ipoque GmbH

Resources

Datasheet (126 kB)

DPX Presentation
(1.1 MB)

DPX Network Probe

Comprehensive Lawful Interception (LI) and Monitoring in Broadband Networks

DPX Networke Probe

Highlights

  • Wire speed lawful interception and network surveillance
  • Full layer-7 traffic classification using deep packet inspection (DPI) with support for encrypted protocols
  • Powerful protocol- and keyword-based interception rules
  • Stream buffer for complete session interception
  • Intelligent data reduction at interception point
  • Seamless integration in any LI infrastructures, e.g. CALEA, ETSI
  • Comprehensive network statistics
  • Full IPDR & CDR generation for all network flows

ipoque DPX Network Probe is a passive probe system for lawful interception and network monitoring purposes. It uses ipoque’s deep packet inspection technology to classify network flows according to their application protocol. Based on user-definable rules, content and signaling data of these flows can be recorded and forwarded to external devices such as mediation systems for further processing. These rules comprise target information including IP addresses, Radius user names, protocol-specific filtering criteria and arbitrary content keywords.

This unique combination of deep packet inspection and flexible target rules delivers high quality interception data while avoiding the capturing of a large volume of unnecessary network traffic. It significantly reduces the burden on the subsequent processing and mediation systems. In addition to the interception functions, DPX generates comprehensive, application- and subscriber-aware statistics data on the network usage providing an additional benefit for networks operators. 

Features

  • Full gigabit wire speed, scalability to 10 Gbps and beyond
  • Proven ipoque DPI engine using layer-7 pattern matching and behavioral analysis
  • Classification rate >90%
  • Detection of obfuscated and encrypted protocols such as Skype, BitTorent, VPN and SSL
  • Regular detection signature updates
  • Protocol-specific CDR generation for either all sessions or target sessions only
  • Session interception based on:
    • Protocol-specific keywords, e.g. e-mail addresses, IM user names, SIP phone numbers   
    • Arbitrary payload keywords   
    • IP addresses, port numbers and ranges   
    • Radius attributes such as subscriber names
  • Comprehensive VoIP support
    • H.323, SIP, IAX, Skype   
    • Interception
    • CDR and IPDR generation  
    • Signaling and call session correlation
  • Support of protocol-specific encodings
    • On-the-fly GZIP decompression of HTTP transfers   
    • On-the-fly MIME Base64 decoding of e-mail attachments
  • Integrated stream buffer for multi-hour session buffering and interception of complete sessions from the very first to the very last packet
  • Up to 500,000 packets per second
  • Over 5 million concurrent sessions
  • Up to 400,000 new sessions per second
  • 50,000 concurrent target rules
  • 10,000 concurrent keywords
  • Current and historical throughput statistics per protocol
  • Generation and export of protocol-aware subscriber statistics