Skip to content
Contact technical expert

Increase Network Security With Application Session Filtering Via Keyword And Regex Search

Finding Traffic Based on Content

Filtering for traffic based on the content  can be useful when improving security. Traditional Layer 2 – 4 Network Packet Brokers have only a limited view on content in a packet. Often the relevant information is only visible in a higher layer though; beyond Layer 4. If there is a requirement to inspect the content of a packet then there is no avoiding a Network Packet broker that incorporates a CPU.

Keyword and Regex Search Application

With the help of regex we have the ability to match fixed values like IP addresses or Port numbers of a packet. This feature allows the user to match on every element of the packet. Regex (regular expression) is used to describe a certain search pattern. This pattern can be a complex search operation, strings, or entire sentences. For example, it is possible to search for headlines from newspapers or easily filter HTTP GET messages. This is slightly more complex than traditional filtering – but the possibilities are much higher.

The below image shows a scenario where all HTTP GET messages are retrieved for analysis because the “HTTP GET” message provides a great deal of information about the traffic.

Cubro Packetmaster and Sessionmaster products are the perfect choices to get access to DNS traffic – regardless of whether traffic is IPv4, IPv6, or encapsulated within VXLAN, GRE or GTP tunnels.

Our newsletter provides thought leadership content about the industry. It is concise and has interesting content to keep you updated with what’s new at Cubro and in the industry. You can unsubscribe anytime with a single click.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.