How to Use psg.mitigator.ru Service
Press the icon in the upper right corner to display this help. Depending of page the user is in, the corresponding help section opens.
File Upload
First of all, you should upload a data file to the service. To do this you need to click on the icon with the + symbol at the top of the page and select the Upload file item.
Specify the path to the local file in appear window. You can specify a traffic dump in PCAP or PCAPNG formats, as well as a text file containing IP addresses, prefixes, JA3 hash, JA3 fulltext, User-Agent.
You can also upload a file directly on the analysis page using the icon with the + symbol next to the file selection field.
You can enter IP addresses, prefixes, JA3 hash, JA3 fulltext or user-agent values manually. In this case, a text file will be generated from the entered values.
Uploaded files are displayed in the list on the Uploads page.
Filtration for any field and sorting by date are provided. The page has pagination. The number of files displayed on the page is configurable.
Analysis
Once a file has been uploaded, it can be selected for analysis by one of the following mechanisms:
- Payload Analyzer
- Multipurpose Analyzer
- TLS Analyzer
- IP Analyzer
- Identifying patterns with a decision tree
- Service Analyzer
Click on the file select field to see all available files. Filtration by name is provided. The date and time of every file uploading are displayed.
A new analysis is created either by clicking on the icon with the + symbol at the top of the page and Run analysis item, or by clicking on the icon with the test tube in the line with the previously uploaded file.
After setting up the filters and selecting the mode, you need to put the file processing in the queue by clicking the Analyze button. If filters are specified, only packets corresponding to filters will be processed. It is necessary if the dump is “polluted” by the traffic of other applications, or it is necessary to analyze a specific stream only.
Filtration
Filtration is available by:
- protocol (tcp, udp, icmp);
- source IP address;
- source port;
- destination IP address;
- destination port;
- BPF(1). Custom filter with a tcpdump syntax.
Reports
The Reports page displays ready-made reports and reports that are currently being analyzed. When you run the analysis, a new row appears in the table. When the analysis is over, a beep sounds and the favicon changes. Click the ID to open a detailed report with the analysis results.
The analyzed file name, file hash and analysis parameters are displayed as tags. A detailed reports description is provided in related articles. The page has pagination. The number of reports displayed on the page is configurable.
(1) If a custom BPF filter is specified, then other filters are not applied in «Multipurpose Analyser».