Levelone Ici-1000 User manual

Internet Content Inspector

ICI-1000 / ICI-2000

User Manual

v1.00

Important Notice

This user manual is delivered subjected to the following terms and conditions. The copyrights,

intellectual property rights and trade secrets included in this user manual are owned by ICI. The user

manual is provided to ICI customers for the sole purpose of obtaining information with respect to the

installation, implementation and function of the ICI system and should not be used for any other

purpose. The information contained in this user manual is proprietary to ICI and strictly confidential. It

is strictly forbidden to copy, duplicate, reproduce or disclose this user manual or any part of this user

manual without prior written permission from ICI.

The Management Team of Digital Data Communications Asia Ltd

The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed

in an information retrieval system, translated into any language, or transmitted in any form or by any

means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the

prior written permission of LevelOne

Disclaimer

LevelOne does not assume any liability arising out the application or use of any products, or software

described herein. Neither does it convey any license under its parent rights not the parent rights of

others. LevelOne further reserves the right to make changes in any products described herein without

notice. The publication is subject to change without notice.

Trademarks

LevelOne is a registered trademark of Digital Data Communications Group. Other trademarks

mentioned in this publication are used for identification purposes only and may be properties of their

respective owners.

Table of Contents

INTRODUCTION ...............................................................................................................................................6

WHO NEED THE ICI SYSTEM ...................................................................................................................................... 7

APPLICATION AND IMPLEMENTATION........................................................................................................................... 8

UNPACKING & INSTALLING ............................................................................................................................10

PACKING CHECKLIST ............................................................................................................................................... 10

FRONT PANEL ....................................................................................................................................................... 10

REAR PANEL ......................................................................................................................................................... 10

REQUIREMENT ...................................................................................................................................................... 11

INSTALLATION ....................................................................................................................................................... 11

DEFAULT SETTINGS ................................................................................................................................................ 11

GETTING STARTED .........................................................................................................................................12

WEB MANAGEMENT INTERFACE............................................................................................................................... 12

SYSTEM MAIN PAGE .............................................................................................................................................. 13

ICON BAR............................................................................................................................................................. 14

MAIN PAGE -TOTAL THROUGHPUT STATISTICAL REPORT .............................................................................................. 15

INTERNET CONTENT RECONSTRUCTION.........................................................................................................22

EMAIL ................................................................................................................................................................. 22

POP3 ............................................................................................................................................................. 22

IMAP ............................................................................................................................................................. 26

SMTP (Outgoing) .......................................................................................................................................... 28

Webmail Read............................................................................................................................................... 30

Webmail Sent................................................................................................................................................ 32

INSTANT MESSAGING &CHAT.................................................................................................................................. 34

Windows Live Messenger (aka MSN)............................................................................................................ 34

ICQ ................................................................................................................................................................ 39

Yahoo Messenger ......................................................................................................................................... 41

QQ Messenger * ........................................................................................................................................... 43

UT Chat Room............................................................................................................................................... 48

Skype *.......................................................................................................................................................... 49

Gtalk (in HTTP Gmail) ................................................................................................................................... 50

Internet Relay Chat – IRC .............................................................................................................................. 51

FILE TRANSFER ...................................................................................................................................................... 52

File Transfer Protocol - FTP ........................................................................................................................... 52

Peer to Peer File Sharing – P2P ..................................................................................................................... 54

HTTP.................................................................................................................................................................. 55

HTTP Link ...................................................................................................................................................... 55

HTTP Content................................................................................................................................................ 57

HTTP Reconstruct.......................................................................................................................................... 59

HTTP Upload/Download ............................................................................................................................... 62

HTTP Video Streaming (FLV Video) ............................................................................................................... 64

HTTP Request................................................................................................................................................ 66

HTTP Social Network Sites ............................................................................................................................ 68

TELNET ................................................................................................................................................................ 69

OTHERS ............................................................................................................................................................... 71

Online Games................................................................................................................................................ 71

VoIP (Optional Purchase License) ................................................................................................................. 72

Unknown Connection.................................................................................................................................... 74

SYSTEM SETTING ................................................................................................................................................... 75

Network Setting............................................................................................................................................ 75

Network Setup .............................................................................................................................................. 76

DNS Setup ..................................................................................................................................................... 81

