Standard filtering in traffic capture tools typically accommodates packet header-based filter parameters only, and is restricted to a certain depth into the packet. This level of filtering is to some degree coarse and superficial, and will not detect internet users in email and IM applications. VSS' ObjectFinder allows users to find specified objects (keywords) within a packet, which can then be coupled with source and destination data (and/or other criteria) to create a precise framework for matching and retrieving live network traffic for security and monitoring applications . This enables users to find packets containing specifically defined objects, and do so while preserving the integrity of an authorized monitoring deployment.
For example, the ObjectFinder series detects user-specified email or IM addresses from anywhere within an IP packet carried over Ethernet. Upon detection of an object (e.g. an email address), ObjectFinder will lock onto the user's related session, by way of IP address and TCP (or UDP) port number, and transfer the entire session to the target monitor port(s), where the session is then externally forwarded to an analyzer or storage device.
|
