Lite Data Message Flow

The Lite Data Message Flow window is used to define/edit Lite DMFs and Studio Scenarios converted into Lite DMFs. The Lite DMF format provides a simplified way to create and display a vast majority of data flows used for L4-L7 DPI testing (on Landslide).

NOTE: You may define a maximum of 20 Network Hosts per test case, which supports multiple different DMFs/connections within the same test case going to the same network host and Port combination

The Lite DMF allows you to define transaction behavior, rates, throughput, sequence of messages over multiple sockets/connections and various message options. The Lite Data Message Flow window provides a quick view of the number of connections/5-tuples involved in each Lite DMF and calculates total bandwidth.

The following highlights the differences between a Lite DMF and a regular DMF

Lite DMF	DMF
Message flows from different connections (UDP, TCP etc) within the Lite DMF are sequential.	Message sequence on are potentially concurrent. (In addition, the DMF has more settings and options available for your selection.)
All the connections are defined within the same Lite DMF as ordered flows/connections.	Each connection is defined in a new subflow.

Lite DMF and Studio Scenarios

Studio Scenarios are pre-made/defined Lite DMFs that have been generated from different Apps, different OSs, and may include vulnerabilities and attacks. The Studio scenarios are played over real TCP/UDP sessions and simulate both ends of an application for Firewalls and DPI engines.

Studio Scenarios available for selection as Lite DMFs are based on system licensing. These Scenarios are categorized into groups and included in the Landslide libraries based upon their group and licenses. A small subset sampler of Studio App flows are included regardless of licensing in the basic library. The remaining Apps, vulnerabilities and attacks are located in separate licensed libraries.

The group of scenarios (folders/libraries) displayed depends on your system license. You may run the Studio Scenarios as is or edit them to add more messages, connections, etc, and save them.

NOTE: Landslide integrates many of these Scenarios for hundreds of Applications (Apps). (New Scenarios and Apps are provided with each new Landslide release). (Additional Licenses (groups) may be added in the future releases.)

Parameter Index

General
Transactions	Transaction Rate (trans/s)
Throughput (bits/s)	Tx/Rx Ratio
Start Paused	Total Retries
Connections/5-Tuples:
Message Sequence	Paste Buffers
Import PCAP
Convert To aDMF	Save/Save and Close
On Handover to Target Network Separate Transaction Rate for Target Network	Transaction Rate (trans/s)

General

Transactions

Use the drop-down list to define the number of times a transaction is executed after data traffic begins (when Data Start Delay expires after the MN session is established). A transaction can consist of an entire message flow or a subset of a message flow defined as a transaction loop.

Learn more about transaction loops

Options:

Continuous — The transaction continuously executes while the MN session is active.
Limited # — The transaction is executed for the number of iterations you define in the field provided. (0 indicates continuous transactions)

Default: Continuous

When you use a transaction loop in a message flow with a limited number of transactions, the entire message flow is executed once, and the transaction loop is executed for the number of iterations you define. When you use a transaction loop with continuous transactions, the commands prior to the loop are executed once and the commands in the transaction loop are then continuously executed. Transaction Rate defines the number of times the loop is executed every second.

NOTE: The Transactions is available when the DMF is paused during test execution. You may set a new Transactions value to be applied when you resume traffic.

Related Measurements

Transaction Rate (trans/s)

The timing of the initial execution of the message flow is defined by the Traffic Start and Data Start Delay defined on the Data Traffic tab of the test case. Transaction Rate defines the number of times the test will attempt to execute the transaction every second in each of the MN sessions (see Transactions for the definition of a transaction). A separate timer is kept for every MN session, and if more than one transaction is executed, the message flow is serially executed in each session under the control of that session's timer.

Range: Any value greater than 0. You can enter a fractional value to spread the message flow over a number of seconds: a rate of 0.5, for example, executes the transaction every two seconds.

Default: 1.0

Transaction Timers

Transactions can be timed to 1 millisecond granularity. The maximum consistent rate, therefore, is 1000 transactions/second (1000/1000 = 1 ms). While the test server may be able to handle a faster rate, depending on the resultant total bps and pps for the test considering the number of sessions and the packet size, the transaction timers will not be evenly distributed and the throughput may vary slightly between test intervals.

