1,775
edits
Response time analysis: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 198: | Line 198: | ||
:— This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | :— This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | ||
:This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | |||
{| | {| | ||
|[[File:Plus.png|60px|right]] | |[[File:Plus.png|60px|right]] | ||
| Line 208: | Line 208: | ||
:– Data: This is the actual data string that is searched within the packer layer 7 payload. | :– Data: This is the actual data string that is searched within the packer layer 7 payload. | ||
:It is either searched as is (in case of the “string” data type) or converted from a hexadecimal representation. | |||
:– Data type: The drop down box allows to select either “string” which is a direct representation of the data, or “hexadecimal” which is the byte-wise hexadecimal representation of the data. | :– Data type: The drop down box allows to select either “string” which is a direct representation of the data, or “hexadecimal” which is the byte-wise hexadecimal representation of the data. | ||
:– Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. | :– Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. | ||
:It can also be a range meaning the data should be search within the interval of bytes. The start value of the range is inclusive, while the end value is exclusive. | |||
| Line 220: | Line 220: | ||
:– Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | :– Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | ||
:The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | |||
:The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | |||
| Line 227: | Line 227: | ||
:– data: HELLO | :– data: HELLO | ||
:data type: string | |||
:pos: 0 | |||
'''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | '''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | ||
:– data: 8779827668 | :– data: 8779827668 | ||
:data type: hexadecimal | |||
:pos: 10-20 | |||
:Meaning: The packet payload is searched from byte 10 to byte 19 to find the 5 character data described by the hexadecimal data (the ASCII values of WORLD (87 == W, 79 == O, 82 == R, 76 == L, 68 == D). | |||