Differences

This shows you the differences between two versions of the page.

--- en:dpi:qoe:use_cases:dpi_findcorp [2023/08/28 14:57] – ↷ Links adapted because of a move operation elena.krasnobryzh
+++ en:dpi:qoe:use_cases:dpi_findcorp [2024/04/25 08:39] (current) – removed elena.krasnobryzh
@@ Line 1: / Line 1: @@
-====== 14 Identification of corporate subscribers ======
-{{indexmenu_n>14}}
-<note important> [[en:dpi:qoe:use_cases:monetization#search_for_reselling_internet_services|We recommend using the QoE tool and the GUI to report on the resale service search.]] Below is an example of an evaluation by analyzing raw DPI data. </note>
-There are several approaches to solve the problem of identification corporate subscribers that use the tariff plan. For example it can be done based on the number of sessions generated by the subscriber. The ISP can collect the full NetFlow and generate a relevant report with the help of DPI and netflow analysis tools.
-This use case suggests estimating the number and the type of devices that were used to provide the Internet access.
-First, let's record [[en:dpi:dpi_options:opt_li:li_settings:start|Clickstream metadata]] during a day or at least few hours.
-Then add to the /etc/dpi/fastdpi.conf configuration file the following settings:
-<code>
-ajb_save_url=-1
-ajb_save_url_format=ipsrc:uagent
-</code>
-If subscribers are identified by their login (dynamic IP), please specify ''login'' instead of ''ipsrc'' in the format option.
-You can expand the format with additional fields according to your needs, for example:
-<code>
-ajb_save_url=-1
-ajb_save_url_format=ts:login:ipsrc:ipdst:host:path:uagent:ref:cookie:tphost:blockd:method
-</code>
-Please restart the service.
-The data is written to the /var/dump/dpi directory by default
-Make sure that there is enough disk space and keep in mind that you have to turn off the recording whenever you'd finish a job by setting the ''ajb_save_url = 0'' option or just by coommenting corresponding ''ajb_save_url=-1''; reload it upon completion.
-So we get a set of files with the url_*.txt names as a result. The user-defined fields are separated by tab therein.
-Let's execute a query applying to the url_*.txt file. The output shows how many subscriber devices each subscriber has. They are identified by the User-Agent from http requests:
-for a short format ''ajb_save_url_format = ipsrc: uagent'' it will look like this
-<code>
-sort -u /var/dump/dpi/url_*.txt|cut -f1|uniq -c|sort -n
-</code>
-and for a long format and identification by login, let's cut out relevant fields using the cut utility:
-<code>
-cut -f2,7 /var/dump/dpi/url_*.txt|sort -u|cut -f1|uniq -c|sort -n
-</code>
-We get a report like:
-<code>
-...
-SUBS_9987153
-SUBS_9802207
-SUBS_4924486
-SUBS_4979880
-...
-</code>
-here the first field corresponds to the number of different devices subscriber uses
-Further you can check out the types of devices used by subscribers, and sometimes it can lead you to a conclusion about the type of business. For example, if the mobile phones are mostly presented (every day is different), then this is likely a cafe.
-<code>
-cut -f2,7 /var/dump/dpi/url_*.txt|grep "^SUBS_9802207[[:blank:]]"|sort -u
-</code>
-here SUBS_9802207 is a login of the subscriber of our concerns
-<code>
-...
-C+Enterprise/8.3
-C530A IP/42.199.00.000.000;C530H/107.037.00.000.000
-C530A IP/42.207.00.000.000;C530H/107.037.00.000.000
-Dalvik/1.6.0 (Linux; U; Android 4.4.2; 6037Y Build/KOT49H)
-Dalvik/2.1.0 (Linux; U; Android 5.1.1; D5503 Build/14.6.A.1.216)
-Dalvik/2.1.0 (Linux; U; Android 6.0.1; Redmi Note 3 MIUI/7.3.9)
-iPhone8,1/10.3.1 (14E304)
-...
-</code>
-The presence of ERP-software, VoIP phones, a lot of different computers and phones provides proof that such subscriber is a corporation.

Profile

Settings

Differences