Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_components:dpiui:user_guide:lawful_interception:traffic_decode:start [2023/08/31 08:01] – created elena.krasnobryzh
+++ en:dpi:dpi_components:dpiui:user_guide:lawful_interception:traffic_decode:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Traffic analysis ======
-{{indexmenu_n>1}}
-===== Equipment =====
-To configure the correct operation of the Traffic Parsing section, you must add equipment of the "Pcap Parsing Server" type to the [[en:dpi:dpi_components:dpiui:user_guide:admin_section:equipment_management:start|Equipment List Management section]].
-Traffic parsing equipment configuration:
-  - Processor (CPU) 2.5 GHz, 2 pcs
-  - Random access memory (RAM) from 4 GB
-  - Hard disk drive (HDD) from 100 GB
-  - Operating system Ubuntu 20.04
-To install the necessary utilities, run the following command:
-<code>apt install wireshark tshark sox</code>
-===== Section =====
-To go to the traffic parsing section in the menu, go to the "Lawful interception"->"Traffic parsing"->"Traffic parsing" section.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_route.png?600 |}}
-The Traffic Parsing section looks like the figure below.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode.png?800 |}}
-==== Tasks ====
-The tasks for Traffic Mining are located on the left side of the Traffic Mining page.
-=== Creating a task ===
-To create a new Traffic Analysis task, click the "+" button in the toolbar above the list of existing tasks.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_create_task.png?400 |}}
-In the task creation form that opens, enter:
-  * Task name
-  * Description of the task
-Click the "Save" button.
-=== Editing a task ===
-To edit a task, click the edit button next to an existing task.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_edit_task.png?400 |}}
-In the task editing form that opens, change:
-  * Task name
-  * Description of the task
-Click the "Save" button.
-=== Deleting a task ===
-To delete a task, click the "Delete" button next to the existing task and confirm or cancel the action.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_delete_task.png?400 |}}
-==== Files ====
-The files for Traffic Parsing are located in the central part of the Traffic Parsing page.
-=== Add file ===
-To add a new file for Traffic Parsing, click on the "+" button in the toolbar above the list of added files.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_add_file.png?400 |}}
-In the opened form for adding a file:
-  * Upload or drag pcap file;
-  * If necessary, set the display name and description for the file;
-  * Specify the required types of traffic parsing (Web, Dns, Mail, Voip, Ftp);
-Click the "Save" button.
-=== Editing the file ===
-To edit a file for Traffic Parsing, click the edit button next to an existing file.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_edit_file.png?400 |}}
-In the file editing form that opens, you can change:
-  * Displayed file name;
-  * Description of the file;
-  * Types of traffic parsing (Web, Dns, Mail, Voip, Ftp);
-Click the "Save" button.
-If changes have been made to the types of traffic parsing, a confirmation form for restarting traffic parsing for this file will appear on the screen.
-=== Deleting a file ===
-To delete a file, click on the "Delete" button next to the existing file and confirm or cancel the action.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_delete_file.png?400 |}}
-=== Restart file parsing ===
-To restart file parsing:
-  - Select the required file from the list;
-  - Click on the restart parsing button in the toolbar;
-  - Confirm or cancel the action.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reset_file.png?400 |}}
-=== Importing files from the traffic capture section ===
-Files for traffic parsing can be imported from the "Traffic Capture" section.
-Go to the "Lawful Interception"->"Traffic Capture" section.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_capture_route.png?400 |}}
-In the list of files, select the files you want to parse and click the parse button.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_capture.png?400 |}}
-In the opened form:
-  * Select the Traffic Parsing task into which the files will be imported.
-  * If "New task" is selected, enter the name of the task that will be created during import.
-  * Parse types for imported files (Web, Dns, Mail, Voip, Ftp).
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_capture_decode_form.png?400 |}}
-Click on the "Apply" button. After the file import process is completed, a window will appear prompting you to go to the "Traffic Analysis" section.
-==== Parsing results ====
-The parsing results are located on the right side of the Traffic Parsing page.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports.png?600 |}}
-===Web===
-The Web parsing results tab displays HTTP requests.
-== Requests ==
-The "Requests" tab displays "raw" data about requests.
-The following data is available in the table:
-  * Date and time of request
-  * Request address
-  * Size of response in bytes
-  * Method
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_web_requests.png?600 |}}
-When you click on the "Additional information about the request" (?) button, a popup will open with additional information about the request:
-  * Agent
-  * Host
-  * Url
-  * Type of content
-  * Encoding
-  * Request method
-  * Response code
-  * Size of response in bytes
-  * Sender port
-  * Destination port
-  *TCP time
-  * IP protocol
-  * IP version
-  * Sender IP
-  * IP received
-  *Eth type
-  * Sender's Eth
-  *Eth of the recipient
-  * File ID to parse
-  * Filename to parse
-  * Filename with response content
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_web_requests_details.png?400 |}}
-== Pictures ==
-The Images tab displays queries that returned images.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_web_images.png?400 |}}
-===DNS===
-The DNS parsing results tab displays the hosts.
-The following data is available in the table:
-  * Date and time of request
-  * Host
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_dns.png?400 |}}
-== Additional information ==
-When you click on the "Additional information about the request" (?) button, a popup will open with additional information about the request:
-  * List of hosts
-  * Address list
-  * List of certificates
-  * Request date
-  * Response time
-  * Sender port
-  * Destination port
-  * IP protocol
-  * IP version
-  * Sender IP
-  * Destination IP
-  *Eth type
-  * Sender's Eth
-  *Eth of the recipient
-  * Request ID
-  * File ID to parse
-  * Filename to parse
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_dns_info.png?400 |}}
-=== Mail ===
-On the MAIL parsing results tab, sent/received Emails.
-The following data is available in the table:
-  * Date and time of sending / receiving;
-  * Sender
-  * Recipient
-  * Letter subject
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_mail.png?400 |}}
-== Content ==
-When you click on the Message Content button, a popup will open in which are available:
-  * Sender
-  * Recipient
-  * Letter subject
-  * Text of the letter
-  * List of attached files to the letter (can be downloaded)
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_mail_content.png?400 |}}
-== Additional information ==
-Clicking on the Additional Information(?) button will open a popup with additional information about the letter:
-  * Sender port
-  * Destination port
-  * IP protocol
-  * IP version
-  * Sender IP
-  * Destination IP
-  *Eth type
-  * Sender's Eth
-  *Eth of the recipient
-  * Sender
-  * Recipient
-  * Topic
-  * Letter ID
-  * User Agent
-  * MIME version
-  * Type of content
-  * Language
-  * Composite type
-  * Composite content type
-  * Multipart content encoding
-  * Disposition of compound content
-  * Request ID
-  * File ID to parse
-  * Eml file name
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_mail_info.png?400 |}}
-==Voip==
-On the Voip parsing results tab, information about completed Voip sessions.
-The following data is available in the table:
-  * Date and time of the session
-  * Session duration
-  * caller
-  * Callable
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_voip.png?400 |}}
-== Audio recording ==
-When you click on the Recordings button, a popup will open where you can listen to audio recordings:
-  * caller
-  * Callable
-  * Combined
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_voip_record.png?400 |}}
-== Query Logs ==
-When you click on the Request logs button, a popup will open with the logs of all session requests.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_voip_logs.png?400 |}}
-== Additional information ==
-When you click on the "Additional information" (?) button, a popup will open with additional information about the session:
-  * Sender port
-  * Destination port
-  * IP protocol
-  * IP version
-  * Sender IP
-  * Destination IP
-  *Eth type
-  * Sender's Eth
-  *Eth of the recipient
-  * Session duration
-  * caller
-  * Callable
-  * Call ID
-  * Ssrc outgoing
-  * Ssrc incoming
-  * Audio file names
-  * File ID to parse
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_voip_info.png?400 |}}
-=== FTP ===
-The FTP parsing results tab displays files sent/received via FTP.
-The following data is available in the table:
-  * Date and time of request
-  * File name
-  * Direction (Download/Upload)
-  * File size in bytes
-  * Customer address
-  * Server address
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_ftp.png?400 |}}
-== Additional information ==
-When you click on the "Additional information" (?) button, a popup will open with additional information about the request:
-  * Sender port
-  * Destination port
-  * IP protocol
-  * IP version
-  * Sender IP
-  * Destination IP
-  *Eth type
-  * Sender's Eth
-  *Eth of the recipient
-  * File name
-  * Ftp Directory
-  * File size in bytes
-  * Direction
-  * File ID to parse
-  * Response file
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_reports_ftp_info.png?400 |}}
-===== Traffic parsing logs =====
-To go to the section of traffic parsing logs in the menu, go to the "Lawful interception"->"Traffic parsing"->"Traffic parsing logs" section.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_logs_route.png?600 |}}
-The traffic parsing log section looks like the figure below.
-{{ :dpi:dpi_components:dpiui:user_guide:lawful_interception:dpiui2_traffic_decode_logs.png?600 |}}

Profile

Settings

Differences