Download nProbe User`s Guide

Transcript
nProbe User’s Guide v.6.16
4.10. POP3 Plugin
This plugin dissects POP3 traffic information and saves it in dump files as well export the
information via NetFlow/IPFIX using the following information element.
!
!
%POP_USER
POP3 user login
The plugin supports the following command line options that are used to specify where the
(optional) log file is saved. As previously described for -P, dumps are nested in directories. It
is possible to instruct nProbe to execute a command when a directory (not a log file) if fully
dumped (i.e. nProbe has moved to the next directory in time order).
--pop-dump-dir <dump dir> Directory where POP3 logs will be dumped
--pop-exec-cmd <cmd> Command executed whenever a directory has been dumped
!
!
4.11. Radius Plugin
This plugin dissects Radius (unencrypted) traffic information and saves it in dump files as
well export the information via NetFlow/IPFIX using the following information elements.
!
%RADIUS_REQ_MSG_TYPE
RADIUS Request Msg Type
%RADIUS_RSP_MSG_TYPE
RADIUS Response Msg Type
%RADIUS_USER_NAME
RADIUS User Name (Access Only)
%RADIUS_CALLING_STATION_ID
RADIUS Calling Station Id
%RADIUS_CALLED_STATION_ID
RADIUS Called Station Id
%RADIUS_NAS_IP_ADDR
RADIUS NAS IP Address
%RADIUS_NAS_IDENTIFIER
RADIUS NAS Identifier
%RADIUS_USER_IMSI
RADIUS User IMSI (Extension)
%RADIUS_USER_IMEI
RADIUS User MSISDN (Extension)
%RADIUS_FRAMED_IP_ADDR
RADIUS Framed IP
%RADIUS_ACCT_SESSION_ID
RADIUS Accounting Session Name
%RADIUS_ACCT_STATUS_TYPE
RADIUS Accounting Status Type
%RADIUS_ACCT_IN_OCTETS
RADIUS Accounting Input Octets
%RADIUS_ACCT_OUT_OCTETS
RADIUS Accounting Output Octets
%RADIUS_ACCT_IN_PKTS
RADIUS Accounting Input Packets
%RADIUS_ACCT_OUT_PKTS
RADIUS Accounting Output Packets
!
The plugin supports the following command line options that are used to specify where the
(optional) log file is saved. As previously described for -P, dumps are nested in directories. It
is possible to instruct nProbe to execute a command when a directory (not a log file) if fully
dumped (i.e. nProbe has moved to the next directory in time order).
--radius-dump-dir <dump dir> Directory where Radius logs will be dumped
--radius-exec-cmd <cmd> Command executed whenever a directory has been dumped
!
Note that 3GPP radius extensions are supported by the plugin.
!
4.12. RTP Plugin
This plugin dissects RTP traffic information and saves it in dump files as well export the
information via NetFlow/IPFIX using the following information elements.
!
%RTP_FIRST_SSRC
%RTP_FIRST_TS
%RTP_LAST_SSRC
%RTP_LAST_TS
%RTP_IN_JITTER
%RTP_OUT_JITTER
First flow RTP Sync Source ID
First flow RTP timestamp
Last flow RTP Sync Source ID
Last flow RTP timestamp
RTP Jitter (ms * 1000)
RTP Jitter (ms * 1000)
!27