Trisul is a new kind of network monitor that supplements fine grained traffic metering with flows, packets, and alerts. You can carry out any kind of network and security analysis.


Trisul is designed from the ground up to meter your network traffic. Not just simple host or application bandwidth usage but over 100 parameters across all network layers.

For each host seen Trisul meters 12 items such as Total, In, Out, Established Connections, Connection attempts, alerts as attacker, as victim, TCP stats, internal vs external transfers, among others. Similarly you get dozens of stats by MAC layer, by Country / ASN, per VLAN, at Layer 2, at Layer 3, IPv6, internal & external hosts.

New features:

Trisul Remote Protocol
Secure remote scripting of tasks. Write simple scripts in Ruby to perform complex multi stage tasks. For example pull up a list of all flows to China or get raw packets for all priority 1 alerts.

Alerts can now be sent to syslog

You can send all types of alerts - threshold crossing, flow tracker, badfellas (blacklist) and IDS alerts to a syslog collector.

New subscriber reports

If you are a service provider, you can use a new Subscriber Report that will breakout all activity of a user in a summary view and a detailed (deep) view. You can set bandwidth limits and flag excess usage.
Major reduction in CPU usage

The earlier versions of Trisul would demonstrate a high CPU usage especially in lightly loaded networks. We have fixed internal locking strategies to dramatically reduce the CPU usage. We have also tightened memory usage significantly.

Enhancements and fixes:

• Fix error with Phishtank blacklisting
• Can now specify fixed high numbered TCP/UDP ports as server ports
• Slew of improvements to packet based drilldown
• Better performance of flow based drilldowns
• Websockets now compatible with latest versions of Firefox/Chrome
• Better packaging - allow independent installs of trisul and plugins
• Over 80 other fixes.