Shutdown and Reboot .................................................................................................................................. 81

System Time Setup........................................................................................................................................ 82

Filter Setup.................................................................................................................................................... 83

Storage.......................................................................................................................................................... 84

Services ......................................................................................................................................................... 85

Edit Password ............................................................................................................................................... 96

Backup Data.................................................................................................................................................. 97

Disk Space Control ......................................................................................................................................101

SYSTEM STATUS .................................................................................................................................................. 102

Port Number ............................................................................................................................................... 102

Online IP...................................................................................................................................................... 104

Login List .....................................................................................................................................................112

Update ........................................................................................................................................................113

Maintenance...............................................................................................................................................114

Domain ....................................................................................................................................................... 116

SYSTEM TOOLS.................................................................................................................................................... 117

Delete Data................................................................................................................................................. 117

Authority.....................................................................................................................................................119

Storage Alert............................................................................................................................................... 123

Throughput Alert ........................................................................................................................................124

AD Import ...................................................................................................................................................126

REGISTRATION .................................................................................................................................................... 129

DATA SEARCH ..................................................................................................................................................... 131

Full Text Search...........................................................................................................................................131

Similar Search ............................................................................................................................................. 133

Data Search – Conditional or Parameter Search ........................................................................................ 134

Association Search...................................................................................................................................... 145

Captured File List ........................................................................................................................................147

Bookmark.................................................................................................................................................... 148

SEND MAIL SERVICE ............................................................................................................................................. 151

Alert with Content.......................................................................................................................................151

Alert Mail Box .............................................................................................................................................152

Alert Sensitive File....................................................................................................................................... 153

Report Management ..................................................................................................................................154

Event Management .................................................................................................................................... 155

Event Trigger Management........................................................................................................................ 157

STATISTICAL REPORTS ........................................................................................................................................... 158

Conditional Reports (Single Report)............................................................................................................ 158

Conditional Report (Group Report)............................................................................................................. 161

Network Services Usage Report.................................................................................................................. 162

Network Services Usage Weekly Report .....................................................................................................163

Top Websites Report................................................................................................................................... 164

Online Users Report .................................................................................................................................... 165

Last Month Key Word Trend Report ...........................................................................................................167

Daily Report (Excel Log Report) .................................................................................................................. 168

APPENDIX A: P2P SUPPORTED .....................................................................................................................169

APPENDIX B: ONLINE GAMES SUPPORTED...................................................................................................170

APPENDIX C: RETRIEVE DATA LOG VIA FTP ..................................................................................................171

APPENDIX D: FIELD DEFINITION OF FULL-TEXT SEARCH FUNCTION ..............................................................172

EXTENSION – QUERY SYNTAX DEFINITION ...................................................................................................176

OVERVIEW ......................................................................................................................................................... 176

TERMS............................................................................................................................................................... 176

FIELDS ............................................................................................................................................................... 176

TERM MODIFIERS ................................................................................................................................................ 177

Wildcard Searches ......................................................................................................................................177

Fuzzy Searches ............................................................................................................................................ 177

Proximity Searches......................................................................................................................................178

Range Searches........................................................................................................................................... 178

Boosting a Term.......................................................................................................................................... 178

BOOLEAN OPERATORS .......................................................................................................................................... 179

AND............................................................................................................................................................. 179

+ ..................................................................................................................................................................179

NOT .............................................................................................................................................................179

-................................................................................................................................................................... 180

GROUPING ......................................................................................................................................................... 180

FIELD GROUPING ................................................................................................................................................. 180

ESCAPING SPECIAL CHARACTERS ............................................................................................................................. 180

Introduction

LevelOne Internet Content Inspector, ICI empowers your business security and operations teams

by providing granular data monitoring and precise packet and session reconstruction capabilities. The

solution is designed to combine process and technology into a single effective system for network

forensics. Business can for the first time embrace Web 2.0 and maintain complete visibility and

control, while significantly reducing total cost of ownership through device consolidation. ICI offers

real innovation by enabling unprecedented visibility and control of applications and content with no

performance degradation. It identify applications accurately - regardless of port, protocol, evasive

tactic or SSL encryption – and scan content to stop threats and prevent data leakage.

