Tips and Tricks

Defining reports in ASDIC can be tricky before you get the hang of it. Here is a few shortcuts good to know

  • When defining predefined reports, if using "time span ... since last baselined" you will get a deviation report, because baselining only occurs once for each new traffic pattern.
  • Some flags in the criteria definition page only affects traffic acquired via the network interceptor (sniffer).
  • Learn the difference of "?", "*", IP-address, prefix and blank fields in the IP address search fields. It may be a bit tricky.
  • You can search for port ranges with with interval; 1-1023
  • The non graphical search (left search button) display search hits as they occur. The graphical search (right buttons) display searches only after the entire search is completed. This is the reason why the non graphical search split the search results over multiple IP groups and the search result may not be sorted.
  • In a firewall log, sessions occur in simplex. When packet sniffing, sessions are seen in duplex. This will be reflected in the ASDIC database as well.

Ping Research