Deep Packet Inspection (DPI) is the name of a state-of-the-art technology designed to counter some of the key challenges related to the plethora of IP-based communication services. The ever-growing number of Internet applications and IP-based protocols make it hard for Law Enforcement Agencies (LEAs) and communication service providers to identify ‘bad guys’ or criminals on the net and to analyze their communications for the purpose of criminal investigations and prevention of terrorism.

Utimaco LIMS Access Points implement DPI technology not only to filter individual IP packets but also to analyze complete communications flows of more than 300 different Internet applications. The network probes are employed whenever the monitoring capabilities of the existing network nodes are not sufficient to meet the legal requirements for intercepting IP traffic.

Utimaco offers a variety of carrier-grade probes for different networks and services. Customers can select from a range of LIMS Access Points according to their actual needs for performance, protocol support and scalability.

Supported services and protocols

• Networking protocols
  IPv4, IPv6, TCP, UDP, Ethernet, EtherIP, FTP, HTTP
• Tunneling protocols
  MPLS, GRE, L2TP, PPP, PPTP, GTP
• AAA protocols
  RADIUS, DHCP
• E-Mail
  POP3, SMTP, IMAP, MAPI
• Webmail
  Yahoo mail, Microsoft Hotmail, google mail, Maktoob, OWA
• Instant Messaging
  MSN, Yahoo messenger, Oscar (AIM, ICQ), Jabber, Paltalk, Google chat, oovoo, QQ
• VoIP
  SIP, RTP, H.323, MGCP, SCCP
• Peer-2-Peer
  Ares, Bittorrent, Directconnect, Edonkey, Gnutella
• Signaling
  SIGTRAN, MTP, MAP, SCCP, RANAP

Circuit-switched connections are still widely deployed in modern telecom networks to carry telephone calls, fax or SMS messages.  When monitoring a standard PSTN network or a 2G or 3G cellular network for interception purposes, passive probes offer a worthwhile alternative to on-switch interception. Probes can either enhance the interception capabilities of switching systems or replace the integrated interception functionality of switches entirely.
Utimaco LIMS Access Points can be deployed at various positions in a network for monitoring both signaling and media. The probes associate the signaling to the bearer traffic and then acquire the targeted call data and usage information. All intercepted data are mediated by the Utimaco LIMS before they are delivered to the law enforcement agency over standardized interfaces.

Benefits:

• Highly scalable
  from one to thousands of circuits, up to 100,000 simultaneous targets
• 100% transparent 
  no impact on existing network links
• Mass intercept
  monitors all calls and messages and generates CDRs
• Standards-compliant
  ETSI conform hand-over via ISDN or IP