How to use Packet Search
Choose PCAP files for searching. There are two methods to select files:
Manually select files.
Select files using Date and Time Search.
Optionally, specify the Filename and directory to save the search result.
Apply any necessary filters to narrow down the search criteria.
Click the "Search" button to initiate the search process.
Once completed, view the search results in the result window.
...
Table of Contents | ||||
---|---|---|---|---|
|
Limit Output Search
Limiting search results is possible based on file size or packet count. By default, the FileSize option uses bytes. However, using the drop-down menu, you can choose to limit the size to KB, MB, or GB.
...
By Packet Count
By File Size
Packet Slicing (Bytes)
Packet Slicing speeds up analysis by minimizing data for quicker anomaly detection and security response, while also assisting privacy compliance by excluding sensitive information from captured packets.
Reorder Output PCAP
Selecting the “Reorder Output PCAP” allows you to create an output file, in which timestamps are ordered.
VLAN ID
The value range for VLAN IDs is 1 to 4094.
Protocols
TCP
UDP
SCTP
VXLAN
GTP_V1V2
Encap_Protocol: SIP, RTP, RTCP, HTTP
MSISDN (Mobile Station Integrated Services Digital Network)
IMSI (International Mobile Subscriber Identity)
LAI (Location Area Identity)
TEID-C
TEID-U
Offset Value
ICMP
ICMP6
IGMP
ARP
RARP
Port
The Port field only takes valid port numbers. Valid Port numbers range from 0-65535.
Expression
Expressions such as quantea.com, sip, and Santa Clara is all valid. You can also use Regular Expressions to search for particular strings.
Inline Filter
Utilize Inline Search to filter packets according to source or destination IPv4 and IPv6 addresses, source or destination port numbers, and protocol. Additionally, you have the option to upload a text file containing filter criteria to use as an inline search filter.
Filter String
Filter File
Upload Filter File
GTP Search
Packet Search can filter subscriber-specific sessions (both control plane and data plane) by correlating the subscriber-specific attributes such as MSISDN, IMSI, and/or LAI numbers and the control plane-related attributes. Identification of the subscriber’s user plane traffic is achieved by extracting the Tunnel Endpoint ID (TEID) in the control plane packets, which are correlated to the subscriber ID (IMSI) and subscriber end-point number (MSISDN).
...