Multipurpose Analyzer

Multipurpose Analyzer analyzes L3/L4 headers and L4 payload. Traffic dumps in PCAP or PCAPNG formats are accepted as input.

Multipurpose Analyzer capabilities:

Generate signatures for L4 payload in various ways.
Create visualization of the contents of the dump. It can be useful for understanding the traffic structure, as it allows you to visually identify patterns in it.
Create a longogram — an image showing the distribution of packet sizes by their number over a certain time interval.
Create TLS statistics.
Create DTLS statistics.
Create GEO statistics.
Create DNS statistics.
Check for inclusion in reputation lists.

The following checkboxes can be activated for this mechanism:

Interactive — an interactive html report is formed instead of a text one;
Generate signatures — add templates for L4 payload;
Merge packets larger then — optimize the dump processing;
Visualization of content — allows you to visually identify patterns in traffic;
Sampling — only packets that are multiples of the specified value are used to build the visualization. For example, if 5 is specified, then every fifth package will be selected for rendering. In the automatic mode, the sampling value is determined by the engine in such a way as to evenly place the captured packets on the image with a maximum height of 200000 pixels;
Generate length-o-gramm — generate a length-o-gramm;
External IP lists — analyze against external reputation lists;
Custom IP lists — analyze against custom reputation lists;
SS IP lists — analyze against reputation lists from the analytics server;
Matched IPs — show IPs that were found in at least one of selected reputation lists;
Src IP from pcap — display in the report a list of unique source IPs from the analyzed PCAP file;
Analyze TLS — add analysis of TLS messages;
Analyze DNS — add analysis of DNS packets;
Analyze GeoIP — add analysis by GeoIP databases.

Some functionality related to MITIGATOR Feeds checks may not be available unless a license to use feeds has been purchased.