If you are attempting to configure a Basic Data model that results in a specific bps or pps throughput, your Transaction Rate must result in a transaction interval (the number of milliseconds between transactions) that is divisible by 10 milliseconds in order for the transactions to be timed consistently. You can calculate the transaction interval manually with the following formula: Tinterval = 1000/Trate. Alternatively, you can click the Calculate button to display each MN session's bps rate, calculated from the defined Transaction Rate and Packet Size. The transaction interval is also calculated at that time and if your derived transaction interval is not optimal, you will be notified and prompted to accept an adjusted rate that conforms with the timer granularity.

Throughput (bits/s)

The bps rate of the payload portion of the data packets as defined by the Transaction Rate is displayed in Throughput when you click the Calculate button.

TIP: To determine the DMF's actual throughput, including packet headers and any connection control messages, execute the DMF in continuous mode in a test with one MN and note the Total Packets/Sec and Total Bits/Sec measurements on both the Data Traffic and Network Host report tabs.

Calculate

Define Transaction Rate, and click Calculate to determine the total throughput bits/second.

As of Release 16.8, added Target Network Transaction Rate, Total Target Throughput (bits/s), Target Tx and Target Rx.

NOTES:

When you set a ratio greater than 1, the Network Host attempts to send the additional packets within the defined Transaction Rate. The MN considers the transaction to be complete when the first packet is received and will proceed to the next transaction whether the expansion packets are received within the transaction interval or not. If an attempt is made to tear down the MN session during a transaction, the MN will not wait to receive expansion packets before disconnecting.
You can generate unidirectional traffic by entering 0. In this case, the MN sends packets and the Network Host does not respond.

Related Measurements

The number of packets, command messages, and bytes sent by the Network Host and received by the MN reported on the Data Traffic and Network Host tabs will increase as this value is increased.

Tx/Rx Ratio

The fields will always show the left most digits after a calculation is done. Also, the Throughput values (overal, Tx, Rx) are rounded to the nearest .1 bits/s.

Start Paused

Select to start the Lite DMFs in the paused state.

Total Retries

The maximum number of attempts made by the client or server to send a request message after the Data Response Time has expired.

Range: N/A

Default: 5

^ Back to Top

On Handover to Target Network

Separate Transaction Rate for Target Network

Select to input a different transaction rate when 4G-5G Dual connectivity is enabled.

Only applicable for Dual Connectivity 4G+5G.

Tcl Parameter: SeparateTgtRate

Transaction Rate (trans/s)

Available when "Separate Transaction Rate for Target Network" is enabled.

Only applicable for Dual Connectivity 4G+5G.

Enter transaction rate in seconds.

Options: 0 to 1000

Default: 1.0

Tcl Parameter: TgtTransactionRate

^ Back to Top

Connections/5-Tuples

Define transport layer connection elements. You may define each connection or flow within the Lite DMF in a separate row as a unique combination of Transport type, Source port, Destination Host and Destination Port. You can Add, Cut, Copy, Paste, Move the connection Up/Down, or Delete as required.

The maximum configured bytes per flow or Connection/5-tuple is 10MB. Configured bytes are the user defined bytes in each message, not including Padding/Content-TDFs/Auto-Fills, etc.

You may define multiple DMFs to use the same Transport, Destination Host, and Destination Port.

For example, the Lite DMF window illustrates using multiple connections going to the same Transport, Destination Host, and Destination Port. The Lite DMF window shows the first 2 connections in the table are TCP and point to Dest Host = 0 and Dest Port = 80, the standard HTTP port. The 3rd connection also uses Dest Host = 0 and Dest Port = 80 but the transport is UDP instead of TCP.

Connections 1 and 2 have the same (Dest Host = 0, Dest Port = 80, Transport = TCP) Triplet.

NOTES:

Two connections can have the same (Dest Host, Dest Port and Transport type) if the first 100 application bytes of the first message for each connection are unique (not identical). The network host uses the first 100 bytes of this first message to determine the possible connections to bind to the transport socket.

As long as the first 100 bytes of the message are different from the first message of the other possible connections, the network host will be able to bind to the correct socket. If the first message is less than 100 bytes for any connection, then the first message also cannot be a complete subset of any other connection's first message.

All connections going to the same (Dest Host, Dest Port and Transport Type) must be assigned the same TOS/DSCP byte.
If multiple connections are going to the same (Dest Host, Dest Port and TCP Transport) they cannot be configured for server-initiated sockets, each connection must have client initiated sockets.
To avoid some packets from being out of order, it is recommended that you select Dynamic VLAN option on the test node to update ARP Cache (destination ARP cache is updated when an ARP request is received).

