...
Click Packet search in the Interactive Search feature offers a variety of powerful filter options to enhance your analysis. Click on each filter to instantly navigate to the explanation for the specific filterits explanation.
| Table of Contents | ||||
|---|---|---|---|---|
|
Limit Output Search
...
Limiting search results is possible based on file size or packet count. By default, the FileSize option uses bytes. However, using the drop-down menu, you can choose to limit the size to KB, MB, or GB.
The packet-count option lets you restrict the number of packets in the output PCAP file. You can do this by entering a number up to 100 million in the 'Packet Count Box'. (Limit Search Output )
By Packet Count
By File Size
...
Packet Slicing (Bytes)
...
Packet Slicing speeds up analysis by minimizing data for quicker anomaly detection and security response, while also assisting privacy compliance by excluding sensitive information from captured packets.
...
Reorder Output PCAP
...
Selecting the “Reorder Output PCAP” allows you to create an output file, in which timestamps are ordered.
...
VLAN ID
...
The value range for VLAN IDs is 1 to 4094.
...
Protocols
...
TCP
UDP
SCTP
VXLAN
GTP_V1V2
Encap_Protocol: SIP, RTP, RTCP, HTTP
MSISDN (Mobile Station Integrated Services Digital Network)
IMSI (International Mobile Subscriber Identity)
LAI (Location Area Identity)
TEID-C
TEID-U
Offset Value
ICMP
ICMP6
IGMP
ARP
RARP
...
Port
...
The Port field only takes valid port numbers. Valid Port numbers range from 0-65535.
...
Expression
...
Expressions such as quantea.com, sip, and Santa Clara is all valid. You can also use Regular Expressions to search for particular strings. (Expression )
...
Inline Filter
...
Utilize Inline Search to filter packets according to source or destination IPv4 and IPv6 addresses, source or destination port numbers, and protocol. Additionally, you have the option to upload a text file containing filter criteria to use as an inline search filter. (Inline Search )
Filter String
Filter File
Upload Filter File
...
GTP Search
...
Packet Search can filter subscriber-specific sessions (both control plane and data plane) by correlating the subscriber-specific attributes such as MSISDN, IMSI, and/or LAI numbers and the control plane-related attributes. Identification of the subscriber’s user plane traffic is achieved by extracting the Tunnel Endpoint ID (TEID) in the control plane packets, which are correlated to the subscriber ID (IMSI) and subscriber end-point number (MSISDN).
...
Encap_Protocols
TCP
UDP
HTTP
SIP
ICMP
ICMP6
IGMP
MSISDN (Mobile Station International Subscriber Directory Number)
IMSI (International Mobile Subscriber Identity)
LAI (Location Area Identity)
...