It intercepts, captures and reconstruct Internet activities such as Email (POP3, SMTP, IMAP),

Webmail Read and Sent (Yahoo Mail, Gmail, Windows Live Hotmail, Seednet etc.), Instant

Messaging or Chat (Yahoo, Windows Live Messenger or MSN, ICQ, AOL, QQ, UT Chat Room, IRC,

Gtalk, Skype Voice Call Duration Log), HTTP (URL Link, Content, Upload and Download, Video

Streaming), File Transfer (P2P File Sharing, FTP), Online Games, VoIP (Yahoo Messenger) and

Webcam (Yahoo Messenger and Windows Live Messenger - MSN), VoIP (RTP Voice Call) and

Telnet sessions. ICI system encourages efficiency, prevents company network resource from abuses

by employees, tracing culprits of information and confidential data leakage, and monitors activities

and online behaviour of employees.

Ethernet LAN interception is an important approach to gather information of communications and

digital evidence. Ethernet LAN interception solutions capture all the traffic on the LAN network and

monitor the Internet activities. It is capable of live intercepting with real time capturing and

decoding/reconstruction, category classifying, behaviour analysing, data mining, reporting with

statistics etc.

ICI comes with wide variety of management and administrative functions. It provides you various

types of report with Top-Down View. Reports that can be created include Total Throughput Statistical

Report, Network Service Report (Daily, Weekly basis), Top Websites etc. All statistics can be

displayed in per IP Address or per User Account basis.

ICI also provides varieties of search functions. It provides Free Text Search (search by Key Words

with Boolean support), Conditional Search, Similar Search and Association with Relationship Search.

It also comes with Alert and Notification (Throughput, Conditional and Key Words Alert) functions that

allow the network Administrator to setup different alert rules and parameters. This allows alert to be

triggered (email to be sent to Administrator) once the specified content is found in the captured and

reconstructed content.

Backup function allows user to back up the captured raw data files or reconstructed contents. User

can setup auto backup to backup these files to external drive (NAS or SAN) through FTP upload

method. Besides, user can opt for manually backup these files by burning them into CD/DVD or even

downloaded them to a local hard drive/PC.

Other functions available are like Bookmark, Capture File List (Comparing the content of two files),

Online IP List, Authority Assignment, Syslog Server etc. Others functions include hashed export

(backup), file content comparison etc.

Who Need the ICI System

•Financial, Banking and Investment Organisations where all Internet transactions and

communications need to be archived (Record Keeping).

•Marketing organizations, design house, high technology and R&D firms where critical

confidential information need protected.

•Schools, colleges, institutions and universities that would like to monitor students and staffs

online activities and behaviour.

•Government agencies and ministries such as Police Intelligence, Military Intelligence, Secret

Service Agencies, National Security Agencies, Criminal Investigation Agencies, Counter

Terrorism Agencies etc.

•Any company or organization that wants to monitor, backup and archive their daily Internet

transaction and data.

Application and Implementation

The diagram below is a common ICI application and implementation diagram which can be applied to

any organization networks. ICI uses sniffer technology to sniff or capture network Internet packets

through a port-mirroring capable switch (normally a smart switch or layer 2/3 switch; a HUB can be

used too as HUB broadcast traffic to all ports). It then parses (decodes and reconstructs) the captured

raw data packets, store them in system database and displays the reconstructed data with reports in

original and readable format in the Web GUI.

Ethernet LAN Organization Network Monitoring and Interception

ICI can also be implementation at network with huge volume of traffic throughput such as mass

interception and lawful interception at Telco or ISP networks. This implementation is normally for

lawful enforcement agencies (LEA) such as cyber security agencies, national security agencies,

criminal investigation bureau, police and military intelligence. Please contact LevelOne sales team for

more details

sales@level1.com

Telco or ISP lawful Internet Interception

Unpacking & Installing

Packing Checklist

19 inch 1U Rack mountable Server x 1

Quick Installation Guide x 1

CD Manual x 1

Mounting Bracket set x 1

Power Cord x 1

Front Panel

1. Power LED

2. HDD LED

Rear Panel

1. Power Socket

2. Power Supply Unit

3. PS/2 KB & Mouse (for local console)

4. VGA Display (for local console)

5. Monitor Ethernet Port

6. Management Ethernet Port

Requirement

In order to get the ICI to capture your network activities successfully, a Port-Mirroring feature on the

