Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to use Packet Search

  1. Choose PCAP files for searching. There are two methods to select files:

    1. Manually select files.

    2. Select files using Date and Time Search.

  2. Optionally, specify the Filename and directory to save the search result.

  3. Apply any necessary filters to narrow down the search criteria.

  4. Click the "Search" button to initiate the search process.

  5. Once completed, view the search results in the result window.

...

Table of Contents
minLevel1
maxLevel7

Limit Output Search

Limiting search results is possible based on file size or packet count. By default, the FileSize option uses bytes. However, using the drop-down menu, you can choose to limit the size to KB, MB, or GB.

...

  1. By Packet Count

  2. By File Size

Packet Slicing (Bytes)

Packet Slicing speeds up analysis by minimizing data for quicker anomaly detection and security response, while also assisting privacy compliance by excluding sensitive information from captured packets.

Reorder Output PCAP

Selecting the “Reorder Output PCAP” allows you to create an output file, in which timestamps are ordered.

VLAN ID

The value range for VLAN IDs is 1 to 4094.

Protocols

  • TCP

  • UDP

  • SCTP

  • VXLAN

  • GTP_V1V2

    • Encap_Protocol: SIP, RTP, RTCP, HTTP

    • MSISDN (Mobile Station Integrated Services Digital Network)

    • IMSI (International Mobile Subscriber Identity)

    • LAI (Location Area Identity)

    • TEID-C

    • TEID-U

    • Offset Value

  • ICMP

  • ICMP6

  • IGMP

  • ARP

  • RARP

Port

The Port field only takes valid port numbers. Valid Port numbers range from 0-65535.

Expression

Expressions such as quantea.com, sip, and Santa Clara is all valid. You can also use Regular Expressions to search for particular strings.

Inline Filter

Utilize Inline Search to filter packets according to source or destination IPv4 and IPv6 addresses, source or destination port numbers, and protocol. Additionally, you have the option to upload a text file containing filter criteria to use as an inline search filter.

  1. Filter String

  2. Filter File

  3. Upload Filter File

GTP Search

Packet Search can filter subscriber-specific sessions (both control plane and data plane) by correlating the subscriber-specific attributes such as MSISDN, IMSI, and/or LAI numbers and the control plane-related attributes. Identification of the subscriber’s user plane traffic is achieved by extracting the Tunnel Endpoint ID (TEID) in the control plane packets, which are correlated to the subscriber ID (IMSI) and subscriber end-point number (MSISDN).

...