple interfaces
• Await device failures and use characteristics to exfiltrate content
• Truly invisible gateway between network segments
• Augment invisible gateway to introduce covert channels
• Replay with altered behavioral characteristics for countermeasures

Fully programmable packet observation, analysis, and generation capability

• Allow complex conditionals on what to collect, when, and from where
• Allows complex analysis of collected data for special cases
• Field reprogrammable for special requirements

Licenseing and Process

NIT is licensed on a year-by-year basis and includes initial configuration and quarterly maintenance. Only through authorized dealers.