Most Innovative Company, South Africa, 2016, African Business Awards
Best Forensic Investigation Company, Africa, 2016, African Corporate Excellence Awards
Best in Security, Forensics & Investigations – 2016 – International Business Awards
deep packet inspection

Deep Packet Inspection Appliance

The Deep Packet Inspection Appliance DPIA is a powerful network appliance that enables the interception and real-time monitoring of internet applications, protocols, traffic data and meta-data. Although primarily a law-enforcement and intelligence gathering system, it can also be successfully deployed as an effective data retention or content filtering platform that is capable of deep packet inspection over fixed line and mobile networks.

The DPIA can correlate the flow of traffic between different protocol layers, for example, SIP-RTP, RADIUS-IP, GTP-C and GTP-U sessions, and is not limited to capturing data on the packet level. Unlike most deep packet inspection products, the DPIA is able to extract protocol data and appplication meta-data from over 1000 protocols – in real-time.

The DPIA leverages bleeding edge technologies and proprietary know-how to decode application sessions, decapsulate tunneling protocols, detect encrypted protocols and reassemble TCP/IP flows. As a result, it can extract relevant data such as e-identities, timestamps, network addresses and application identifiers, phone numbers, URLs as well as selected content. The end-result being a much deeper inspection of real-time network data.

The DPIA can be fully integrated into law enforcement interception management systems, captured data can be processed in real-time and immediately secured and mediated before delivery to an authorized law-enforcement or intelligence agency. The hand-over interfaces are fully compliant with both ETSI and 3GPP standards which makes the DPIA a cost-effective, flexible turn-key solution.

deep packet inspection
deep packet inspectiondeep packet inspectiondeep packet inspection

Benefits

  • 100% transparent
  • Fully passive
  • Turn-key solution
  • Integrates with existing systems
  • Highly cost-effective

Standards

  • ETSI TS 102 232-1/2/4/5
  • 3GPP TS 33.108

Features

  • Deep Packet Inspection in fixed and mobile networks
  • Real-time Monitoring of IP-based applications & protocols
  • Supports more than 1000 protocols and applications
  • Target-based interception
  • IPDR generation
  • Key-word filtering
  • 1G and 10G Ethernet ports
  • Up to 20 Gbps
  • Central management system
  • Target-based interception of IP data and application data
    • IP address, IP address range, port number
    • MAC address, MPLS label, VLAN tag
    • Email address
    • SIP-URI, TEL-URL
    • IMSI, IMEI, MSISDN
    • Application user ID
    • URL
    • Keywords incl. wildcards
  • Standards-based delivery
  • Real-time metadata extraction of various protocols
  • Correlation of metadata from different protocol layers
  • Central collection by Data Retention Suite

Protocols

  • Signature-based detection of hundreds of protocols and applications
  • Full decoding of various protocols and real-time interception of application data
  • Correlation of data between flows and protocol layers
  • Automatic decapsulation of tunnelling protocols
  • TCP/IP reassembly
  • Flow buffering in memory
  • Detection of encrypted protocols
  • Networking protocols: IPv4, IPv6, TCP, UDP, Ethernet, EtherIP, FTP, HTTP
  • Tunneling protocols: MPLS, GRE, L2TP, PPP, PPTP, GTP
  • AAA protocols: RADIUS, DHCP
  • E-mail: POP3, SMTP, IMAP, MAPI
  • Web-based e-mail: Yahoo Mail, Google Mail, Hotmail, Maktoob, mail.com, GMX
  • Instant messaging: Yahoo Messenger, AIM, ICQ, XMPP, IRC
  • VoIP: SIP, RTP, H.323, MGCP, SCCP
  • Signaling: SIGTRAN, MTP, MAP, SCCP, RANAP