First Connection Persistent

Select to indicate connections are persistent and clear selection to indicate that connections are not persistent.

Automatically generated when you Add a connection.

Transport

Select the transport protocols to be used.

Options: tcp, udp

Source Port

The port to be used with the source IP address.

NOTE: The Source IP, creating the complete 5-tuple, is not shown (Lite DMF window) as it is the IP address of the UE in the test case.

You can override this setting at run time and define a different port with the Instances and Assignments settings.

Double click to display Edit Source/Client Port window.

Mode

Selecting the Client Port Mode allows you to:

Restrict port re-use for dynamically generated source ports.
Define a named range for ports in use

Options: Fixed, Random, Sequential Range, Sequential with Random Start

NOTES: When the Client Port Mode is:

Fixed: only the Client Port field is available (Min and Max is not available).
Random or Sequential with Random Start: The Client Port is not available. (When Random, the Client Port is set to 0 during DMF processing.)
Sequential Range: the Client Port, Min, and Max port are available. Only meaningful for one UE, e.g when Sequential Range is selected and Client Port = 2000, Min = 2000, Max = 2010, then the first session loading (when the UE starts to send data) will use Client port 2000, the second session loading will use 2001, and so on..

Client/Start Port

Available along with Min and Max when the Client Port Mode is Sequential Range and is the Start Port. The Sequential Range values must be between MIN and MAX port values.
Available when the Client Port Mode is Fixed (Min and Max is not available).

Range: >=1 and <=65535

Default: The default source port

Min Port

Range: >=1 and <= Max

Available when the Client Port Mode is Sequential Range and Sequential w/Random Start

Max Port

Range: Min Port <= and <=65535

Available when the Client Port Mode is Sequential Range and Sequential w/Random Start

Dest Host

Select the Destination Host ID from the list. The Dest Host is the Target/Requested Dest host.

Dest Port

Enter the Port (used with the destination IP address) to where the traffic is sent.

Default = 80

Initiator

Select to indicate whether the traffic initiator is a Client or a Server.

TOS/DSCP

Enter the ToS/DSCP code with which to mark the packets.

ToS: Indicates user-defined 2-octet ToS/Traffic class value. Enter an appropriate value between 0 and 65535.
DSCP: The DSCP (Differentiated Service Code Point) values (used by the MN's) based on the mobile subscriber's profile or network policy, to re-mark packets with appropriate DSCP values.

Enter 0 for Default Forwarding (best effort) or see the IANA DSCP Registry for Class Selection, Assured Forwarding, and Expedited Forwarding pool values.

NOTE: Connections that share the same Dest Host and Dest port must also share the same TOS value.

Segment Size

When you use any protocol, you can define the maximum number of payload bytes in each packet. If the number of bytes in a message is larger than Segment Size, the message will be divided into the number of messages required to meet the threshold.

NOTE: If the Segment Size is too large to allow for all protocol headers to be accommodated within the defined MTU, fragmentation will occur on data packets that contain the maximum payload bytes.

Range: 128 — 65535

Default: 1000

DNS Query

Double click and Edit DNS Quesry Configuration window displays. Select DNS Query and enter the IP addresses and Domain Name query. You may also select to query only the first DMF transaction or query each DMF transaction.

NOTES:

When you add the Lite DMF to a test case, the connections are automatically assigned to the host indexes (in the Instances and Assignments window).
Changing the Dest Host in the Lite DMF and saving has no effect on any Lite DMFs already added to test cases.

^ Back to Top

Message Sequence

Define the order in which to send/receive messages and edit the message content. You can Add, Cut, Copy, Paste, Move the message Up/Down, or Delete as required.

Msg #

Automatically generated when you Add a message/packet.

Connections/5-Tuple

Select the Connection type used for the message. The number of Connections available depends on the Connections you added in the Connections/5-Tuples pane on the General Tab.

Direction

Select the direction of data from client to server (arrow left to right) or from server to client (arrow right to left).

Time (ms)

The time is calculated based on the Send Delay, measured in milliseconds, from the beginning of the stream until the packet is sent. Double-click the cell to edit this field.

Delay (ms)

The delay, measured in milliseconds, from the time the previous packet in the stream was sent. That is, the Delay corresponds to the Send Delay field of a message. Double-click the cell to edit this field.