network Ethernet switch is must. User can monitor traffic from any source port to a target port for real-

time analysis. Attach the ICI to the target port and study the traffic crossing the source port in a

completely unobtrusive manner. Most the Web Smart and fully Managed Layer2 Ethernet switches

support the Port-Mirroring feature

Web Smart or Fully Managed Layer2/3 Switch with Port-Mirroring feature

For the best performance and keep disruption minimal, we introduce the Mirror mode implementation

only which provides the Real-time Reconstruction and keep disruption minimal at the same time. The

captured packets are saved in PCAP format

Installation

1. Connect the power cord to ICI power socket on the rear panel

2. Patch lead between Switch Mirror port and ICI Monitor port

3. Patch lead between Switch port (any available port) and ICI Management port

Default Settings

192.168.1.60

Username

root

Password

000000 (six zero)

Note: Internet Explorer (IE ver6, 7 and 8) are recommended web browser for Web GUI management access of ICI system.

Getting Started

This chapter shows how to manage the ICI system via standard Web Browser over local network,

also a quick guide about each function button from menu bar, as well as the examples of feature-rich

of report feature.

Web Management Interface

1. Use Internet Explorer (IE) Web Browser to access ICI system web management site. ICI system

uses port 443 for secure web access. Please remember to key in https://x.x.x.x, for example

https://192.168.1.60 (which is the default login).

2. Before you use this system, please make sure you have Java applet installed. Read the

instruction on “Before You Use This System” at the login page.

3. Username: root & Password: 000000 (six zero)

4. Choose your preferred language [Traditional Chinese] or [English] and then click on the login

button.

Note: Internet Explorer (IE ver6, 7 and 8) are recommended web browser for Web GUI management access of ICI system.

System Main Page

The navigation icon bar is on the top section of the Web Management GUI. ICI Homepage provides

information on the Total Throughput Statistical Report (as shown in diagram below) with Top-Down

and Drilled-Down capabilities.

Icon Bar

Icon

EMAIL REC

TAT

CHAT

REC

FILE TRANSFER

REC

GIS

TER

OTHERS

REC

DATA

EAR

HTTP

REC

ALERT

TELNET REC

ETT

GOU

Main Page - Total Throughput Statistical Report

Total Throughput Statistical Report provides Daily, Weekly and Total Traffic statistic of different

Internet service categories for the organization network. It shows the total traffic amount usage by the

entire network as well as breaks them out into different service categories. Online User List will show

the List of users (IP Address and Account).

Mail Report allows Administrator to send different reports such as Total Throughput Statistical Report,

Online IP List etc. to the specific Email account immediately or either by hourly, daily, weekly or

monthly basis as shown below.

Example 1:

Click on the Email - POP3 Quantity of Daily Traffic, it will List down the entire POP3 Emails in the

database.

Example 2:

Click on the HTTP – HTTP Content weekly traffic throughput (KB), it will display the bar chart of the

HTTP Content traffic for the entire week (7 days). By clicking bar chat (specific day), it will lead you to

that day details content.

Example 3:

Click on the Daily Traffic – Summary Report, it will pop out Statistical Report List window and you can

select to click Throughput Statistical Report or Top N report. Click on the Top N, it will display the

User Daily Traffic Top N by Listing the top user IP with information such as Who is?, Throughput (KB)

and Statistical Report which includes Protocol Daily, Weekly and Summary Report.

Click on Who is ? This will display the user (IP) relationship with username, user login etc. Click on

Protocol, it will display all applications and throughput (KB) used by this user (IP).

Besides generating report by IP, Administrator can also generate report by Account basis.

This manual suits for next models

Table of contents

Popular VoIP manuals by other brands

Allied Telesis

Allied Telesis AT-VP504E FXS Administration manual

CyberData

CyberData SIP PAGING ADAPTER Configuration guide

Minitar

Minitar MVA11A user manual

Fanvil

Fanvil D800 Quick installation guide

Quintum

Quintum Call Relay Specifications

ZyXEL Communications

ZyXEL Communications EMG5324-D10A quick start guide

Avaya

Avaya Compact DECT installation manual

LevelOne ICI-1000 User manual

Popular VoIP manuals by other brands