547
edits
Response time analysis: Difference between revisions
Jump to navigation
Jump to search
→Editing a request or response
| Line 162: | Line 162: | ||
* The first column allows to add new elements or remove existing one: | * The first column allows to add new elements or remove existing one: | ||
** adds a new request or response | |||
{| | ::{| | ||
| [[File:Plus.png|60px|right]] | | [[File:Plus.png|60px|right]] | ||
|} | |} | ||
:* removes the request or response entry from the list | |||
::{| | |||
: | |||
{| | |||
|[[File:Minus.png|60px|right]] | |[[File:Minus.png|60px|right]] | ||
|} | |} | ||
| Line 176: | Line 174: | ||
:The name is purely informational and can be chose freely. | :The name is purely informational and can be chose freely. | ||
* The third column contains all defined patterns for each request or response. | * The third column contains all defined patterns for each request or response. | ||
** This button removes the single pattern directly right of the button. All other patterns are untouched. | |||
::{| | |||
{| | |||
| [[File:Minus.png|60px|right]] | | [[File:Minus.png|60px|right]] | ||
|} | |} | ||
:* This button adds a new pattern to the list of patterns for the corresponding request or response. Multiple patterns are possible to use and combined by '''OR''' or '''AND''' operation. This allows to search for multiple patterns within a single packet which must occur both or any. For example, this can be used to distinguish between multiple protocol variants. | |||
: | ::{| | ||
{| | |||
|[[File:Plus.png|60px|right]] | |[[File:Plus.png|60px|right]] | ||
|} | |} | ||
* Pattern definition | * Pattern definition | ||
:Each pattern consists of the following fields to describe it: | :Each pattern consists of the following fields to describe it: | ||
:* Data: This is the actual data string that is searched within the packer layer 7 payload. | |||
: | |||
::It is either searched as is (in case of the '''string''' data type) or converted from a hexadecimal representation. | ::It is either searched as is (in case of the '''string''' data type) or converted from a hexadecimal representation. | ||
: | :* Data type: The drop down box allows to select either '''string''' which is a direct representation of the data, or '''hexadecimal''' which is the byte-wise hexadecimal representation of the data. | ||
: | :* Pos: This defines at which byte location the data should be searched for. It can be a single number which means exactly this position within the layer 7 payload. It can also be a range meaning the data should be search within the interval of bytes. The start value of the range is inclusive, while the end value is exclusive. | ||
::Example: | |||
::* 0: the packet payload must start with the given data. | |||
::* 0-10: the data must be found within the first 10 bytes of data (that is byte 0 to byte 9). | |||
Example: | :* Join command: Except for the first pattern, the other patterns might be connected with the previous one by choosing the appropriate join command. The list is evaluated left to right without any priority so '''AND''' and '''OR''' can be mixed carefully to build complex expressions. | ||
* 0: the packet payload must start with the given data. | |||
* 0-10: the data must be found within the first 10 bytes of data (that is byte 0 to byte 9). | |||
: | |||
::The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | ::The pattern may either match together with the previous one ('''AND''' operation), or that the previous or the current pattern must match ('''OR''' operation). | ||
: Pattern examples: | |||
:*data: HELLO | |||
: | |||
::data type: string | ::data type: string | ||
::pos: 0 | ::pos: 0 | ||
::Meaning: The pattern only applies if the text '''HELLO''' is found exactly at the start of the payload data. | |||
:* data: 8779827668 | |||
: | |||
::data type: hexadecimal | ::data type: hexadecimal | ||
::pos: 10-20 | ::pos: 10-20 | ||