1,775
edits
Response time analysis: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 178: | Line 178: | ||
* The first column allows to add new elements or remove existing one: | * The first column allows to add new elements or remove existing one: | ||
- adds a new request or response | :- adds a new request or response | ||
{| | {| | ||
| [[File:Plus.png|60px|right]] | | [[File:Plus.png|60px|right]] | ||
| Line 184: | Line 184: | ||
- removes the request or response entry from the list | :- removes the request or response entry from the list | ||
{| | {| | ||
|[[File:Minus.png|60px|right]] | |[[File:Minus.png|60px|right]] | ||
|} | |} | ||
* The second columns allows to choose the name of the request or response. | * The second columns allows to choose the name of the request or response. | ||
:The name is purely informational and can be chose freely. | |||
The name is purely informational and can be chose freely. | |||
* The third column contains all defined patterns for each request or response. | * The third column contains all defined patterns for each request or response. | ||
:- This button removes the single pattern directly right of the button. All other patterns are untouched. | |||
- This button removes the single pattern directly right of the button. All other patterns are untouched. | |||
{| | {| | ||
| [[File:Minus.png|60px|right]] | | [[File:Minus.png|60px|right]] | ||
|} | |} | ||
- This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | :- This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | ||
This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | ||
{| | {| | ||
|[[File:Plus.png|60px|right]] | |[[File:Plus.png|60px|right]] | ||
|} | |} | ||
| Line 230: | Line 225: | ||
* 0-10: the data must be found within the first 10 bytes of data (that is byte 0 to byte 9). | * 0-10: the data must be found within the first 10 bytes of data (that is byte 0 to byte 9). | ||
– Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | :– Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | ||
The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | ||
The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | ||
| Line 237: | Line 232: | ||
'''Pattern examples:''' | '''Pattern examples:''' | ||
– data: HELLO | :– data: HELLO | ||
data type: string | data type: string | ||
| Line 245: | Line 240: | ||
'''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | '''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | ||
– data: 8779827668 | :– data: 8779827668 | ||
data type: hexadecimal | data type: hexadecimal | ||
| Line 262: | Line 257: | ||
This example describes how to measure the response time of HTTP GET requests. | This example describes how to measure the response time of HTTP GET requests. | ||
#Add a new protocol definition by clicking at the ‘plus’ button. | |||
#Enter a name for this protocol definition. “HTTP GET” is short and appropriate. | |||
#As layer 7 protocol filter select “HTTP”. If you only want to analyze one specific HTTP server, define a new protocol for only this IP in the L7 module and select it from the custom protocol list. | |||
#Now edit the requests by clicking at the ‘pencil’ button. | |||
#Add a new request by clicking at the ‘plus’ button. | |||
#Enter the name of this request, “GET” is a good choice. | |||
#Add a new pattern by clicking at the ‘plus’ button in the third column. | |||
#Enter the three characters “GET” (without the quotes) into the data field | |||
#Make sure the “data type” drop down box still shows the default value “String”. | |||
#Enter “0” (without the quotes) as the position, as the HTTP GET request always starts with the GET string. | |||
#The settings should look like the following picture: | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
| Line 290: | Line 275: | ||
#Click at ‘DONE’ to return to the previous mask for the HTTP protocol definition. | |||
#Now edit the responses by clicking at the ‘pencil’ button. | |||
#Add a new response by clicking at the ‘plus’ button. | |||
#Enter the name of this response, “HTTP response” is a good choice. | |||
#Add a new pattern by clicking at the ‘plus’ button in the third column. | |||
#Enter the characters “HTTP/1” (without the quotes) into the data field. | |||
#Make sure the “data type” drop down box still shows the default value “String”. | |||
#Enter “0” (without the quotes) as the position, as the HTTP response always starts with the HTTP/1 string. | |||
#The settings should look like the following picture: | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| Line 313: | Line 290: | ||
#Click at ‘DONE’ to return to the previous mask for the HTTP protocol definition. | |||
#The settings should look like the following picture: | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| Line 322: | Line 298: | ||
#Click again at ‘DONE’ to finalize the configuration of HTTP protocol definition. | |||
#The settings should look like the following picture: | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| Line 330: | Line 305: | ||
|} | |} | ||
#Save the settings so the new definition takes effect. | |||