with LIMS Access Points
Telecom operators have been performing real-time monitoring of network connections for years to achieve various aims, for example to monitor service quality, to perform analyses, for fraud detection, E911 location and billing. Specialized network probes are typically connected to the network by non-intrusive taps, thus receiving a copy of the communications traffic.
Utimaco offers a range of network probes, Utimaco LIMS Access Points, that analyze all network data based on defined filter rules and which can extract data of specific interest. Law enforcement and intelligence agencies make use of such probes for non-intrusive surveillance of communication links.
The Utimaco LIMS Access Point GNAT provides high-speed IP logging along with IP address resolution across Carrier-Grade NAT. It can passively record IP flow records from user plane data and correlate control plane data in real time. This relieves routers, proxy servers and firewalls from extensive logging and frees valuable network and computer resources for maximum performance and network throughput.
One LIMS Access Point GNAT can process up 16 x 10Gb links in parallel and capture IP logs at full line speed. Latest generation FPGA technology overcomes the processing limitations of software based logging solutions, such as incomplete data, limited protocol support, missing byte counts.
- Real-time IP logging with FPGA-based capture cards
- Real-time correlation of public and private IP addresses and user IDs
- Packet/Byte counts for all flows
- Online statistics
- Designed for fixed and mobile carrier networks
- Up to 16x10Gb ports (160 Gbps)
- TCP, UDP
- RADIUS (IMSI, IMEI, user ID, Cell-ID)
- GTPv1, GTPv2
- HTTP (URL)
- DNS64/NAT64, NAT44
- Turn-key solution for Carrier-Grade IP logging and traceback
- 100% transparent, fully passive, zero data loss
- Fully integrated with Utimaco DRS
Circuit-switched connections are still widely deployed in modern telecom networks to carry telephone calls, faxes, or text messages. When monitoring a standard PSTN network or a 2G or 3G cellular network for interception purposes, passive probes offer a worthwhile alternative to on-switch interception. Probes can either enhance the interception capabilities of switching systems or replace the integrated interception functionality of switches entirely.
Utimaco LIMS Access Points can be deployed at various positions in a network for monitoring both signaling and media. The probes associate the signaling to the bearer traffic and then acquire the targeted call data and usage information. All intercepted data are mediated by Utimaco LIMS™ before they are delivered to the law enforcement agency through standardized handover interfaces.
Deep Packet Inspection
Deep packet inspection (DPI) is the name of a state-of-the-art technology designed to counter some of the key challenges related to the plethora of IP-based communication services. The ever-growing number of Internet applications and IP-based protocols create hurdles for Law Enforcement Agencies (LEAs) and communication service providers trying to identify “bad guys” or criminals on the Net, and to analyze their communications for the purpose of criminal investigations and the prevention of terrorism.
Utimaco LIMS Access Points implement DPI technology (i.e. deep packet inspection hardware and software) not only to filter individual IP packets but also to analyze complete communication flows of numerous Internet applications. The network probes are employed whenever the monitoring capabilities of the existing network nodes are not sufficient to meet the legal requirements for intercepting IP-based communication.
As one of the few deep packet inspection vendors on the market, Utimaco offers a variety of carrier-grade probes for different networks and services. Customers can select from a range of LIMS Access Points according to their actual needs for performance, protocol support, and scalability.
Supported Services and Protocols
- Networking protocols:
IPv4, IPv6, TCP, UDP, Ethernet, EtherIP, FTP, HTTP
- Tunneling protocols:
MPLS, GRE, L2TP, PPP, PPTP, GTP
- AAA protocols:
POP3, SMTP, IMAP, MAPI
- Web-based e-mail:
Yahoo Mail, Google Mail, Hotmail, Maktoob, mail.com, GMX
- Instant messaging:
Yahoo Messenger, AIM, ICQ, XMPP, IRC
SIP, RTP, H.323, MGCP, SCCP
SIGTRAN, MTP, MAP, SCCP, RANAP
- Highly scalable
from one to thousands of circuits, up to 100,000 simultaneous targets
- 100 % transparent,
no impact on existing network links
ETSI conform hand-over via ISDN or IP
Compared to the common approach of active monitoring, where network nodes, e.g. switches or routers, acquire the required data, probes have a number of advantages with regard to:
- Performance, bandwidth support
- Capacity, number of simultaneous targets (filter rules)
- Accuracy, level of details