1,775
edits
Response time analysis: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 198: | Line 198: | ||
:— This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | :— This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. | ||
:This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | ::This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | ||
{| | {| | ||
|[[File:Plus.png|60px|right]] | |[[File:Plus.png|60px|right]] | ||
| Line 208: | Line 208: | ||
:— Data: This is the actual data string that is searched within the packer layer 7 payload. | :— Data: This is the actual data string that is searched within the packer layer 7 payload. | ||
:It is either searched as is (in case of the “string” data type) or converted from a hexadecimal representation. | ::It is either searched as is (in case of the “string” data type) or converted from a hexadecimal representation. | ||
:— Data type: The drop down box allows to select either “string” which is a direct representation of the data, or “hexadecimal” which is the byte-wise hexadecimal representation of the data. | :— Data type: The drop down box allows to select either “string” which is a direct representation of the data, or “hexadecimal” which is the byte-wise hexadecimal representation of the data. | ||
:— Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. | :— Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. | ||
:It can also be a range meaning the data should be search within the interval of bytes. The start value of the range is inclusive, while the end value is exclusive. | ::It can also be a range meaning the data should be search within the interval of bytes. The start value of the range is inclusive, while the end value is exclusive. | ||
| Line 220: | Line 219: | ||
:— Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | :— Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. | ||
:The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | ::The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | ||
:The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | ::The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | ||
| Line 227: | Line 226: | ||
:— data: HELLO | :— data: HELLO | ||
:data type: string | ::data type: string | ||
:pos: 0 | ::pos: 0 | ||
'''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | '''Meaning: The pattern only applies if the text “HELLO” is found exactly at the start of the payload data.''' | ||
:— data: 8779827668 | :— data: 8779827668 | ||
:data type: hexadecimal | ::data type: hexadecimal | ||
:pos: 10-20 | ::pos: 10-20 | ||
:Meaning: The packet payload is searched from byte 10 to byte 19 to find the 5 character data described by the hexadecimal data (the ASCII values of WORLD (87 == W, 79 == O, 82 == R, 76 == L, 68 == D). | ::Meaning: The packet payload is searched from byte 10 to byte 19 to find the 5 character data described by the hexadecimal data (the ASCII values of WORLD (87 == W, 79 == O, 82 == R, 76 == L, 68 == D). | ||