Network Traffic Monitoring/forensics

Hi All,

wondering what other people use for network traffic monitoring / forensics and their recommendations.  Below are some of my requirements

•      Full visibility of the traffic flow incoming/outgoing

•      Be scalable so if we wanted to have a remote sensor in a different location we wouldn’t have 2 systems, instead have all info from remote location displayed on main GUI

•      It does deep packet inspection/Intrusion detection – which is automatically updated with new signatures

•      Has a DB backend which is used to store the data/ does auto archiving/ able to import archives back in if required for historical investigations

•      Integrated with AD so it can show usernames

•      Create scheduled reports

•      Create custom reports

•      Able to monitor SQL DB – Data Modification/ Schema/ statements

•      See all MS file share traffic i.e. Create/Rename/Delete etc by IP and Username by file name and also be able to seach by filename to investigate last accessed/missing files

•      Set up alerts if something happens i.e. a folder deleted/copied

•      Email Header recording so we can see email subjects/ if we can see content even better
•      Internet Traffic recording

•      Bit-Torrent recording

•      Enables us to create trend graphs so we can see spikes in traffic