Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

How to use Packet Search

  1. Select PCAP files to search (Two ways to select PCAP files)

    1. Manually select files

    2. Select files by Date and Time Search

  2. Select Filename and directory to save the result

  3. Apply filters

  4. Click on the Search button

  5. View result window

Packet_Search.mov

Packet Search Filters

Limit Output Search

Search results can be limited by file size or packet count. By default, the FileSize option uses bytes. Using the options in the drop-down menu, you can limit the size to KB, MB, or GB. The packet-count option limits the number of packets in the output PCAP by entering a number up to 100M in the Packet Count Box.

  1. By Packet Count

  2. By File Size

Reorder Output PCAP

Selecting the “Reorder Output PCAP” allows you to create an output file, in which timestamps are ordered.

VLAN ID

The value range for VLAN IDs is 1 to 4094.

Protocols

  • TCP

  • UDP

  • SCTP

  • VXLAN

  • GTP_V1V2

    • Encap_Protocol: SIP, RTP, RTCP, HTTP

    • MSISDN (Mobile Station Integrated Services Digital Network)

    • IMSI (International Mobile Subscriber Identity)

    • LAI (Location Area Identity)

    • TEID-C

    • TEID-U

    • Offset Value

  • ICMP

  • ICMP6

  • IGMP

  • ARP

  • RARP

Port

The Port field only takes valid port numbers. Valid Port numbers range from 0-65535.

Expression

Expressions such as quantea.com, sip, and Santa Clara is all valid. You can also use Regular Expressions to search for particular strings.

Inline Search

Inline Search to filter packets based on source or destination IPv4 and IPv6 address, source or destination Port number, and Protocol.

GTP Search

Packet Search can filter subscriber-specific sessions (both control plane and data plane) by correlating the subscriber-specific attributes such as MSISDN, IMSI, and/or LAI numbers and the control plane-related attributes. Identification of the subscriber’s user plane traffic is achieved by extracting the Tunnel Endpoint ID (TEID) in the control plane packets, which are correlated to the subscriber ID (IMSI) and subscriber end-point number (MSISDN).

  • No labels