Checking device dependencies

Learn more about the IOTA solution at profitap.com/iota

In some situations, such as security analysis or preparation of firewall rule sets, communication patterns need to be evaluated. This step-by-step guide explains how to do this with Profitap IOTA.


Figure 1: Overview Dashboard with the Flow Diagram on the left.

To inspect which remote peers a specific host has communicated with, simply click on the IP address in the flow diagram. The IOTA will apply an IP filter to the selected IP address; in our case, we filtered on 192.168.4.1.

From here, we can recognize associated IPv4-based communication patterns. The host has communicated with three other hosts in this example (Figure 2). If necessary, we can adjust the desired time window in the upper right area.


Figure 2: Flow diagram after filtering on 192.168.4.1 based on a single click.

Scrolling down the “Overview” dashboard (Figure 3) helps to identify the exact communication relationships that have been established. These are displayed in the “List of Flows”. We can see some communication relationships on TCP port 5061, the well-known port for SIP-TLS, RTP transmissions, and NTP traffic. This means we’re looking at VoIP communication.


Figure 3: List of communication relationships on the Overview Dashboard.

To take a closer look at the communication relationship, it is possible to download the entire correlated flow via the Download button or analyze it in more detail by clicking on the magnifying glass in the respective row under Inspect.

The Inspect button leads us to the corresponding “Flow Details” dashboard (Figure 4). We can see the flow structure on the left, as well as performance data such as iRTT and server latency on the bottom right. On the top right, we can see the packet structure with Ethernet II, IPv4, TCP, and finally, TLS/SSL as the protocol.


Figure 4: Flow details for a SIP-TLS flow of the evaluated host.

Conclusion

This workflow example shows that with a few clicks and filters, you can quickly and easily identify that:

  • The selected host is a SIP-TLS server;
  • It terminates voice data via RTP;
  • It also serves as an NTP server.

This workflow can also be adapted to other hosts to allow easy drill-down to the desired information. Baselining of the network can also be performed in this way.

Learn more about the IOTA solution at profitap.com/iota

  • Last modified: February 29, 2024

© 2024 Profitap HQ B.V. and its licensors. All Rights Reserved — Profitap HQ B.V., High Tech Campus 84, 5656 AG Eindhoven, The Netherlands | Privacy Policy | Terms and Conditions