|
| Lawful Interception & Packet Forensics Analysis System 定興科技集團 張 侃 總經理 |
|
|
| |
 |
 |
IP Packet Capture Way |
| |
There are 3 types of IP packet capture ways based on application and industry standard :
- Packet captured from IP network: for IP network infrastructure in enterprises, ISP, IDC and LTE/WiMAX operators
- IP packet from Telco switch :
- Tradition switch through Mediation Platform
- For IMS and all IP networks, IP Packet can be captured through service broker of application layer or directly from IP core switch of Media and End Point layer of IMS system
- From Cable TV
|
|
IP Packet Capture Way– Sniffer |
| |
All data packets on Ethernet are broadcasted in the network, i.e., all physical signals will flow to the network Interface card of the appliance. NIC card can be under promiscuous mode, so it can receive all data no matter what the MAC address it is. This is what the basic of Sniffer all about.
|
| |
 |
|
Lawful Interception Can get that evidence? |
| |
 |
|
Sample: Email (POP3, SMTP and IMAP) |
| |
 |
|
Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc… |
| |
 |
|
What Lawful Interception Needs Now….. |
| |
 |
|
E-Detective – Mirror Mode Implementation |
| |
 |
|
Wireless-Detective – Implementation Diagram (1) |
| |
Wireless-Detective Standalone System - Captures WLAN packets transmitted over the air ranging up to 100 meters or more (by using enhanced system with High Gain Antenna) |
| |
 |
| |
WLAN Lawful Interception – Standalone Architecture
Wireless-Detective Deployment
(Capture a single channel, a single AP or a single STA)
|
|
Wireless-Detective – WPA-PSK Cracking Sol. |
| |
 |
| |
Note: WPA handshakes packet can be captured by Standalone Wireless-Detective system or Distributed Wireless-Detective systems.
|
|
EDDC Offline Forensics Product |
| |
Offline Raw Data (PCAP) Decoding and Reconstruction system.Comes with User and Case Management features. |
| |
 |
|
HTTPS/SSL MITM Interception System |
| |
 |
|
Software Architecture |
| |
 |
|
More Then 140 Internet Protocols Supported |
| |
 |
|
Data Captured through Tradition Telco Switch |
| |
From LI port of Soft Switch/TDM to capture signals by ETSI/CALEA standard. Passing through mediation platform and convert the data for further analysis through Handover Interface (HI) before reaching EDDC for further packet analysis
|
| |
 |
|
Data Packet Captured through Telco IP Switch |
| |
 |
|
Data Packet Captured through Cable TV |
| |
 |
|
Technology Transfer Program |
| |
- To Help ETRI to Enhance Capability of LI Application Research
- Target
- E-Detective
- Wireless-Detective
- Scope
- Source Codes
- On-Site Training
- On-Site Assistance for Software Development
- Reasonable Fee
|
| |
|
|
|
|
|
