Deep Packet Inspection and GeoLocalization

Deep Packet Inspection

dpi_protocolsCapAnalysis during the network traffic analysis tries to identify the protocol of each flow. To do that it uses the Deep Packet Inspection (DPI). Thanks to that feature it is possible to filter, using the filtering tool, the flows in base to the protocol.

The protocols that CapAnalysis can identify are more than 140 and inside this set of protocols there are:

TeamViewerSkypeSpotifyTeamSpeakRTPMEGACOOracleWhatsAppGoogleYouTube
PCAnywhereWindowsUpdateApple iTunesViberSIPRTCPDropBoxTwitterFaceBookWARCRAFT3
VNCRDPSSLAFPSSHMGCPTuentiIPSECESPYahoo

GeoLocalization

geomap For each connection CapAnalysis tries to identify the country of the destination point (server, …),for this task it uses the powerful tool which comes from MaxMind . This feature is enabled for both the IP versions: IPv4 and IPv6. CapAnalysis includes natively the MaxMind database. Also in this case it is possible to filter the flows inside the dataset in base to the country.