Date post: | 13-May-2015 |
Category: |
Technology |
Upload: | ixia |
View: | 2,437 times |
Download: | 2 times |
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
1
Rethink Deep Packet Inspection (DPI) Testing
Rethink Deep Packet Inspection TestingA Methodology to measure the performance, security, and stability of deep packet inspection (DPI) devices under realistic conditions
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
2
Rethink Deep Packet Inspection (DPI) Testing
Table of ContentsIntroduction .................................................................................................................................................................................................................... 3
Maximum Performance ............................................................................................................................................................................................. 5
Maximum Performance Using Jumbo Frames ................................................................................................................................................... 18
Maximum TCP Connection Rate .............................................................................................................................................................................. 25
Maximum Concurrent TCP Connections .............................................................................................................................................................. 36
Strike Mitigation ............................................................................................................................................................................................................ 46
Strikes Blocking with IP Fragmentation ................................................................................................................................................................ 54
SYN Flood ......................................................................................................................................................................................................................... 61
Inappropriate Content Filtering ............................................................................................................................................................................... 70
Spam Email Blocking ................................................................................................................................................................................................... 84
Suspicious Content Detection .................................................................................................................................................................................. 100
Webmail Phrase Detection ........................................................................................................................................................................................ 114
About BreakingPoint ................................................................................................................................................................................................... 129
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
3
Rethink Deep Packet Inspection (DPI) Testing
IntroductionDeep Packet Inspection (DPI) functionality enables network devices such as content-aware switches and routers, next generation firewalls,
intrusion prevention systems (IPS), and application delivery controllers to inspect and take action based on the content and context of
packets as they travel across the network. DPI functionality goes well beyond the protocol header into data protocol structures and the
actual payload of the message. This allows DPI-capable devices to identify and classify traffic, providing a granular level of packet inspection
to help mitigate buffer overflow attacks, Denial of Service (DoS) attacks, intrusions, worms and even spam. DPI technology also enables
solutions such as metering to ensure quality of service, lawful intercept of information and data leak prevention.
DPI has become a mainstream technology and something that businesses and individuals traversing networks come across, albeit
unintentionally, every day. One of the more high profile uses of DPI involves service providers who leverage DPI to ensure quality of service
to customers in the face of an explosion of peer-to-peer (P2P) traffic. Using DPI technology, service providers better manage bandwidth
in real time, allowing for non essential services such as P2P file sharing applications while giving priority to essential services during peak
times.
Since DPI plays such an important role in providing increased network security, tiered Internet services and data loss prevention, the ability
to test DPI functionality is critical. The following BreakingPoint Deep Pack Inspection Resiliency Methodology demonstrates how to create
realistic global network simulations in order to properly verify the DPI capabilities of your device.
Performing these series of tests using the BreakingPoint Storm CTM™ on a DPI device will help determine the device’s actual abilities under
different circumstances. For example, the DPI device may perform as expected under a light traffic load but when under a higher load
perform to a fraction of its stated ability. Performing these tests will help you better understand the impact of different scenarios and the
reasons behind the results.
Realism is key in network simulation; therefore, we recommend that the test environment emulate the deployment environment as closely
as possible. Directly connected devices such as routers, switches and firewalls impact packet loss latency and data integrity. Additionally,
the number of advertised host IP and MAC addresses, VLAN Tagging and NAT can also affect the performance of the DPI.
If it is not feasible to recreate the deployment environment, we recommend connecting the BreakingPoint Storm CTM directly to the device
under test (DUT). Regardless of how your deployment environment is set up, be certain that all DPI devices and builds that are under
evaluation use the same test environment to ensure consistent results.
Recommended tests included in the methodology:
Maximum Performance
This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect each packet’s
content. The overall throughput that the DPI device is able to support will be determined.
Maximum Performance Using Jumbo Frames
This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect the contents of
each jumbo frame. The overall throughput that the DPI device is able to support will be determined.
Maximum TCP Connection Rate
This test will validate DPI device performance by using only good traffic without requiring the DPI device to inspect each packet.
Various TCP metrics will be analyzed to determine how a greater number of TCP connections per second affects the time it takes to establish
a new TCP connection.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
4
Rethink Deep Packet Inspection (DPI) Testing
Maximum Concurrent TCP Connections
This test will validate the DPI device performance by using only good traffic and without requiring the DPI device to inspect each
packet. Various TCP metrics will be analyzed to determine how a greater number of TCP connections affects the time it takes to establish a
new TCP connection.
Strike Mitigation
This test validates the ability of the DPI device to remain stable while vulnerabilities, worms and backdoors are transmitted. To
perform this test, an Attack Series will be used that includes high-risk vulnerabilities, worms and backdoors. The number of attacks blocked
by the DPI device will be determined as well as the number of attacks that were successfully able to pass through.
Strike Blocking with IP Fragmentation
This test is identical to the “Strike Mitigation” test, except that IP fragmentation will be utilized as an evasion technique.
SYN Flood
This test determines how the DPI device performs when subjected to a SYN flood. The device should be able to detect and block the
SYN flood.
Inappropriate Content Filtering
This will test the DPI unit’s ability to recognize and block any session that contains inappropriate material. A major part of DPI
functionality is the ability to filter content that is either harmful or not supposed to be on the network. The ability to filter out packets that
contain blacklisted words is a major part of DPI.
Spam Email Blocking
This test will determine the DPI device’s ability to recognize and block spam emails. With the growing amount of spam email on
today’s networks, it is important to limit the number of spam emails that are able to reach an inbox. Another part of DPI is the ability to
recognize and block spam emails.
Suspicious Content Detection
This test will help determine the DPI device’s ability to recognize, record and audit any suspicious content seen. Not all content is
harmful to the network, but some could be suspicious in its contents.
Webmail Phrase Detection
This test will determine the DPI device’s ability to inspect and record any Webmail emails that have either keywords or a key phrase
in the message. With more and more people using Web-based email products, it is important to be able to inspect the contents of the
emails being sent because they could contain information that should not be made public.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
5
Rethink Deep Packet Inspection (DPI) Testing
Maximum Performance
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
• RFC 2068 – Hypertext Transfer Protocol
Overview:
This test will use the Application Simulator test component and make use of a Max Bandwidth preset. The preset uses the BreakingPoint
Bandwidth Application Profile that attempts to achieve the maximum transmission rate using both HTTP and P2P traffic.
