Increase Network Security With Application Session Filtering Via Keyword And Regex Search
Finding Traffic Based on Content
Filtering for traffic based on the content can be useful when improving security. Traditional Layer 2 - 4 Network Packet Brokers have only a limited view on content in a packet. Often the relevant information is only visible in a higher layer though; beyond Layer 4. If there is a requirement to inspect the content of a packet then there is no avoiding a Network Packet broker that incorporates a CPU.
Keyword and Regex Search Application
With the help of regex we have the ability to match fixed values like IP addresses or Port numbers of a packet. This feature allows the user to match on every element of the packet. Regex (regular expression) is used to describe a certain search pattern. This pattern can be a complex search operation, strings, or entire sentences. For example, it is possible to search for headlines from newspapers or easily filter HTTP GET messages. This is slightly more complex than traditional filtering - but the possibilities are much higher.
The below image shows a scenario where all HTTP GET messages are retrieved for analysis because the “HTTP GET” message provides a great deal of information about the traffic.