Service Analyzer
Service Analyzer helps in the initial setup of protection by identifying services in the protected network based on the uploaded dump. Currently, any loaded dump is perceived by the mechanism as a dump of incoming traffic from an external network.
The Five tuple threshold field specifies the number of repetitions of a unique 5-tuple in a dump. If the number of repetitions is less than the established limit, then such a 5-tuple will not be included in the report.
The following checkboxes can be activated for mechanism:
- Advanced report — for “Used IP addresses in protected network” and “Services in protected network” sections. More detailed statistics are displayed in the corresponding sections of the report;
- Aggregated statistics by protocol — adds “Proto stat” sections to “Services in protected network”;
- Advanced report for general statistics — “General stat” section displays more detailed statistics;
- Advanced report for external connections — “SYN+ACK external connections in protected network” section displays more detailed statistics.
The output in all sections of the report can be sorted in descending order of:
- packets quantity;
- bytes quantity;
- pps rate;
- bps rate;
- capture time.
By default, sorting is performed in descending order of packets quantity.