1,775
edits
Response time analysis: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 134: | Line 134: | ||
|} | |} | ||
* This button imports the configuration file selected with the | * This button imports the configuration file selected with the '''Choose file''' button into the browser configuration. | ||
The imported configuration must be saved to take effect. | :The imported configuration must be saved to take effect. | ||
{| | {| | ||
|[[File:Import.png|300px|right]] | |[[File:Import.png|300px|right]] | ||
|} | |} | ||
* This button resets all previously gathered statistics. It is recommended to reset statistics after make significant changes to the configuration, especially when removing some element | * This button resets all previously gathered statistics. It is recommended to reset statistics after make significant changes to the configuration, especially when removing some element (a pattern, a request, or a complete protocol definition). If the statistics are not reset the web interface may show invalid names. | ||
(a pattern, a request, or a complete protocol definition). If the statistics are not reset the web interface may show invalid names. | |||
{| | {| | ||
|[[File:Reset.png|150px|right]] | |[[File:Reset.png|150px|right]] | ||
| Line 154: | Line 152: | ||
* Name: this is the identifier used in all statistics. | * Name: this is the identifier used in all statistics. | ||
* Layer 7 protocol filter: Select a layer 7 protocol to limit the analysis to network traffic of that protocol. This improves the performance allowing to analyze with a higher bandwidth. | * Layer 7 protocol filter: Select a layer 7 protocol to limit the analysis to network traffic of that protocol. This improves the performance allowing to analyze with a higher bandwidth. | ||
It can also reduce false hits when a pattern is found in unrelated traffic. | :It can also reduce false hits when a pattern is found in unrelated traffic. | ||
| Line 188: | Line 186: | ||
|[[File:Minus.png|60px|right]] | |[[File:Minus.png|60px|right]] | ||
|} | |} | ||
* The second columns allows to choose the name of the request or response. | * The second columns allows to choose the name of the request or response. | ||
:The name is purely informational and can be chose freely. | :The name is purely informational and can be chose freely. | ||
* The third column contains all defined patterns for each request or response. | |||
:- This button removes the single pattern directly right of the button. All other patterns are untouched. | :- This button removes the single pattern directly right of the button. All other patterns are untouched. | ||
| Line 202: | Line 198: | ||
:- This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | :- This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | ||
This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | :This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | ||
{| | {| | ||
|[[File:Plus.png|60px|right]] | |[[File:Plus.png|60px|right]] | ||
| Line 209: | Line 205: | ||
* Pattern definition | * Pattern definition | ||
:Each pattern consists of the following fields to describe it: | |||
:– Data: This is the actual data string that is searched within the packer layer 7 payload. | |||
:It is either searched as is (in case of the “string” data type) or converted from a hexadecimal representation. | |||
– Data: This is the actual data string that is searched within the packer layer 7 payload. | :– Data type: The drop down box allows to select either “string” which is a direct representation of the data, or “hexadecimal” which is the byte-wise hexadecimal representation of the data. | ||
It is either searched as is (in case of the “string” data type) or converted from a hexadecimal representation. | |||
:– Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. It can also be a range meaning the data should be search within the interval of bytes. The start value of the range is inclusive, while the end value is exclusive. | |||
– Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. It can also be a range meaning the data should be search within the interval of bytes. The start value of the range is inclusive, while the end | |||
value is exclusive. | |||
| Line 226: | Line 219: | ||
:– Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | :– Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | ||
The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | :The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | ||
The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | :The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | ||
| Line 234: | Line 227: | ||
:– data: HELLO | :– data: HELLO | ||
data type: string | :data type: string | ||
pos: 0 | :pos: 0 | ||
'''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | '''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | ||
| Line 242: | Line 235: | ||
:– data: 8779827668 | :– data: 8779827668 | ||
data type: hexadecimal | :data type: hexadecimal | ||
:pos: 10-20 | |||
:Meaning: The packet payload is searched from byte 10 to byte 19 to find the 5 character data described by the hexadecimal data (the ASCII values of WORLD (87 == W, 79 == O, 82 == R, 76 == L, 68 == D). | |||