Objective:
Test the maximum bandwidth in terms of Mbps (Megabits per second) that the DUT can pass through using real application traffic.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
6
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
7
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectControl CenterNetwork Neighborhood.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
8
Rethink Deep Packet Inspection (DPI) Testing
5. UndertheNetwork Neighborhoodsheading,clicktheCreate a new network neighborhood button.
6. IntheGive the new network neighborhood a namebox,enterDPITestsasthename.ClickOK.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
9
Rethink Deep Packet Inspection (DPI) Testing
7. Fourinterfacetabsareavailableforconfiguration.Onlytwoarerequiredforthetests.ClicktheXtodeleteInterface 1.Whenpromptedaboutremovingtheinterface,clickYes.Theremaininginterfaceswillberenamed.Repeatthisprocessuntilonlytwointerfacesremain.
8. WithInterface 1selected,configuretheNetworkIPAddress,Netmask,GatewayIPAddress,RouterIPAddress,MinimumIPAddressandMaximumIPAddress.ClickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
10
Rethink Deep Packet Inspection (DPI) Testing
9. SelecttheInterface 2tab.ConfiguretheNetworkIPAddress,NetmaskandGatewayIPAddress.UsingtheTypedrop-downmenu,selectHost.ConfiguretheMinimumIPAddressandtheMaximumIPAddress.ClickApply ChangesandthenclickSave Network.
10. NowthattheNetworkNeighborhoodhasbeencreated,youcanconfigurethetest.SelectTestNew Test.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
11
Rethink Deep Packet Inspection (DPI) Testing
11. ClickSelect the DUT/NetworkundertheTest Quick Steps menu.
12. IntheChoose a device under test and network neighborhoodwindow,undertheDevice Under Test(s)section,verifythatBreakingPointDefaultisselected,andthatunderNetwork Neighborhood(s),thenewlycreatedoneisselected.ClickAccept.
13. WhenpromptedaboutswitchingNetwork Neighborhoodsbecausethenewtestsetuphasfewerinterfaces,clickYes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
12
Rethink Deep Packet Inspection (DPI) Testing
14. SelectAdd a Test ComponentfromtheTest Quick Stepsmenu.
15. SelectApplication Simulator (L7)fromtheSelect a component typewindow.
16. TheInformationtabshouldalreadybeselected.EnterMaxBandwidthasthenameandclickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
13
Rethink Deep Packet Inspection (DPI) Testing
17. SelecttheInterfacestab.VerifythatInterface 1 ClientandInterface 2Serverareenabled.
18. SelectthePresetstabandchoosethe1Gbps Max Bandwidthoption.ClickApply Changes.
19. SelecttheParameterstab.Makeanyrequiredchangestotheparameterstomatchyourdevice’sability.Forexample,theMinimumdataratemightneedtobechanged.Ifanychangesaremade,makesuretoclickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
14
Rethink Deep Packet Inspection (DPI) Testing
20. ClickEdit DescriptiontoeditthetestdescriptionintheTest Informationsection.
21. VerifythattheTestStatushasagreencheckmark.Ifitdoesnot,clickTest Statusandmaketherequiredchanges.
22. IntheTest Quick Stepsmenu,clickSave and Run.
23. Whenpromptedto Save Test As,enterDPIMaxBandwidthasthenameandclickSave.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
15
Rethink Deep Packet Inspection (DPI) Testing
24. TheSummarytabinitiallywillbedisplayedoncetheteststarts.TheSummarytabdisplaysmultipleapplication,TCP,andEthernetstatisticsinatabularform.
25. SelecttheTCPtab.ThistabdisplaysthenumberofbothattemptedandsuccessfulTCPconnections.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
16
Rethink Deep Packet Inspection (DPI) Testing
26. Whenthetestiscompleted,awindowappearsstatingthatthetestpassed.ClickClose.
27. ClicktheView the reportbutton.Thisprovidesmoredetailedresultsinyourbrowser.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
17
Rethink Deep Packet Inspection (DPI) Testing
28. ExpandtheTest Results for Max Bandwidthsection.Next,expandtheDetailsfolder.SelecttheFrame Data Rateresultview.Usingthechartandthegraph,determinethemaximumbandwidththeDUTisabletohandle.
Variations of this test that can be run include:
• Step both Maximum Simultaneous Sessions and Maximum Sessions per Second by 10% until 80% has been reached.
• Use different presets, such as the Service Provider App or a custom application profile.
• Increase the duration of the test time.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
18
Rethink Deep Packet Inspection (DPI) Testing
Maximum Performance Using Jumbo Frames
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
• RFC 894 – A Standard for the Transmission of IP Datagrams over Ethernet
• RFC 2068 – Hypertext Transfer Protocol
Overview:
This test will use the Application Simulator test component and make use of a Max Bandwidth preset. The preset uses the BreakingPoint
Bandwidth Application Profile that attempts to achieve the maximum transmission rate using both HTTP and P2P traffic.
Objective:
Test the maximum bandwidth in terms of Mbps (Megabits per second) that the DUT can pass through using real state data and jumbo
frames.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
19
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
20
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectTestOpen RecentDPI Max Bandwidth.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
21
Rethink Deep Packet Inspection (DPI) Testing
5. ClickSave Test As.
6. WhenpromptedtoSaveTestAs,enterDPIPerformanceJumboFramesasthename.ClickSave.
7. SelecttheParameterstab.LocatetheTCP Configuration Maximum SegmentSizeparameterandenteravalueof4096.ClickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
22
Rethink Deep Packet Inspection (DPI) Testing
8. Ifdesired,editthetestdescriptionintheTest Informationsection.
9. VerifythattheTest Statuscontainsagreencheckmark.Ifitdoesnot,clickTest Statusandmaketherequiredchanges.
10. UndertheTest Quick Stepsmenu,clickSave and Run.
11. TheSummarytabinitiallywillbedisplayedoncetheteststarts.TheSummarytabdisplaysmultipleapplication,TCP,andEthernetstatisticsinatabularform.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
23
Rethink Deep Packet Inspection (DPI) Testing
12. SelecttheTCPtab.ThiswilldisplaythenumberofbothattemptedandsuccessfulTCPconnections.
13. Whenthetestiscompleted,awindowwillappearstatingwhetherthetestpassedorfailed.ClickClose.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
24
Rethink Deep Packet Inspection (DPI) Testing
14. ClicktheView the reportbutton.Thiswillopenupmoredetailedresultsinyourbrowser.
15. ExpandTest Results for Max BandwidthandthenexpandtheDetailfolder.SelecttheFrame Data Rateresultview.Usingthechartandthegraph,determinethemaximumbandwidththeDUTisabletohandle.
Variations of this test that can be run include:
• Step both Maximum Simultaneous Sessions and Maximum Sessions per Second by 10% until 80% has been reached.
• Use different presets, such as the Service Provider App or a custom application profile.
• Increase the duration of the test time.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
25
Rethink Deep Packet Inspection (DPI) Testing
Maximum TCP Connection Rate
RFC:• RFC 793 – Transmission Control Protocol
Overview:
This test will utilize an Application Simulator. The Application Simulator will be configured with the Service Provider Apps preset. The
Service Provider Apps preset contains HTTP, different Mail protocols, P2P and FTP traffic. This test will determine the maximum TP
connections per second using a stepping technique and values that match the DUT’s (Device Under Test) ability.
Objective:
Test the maximum peak rate of new connections that the DUT can handle using real stateful application traffic.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
26
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
27
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectTestNew Test.
5. UndertheTest Quick Stepsmenu,clickSelect the DUT/Network.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
28
Rethink Deep Packet Inspection (DPI) Testing
6. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
7. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
8. UndertheTest Quick Stepsmenu,clickAdd a Test Component.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
29
Rethink Deep Packet Inspection (DPI) Testing
9. SelectApplication Simulator (L7)fromtheSelect a component typewindow.
10. TheInformationtabshouldalreadybeselected.EnterMaxTCPConnectionRateasthenameandclickApply Changes.
11. SelectthePresetstab.SelectService Provider AppsasthecomponentpresetandclickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
30
Rethink Deep Packet Inspection (DPI) Testing
12. SelecttheParameterstab.Severaldifferentparameterswillbechangedinthissection.ChangetheseparameterstomatchyourDUT’sability.First,changetheMinimum data rateto100%oftheDUT’sability.ClickApply.
13. Next,changetheRamp Up SecondsintheSession Ramp Distributionsectionto25andclickApply.
14. IntheRamp Up Profile,severalparameterswillbechanged.Youmayneedtoscrollinordertochangeeachoneofthem.First,usetheRamp Up Profile Type drop-downmenuandselectStair Step.FortheMinimum Connection Rate,enteravaluethatis10%oftheDUT’sstatedmaximumconnectionrate.EntertheDUT’sstatedmaximumconnectionratefortheMaximum Connection Rate.Again,enter10%oftheDUT’sstatedmaximumconnectionratefortheIncrement N connections per secondparameter,andavalueof1forEvery N seconds.Oncecompleted,clickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
31
Rethink Deep Packet Inspection (DPI) Testing
15. IntheSession Configurationsection,enter7500000astheMaximum Simultaneous SessionsandtheDUT’sstatedmaximumconnectionrateintheMaximum Sessions Per Second.ClickApply Changes.
16. Ifdesired,editthetestDescriptionintheTest Informationsection.
17. VerifythattheTest Statuscontainsagreencheckmark.Ifitdoesnot,clickTest Statusandmaketherequiredchanges.
18. UndertheTest Quick Stepsmenu,clickSave and Run.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
32
Rethink Deep Packet Inspection (DPI) Testing
19. WhenpromptedforanametoSave Test As,enterDPIMaxTCPRateandclickSave.
20. TheSummarytabinitiallywillbedisplayedoncetheteststarts.TheSummarytabdisplaysmultipleapplication,TCP,andEthernetstatisticsinatabularform.
21. SelecttheTCPtab.ThiswilldisplaythenumberofbothattemptedandsuccessfulTCPconnections.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
33
Rethink Deep Packet Inspection (DPI) Testing
22. Whenthetestiscompleted,awindowwillappearstatingwhetherthetestpassedorfailed.ClickClose.
23. Whenthetestiscompleted,clicktheView the reportbutton.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
34
Rethink Deep Packet Inspection (DPI) Testing
24. ExpandTest Results for Maximum TCP Connection RatefolderandselectTCP Setup Time.BecauseshorterTCPsetuptimesallowtheDUTtorespondquicklyandhandleincomingconnectionrequests,theyarepreferabletolongerTCPsetuptimes.
25. Next,selectTCP Response Time.BecauseshorterresponsetimesallowtheDUTtorespondquicklytorequestsandcontinuenormaloperation,theyarepreferabletolongerresponsetimes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
35
Rethink Deep Packet Inspection (DPI) Testing
26. SelectFrame Latency Summary.Smallerframelatencymeasurementsmeantheframesarearrivingquicklywithoutmuchdelaythroughthedevice.
27. ExpandtheDetailfolder.SelectTCP Connection Ratefromthelistofavailableresults.Usingthegraphandthetable,determinethemaximumTCPconnectionratetheDUTisabletohandle.
Other tests can also be performed. The following are some examples that can be run:
• Vary the TCP Segment size.
• Change the Distribution type to random.
• Change the TCP Session Duration (segments).
• Increase the test time for a longer test.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
36
Rethink Deep Packet Inspection (DPI) Testing
Maximum Concurrent TCP Connections
RFC:• RFC 793 – Transmission Control Protocol
Overview:
This test is very similar to the previous test configuration though a calculated Ramp Up Profile will be used. Also, the results from the
Maximum TCP Connection Rate test will be used in the Maximum Sessions Per Second parameter.
Objective:
Test the maximum number of established TCP connections the DUT could hold using real stateful application traffic.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
37
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
38
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectTestOpen RecentDPI Max TCP Rate.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
39
Rethink Deep Packet Inspection (DPI) Testing
5. ClickSave Test As.
6. Whenpromptedforanametosavethetestas,enterMaxConcurrentTCPConnectionsandclickSave.
7. UndertheInformationtab,changethenametoMaxTCPConnectionsandclickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
40
Rethink Deep Packet Inspection (DPI) Testing
8. SelecttheParameterstab.Severalparameterswillbechangedinthissection.First,usingtheRamp Up Profile Typedrop-downmenu,changethevaluetoCalculatedintheRamp Up Profilesection.ClickApply Changes.
9. Next,intheSession Configurationsection,changetheMaximum Simultaneous SessionstothemaximumtheDUTisexpectedtobeabletoreach.Also,changetheMaximum Sessions Per SecondtotheratedeterminedbytheDPIMaxTCPRatetest.ClickApply Changes.
10. ThenextparametertobechangedistheRamp Up SecondsintheSession Ramp Distributionsection.Thisisacalculatedvalue.TaketheMaximum Simultaneous Sessions/Maximum Sessions Per Second(alwaysroundtothehighersecond).ClickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
41
Rethink Deep Packet Inspection (DPI) Testing
11. Ifdesired,editthetestdescriptionintheTest Informationsection.
12. VerifythattheTest Statushasagreencheckmark.Ifitdoesnot,clickTest Status andmaketherequiredchanges.
13. UndertheTest Quick Steps menu,clickSave and Run.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
42
Rethink Deep Packet Inspection (DPI) Testing
14. TheSummarytabinitiallywillbedisplayedoncetheteststarts.TheSummarytabdisplaysmultipleapplication,TCPandEthernetstatisticsinatabularform.
15. SelecttheTCPtab.ThiswilldisplaythenumberofbothattemptedandsuccessfulTCPconnections.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
43
Rethink Deep Packet Inspection (DPI) Testing
16. Whenthetestiscompleted,awindowwillappearstatingwhetherthetestpassedorfailed.ClickClose.
17. Whenthetestiscompleted,clicktheView the reportbutton.
18. ExpandTest Results for Max TCP ConnectionsfolderandselectTCP Setup Time.BecauseshortTCPsetuptimesallowtheDUTtoquicklyreactandhandletheincomingconnectionrequestsbetterthanlongerTCPsetuptimes,theyarepreferred.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
44
Rethink Deep Packet Inspection (DPI) Testing
19. Next,selectTCP Response Time.ShorterresponsetimesallowtheDUTtorespondquicklytorequestsandcontinuenormaloperation.
20. SelectFrame Latency Summary.Shortframelatencymeasurementsindicatethattheframesarearrivingquicklywithoutmuchdelaythroughthedevice.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
45
Rethink Deep Packet Inspection (DPI) Testing
21. ExpandtheDetailfolder.SelectTCP Concurrent Connectionsfromthelist.Usingthetableandthegraph,determinethemaximumnumberofconcurrentTCPconnectionsthattheDUTisabletohandle.
Other tests can also be performed. The following are some examples that can be run:
• Vary the TCP Segment size.
• Change the Distribution type to random.
• Change the TCP Session Duration (segments).
• Increase the test time for a longer test.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
46
Rethink Deep Packet Inspection (DPI) Testing
Strike Mitigation
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
Overview:
It is important to evaluate how malicious traffic will affect the performance of the DUT. A Security test component will be used in this test.
Five default attack series are available to use, but during this test only Security Level 1 will be used. Security Level 1 includes high-risk
vulnerabilities in services often exposed to the Internet.
Objective:
Test the DUT’s ability to recognize and block malicious traffic.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
47
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
48
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectTestNew Test.
5. UndertheTest Quick Steps menu,clickSelect the DUT/Network.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
49
Rethink Deep Packet Inspection (DPI) Testing
6. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
7. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
8. Next,undertheTest Quick Steps menu,clickAdd a Test Component.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
50
Rethink Deep Packet Inspection (DPI) Testing
9. SelecttheSecuritycomponentfromtheSelect a component typewindow.
10. UndertheInformationtab,enterStrikeDetectionasthenameandclickApply Changes.
11. SelectthePresetstabandthenselectSecurity Level 1.ClickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
51
Rethink Deep Packet Inspection (DPI) Testing
12. Ifdesired,editthetestdescriptionundertheTest Informationsection.
13. VerifythattheTest Statushasagreencheckmarknextit.Ifitdoesnot,clickonTest Statusandmaketherequiredchanges.
14. UndertheTest Quick Steps menu,clickSave and Run.
15. Whenprompted,enterDPIStrikeDetectionasanameandclickSave.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
52
Rethink Deep Packet Inspection (DPI) Testing
16. Oncetheteststartstorun,selecttheAttackstab.ThiswilldisplayinformationabouthowmanyattackscouldbeblockedandhowmanywereactuallyabletopassthroughtheDUT.
17. Whenthetestiscompleted,awindowwillappearstatingthatthetestfailedbecausemalicioustrafficwasabletopassthroughtheDUT.ClickClose.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
53
Rethink Deep Packet Inspection (DPI) Testing
18. ClicktheView the reportbuttontoviewdetailedresultsinabrowserwindow.
19. ExpandTest Results for Strike DetectionandselectStrike Results.DeterminethenumberofstrikesthatweresuccessfullyblockedandthenumberthatcouldbetransmittedthroughtheDUT.
Variations of this test that can be run include:
• Increase the test length for a longer Malicious Traffic Attack.
• Change the Security Level.
• Use a different random seed.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
54
Rethink Deep Packet Inspection (DPI) Testing
Strikes Blocking with IP Fragmentation
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
Overview:
This closely resembles the Strike Blocking test except the IP packets will be fragmented to determine how the DUT handles malicious traffic
that is arriving in fragmented packets.
Objective:
Test the DUT’s ability to recognize and block malicious traffic with fragmentation on IP packets.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
55
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
56
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectTestOpen Recent TestsDPI Strike Detection.
5. ClickSave Test As.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
57
Rethink Deep Packet Inspection (DPI) Testing
6. EnterDPIStrikeDetectionFragmentationasthenameandclickSave.
7. SelecttheOverridestab.IntheIPsection,locateMaxFragSizeandenteravaluelessthan46.ClickApply Changes.
8. Ifdesired,editthetestDescriptionundertheTest Informationsection.
9. VerifythattheTest Statuscontainsagreencheckmark.Ifitdoesnot,clickTest Status andmaketherequiredchanges.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
58
Rethink Deep Packet Inspection (DPI) Testing
10. UndertheTest Quick Steps menu,clickSave and Run.
11. Oncetheteststartstorun,selecttheAttackstab.ThiswilldisplaythenumberofattacksthatweresuccessfullyblockedandthenumberofattacksthatwereabletosuccessfullypassthroughtheDUT.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
59
Rethink Deep Packet Inspection (DPI) Testing
12. Oncethetestiscompleted,awindowwillappearstatingthatthetestfailedbecausemalicioustrafficwasabletopassthroughtheDUT.ClickClose.
13. ClicktheView the reportbutton.Awindowwithdetailedresultswillopen.
14. ExpandTest Results for Strike DetectionandselectStrike Results.DeterminethenumberofstrikesthatwerelockedandthenumberofstrikesthatwereabletopassthroughtheDUT.Usingtheresultsfromtheprevioustest,determineiffragmentationmadeanydifference.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
60
Rethink Deep Packet Inspection (DPI) Testing
Variations of this test that can be run include:
• Increase the test length for a longer Malicious Traffic Attack.
• Change the Security Level.
• Use a different random seed.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
61
Rethink Deep Packet Inspection (DPI) Testing
SYN Flood
RFC:• RFC 793 – Transmission Control Protocol
• RFC 4987 – TCP SYN Flooding Attacks and Common Mitigations
Overview:
A SYN Flood is when a client starts a TCP connection but never sends an ACK and keeps trying to initiate a TCP connection. This can be
harmful to a DPI device, as it has to provide resources to the TCP connection requests. The DPI device likely has the ability to detect and
mitigate the SYN Flood. A Session Sender test component will be used to create a SYN Flood.
Objective:
Test the ability of the DUT to recognize and block SYN Flood attacks.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
62
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
63
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectTestNew Test.
5. UndertheTest Quick Steps section,clickSelect the DUT/Network.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
64
Rethink Deep Packet Inspection (DPI) Testing
6. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
7. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
8. UndertheTest Quick Steps section,clickAdd a Test Component.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
65
Rethink Deep Packet Inspection (DPI) Testing
9. SelectSession Sender (L4) fromtheSelect a component typewindow.
10. UndertheInformationtab,changethenametoSYNFloodandclickApply Changes.
11. SelectthePresetstabandlocatethe1Gbps SYN Flood.ClickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
66
Rethink Deep Packet Inspection (DPI) Testing
12. SelecttheParameterstab.Severalchangeswillbemadeinthissection.Thefirstone,ifneeded,istochangetheMinimum data ratetowhatissupportedbytheDUT.ClickApply Changesoncecompleted.
13. Next,twoparametersintheSession Configurationsectionneedtobechanged.ThefirstoneistheMaximum Simultaneous Sessions.ThisneedstobesettotheconnectionratesupportedbytheDUT(thisistheresultfromtheMaximumConcurrentTCPConnectionstest).ThesecondparameterthatneedstobechangedisMaximum Sessions Per Second(thisistheresultfromtheMaximumTCPConnectionRatetest).ClickApply Changes.
14. Ifdesired,editthetestdescriptionundertheTest Informationsection.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
67
Rethink Deep Packet Inspection (DPI) Testing
15. VerifythattheTest Statushasagreencheckmarknexttoit.Ifitdoesnot,clickTest Statusandmaketherequiredchanges.
16. UndertheTest Quick Steps menu,clickSave and Run.
17. Whenpromptedforanametosavethetestas,enterDPISYNFloodDetectionandclickSave.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
68
Rethink Deep Packet Inspection (DPI) Testing
18. TheSummarytabwillautomaticallybedisplayedwhentheteststarts.ThistabdisplaysagreatdealofinformationaboutTCP.AscanbeseenintheTCPConnectionRatesection,theSYNfloodistryingtoestablishaconnectionbuttheconnectionisnotactuallycreated.
19. SelecttheTCPtab.ThiswilldisplayinformationaboutthenumberofTCP Connections per Second.Again,clientsareattemptingtoconnectbutarenotactuallysuccessful.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
69
Rethink Deep Packet Inspection (DPI) Testing
20. Oncethetestiscompleted,awindowwillappearstatingthatthetestpassed.ClickClose.
21. ClicktheView the reportbutton.Thiswillopenanewbrowserwindowwithdetailedresults.
22. ExpandTest Results for SYN FloodandselectTCP Summary.VerifythattherearenoClient establishedor Server establishedvalues.
Other test variations can be run. One variation is to increase the test length for a longer SYN Attack.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
70
Rethink Deep Packet Inspection (DPI) Testing
Inappropriate Content Filtering
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
Overview:
It is important to determine and evaluate how the DUT is able to handle inappropriate content. Also, it is important to determine how
the DUT’s performance is affected while having to perform content filtering. A new Super Flow will be created that will contain some
type of inappropriate content. This Super Flow will then be added to an Application Profile. The BreakingPoint Application Simulator test
component will be used to transmit the newly created application profile.
Objective:
Test the ability of the DUT to recognize and block sessions containing inappropriate material.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
71
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
72
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectManagersApplication Manager.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
73
Rethink Deep Packet Inspection (DPI) Testing
5. SelecttheSuper FlowstabandlocatetheBreakingPoint HTTP Textfromthelist.ClickSave As.
6. Whenpromptedforaname,enterHTTPInappropriateandclickOk.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
74
Rethink Deep Packet Inspection (DPI) Testing
7. IntheDefine Actionssection,locatetheServer: Response 200 (OK)action.ClicktheEdit the selected action parameterbutton.
8. EnabletheString for response datasectionandentertheinappropriatetermsorphrasesintheString for response datafield.
9. SelectSave Super Flow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
75
Rethink Deep Packet Inspection (DPI) Testing
10. SelecttheApp ProfilestabandclicktheCreate a new application profilebutton.
11. Whenpromptedforaname,enterDPIHTTPInappropriateandclickOK.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
76
Rethink Deep Packet Inspection (DPI) Testing
12. LocatethenewlycreatedSuperFlowinthelistofAvailableSuperFlows.ClicktheAdd the super flow to the profilebutton.
13. LocatetheBreakingPoint HTTP TextSuperFlowandclicktheAdd the Super Flow to the profilebutton.
14. VerifythatbothSuperFlowshaveaweightof100andclickSave App Profile.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
77
Rethink Deep Packet Inspection (DPI) Testing
15. SelectTestNew Test.
16. UndertheTest Quick Steps section,clickSelect the DUT/Network.
17. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
78
Rethink Deep Packet Inspection (DPI) Testing
18. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
19. UndertheTest Quick Steps menu,clickAdd a Test Component.
20. SelectApplication Simulator (L7)fromtheSelect a component typewindow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
79
Rethink Deep Packet Inspection (DPI) Testing
21. TheInformationtabshouldalreadybeselected.EnterInappropriateContentforthenameandclickApply Changes.
22. SelecttheParameterstab.Severalparametersinthissectionwillneedtobechanged.FirstverifythattheMinimum data rateissetto80%ofthetotalavailablebandwidth.MakesuretoclickApply Changesifanyvalueisupdated.
23. Next,changetheApplication Profileparameter.Usingthedrop-downmenu,selecttheDPI HTTP Inappropriateapplicationprofileandclick Apply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
80
Rethink Deep Packet Inspection (DPI) Testing
24. Ifdesired,intheTest Informationsection,editthetestdescription.
25. VerifythattheTest Statushasagreencheckmarknexttoit.Ifitdoesnot,clickonTest Statusandmaketheneededchanges.
26. UndertheTest Quick Steps menu,clickSave and Run.
27. EnterDPIInappropriateContentwhenpromptedforaname.ClickSave.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
81
Rethink Deep Packet Inspection (DPI) Testing
28. Oncetheteststarts,theSummarytabwillbedisplayed.Itcontainsagreatdealofinformationaboutapplicationflowsandapplicationtransactions.
29. SelecttheApplicationtab.Thiswilldisplayreal-timeinformationabouttheapplicationflowsthatarebeingtransmitted.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
82
Rethink Deep Packet Inspection (DPI) Testing
30. Whenthetestiscompleted,awindowwillappearstatingthatthetestfailed.ClickClose.
31. SelecttheView the reportbutton.Thiswillopenamoredetailedresultviewinabrowserwindow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
83
Rethink Deep Packet Inspection (DPI) Testing
32. ExpandTest Results for Inappropriate ContentandselectApp Summary.Thiswillprovideagreatdealofinformationaboutalloftheapplicationsfrombytestransmittedtobytesreceivedtodetailsaboutfailures.Sincehalfofthecontentshouldbeblockedbecauseitisinappropriate,theApplication attempted valueshouldbeabouttwicethevalueoftheApplication successes.
33. LogintotheDUT,andviewthedifferentcounterstodetermineiftheDUTwassuccessfullyblockingtheinappropriatecontent.
Variations of this test that can be run include:
• Increase the test length for a longer run time.
• Try different inappropriate key words.
• Try a larger number of inappropriate key words.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
84
Rethink Deep Packet Inspection (DPI) Testing
Spam Email Blocking
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
Overview:
It is important to determine and evaluate how the DUT is able to handle spam email. Also, it is important to determine how the DUT’s
performance is affected while having to block spam email. A new Super Flow will be created that will contain a spam email. This Super
Flow will then be added to an application profile. The Application Simulator test component will be used to transmit the newly created
application profile to test the DUT’s ability to block spam email.
Objective:
Test the ability of the DUT to recognize and block sessions containing spam email.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
85
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
86
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectManagersApplication Manager.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
87
Rethink Deep Packet Inspection (DPI) Testing
5. SelecttheSuper FlowstabandlocatetheBreakingPoint SMTP Emailfromthelist.ClickSave As.
6. Whenprompted,enterDPISMTPSpamasthenameandclickOk.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
88
Rethink Deep Packet Inspection (DPI) Testing
7. IntheStep 3 – Define Actionssection,locateClient: Send Email.ClicktheEdit the selected action parameterbutton.
8. EnteranemailaddressintheProtocol FROM Username field.EnteradifferentemailaddressintheProtocol RCPT Username field.Next,scrolldownandlocatetheSubjectfield.EnterReceive15%offGoldWatchesastheSubject.Finally,enabletheAttachment Datafieldandclick Import Attachment Data.YoucanuploadthecontentintotheWebbrowserthatlaunches.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
89
Rethink Deep Packet Inspection (DPI) Testing
9. ClicktheChoose Filebuttontobrowseyourfilesystemtolocatespamemailtext.
10. Oncethespamemailhasbeenlocatedinyourfilesystem,clickUpload.
11. Waituntilthefileisuploadedsuccessfully,thenclosethebrowserwindow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
90
Rethink Deep Packet Inspection (DPI) Testing
12. UsingtheAttachment Datadrop-downmenu,selectthenewlyuploadedfileandclickApply Changes.
13. ClickSave Super Flow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
91
Rethink Deep Packet Inspection (DPI) Testing
14. SelecttheApp ProfilestabandclicktheCreate a new application profilebutton.
15. Whenprompted,enterDPISpamEmailContentasanameandclickOk.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
92
Rethink Deep Packet Inspection (DPI) Testing
16. FromtheAvailable Super Flowslist,locatethenewlycreatedSuperFlowandclicktheAdd the Super Flow to the profilebutton.
17. Again,fromtheAvailable Super Flowslist,locatetheBreakingPoint SMTP Email Super FlowandclicktheAdd the Super Flow to the profile button.
18. VerifythateachSuperFlowhasaweightof100andclickSave App Profile.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
93
Rethink Deep Packet Inspection (DPI) Testing
19. SelectTestNew Test.
20. UndertheTest Quick Steps menu,clickSelect the DUT/Network.
21. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
94
Rethink Deep Packet Inspection (DPI) Testing
22. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
23. UndertheTest Quick Stepsmenu,clickAdd a Test Component.
24. SelectApplication Simulator (L7)fromtheSelect a component typewindow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
95
Rethink Deep Packet Inspection (DPI) Testing
25. TheInformationtabshouldalreadybeselected.EnterSpamEmailContentforthenameandclickApply Changes.
26. SelecttheParameterstab.Severalparametersinthissectionwillneedtobechanged.FirstverifythattheMinimum data rateissetto80%ofthetotalavailablebandwidth.MakesuretoclickApply Changesifanyvalueisupdated.
27. Next,changetheApplication Profileparameter.Usingthedrop-downmenu,selecttheDPI Spam Email ContentapplicationprofileandclickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
96
Rethink Deep Packet Inspection (DPI) Testing
28. Ifdesired,intheTest Informationsection,editthetestdescription.
29. VerifythattheTest Statushasagreencheckmarknexttoit.Ifitdoesnot,clickonTest Statusandmaketheneededchanges.
30. UndertheTest Quick Steps section,clickSave and Run.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
97
Rethink Deep Packet Inspection (DPI) Testing
31. EnterDPISpamEmailwhenpromptedforaname.ClickSave.
32. Oncetheteststarts,theSummarytabwillbedisplayed.Itcontainsagreatdealofinformationaboutapplicationflowsandapplicationtransactions.
33. SelecttheApplicationtab.Thiswilldisplayreal-timeinformationabouttheapplicationflowsthatarebeingtransmitted.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
98
Rethink Deep Packet Inspection (DPI) Testing
34. Whenthetestiscompleted,awindowwillappearstatingthatthetestfailed.ClickClose.
35. SelecttheView the reportbutton.Thiswillopenamoredetailedresultviewinabrowserwindow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
99
Rethink Deep Packet Inspection (DPI) Testing
36. ExpandTest Results for Spam Email ContentandselectApp Summary.Thiswillprovideagreatdealofinformationaboutalloftheapplicationsincludingbytestransmitted,bytesreceivedanddetailsaboutfailures.Sincehalfofthecontentshouldbeblockedbecauseitisinappropriate,theApplication attemptedvalueshouldbeabouttwicethevalueoftheApplication successes.
34. LogintotheDUTandviewthedifferentcounterstodetermineiftheDUTwassuccessfullyblockingtheSPAMemail.
Variations of this test that can be run include:
• Increase the test length for a longer run time.
• Try different spam emails.
• Try a larger number of spam emails to determine if all are blocked.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
100
Rethink Deep Packet Inspection (DPI) Testing
Suspicious Content Detection
RFC:• RFC 768 – User Datagram Protocol
• RFC 791 – Internet Protocol
• RFC 793 – Transmission Control Protocol
Overview:
It is important to determine and evaluate how the DUT is able to handle the detection of suspicious content. Also, it is important to
determine how the DUT’s performance is affected while having to handle suspicious content detection. A new Super Flow will be created
that will use a database protocol to simulate a credit card request by querying the database. This Super Flow will then be added to an
application profile. The Application Simulator test component will be used to transmit the newly created application profile to test the
DUT’s ability to detect suspicious content.
Objective:
Test the ability of the DUT to record and audit suspicious content.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
101
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
102
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectManagersApplication Manager.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
103
Rethink Deep Packet Inspection (DPI) Testing
5. SelecttheSuper FlowstabandlocateBreakingPoint DB2 Databasefromthelist.ClickSave As.
6. Whenpromptedforaname,enterDPIDBCreditandclickOK.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
104
Rethink Deep Packet Inspection (DPI) Testing
7. MakesuretheseconditemisselectedundertheDefine FlowssectionandalsoselecttheClient: SQL QueryintheDefine Actionssection.ClicktheEdit the select actions parametersbutton.
8. IntheSQL Queryfield,enteraspecificquerythatwillbetrackedbytheDUT.ThequerycontentshouldbedefinedaccordingtotheDUT’spolicyanddetectionmodel.Agoodexampletouseis:“SELECT*fromcredit_card_table”.ClickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
105
Rethink Deep Packet Inspection (DPI) Testing
9. ClickSave Super Flow.
10. SelecttheApp ProfilestabandclicktheCreate a new application profilebutton.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
106
Rethink Deep Packet Inspection (DPI) Testing
11. Whenprompted,enterDPISuspiciousasthenameandclickOK.
12. LocatethenewlycreatedSuperFlowintheAvailableSuperFlowslistandclicktheAdd the Super Flow to the profilebutton.
13. Next,locatetheBreakingPointDB2DatabaseSuperFlowintheAvailable Super FlowslistandclicktheAdd the Super Flow to the profilebutton.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
107
Rethink Deep Packet Inspection (DPI) Testing
14. VerifythatbothSuperFlowshaveaweightof100andclickSave App Profile.
15. SelectTestNew Test.
16. UndertheTest Quick Steps section,clickSelect the DUT/Network.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
108
Rethink Deep Packet Inspection (DPI) Testing
17. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
18. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
19. UndertheTest Quick Steps menu,clickAdd a Test Component.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
109
Rethink Deep Packet Inspection (DPI) Testing
20. SelectApplication Simulator (L7)fromtheSelect a component typewindow.
21. TheInformationtabshouldalreadybeselected.EnterSuspiciousContentforthenameandclickApply Changes.
22. SelecttheParameterstab.Someparametersinthissectionwillneedtobechanged.First,verifythattheMinimum data rateissetto80%ofthetotalavailablebandwidth.MakesuretoclickApply Changesifanyvalueisupdated.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
110
Rethink Deep Packet Inspection (DPI) Testing
23. Next,changetheApplication Profileparameter.Usingthedrop-downmenu,selecttheDPI SuspiciousapplicationprofileandclickApply Changes.
24. Ifdesired,intheTest Informationsection,editthetestdescription.
25. VerifythattheTest Statushasagreencheckmarknexttoit.Ifitdoesnot,clickonTest Statusandmaketheneededchanges.
26. UndertheTest Quick Stepsmenu,clickSave and Run.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
111
Rethink Deep Packet Inspection (DPI) Testing
27. EnterDPISuspiciousContentwhenpromptedforaname.ClickSave.
28. Oncetheteststarts,theSummarytabwillbedisplayed.Itcontainsagreatdealofinformationaboutapplicationflowsandapplicationtransactions.
29. SelecttheApplicationtab.Thiswilldisplayreal-timeinformationabouttheapplicationflowsthatarebeingtransmitted.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
112
Rethink Deep Packet Inspection (DPI) Testing
30. Whenthetestsfinishes,awindowwillappearstatingthatthetestfailed.ClickClose.
31. SelecttheView the reportbutton.Thiswillopenamoredetailedresultviewinabrowserwindow.
32. ExpandTest Results for Suspicious ContentandselectApp Summary.Thiswillprovideagreatdealofinformationaboutalltheapplicationsfrombytestransmittedtobytesreceivedtodetailsaboutfailures.Sincehalfofthecontentshouldbeblockedbecauseitisinappropriate,theApplication attemptedvalueshouldbeabouttwicethevalueoftheApplication successes.
33. LogintotheDUTandviewthedifferentcounterstodetermineiftheDUTwassuccessfullyblockingthesuspiciouscontent.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
113
Rethink Deep Packet Inspection (DPI) Testing
Variations of this test that can be run include:
• Increase the test length for a longer run time.
• Try different suspicious elements (i.e., different protocols).
• Try a larger number of suspicious elements.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
114
Rethink Deep Packet Inspection (DPI) Testing
Webmail Phrase Detection
RFC:• RFC 793 – Transmission Control Protocol
• RFC 2616 – Hypertext Transfer Protocol
Overview:
It is important to determine if the DUT is able to record and audit keywords or key phrases. This is important because Webmail is becoming
more popular and company information that is not public could possibly be transmitted via Webmail. A new Super Flow will be created that
is a Webmail service. The Super Flows length will be configured and several words will be added to the body of the email. This newly created
Super Flow will be added to an application profile. The Application Simulator test component will be used to transmit the newly created
application profile to test the DUT’s ability.
Objective:
Test the ability of the DUT to record and audit keywords or word phrases.
Setup:
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
115
Rethink Deep Packet Inspection (DPI) Testing
1. LaunchaWebbrowserandconnecttotheBreakingPointStormCTM.ClickStart BreakingPoint Systems Control Center.
2. Inthenewwindowthatappears,enteryourLoginIDandPassword.ClickLogin.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
116
Rethink Deep Packet Inspection (DPI) Testing
3. Reservetherequiredportstorunthetest.
4. SelectManagersApplication Manager.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
117
Rethink Deep Packet Inspection (DPI) Testing
5. SelecttheSuper FlowstabandthenlocateBreakingPoint Webmail.ClickSave As.
6. Whenprompted,enterDPI WebmailasanameandclickOk.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
118
Rethink Deep Packet Inspection (DPI) Testing
7. AswewishonlytouseasingleWebmailserver,clickManage Hosts.
8. Selectoneoftheservers,andclicktheDelete the selected hostbutton.
9. Whenpromptedaboutbeingsureyouwanttodeletetheselectedhost,clickYes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
119
Rethink Deep Packet Inspection (DPI) Testing
10. RepeattheprevioustwostepswithanotheroneoftheWebmailservers.Oncecompleted,onlyoneWebmailservershouldremain.ClickClose.
11. UnderStep 3 – Define Actions,selectClient: Send MessageandclicktheEdit the selected action parametersbutton.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
120
Rethink Deep Packet Inspection (DPI) Testing
12. IntheSend Messagewindow,severalparameterswillneedtobechanged.Ifdesired,itispossibletochangethelanguagebyenablingtheLanguagecheckboxandusingthedrop-downmenutoselectadifferentlanguage.Next,enableMessage Wordcount Minandsetavalueof100.Also,enableMessage Wordcount Maxandsetthistoavalueof1000.Themessagewillcontainarandommessagebetween100and1000words.SeveralitemsarealreadyintheKeyword Listfield.ChangethesevaluestomatchkeywordsconfiguredontheDUT.Finally,enableRandom Attachment?andsetthevaluetoFalse.ClickApply Changes.
13. OncecompletedwitheditingtheSend Messageaction,clickSave Super Flow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
121
Rethink Deep Packet Inspection (DPI) Testing
14. Next,selecttheApp ProfilestabandclicktheCreate a new application profilebutton.
15. Whenpromptedforanappprofilename,enterDPIWebmailandclickOK.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
122
Rethink Deep Packet Inspection (DPI) Testing
16. IntheAvailable Super Flowslist,locatethenewlycreateDPI Webmail Super FlowandclicktheAdd Super Flow to the profilebutton.
17. Next,locatetheBreakingPointWebmailSuperFlowandclicktheAdd Super Flow to the profilebuttonagain.
18. VerifythatbothhaveaWeightof100andclickSave App Profile.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
123
Rethink Deep Packet Inspection (DPI) Testing
19. SelectTestNew Test.
20. UndertheTest Quick Stepsmenu,clickSelect the DUT/Network.
21. IntheChoose a device under test and network neighborhoodwindow,selectBreakingPoint DefaultastheDevice Under Test(s)andDPI TestsastheNetwork Neighborhood(s).ClickAccept.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
124
Rethink Deep Packet Inspection (DPI) Testing
22. Whenpromptedthatthecurrenttestsetupcontainsmoreinterfacesthanthenewlyselectedone,clickYes.
23. UndertheTest Quick Stepsmenu,clickAdd a Test Component.
24. SelectApplication Simulator (L7)fromtheSelect a component typewindow.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
125
Rethink Deep Packet Inspection (DPI) Testing
25. TheInformationtabshouldalreadybeselected.EnterWebmailforthenameandclickApply Changes.
26. SelecttheParameterstab.Someparametersinthissectionwillneedtobechanged.FirstverifythattheMinimum data rateissetto80%ofthetotalavailablebandwidth.MakesuretoclickApply Changesifanyvalueisupdated.
27. Next,changetheApplication Profileparameter.Usingthedrop-downmenu,selecttheDPI WebmailapplicationprofileandclickApply Changes.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
126
Rethink Deep Packet Inspection (DPI) Testing
28. Ifdesired,intheTest Informationsection,editthetestdescription.
29. VerifythattheTest Statushasagreencheckmarknexttoit.Ifitdoesnot,clickTest Statusandmaketheneededchanges.
30. UndertheTest Quick Stepsmenu,clickSave and Run.
31. EnterDPIWebmailwhenpromptedforanametosavethetest.ClickSave.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
127
Rethink Deep Packet Inspection (DPI) Testing
32. Oncetheteststarts,theSummarytabwillbedisplayed.Itcontainsagreatdealofinformationaboutapplicationflowsandapplicationtransactions.
33. SelecttheApplicationtab.Thiswilldisplayreal-timeinformationabouttheapplicationflowsthatarebeingtransmitted.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
128
Rethink Deep Packet Inspection (DPI) Testing
34. Whenthetestfinishes,awindowwillappearstatingthatthetestpassed.ClickClose.
35. SelecttheView the reportbutton.Thiswillopenamoredetailedresultviewinabrowserwindow.
36. ExpandTest Results for WebmailandselectApplication Summary.Thiswillprovideagreatdealofinformationaboutalltheapplicationsfrombytestransmittedtobytesreceivedtodetailsaboutfailures.
37. LogintotheDUTandviewthedifferentcounterstodetermineiftheDUTwassuccessfullyauditingthekeywordsand/orphrases.
Variations of this test that can be run include:
• Increase the test length for a longer run time.
• Try different Webmail clients/servers.
www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.
129
Rethink Deep Packet Inspection (DPI) Testing
About BreakingPointBreakingPoint pioneered the first and only Cyber Tomography Machine
(CTM) to expose previously impossible-to-detect stress fractures within
cyber infrastructure components before they are exploited to compromise
customer data, corporate assets, brand reputation and even national security.
BreakingPoint products are the standard by which the world’s governments,
enterprises, and service providers optimize the resiliency of their cyber
infrastructures. For more information, visit www.breakingpoint.com.
BreakingPoint Storm CTM
BreakingPoint has pioneered Cyber Tomography with the introduction of
the BreakingPoint Storm CTM, enabling users to see for the first time the
virtual stress fractures lurking within their cyber infrastructure through the
simulation of crippling attacks, high-stress traffic load and millions of users.
BreakingPoint Storm CTM is a three-slot chassis that provides the equivalent
performance and simulation of racks and racks of servers, including:
• 40 Gigabits per second of blended stateful application traffic
• 30 million concurrent TCP sessions
• 1.5 million TCP sessions per second
• 600,000+ complete TCP sessions per second
• 80,000+ SSL sessions per second
• 100+ stateful applications
• 4,500+ live security strikes
BreakingPoint Resources
Hardening cyber infrastructure is not easy work, but nothing that is this
important has ever been easy. Enterprises, service providers, government
agencies and equipment vendors are under pressure to establish a cyber
infrastructure that can not only repel attack but is resilient to application
sprawl and maximum load. BreakingPoint’s Cyber Tomography Machine
(CTM) provides the technology and solutions that allow these organizations
to create a hardened and resilient cyber infrastructure. BreakingPoint also
provides the very latest industry resources to make this process that much
easier, including Resiliency Methodologies, How-to Guides, white papers,
webcasts, and a newsletter. To learn more, visit
www.breakingpoint.com/resources.
BreakingPoint Labs Community
Join discussions on the latest developments in hardening cyber
infrastructure. BreakingPoint Labs brings together a diverse community of
people leveraging the most current insight to harden cyber infrastructure to
withstand crippling attack and high-stress application load.
Visit www.breakingpointlabs.com.
Contact BreakingPoint
Learn more about BreakingPoint
products and services by contacting a
representative in your area.
1.866.352.6691 U.S. Toll Free
www.breakingpoint.com
BreakingPoint Global Headquarters
3900 North Capital of Texas Highway
Austin, TX 78746
email: [email protected]
tel: 512.821.6000
toll-free: 866.352.6691
BreakingPoint EMEA Sales Office
Paris, France
email: [email protected]
tel: + 33 6 08 40 43 93
BreakingPoint APAC Sales Office
Suite 2901, Building #5, Wanda Plaza
No. 93 Jianguo Road
Chaoyang District, Beijing, 100022, China
email: [email protected]
tel: + 86 10 5960 3162