Allegro Network Multimeter Manual

Ring Buffer Configuration Guide: Difference between revisions

Page Discussion

Ring Buffer Configuration Guide (view source)

Revision as of 12:54, 3 December 2020

92 bytes added ,  3 December 2020
no edit summary
No edit summary
No edit summary
Line 109: Line 109:
[[File:Ring buffer filter one ip.png|border|600px]]
[[File:Ring buffer filter one ip.png|border|600px]]


==== Capture SSL traffic only up to L4 ====
==== Capture only the handshake of SSL traffic and limit the encrypted part to L4 ====


Also a common use case is to not capture encrypted content. This can be done by setting up a rule for encrypted L7 protocols to capture only up to the L4 header for IP and TCP investigation. This can be configured with the following settings:
Also a common use case is to not capture encrypted content. This can be done by setting up a rule for SSL after handshake packets to capture only up to the L4 header for IP and TCP investigation. This can be configured with the following settings:


[[File:Ring buffer rule create ssl l4.png|border|400px]]
[[File:Ring buffer rule create ssl after handshake.png|alt=|border|399x399px]]


The configured rule will look like:
The configured rule will look like:


[[File:Ring buffer rule ssl l4.png|border|600px]]
[[File:Ring buffer rule ssl after handshake.png|alt=|border|600x600px]]


==== Capture full SIP, capture RTP to the first 12 bytes of the payload and drop all other packets ====
==== Capture full SIP, capture RTP to the first 12 bytes of the payload and drop all other packets ====
Martin.Weiser
122

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/3256"