MITIGATOR Documentation > PCAP Analysis Service psg.mitigator.ru > Working with the psg.mitigator.ru service

Working with the psg.mitigator.ru service

Management via Web interface

First of all, you need to select a dump from the list on the Browser tab by clicking on its ID. The dump can be loaded immediately before the selection or selected from previously loaded ones.

After selecting a dump file, you can set filters and select the analysis method.

After setting the filters and selecting the mode, you need to queue the dump processing by clicking the the «Add to Queue» button. When the analysis is completed, a new row with the analysis results will appear in the «Processing Results» table. Clicking on «UUID» opens a detailed analysis report. Clicking on «Archive» downloads the archive with graphic data, if they were generated during the analysis. The report for each of the analysis methods contains a banner with the name of the service, the analysis method, its start time and parameters, as well as the name of the dump file.

Filters

If filters are specified, then only packets matching the filters will be processed. This is necessary if the dump is contaminated with the traffic of other applications, or if you need to analyze a specific stream.

Filtering is available by:

protocol (tcp, udp, icmp);
source IP (src IP);
source port (src port);
destination IP (dst IP);
destination port (dst port);
BPF. Custom filter, tcpdump syntax.

Methods of analysis

The following analysis methods are available: