Deep Packet Inspection (DPI) Test Methodology

  • 2,065 views
Uploaded on

DPI test methodology provides step-by-step directions on how to properly test content-aware DPI devices with real-world network traffic.

DPI test methodology provides step-by-step directions on how to properly test content-aware DPI devices with real-world network traffic.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,065
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
238
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Rethink Deep Packet Inspection (DPI) Testing Rethink Deep Packet Inspection Testing A Methodology to measure the performance, security, and stability of deep packet inspection (DPI) devices under realistic conditionswww.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 1All other trademarks are the property of their respective owners.
  • 2. Rethink Deep Packet Inspection (DPI) Testing Table of Contents Introduction .................................................................................................................................................................................................................... 3 Maximum Performance ............................................................................................................................................................................................. 5 Maximum Performance Using Jumbo Frames ................................................................................................................................................... 18 Maximum TCP Connection Rate .............................................................................................................................................................................. 25 Maximum Concurrent TCP Connections .............................................................................................................................................................. 36 Strike Mitigation ............................................................................................................................................................................................................ 46 Strikes Blocking with IP Fragmentation ................................................................................................................................................................ 54 SYN Flood......................................................................................................................................................................................................................... 61 Inappropriate Content Filtering............................................................................................................................................................................... 70 Spam Email Blocking ................................................................................................................................................................................................... 84 Suspicious Content Detection.................................................................................................................................................................................. 100 Webmail Phrase Detection ........................................................................................................................................................................................ 114 About BreakingPoint ................................................................................................................................................................................................... 129www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 2All other trademarks are the property of their respective owners.
  • 3. Rethink Deep Packet Inspection (DPI) Testing Introduction Deep Packet Inspection (DPI) functionality enables network devices such as content-aware switches and routers, next generation firewalls, intrusion prevention systems (IPS), and application delivery controllers to inspect and take action based on the content and context of packets as they travel across the network. DPI functionality goes well beyond the protocol header into data protocol structures and the actual payload of the message. This allows DPI-capable devices to identify and classify traffic, providing a granular level of packet inspection to help mitigate buffer overflow attacks, Denial of Service (DoS) attacks, intrusions, worms and even spam. DPI technology also enables solutions such as metering to ensure quality of service, lawful intercept of information and data leak prevention. DPI has become a mainstream technology and something that businesses and individuals traversing networks come across, albeit unintentionally, every day. One of the more high profile uses of DPI involves service providers who leverage DPI to ensure quality of service to customers in the face of an explosion of peer-to-peer (P2P) traffic. Using DPI technology, service providers better manage bandwidth in real time, allowing for non essential services such as P2P file sharing applications while giving priority to essential services during peak times. Since DPI plays such an important role in providing increased network security, tiered Internet services and data loss prevention, the ability to test DPI functionality is critical. The following BreakingPoint Deep Pack Inspection Resiliency Methodology demonstrates how to create realistic global network simulations in order to properly verify the DPI capabilities of your device. Performing these series of tests using the BreakingPoint Storm CTM™ on a DPI device will help determine the device’s actual abilities under different circumstances. For example, the DPI device may perform as expected under a light traffic load but when under a higher load perform to a fraction of its stated ability. Performing these tests will help you better understand the impact of different scenarios and the reasons behind the results. Realism is key in network simulation; therefore, we recommend that the test environment emulate the deployment environment as closely as possible. Directly connected devices such as routers, switches and firewalls impact packet loss latency and data integrity. Additionally, the number of advertised host IP and MAC addresses, VLAN Tagging and NAT can also affect the performance of the DPI. If it is not feasible to recreate the deployment environment, we recommend connecting the BreakingPoint Storm CTM directly to the device under test (DUT). Regardless of how your deployment environment is set up, be certain that all DPI devices and builds that are under evaluation use the same test environment to ensure consistent results. Recommended tests included in the methodology: Maximum Performance This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect each packet’s content. The overall throughput that the DPI device is able to support will be determined. Maximum Performance Using Jumbo Frames This test will validate the throughput performance the DPI device is able to handle when it does not have to inspect the contents of each jumbo frame. The overall throughput that the DPI device is able to support will be determined. Maximum TCP Connection Rate This test will validate DPI device performance by using only good traffic without requiring the DPI device to inspect each packet. Various TCP metrics will be analyzed to determine how a greater number of TCP connections per second affects the time it takes to establish a new TCP connection.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 3All other trademarks are the property of their respective owners.
  • 4. Rethink Deep Packet Inspection (DPI) Testing Maximum Concurrent TCP Connections This test will validate the DPI device performance by using only good traffic and without requiring the DPI device to inspect each packet. Various TCP metrics will be analyzed to determine how a greater number of TCP connections affects the time it takes to establish a new TCP connection. Strike Mitigation This test validates the ability of the DPI device to remain stable while vulnerabilities, worms and backdoors are transmitted. To perform this test, an Attack Series will be used that includes high-risk vulnerabilities, worms and backdoors. The number of attacks blocked by the DPI device will be determined as well as the number of attacks that were successfully able to pass through. Strike Blocking with IP Fragmentation This test is identical to the “Strike Mitigation” test, except that IP fragmentation will be utilized as an evasion technique. SYN Flood This test determines how the DPI device performs when subjected to a SYN flood. The device should be able to detect and block the SYN flood. Inappropriate Content Filtering This will test the DPI unit’s ability to recognize and block any session that contains inappropriate material. A major part of DPI functionality is the ability to filter content that is either harmful or not supposed to be on the network. The ability to filter out packets that contain blacklisted words is a major part of DPI. Spam Email Blocking This test will determine the DPI device’s ability to recognize and block spam emails. With the growing amount of spam email on today’s networks, it is important to limit the number of spam emails that are able to reach an inbox. Another part of DPI is the ability to recognize and block spam emails. Suspicious Content Detection This test will help determine the DPI device’s ability to recognize, record and audit any suspicious content seen. Not all content is harmful to the network, but some could be suspicious in its contents. Webmail Phrase Detection This test will determine the DPI device’s ability to inspect and record any Webmail emails that have either keywords or a key phrase in the message. With more and more people using Web-based email products, it is important to be able to inspect the contents of the emails being sent because they could contain information that should not be made public.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 4All other trademarks are the property of their respective owners.
  • 5. Rethink Deep Packet Inspection (DPI) Testing Maximum Performance RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol • RFC 2068 – Hypertext Transfer Protocol Overview: This test will use the Application Simulator test component and make use of a Max Bandwidth preset. The preset uses the BreakingPoint Bandwidth Application Profile that attempts to achieve the maximum transmission rate using both HTTP and P2P traffic. Objective: Test the maximum bandwidth in terms of Mbps (Megabits per second) that the DUT can pass through using real application traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 5All other trademarks are the property of their respective owners.
  • 6. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 6All other trademarks are the property of their respective owners.
  • 7. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Control Center  Network Neighborhood.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 7All other trademarks are the property of their respective owners.
  • 8. Rethink Deep Packet Inspection (DPI) Testing 5. Under the Network Neighborhoods heading, click the Create a new network neighborhood button. 6. In the Give the new network neighborhood a name box, enter DPI Tests as the name. Click OK.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 8All other trademarks are the property of their respective owners.
  • 9. Rethink Deep Packet Inspection (DPI) Testing 7. Four interface tabs are available for configuration. Only two are required for the tests. Click the X to delete Interface process until only two interfaces remain. 1. When prompted about removing the interface, click Yes. The remaining interfaces will be renamed. Repeat this 8. With Interface 1 selected, configure the Network IP Address, Netmask, Gateway IP Address, Router IP Address, Minimum IP Address and Maximum IP Address. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 9All other trademarks are the property of their respective owners.
  • 10. Rethink Deep Packet Inspection (DPI) Testing 9. Select the Interface 2 tab. Configure the Network IP Address, Netmask and Gateway IP Address. Using the Type drop- down menu, select Host. Configure the Minimum IP Address and the Maximum IP Address. Click Apply Changes and then click Save Network. 10. Now that the Network Neighborhood has been created, you can configure the test. Select Test  New Test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 10All other trademarks are the property of their respective owners.
  • 11. Rethink Deep Packet Inspection (DPI) Testing 11. Click Select the DUT/Network under the Test Quick Steps menu. 12. In the Choose a device under test and network neighborhood window, under the Device Under Test(s) section, verify that BreakingPoint Default is selected, and that under Network Neighborhood(s), the newly created one is selected. Click Accept. 13. When prompted about switching Network Neighborhoods because the new test setup has fewer interfaces, click Yes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 11All other trademarks are the property of their respective owners.
  • 12. Rethink Deep Packet Inspection (DPI) Testing 14. Select Add a Test Component from the Test Quick Steps menu. 15. Select Application Simulator (L7) from the Select a component type window. 16. The Information tab should already be selected. Enter Max Bandwidth as the name and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 12All other trademarks are the property of their respective owners.
  • 13. Rethink Deep Packet Inspection (DPI) Testing 17. Select the Interfaces tab. Verify that Interface 1 Client and Interface 2 Server are enabled. 18. Select the Presets tab and choose the 1Gbps Max Bandwidth option. Click Apply Changes. 19. Select the Parameters tab. Make any required changes to the parameters to match your device’s ability. For example, the Minimum data rate might need to be changed. If any changes are made, make sure to click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 13All other trademarks are the property of their respective owners.
  • 14. Rethink Deep Packet Inspection (DPI) Testing 20. Click Edit Description to edit the test description in the Test Information section. 21. Verify that the Test Status has a green checkmark. If it does not, click Test Status and make the required changes. 22. In the Test Quick Steps menu, click Save and Run. 23. When prompted to Save Test As, enter DPI Max Bandwidth as the name and click Save.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 14All other trademarks are the property of their respective owners.
  • 15. Rethink Deep Packet Inspection (DPI) Testing 24. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP, and Ethernet statistics in a tabular form. 25. Select the TCP tab. This tab displays the number of both attempted and successful TCP connections.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 15All other trademarks are the property of their respective owners.
  • 16. Rethink Deep Packet Inspection (DPI) Testing 26. When the test is completed, a window appears stating that the test passed. Click Close. 27. Click the View the report button. This provides more detailed results in your browser.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 16All other trademarks are the property of their respective owners.
  • 17. Rethink Deep Packet Inspection (DPI) Testing 28. Expand the Test Results for Max Bandwidth section. Next, expand the Details folder. Select the Frame Data Rate result view. Using the chart and the graph, determine the maximum bandwidth the DUT is able to handle. Variations of this test that can be run include: • Step both Maximum Simultaneous Sessions and Maximum Sessions per Second by 10% until 80% has been reached. • Use different presets, such as the Service Provider App or a custom application profile. • Increase the duration of the test time.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 17All other trademarks are the property of their respective owners.
  • 18. Rethink Deep Packet Inspection (DPI) Testing Maximum Performance Using Jumbo Frames RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol • RFC 894 – A Standard for the Transmission of IP Datagrams over Ethernet • RFC 2068 – Hypertext Transfer Protocol Overview: This test will use the Application Simulator test component and make use of a Max Bandwidth preset. The preset uses the BreakingPoint Bandwidth Application Profile that attempts to achieve the maximum transmission rate using both HTTP and P2P traffic. Objective: Test the maximum bandwidth in terms of Mbps (Megabits per second) that the DUT can pass through using real state data and jumbo frames. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 18All other trademarks are the property of their respective owners.
  • 19. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 19All other trademarks are the property of their respective owners.
  • 20. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent  DPI Max Bandwidth.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 20All other trademarks are the property of their respective owners.
  • 21. Rethink Deep Packet Inspection (DPI) Testing 5. Click Save Test As. 6. When prompted to Save Test As, enter DPI Performance Jumbo Frames as the name. Click Save. 7. Select the Parameters tab. Locate the TCP Configuration Maximum Segment Size parameter and enter a value of 4096. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 21All other trademarks are the property of their respective owners.
  • 22. Rethink Deep Packet Inspection (DPI) Testing 8. If desired, edit the test description in the Test Information section. 9. Verify that the Test Status contains a green checkmark. If it does not, click Test Status and make the required changes. 10. Under the Test Quick Steps menu, click Save and Run. 11. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP, and Ethernet statistics in a tabular form.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 22All other trademarks are the property of their respective owners.
  • 23. Rethink Deep Packet Inspection (DPI) Testing 12. Select the TCP tab. This will display the number of both attempted and successful TCP connections. 13. When the test is completed, a window will appear stating whether the test passed or failed. Click Close.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 23All other trademarks are the property of their respective owners.
  • 24. Rethink Deep Packet Inspection (DPI) Testing 14. Click the View the report button. This will open up more detailed results in your browser. 15. Expand Test Results for Max Bandwidth and then expand the Detail folder. Select the Frame Data Rate result view. Using the chart and the graph, determine the maximum bandwidth the DUT is able to handle. Variations of this test that can be run include: • Step both Maximum Simultaneous Sessions and Maximum Sessions per Second by 10% until 80% has been reached. • Use different presets, such as the Service Provider App or a custom application profile. • Increase the duration of the test time.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 24All other trademarks are the property of their respective owners.
  • 25. Rethink Deep Packet Inspection (DPI) Testing Maximum TCP Connection Rate RFC: • RFC 793 – Transmission Control Protocol Overview: This test will utilize an Application Simulator. The Application Simulator will be configured with the Service Provider Apps preset. The Service Provider Apps preset contains HTTP, different Mail protocols, P2P and FTP traffic. This test will determine the maximum TP connections per second using a stepping technique and values that match the DUT’s (Device Under Test) ability. Objective: Test the maximum peak rate of new connections that the DUT can handle using real stateful application traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 25All other trademarks are the property of their respective owners.
  • 26. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 26All other trademarks are the property of their respective owners.
  • 27. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  New Test. 5. Under the Test Quick Steps menu, click Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 27All other trademarks are the property of their respective owners.
  • 28. Rethink Deep Packet Inspection (DPI) Testing 6. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 7. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 8. Under the Test Quick Steps menu, click Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 28All other trademarks are the property of their respective owners.
  • 29. Rethink Deep Packet Inspection (DPI) Testing 9. Select Application Simulator (L7) from the Select a component type window. 10. The Information tab should already be selected. Enter Max TCP Connection Rate as the name and click Apply Changes. 11. Select the Presets tab. Select Service Provider Apps as the component preset and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 29All other trademarks are the property of their respective owners.
  • 30. Rethink Deep Packet Inspection (DPI) Testing 12. Select the Parameters tab. Several different parameters will be changed in this section. Change these parameters to match your DUT’s ability. First, change the Minimum data rate to 100% of the DUT’s ability. Click Apply. 13. Next, change the Ramp Up Seconds in the Session Ramp Distribution section to 25 and click Apply. 14. In the Ramp Up Profile, several parameters will be changed. You may need to scroll in order to change each one of them. First, use the Ramp Up Profile Type drop-down menu and select Stair Step. For the Minimum Connection connection rate for the Maximum Connection Rate. Again, enter 10% of the DUT’s stated maximum connection rate Rate, enter a value that is 10% of the DUT’s stated maximum connection rate. Enter the DUT’s stated maximum for the Increment N connections per second parameter, and a value of 1 for Every N seconds. Once completed, click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 30All other trademarks are the property of their respective owners.
  • 31. Rethink Deep Packet Inspection (DPI) Testing 15. In the Session Configuration section, enter 7500000 as the Maximum Simultaneous Sessions and the DUT’s stated maximum connection rate in the Maximum Sessions Per Second. Click Apply Changes. 16. If desired, edit the test Description in the Test Information section. 17. Verify that the Test Status contains a green checkmark. If it does not, click Test Status and make the required changes. 18. Under the Test Quick Steps menu, click Save and Run.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 31All other trademarks are the property of their respective owners.
  • 32. Rethink Deep Packet Inspection (DPI) Testing 19. When prompted for a name to Save Test As, enter DPI Max TCP Rate and click Save. 20. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP, and Ethernet statistics in a tabular form. 21. Select the TCP tab. This will display the number of both attempted and successful TCP connections.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 32All other trademarks are the property of their respective owners.
  • 33. Rethink Deep Packet Inspection (DPI) Testing 22. When the test is completed, a window will appear stating whether the test passed or failed. Click Close. 23. When the test is completed, click the View the report button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 33All other trademarks are the property of their respective owners.
  • 34. Rethink Deep Packet Inspection (DPI) Testing 24. Expand Test Results for Maximum TCP Connection Rate folder and select TCP Setup Time. Because shorter TCP setup times allow the DUT to respond quickly and handle incoming connection requests, they are preferable to longer TCP setup times. 25. Next, select TCP Response Time. Because shorter response times allow the DUT to respond quickly to requests and continue normal operation, they are preferable to longer response times. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 34All other trademarks are the property of their respective owners.
  • 35. Rethink Deep Packet Inspection (DPI) Testing 26. Select Frame Latency Summary. Smaller frame latency measurements mean the frames are arriving quickly without much delay through the device. 27. Expand the Detail folder. Select TCP Connection Rate from the list of available results. Using the graph and the table, determine the maximum TCP connection rate the DUT is able to handle. Other tests can also be performed. The following are some examples that can be run: • Vary the TCP Segment size. • Change the Distribution type to random. • Change the TCP Session Duration (segments). • Increase the test time for a longer test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 35All other trademarks are the property of their respective owners.
  • 36. Rethink Deep Packet Inspection (DPI) Testing Maximum Concurrent TCP Connections RFC: • RFC 793 – Transmission Control Protocol Overview: This test is very similar to the previous test configuration though a calculated Ramp Up Profile will be used. Also, the results from the Maximum TCP Connection Rate test will be used in the Maximum Sessions Per Second parameter. Objective: Test the maximum number of established TCP connections the DUT could hold using real stateful application traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 36All other trademarks are the property of their respective owners.
  • 37. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 37All other trademarks are the property of their respective owners.
  • 38. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent  DPI Max TCP Rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 38All other trademarks are the property of their respective owners.
  • 39. Rethink Deep Packet Inspection (DPI) Testing 5. Click Save Test As. 6. When prompted for a name to save the test as, enter Max Concurrent TCP Connections and click Save. 7. Under the Information tab, change the name to Max TCP Connections and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 39All other trademarks are the property of their respective owners.
  • 40. Rethink Deep Packet Inspection (DPI) Testing 8. Select the Parameters tab. Several parameters will be changed in this section. First, using the Ramp Up Profile Type drop-down menu, change the value to Calculated in the Ramp Up Profile section. Click Apply Changes. 9. Next, in the Session Configuration section, change the Maximum Simultaneous Sessions to the maximum the DUT is expected to be able to reach. Also, change the Maximum Sessions Per Second to the rate determined by the DPI Max TCP Rate test. Click Apply Changes. 10. The next parameter to be changed is the Ramp Up Seconds in the Session Ramp Distribution section. This is a calculated value. Take the Maximum Simultaneous Sessions/Maximum Sessions Per Second (always round to the higher second). Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 40All other trademarks are the property of their respective owners.
  • 41. Rethink Deep Packet Inspection (DPI) Testing 11. If desired, edit the test description in the Test Information section. 12. Verify that the Test Status has a green checkmark. If it does not, click Test Status and make the required changes. 13. Under the Test Quick Steps menu, click Save and Run.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 41All other trademarks are the property of their respective owners.
  • 42. Rethink Deep Packet Inspection (DPI) Testing 14. The Summary tab initially will be displayed once the test starts. The Summary tab displays multiple application, TCP and Ethernet statistics in a tabular form. 15. Select the TCP tab. This will display the number of both attempted and successful TCP connections.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 42All other trademarks are the property of their respective owners.
  • 43. Rethink Deep Packet Inspection (DPI) Testing 16. When the test is completed, a window will appear stating whether the test passed or failed. Click Close. 17. When the test is completed, click the View the report button. 18. Expand Test Results for Max TCP Connections folder and select TCP Setup Time. Because short TCP setup times allow the DUT to quickly react and handle the incoming connection requests better than longer TCP setup times, they are preferred.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 43All other trademarks are the property of their respective owners.
  • 44. Rethink Deep Packet Inspection (DPI) Testing 19. Next, select TCP Response Time. Shorter response times allow the DUT to respond quickly to requests and continue normal operation. 20. Select Frame Latency Summary. Short frame latency measurements indicate that the frames are arriving quickly without much delay through the device.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 44All other trademarks are the property of their respective owners.
  • 45. Rethink Deep Packet Inspection (DPI) Testing 21. Expand the Detail folder. Select TCP Concurrent Connections from the list. Using the table and the graph, determine the maximum number of concurrent TCP connections that the DUT is able to handle. Other tests can also be performed. The following are some examples that can be run: • Vary the TCP Segment size. • Change the Distribution type to random. • Change the TCP Session Duration (segments). • Increase the test time for a longer test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 45All other trademarks are the property of their respective owners.
  • 46. Rethink Deep Packet Inspection (DPI) Testing Strike Mitigation RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to evaluate how malicious traffic will affect the performance of the DUT. A Security test component will be used in this test. Five default attack series are available to use, but during this test only Security Level 1 will be used. Security Level 1 includes high-risk vulnerabilities in services often exposed to the Internet. Objective: Test the DUT’s ability to recognize and block malicious traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 46All other trademarks are the property of their respective owners.
  • 47. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 47All other trademarks are the property of their respective owners.
  • 48. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  New Test. 5. Under the Test Quick Steps menu, click Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 48All other trademarks are the property of their respective owners.
  • 49. Rethink Deep Packet Inspection (DPI) Testing 6. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 7. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 8. Next, under the Test Quick Steps menu, click Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 49All other trademarks are the property of their respective owners.
  • 50. Rethink Deep Packet Inspection (DPI) Testing 9. Select the Security component from the Select a component type window. 10. Under the Information tab, enter Strike Detection as the name and click Apply Changes. 11. Select the Presets tab and then select Security Level 1. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 50All other trademarks are the property of their respective owners.
  • 51. Rethink Deep Packet Inspection (DPI) Testing 12. If desired, edit the test description under the Test Information section. 13. Verify that the Test Status has a green checkmark next it. If it does not, click on Test Status and make the required changes. 14. Under the Test Quick Steps menu, click Save and Run. 15. When prompted, enter DPI Strike Detection as a name and click Save.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 51All other trademarks are the property of their respective owners.
  • 52. Rethink Deep Packet Inspection (DPI) Testing 16. Once the test starts to run, select the Attacks tab. This will display information about how many attacks could be blocked and how many were actually able to pass through the DUT. 17. When the test is completed, a window will appear stating that the test failed because malicious traffic was able to pass through the DUT. Click Close.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 52All other trademarks are the property of their respective owners.
  • 53. Rethink Deep Packet Inspection (DPI) Testing 18. Click the View the report button to view detailed results in a browser window. 19. Expand Test Results for Strike Detection and select Strike Results. Determine the number of strikes that were successfully blocked and the number that could be transmitted through the DUT. Variations of this test that can be run include: • Increase the test length for a longer Malicious Traffic Attack. • Change the Security Level. • Use a different random seed.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 53All other trademarks are the property of their respective owners.
  • 54. Rethink Deep Packet Inspection (DPI) Testing Strikes Blocking with IP Fragmentation RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: This closely resembles the Strike Blocking test except the IP packets will be fragmented to determine how the DUT handles malicious traffic that is arriving in fragmented packets. Objective: Test the DUT’s ability to recognize and block malicious traffic with fragmentation on IP packets. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 54All other trademarks are the property of their respective owners.
  • 55. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 55All other trademarks are the property of their respective owners.
  • 56. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent Tests  DPI Strike Detection. 5. Click Save Test As.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 56All other trademarks are the property of their respective owners.
  • 57. Rethink Deep Packet Inspection (DPI) Testing 6. Enter DPI Strike Detection Fragmentation as the name and click Save. 7. Select the Overrides tab. In the IP section, locate MaxFragSize and enter a value less than 46. Click Apply Changes. 8. If desired, edit the test Description under the Test Information section. 9. Verify that the Test Status contains a green checkmark. If it does not, click Test Status and make the required changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 57All other trademarks are the property of their respective owners.
  • 58. Rethink Deep Packet Inspection (DPI) Testing 10. Under the Test Quick Steps menu, click Save and Run. 11. Once the test starts to run, select the Attacks tab. This will display the number of attacks that were successfully blocked and the number of attacks that were able to successfully pass through the DUT.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 58All other trademarks are the property of their respective owners.
  • 59. Rethink Deep Packet Inspection (DPI) Testing 12. Once the test is completed, a window will appear stating that the test failed because malicious traffic was able to pass through the DUT. Click Close. 13. Click the View the report button. A window with detailed results will open. 14. Expand Test Results for Strike Detection and select Strike Results. Determine the number of strikes that were locked and the number of strikes that were able to pass through the DUT. Using the results from the previous test, determine if fragmentation made any difference. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 59All other trademarks are the property of their respective owners.
  • 60. Rethink Deep Packet Inspection (DPI) Testing Variations of this test that can be run include: • Increase the test length for a longer Malicious Traffic Attack. • Change the Security Level. • Use a different random seed.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 60All other trademarks are the property of their respective owners.
  • 61. Rethink Deep Packet Inspection (DPI) Testing SYN Flood RFC: • RFC 793 – Transmission Control Protocol • RFC 4987 – TCP SYN Flooding Attacks and Common Mitigations Overview: A SYN Flood is when a client starts a TCP connection but never sends an ACK and keeps trying to initiate a TCP connection. This can be harmful to a DPI device, as it has to provide resources to the TCP connection requests. The DPI device likely has the ability to detect and mitigate the SYN Flood. A Session Sender test component will be used to create a SYN Flood. Objective: Test the ability of the DUT to recognize and block SYN Flood attacks. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 61All other trademarks are the property of their respective owners.
  • 62. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 62All other trademarks are the property of their respective owners.
  • 63. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Test  New Test. 5. Under the Test Quick Steps section, click Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 63All other trademarks are the property of their respective owners.
  • 64. Rethink Deep Packet Inspection (DPI) Testing 6. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 7. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 8. Under the Test Quick Steps section, click Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 64All other trademarks are the property of their respective owners.
  • 65. Rethink Deep Packet Inspection (DPI) Testing 9. Select Session Sender (L4) from the Select a component type window. 10. Under the Information tab, change the name to SYN Flood and click Apply Changes. 11. Select the Presets tab and locate the 1Gbps SYN Flood. Click Apply Changes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 65All other trademarks are the property of their respective owners.
  • 66. Rethink Deep Packet Inspection (DPI) Testing 12. Select the Parameters tab. Several changes will be made in this section. The first one, if needed, is to change the Minimum data rate to what is supported by the DUT. Click Apply Changes once completed. 13. Next, two parameters in the Session Configuration section need to be changed. The first one is the Maximum Maximum Concurrent TCP Connections test). The second parameter that needs to be changed is Maximum Sessions Simultaneous Sessions. This needs to be set to the connection rate supported by the DUT (this is the result from the Per Second (this is the result from the Maximum TCP Connection Rate test). Click Apply Changes. 14. If desired, edit the test description under the Test Information section.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 66All other trademarks are the property of their respective owners.
  • 67. Rethink Deep Packet Inspection (DPI) Testing 15. Verify that the Test Status has a green checkmark next to it. If it does not, click Test Status and make the required changes. 16. Under the Test Quick Steps menu, click Save and Run. 17. When prompted for a name to save the test as, enter DPI SYN Flood Detection and click Save. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 67All other trademarks are the property of their respective owners.
  • 68. Rethink Deep Packet Inspection (DPI) Testing 18. The Summary tab will automatically be displayed when the test starts. This tab displays a great deal of information about TCP. As can be seen in the TCP Connection Rate section, the SYN flood is trying to establish a connection but the connection is not actually created. 19. Select the TCP tab. This will display information about the number of TCP Connections per Second. Again, clients are attempting to connect but are not actually successful.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 68All other trademarks are the property of their respective owners.
  • 69. Rethink Deep Packet Inspection (DPI) Testing 20. Once the test is completed, a window will appear stating that the test passed. Click Close. 21. Click the View the report button. This will open a new browser window with detailed results. 22. Expand Test Results for SYN Flood and select TCP Summary. Verify that there are no Client established or Server established values. Other test variations can be run. One variation is to increase the test length for a longer SYN Attack.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 69All other trademarks are the property of their respective owners.
  • 70. Rethink Deep Packet Inspection (DPI) Testing Inappropriate Content Filtering RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to determine and evaluate how the DUT is able to handle inappropriate content. Also, it is important to determine how the DUT’s performance is affected while having to perform content filtering. A new Super Flow will be created that will contain some type of inappropriate content. This Super Flow will then be added to an Application Profile. The BreakingPoint Application Simulator test component will be used to transmit the newly created application profile. Objective: Test the ability of the DUT to recognize and block sessions containing inappropriate material. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 70All other trademarks are the property of their respective owners.
  • 71. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 71All other trademarks are the property of their respective owners.
  • 72. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 72All other trademarks are the property of their respective owners.
  • 73. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and locate the BreakingPoint HTTP Text from the list. Click Save As. 6. When prompted for a name, enter HTTP Inappropriate and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 73All other trademarks are the property of their respective owners.
  • 74. Rethink Deep Packet Inspection (DPI) Testing 7. In the Define Actions section, locate the Server: Response 200 (OK) action. Click the Edit the selected action parameter button. 8. Enable the String for response data section and enter the inappropriate terms or phrases in the String for response data field. 9. Select Save Super Flow.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 74All other trademarks are the property of their respective owners.
  • 75. Rethink Deep Packet Inspection (DPI) Testing 10. Select the App Profiles tab and click the Create a new application profile button. 11. When prompted for a name, enter DPI HTTP Inappropriate and click OK.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 75All other trademarks are the property of their respective owners.
  • 76. Rethink Deep Packet Inspection (DPI) Testing 12. Locate the newly created Super Flow in the list of Available Super Flows. Click the Add the super flow to the profile button. 13. Locate the BreakingPoint HTTP Text Super Flow and click the Add the Super Flow to the profile button. 14. Verify that both Super Flows have a weight of 100 and click Save App Profile.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 76All other trademarks are the property of their respective owners.
  • 77. Rethink Deep Packet Inspection (DPI) Testing 15. Select Test  New Test. 16. Under the Test Quick Steps section, click Select the DUT/Network. 17. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 77All other trademarks are the property of their respective owners.
  • 78. Rethink Deep Packet Inspection (DPI) Testing 18. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 19. Under the Test Quick Steps menu, click Add a Test Component. 20. Select Application Simulator (L7) from the Select a component type window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 78All other trademarks are the property of their respective owners.
  • 79. Rethink Deep Packet Inspection (DPI) Testing 21. The Information tab should already be selected. Enter Inappropriate Content for the name and click Apply Changes. 22. Select the Parameters tab. Several parameters in this section will need to be changed. First verify that the Minimum data rate is set to 80% of the total available bandwidth. Make sure to click Apply Changes if any value is updated. 23. Next, change the Application Profile parameter. Using the drop-down menu, select the DPI HTTP Inappropriate application profile and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 79All other trademarks are the property of their respective owners.
  • 80. Rethink Deep Packet Inspection (DPI) Testing 24. If desired, in the Test Information section, edit the test description. 25. Verify that the Test Status has a green checkmark next to it. If it does not, click on Test Status and make the needed changes. 26. Under the Test Quick Steps menu, click Save and Run. 27. Enter DPI Inappropriate Content when prompted for a name. Click Save.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 80All other trademarks are the property of their respective owners.
  • 81. Rethink Deep Packet Inspection (DPI) Testing 28. Once the test starts, the Summary tab will be displayed. It contains a great deal of information about application flows and application transactions. 29. Select the Application tab. This will display real-time information about the application flows that are being transmitted.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 81All other trademarks are the property of their respective owners.
  • 82. Rethink Deep Packet Inspection (DPI) Testing 30. When the test is completed, a window will appear stating that the test failed. Click Close. 31. Select the View the report button. This will open a more detailed result view in a browser window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 82All other trademarks are the property of their respective owners.
  • 83. Rethink Deep Packet Inspection (DPI) Testing 32. Expand Test Results for Inappropriate Content and select App Summary. This will provide a great deal of information about all of the applications from bytes transmitted to bytes received to details about failures. Since half of the content should be blocked because it is inappropriate, the Application attempted value should be about twice the value of the Application successes. 33. Login to the DUT, and view the different counters to determine if the DUT was successfully blocking the inappropriate content. Variations of this test that can be run include: • Increase the test length for a longer run time. • Try different inappropriate key words. • Try a larger number of inappropriate key words.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 83All other trademarks are the property of their respective owners.
  • 84. Rethink Deep Packet Inspection (DPI) Testing Spam Email Blocking RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to determine and evaluate how the DUT is able to handle spam email. Also, it is important to determine how the DUT’s performance is affected while having to block spam email. A new Super Flow will be created that will contain a spam email. This Super Flow will then be added to an application profile. The Application Simulator test component will be used to transmit the newly created application profile to test the DUT’s ability to block spam email. Objective: Test the ability of the DUT to recognize and block sessions containing spam email. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 84All other trademarks are the property of their respective owners.
  • 85. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 85All other trademarks are the property of their respective owners.
  • 86. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 86All other trademarks are the property of their respective owners.
  • 87. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and locate the BreakingPoint SMTP Email from the list. Click Save As. 6. When prompted, enter DPI SMTP Spam as the name and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 87All other trademarks are the property of their respective owners.
  • 88. Rethink Deep Packet Inspection (DPI) Testing 7. In the Step 3 – Define Actions section, locate Client: Send Email. Click the Edit the selected action parameter button. 8. Enter an email address in the Protocol FROM Username field. Enter a different email address in the Protocol RCPT Username field. Next, scroll down and locate the Subject field. Enter Receive 15% off Gold Watches as the Subject. Finally, enable the Attachment Data field and click Import Attachment Data. You can upload the content into the Web browser that launches.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 88All other trademarks are the property of their respective owners.
  • 89. Rethink Deep Packet Inspection (DPI) Testing 9. Click the Choose File button to browse your file system to locate spam email text. 10. Once the spam email has been located in your file system, click Upload. 11. Wait until the file is uploaded successfully, then close the browser window. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 89All other trademarks are the property of their respective owners.
  • 90. Rethink Deep Packet Inspection (DPI) Testing 12. Using the Attachment Data drop-down menu, select the newly uploaded file and click Apply Changes. 13. Click Save Super Flow.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 90All other trademarks are the property of their respective owners.
  • 91. Rethink Deep Packet Inspection (DPI) Testing 14. Select the App Profiles tab and click the Create a new application profile button. 15. When prompted, enter DPI Spam Email Content as a name and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 91All other trademarks are the property of their respective owners.
  • 92. Rethink Deep Packet Inspection (DPI) Testing 16. From the Available Super Flows list, locate the newly created Super Flow and click the Add the Super Flow to the profile button. 17. Again, from the Available Super Flows list, locate the BreakingPoint SMTP Email Super Flow and click the Add the Super Flow to the profile button. 18. Verify that each Super Flow has a weight of 100 and click Save App Profile.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 92All other trademarks are the property of their respective owners.
  • 93. Rethink Deep Packet Inspection (DPI) Testing 19. Select Test  New Test. 20. Under the Test Quick Steps menu, click Select the DUT/Network. 21. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 93All other trademarks are the property of their respective owners.
  • 94. Rethink Deep Packet Inspection (DPI) Testing 22. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 23. Under the Test Quick Steps menu, click Add a Test Component. 24. Select Application Simulator (L7) from the Select a component type window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 94All other trademarks are the property of their respective owners.
  • 95. Rethink Deep Packet Inspection (DPI) Testing 25. The Information tab should already be selected. Enter Spam Email Content for the name and click Apply Changes. 26. Select the Parameters tab. Several parameters in this section will need to be changed. First verify that the Minimum data rate is set to 80% of the total available bandwidth. Make sure to click Apply Changes if any value is updated. 27. Next, change the Application Profile parameter. Using the drop-down menu, select the DPI Spam Email Content application profile and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 95All other trademarks are the property of their respective owners.
  • 96. Rethink Deep Packet Inspection (DPI) Testing 28. If desired, in the Test Information section, edit the test description. 29. Verify that the Test Status has a green checkmark next to it. If it does not, click on Test Status and make the needed changes. 30. Under the Test Quick Steps section, click Save and Run.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 96All other trademarks are the property of their respective owners.
  • 97. Rethink Deep Packet Inspection (DPI) Testing 31. Enter DPI Spam Email when prompted for a name. Click Save. 32. Once the test starts, the Summary tab will be displayed. It contains a great deal of information about application flows and application transactions. 33. Select the Application tab. This will display real-time information about the application flows that are being transmitted. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 97All other trademarks are the property of their respective owners.
  • 98. Rethink Deep Packet Inspection (DPI) Testing 34. When the test is completed, a window will appear stating that the test failed. Click Close. 35. Select the View the report button. This will open a more detailed result view in a browser window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 98All other trademarks are the property of their respective owners.
  • 99. Rethink Deep Packet Inspection (DPI) Testing 36. Expand Test Results for Spam Email Content and select App Summary. This will provide a great deal of information about all of the applications including bytes transmitted, bytes received and details about failures. Since half of the content should be blocked because it is inappropriate, the Application attempted value should be about twice the value of the Application successes. 34. Login to the DUT and view the different counters to determine if the DUT was successfully blocking the SPAM email. Variations of this test that can be run include: • Increase the test length for a longer run time. • Try different spam emails. • Try a larger number of spam emails to determine if all are blocked.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 99All other trademarks are the property of their respective owners.
  • 100. Rethink Deep Packet Inspection (DPI) Testing Suspicious Content Detection RFC: • RFC 768 – User Datagram Protocol • RFC 791 – Internet Protocol • RFC 793 – Transmission Control Protocol Overview: It is important to determine and evaluate how the DUT is able to handle the detection of suspicious content. Also, it is important to determine how the DUT’s performance is affected while having to handle suspicious content detection. A new Super Flow will be created that will use a database protocol to simulate a credit card request by querying the database. This Super Flow will then be added to an application profile. The Application Simulator test component will be used to transmit the newly created application profile to test the DUT’s ability to detect suspicious content. Objective: Test the ability of the DUT to record and audit suspicious content. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 100All other trademarks are the property of their respective owners.
  • 101. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 101All other trademarks are the property of their respective owners.
  • 102. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 102All other trademarks are the property of their respective owners.
  • 103. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and locate BreakingPoint DB2 Database from the list. Click Save As. 6. When prompted for a name, enter DPI DB Credit and click OK. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 103All other trademarks are the property of their respective owners.
  • 104. Rethink Deep Packet Inspection (DPI) Testing 7. Make sure the second item is selected under the Define Flows section and also select the Client: SQL Query in the Define Actions section. Click the Edit the select actions parameters button. 8. In the SQL Query field, enter a specific query that will be tracked by the DUT. The query content should be defined according to the DUT’s policy and detection model. A good example to use is: “SELECT* from credit_card_table”. Click Apply Changes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 104All other trademarks are the property of their respective owners.
  • 105. Rethink Deep Packet Inspection (DPI) Testing 9. Click Save Super Flow. 10. Select the App Profiles tab and click the Create a new application profile button. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 105All other trademarks are the property of their respective owners.
  • 106. Rethink Deep Packet Inspection (DPI) Testing 11. When prompted, enter DPI Suspicious as the name and click OK. 12. Locate the newly created Super Flow in the Available Super Flows list and click the Add the Super Flow to the profile button. 13. Next, locate the BreakingPoint DB2 Database Super Flow in the Available Super Flows list and click the Add the Super Flow to the profile button. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 106All other trademarks are the property of their respective owners.
  • 107. Rethink Deep Packet Inspection (DPI) Testing 14. Verify that both Super Flows have a weight of 100 and click Save App Profile. 15. Select Test  New Test. 16. Under the Test Quick Steps section, click Select the DUT/Network. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 107All other trademarks are the property of their respective owners.
  • 108. Rethink Deep Packet Inspection (DPI) Testing 17. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. 18. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 19. Under the Test Quick Steps menu, click Add a Test Component. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 108All other trademarks are the property of their respective owners.
  • 109. Rethink Deep Packet Inspection (DPI) Testing 20. Select Application Simulator (L7) from the Select a component type window. 21. The Information tab should already be selected. Enter Suspicious Content for the name and click Apply Changes. 22. Select the Parameters tab. Some parameters in this section will need to be changed. First, verify that the Minimum data rate is set to 80% of the total available bandwidth. Make sure to click Apply Changes if any value is updated. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 109All other trademarks are the property of their respective owners.
  • 110. Rethink Deep Packet Inspection (DPI) Testing 23. Next, change the Application Profile parameter. Using the drop-down menu, select the DPI Suspicious application profile and click Apply Changes. 24. If desired, in the Test Information section, edit the test description. 25. Verify that the Test Status has a green checkmark next to it. If it does not, click on Test Status and make the needed changes. 26. Under the Test Quick Steps menu, click Save and Run. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 110All other trademarks are the property of their respective owners.
  • 111. Rethink Deep Packet Inspection (DPI) Testing 27. Enter DPI Suspicious Content when prompted for a name. Click Save. 28. Once the test starts, the Summary tab will be displayed. It contains a great deal of information about application flows and application transactions. 29. Select the Application tab. This will display real-time information about the application flows that are being transmitted. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 111All other trademarks are the property of their respective owners.
  • 112. Rethink Deep Packet Inspection (DPI) Testing 30. When the tests finishes, a window will appear stating that the test failed. Click Close. 31. Select the View the report button. This will open a more detailed result view in a browser window. 32. Expand Test Results for Suspicious Content and select App Summary. This will provide a great deal of information about all the applications from bytes transmitted to bytes received to details about failures. Since half of the content should be blocked because it is inappropriate, the Application attempted value should be about twice the value of the Application successes. 33. Log in to the DUT and view the different counters to determine if the DUT was successfully blocking the suspicious content.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 112All other trademarks are the property of their respective owners.
  • 113. Rethink Deep Packet Inspection (DPI) Testing Variations of this test that can be run include: • Increase the test length for a longer run time. • Try different suspicious elements (i.e., different protocols). • Try a larger number of suspicious elements.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 113All other trademarks are the property of their respective owners.
  • 114. Rethink Deep Packet Inspection (DPI) Testing Webmail Phrase Detection RFC: • RFC 793 – Transmission Control Protocol • RFC 2616 – Hypertext Transfer Protocol Overview: It is important to determine if the DUT is able to record and audit keywords or key phrases. This is important because Webmail is becoming more popular and company information that is not public could possibly be transmitted via Webmail. A new Super Flow will be created that is a Webmail service. The Super Flows length will be configured and several words will be added to the body of the email. This newly created Super Flow will be added to an application profile. The Application Simulator test component will be used to transmit the newly created application profile to test the DUT’s ability. Objective: Test the ability of the DUT to record and audit keywords or word phrases. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 114All other trademarks are the property of their respective owners.
  • 115. Rethink Deep Packet Inspection (DPI) Testing 1. Launch a Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center. 2. In the new window that appears, enter your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 115All other trademarks are the property of their respective owners.
  • 116. Rethink Deep Packet Inspection (DPI) Testing 3. Reserve the required ports to run the test. 4. Select Managers  Application Manager.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 116All other trademarks are the property of their respective owners.
  • 117. Rethink Deep Packet Inspection (DPI) Testing 5. Select the Super Flows tab and then locate BreakingPoint Webmail. Click Save As. 6. When prompted, enter DPI Webmail as a name and click Ok.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 117All other trademarks are the property of their respective owners.
  • 118. Rethink Deep Packet Inspection (DPI) Testing 7. As we wish only to use a single Webmail server, click Manage Hosts. 8. Select one of the servers, and click the Delete the selected host button. 9. When prompted about being sure you want to delete the selected host, click Yes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 118All other trademarks are the property of their respective owners.
  • 119. Rethink Deep Packet Inspection (DPI) Testing 10. Repeat the previous two steps with another one of the Webmail servers. Once completed, only one Webmail server should remain. Click Close. 11. Under Step 3 – Define Actions, select Client: Send Message and click the Edit the selected action parameters button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 119All other trademarks are the property of their respective owners.
  • 120. Rethink Deep Packet Inspection (DPI) Testing 12. In the Send Message window, several parameters will need to be changed. If desired, it is possible to change the language by enabling the Language checkbox and using the drop-down menu to select a different language. Next, enable Message Wordcount Min and set a value of 100. Also, enable Message Wordcount Max and set this to a value of 1000. The message will contain a random message between 100 and 1000 words. Several items are already in the Keyword List field. Change these values to match keywords configured on the DUT. Finally, enable Random Attachment? and set the value to False. Click Apply Changes. 13. Once completed with editing the Send Message action, click Save Super Flow. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 120All other trademarks are the property of their respective owners.
  • 121. Rethink Deep Packet Inspection (DPI) Testing 14. Next, select the App Profiles tab and click the Create a new application profile button. 15. When prompted for an app profile name, enter DPI Webmail and click OK.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 121All other trademarks are the property of their respective owners.
  • 122. Rethink Deep Packet Inspection (DPI) Testing 16. In the Available Super Flows list, locate the newly create DPI Webmail Super Flow and click the Add Super Flow to the profile button. 17. Next, locate the BreakingPoint Webmail Super Flow and click the Add Super Flow to the profile button again. 18. Verify that both have a Weight of 100 and click Save App Profile.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 122All other trademarks are the property of their respective owners.
  • 123. Rethink Deep Packet Inspection (DPI) Testing 19. Select Test  New Test. 20. Under the Test Quick Steps menu, click Select the DUT/Network. 21. In the Choose a device under test and network neighborhood window, select BreakingPoint Default as the Device Under Test(s) and DPI Tests as the Network Neighborhood(s). Click Accept. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 123All other trademarks are the property of their respective owners.
  • 124. Rethink Deep Packet Inspection (DPI) Testing 22. When prompted that the current test setup contains more interfaces than the newly selected one, click Yes. 23. Under the Test Quick Steps menu, click Add a Test Component. 24. Select Application Simulator (L7) from the Select a component type window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 124All other trademarks are the property of their respective owners.
  • 125. Rethink Deep Packet Inspection (DPI) Testing 25. The Information tab should already be selected. Enter Webmail for the name and click Apply Changes. 26. Select the Parameters tab. Some parameters in this section will need to be changed. First verify that the Minimum data rate is set to 80% of the total available bandwidth. Make sure to click Apply Changes if any value is updated. 27. Next, change the Application Profile parameter. Using the drop-down menu, select the DPI Webmail application profile and click Apply Changes. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 125All other trademarks are the property of their respective owners.
  • 126. Rethink Deep Packet Inspection (DPI) Testing 28. If desired, in the Test Information section, edit the test description. 29. Verify that the Test Status has a green checkmark next to it. If it does not, click Test Status and make the needed changes. 30. Under the Test Quick Steps menu, click Save and Run. 31. Enter DPI Webmail when prompted for a name to save the test. Click Save. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 126All other trademarks are the property of their respective owners.
  • 127. Rethink Deep Packet Inspection (DPI) Testing 32. Once the test starts, the Summary tab will be displayed. It contains a great deal of information about application flows and application transactions. 33. Select the Application tab. This will display real-time information about the application flows that are being transmitted. www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 127All other trademarks are the property of their respective owners.
  • 128. Rethink Deep Packet Inspection (DPI) Testing 34. When the test finishes, a window will appear stating that the test passed. Click Close. 35. Select the View the report button. This will open a more detailed result view in a browser window. 36. Expand Test Results for Webmail and select Application Summary. This will provide a great deal of information about all the applications from bytes transmitted to bytes received to details about failures. 37. Log in to the DUT and view the different counters to determine if the DUT was successfully auditing the keywords and/ or phrases. Variations of this test that can be run include: • Increase the test length for a longer run time. • Try different Webmail clients/servers.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 128All other trademarks are the property of their respective owners.
  • 129. Rethink Deep Packet Inspection (DPI) Testing About BreakingPoint BreakingPoint pioneered the first and only Cyber Tomography Machine Contact BreakingPoint (CTM) to expose previously impossible-to-detect stress fractures within Learn more about BreakingPoint cyber infrastructure components before they are exploited to compromise products and services by contacting a customer data, corporate assets, brand reputation and even national security. representative in your area. BreakingPoint products are the standard by which the world’s governments, 1.866.352.6691 U.S. Toll Free enterprises, and service providers optimize the resiliency of their cyber www.breakingpoint.com infrastructures. For more information, visit www.breakingpoint.com. BreakingPoint Global Headquarters BreakingPoint Storm CTM 3900 North Capital of Texas Highway BreakingPoint has pioneered Cyber Tomography with the introduction of Austin, TX 78746 the BreakingPoint Storm CTM, enabling users to see for the first time the email: salesinfo@breakingpoint.com virtual stress fractures lurking within their cyber infrastructure through the tel: 512.821.6000 simulation of crippling attacks, high-stress traffic load and millions of users. toll-free: 866.352.6691 BreakingPoint Storm CTM is a three-slot chassis that provides the equivalent BreakingPoint EMEA Sales Office performance and simulation of racks and racks of servers, including: Paris, France email: emea_sales@breakingpoint.com • 40 Gigabits per second of blended stateful application traffic tel: + 33 6 08 40 43 93 • 30 million concurrent TCP sessions BreakingPoint APAC Sales Office • 1.5 million TCP sessions per second Suite 2901, Building #5, Wanda Plaza • 600,000+ complete TCP sessions per second No. 93 Jianguo Road • 80,000+ SSL sessions per second Chaoyang District, Beijing, 100022, China • 100+ stateful applications email: apac_sales@breakingpoint.com • 4,500+ live security strikes tel: + 86 10 5960 3162 BreakingPoint Resources Hardening cyber infrastructure is not easy work, but nothing that is this important has ever been easy. Enterprises, service providers, government agencies and equipment vendors are under pressure to establish a cyber infrastructure that can not only repel attack but is resilient to application sprawl and maximum load. BreakingPoint’s Cyber Tomography Machine (CTM) provides the technology and solutions that allow these organizations to create a hardened and resilient cyber infrastructure. BreakingPoint also provides the very latest industry resources to make this process that much easier, including Resiliency Methodologies, How-to Guides, white papers, webcasts, and a newsletter. To learn more, visit www.breakingpoint.com/resources. BreakingPoint Labs Community Join discussions on the latest developments in hardening cyber infrastructure. BreakingPoint Labs brings together a diverse community of people leveraging the most current insight to harden cyber infrastructure to withstand crippling attack and high-stress application load. Visit www.breakingpointlabs.com.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 129All other trademarks are the property of their respective owners.