Data

The first several bytes of data in the packet. Unprintable characters are replaced by a dot (.). You can view/edit the entire packet in the ASCII Editor or HEX Editor.

Message Options

Verification

You can direct the receiving entity to validate the integrity of the message by checking Receiving end should verify message and then specifying the First byte to check and Number of bytes to check.

IMPORTANT: When a message with the correct protocol is received and it does not match the expected response defined, the test will compare the message to all subsequent responses defined. If it finds a response that is not verifiable (verification is disabled), the test assumes that the received message is a valid response.

Fill/Padding

The Fill/Padding pane allows you to select not to include any filler, include automatic padding, enter a Test Data File or Signed Content. Starting Offset represents the insertion/padding start point and is available for both Automatic Padding and Insert Test Data File.

The Advanced DMFs and Lite DMFs both support new Message Editor with new "Filler" option for "Signed Content".

For Signed content you can Add a Certificate Test Data File, Private Key Test Data File. Select a File Format (either RSA or EVP) and enter the Number of Entries (range: 0 to <= the total entries of certificate files).

Use Auto-Fills <Signed_Start>/<Signed_End> to define range, <Cert_Insert> is Optional.

All labels and variables have been changed to reflect that we are signing data, not encrypting it. Moved the Cert Insert and Signed Data Offset Range to be pure Auto-Fills. No longer set on the "Filler Panel". Added the URL Encode Auto-Fills, which let you set multiple ranges of URL Encoding. URL Encoding happens last after all other Auto-Fills occur. First pass normal Auto-Fills occur, Second pass Signing Data happens, Third pass URL Encoding happens.

Added new usability improvements:

Ability to add/set the URL-Encoded and SignedData range by selecting text and right-click option. You do not have to add Start/End Auto-fill separately, just select the text to Encode/Sign and right-click.
Added new options to add Auto-fill by Mouse Click location versus Cursor/Selection location. The prior way was always by Mouse-Click, which auto-updated the Cursor.

NOTE:

A error message displays if the Padded Message Size is less than or equal to the user-defined message data, as this results in no padding. Padded Message Size must be greater than User Defined Message Data.
Existing DMFs will be automatically upgraded, however the Tcl API Tcl from old way (prior to 14.6) will not work with new way. Just re-Save-As-Tcl to get the new way. And if you had Auto-Fills immediately adjacent to your old <Encryption_Start/End> Auto-Fills, you will have to manually re-order your Auto-Fills.

You can provision explicit values for each DMF by using a Test Data File.

Auto-Fill Fields

The Auto-Fill Viewer pane allows you to view the placement of the fields and filler embedded in the content defined on the editing sub-tabs. See the Static and Dynamic content sections for more information on these areas.

Editing Sub-tabs

Hex-ASCII Editor
Text Editor

Whenever your cursor is in a field that specifies a byte offset, a starting byte, or a range of bytes, the applicable byte(s) in the Hex-Ascii and Text Editor sub-tabs are highlighted. The bytes highlighted will dynamically change as you modify parameter values.

NOTE: The ASCII Editor supports standard text editing keys, such as, Ctrl-C (copy), Ctrl-V (paste), and Ctrl-X (cut). You can also right-click to display a context menu with the same operations.

Auto-Fill Viewer

CRLF Viewer

The CRLF Viewer tab allows you to view the generated CRLF characters, highlighted for ease of reference.

For example, the following shows the same message viewed in Auto-Fill Viewer and CRLF Viewer.

Auto-generated Message/A

0d0aHeaderName: HeaderValue0d0aContentSize: 00d0a0d0a

Auto-Fill Viewer

<CR><LF>0dHeaderName: HeaderValue<CR><LF>0dContentSize: 0<CR><LF>0d<CR><LF>0d

In the CRLF Viewer

HeaderName: HeaderValue<CR><LF>

ContentSize: 0<CR><LF>

^ Back to Top

Paste Buffers

You can capture any value from one message and insert those bytes into any subsequent messages with the Copy Buffer and Paste Buffer fields. Place a Copy Buffer in a defined message to capture the actual value contained in the message when it is received. Place the corresponding Paste Buffer in any subsequent messages to insert the captured value into the message before it is sent. If a DMF contains subflows, the same Paste Buffer can be used to insert values in the mainflow and any associated subflows.

Ten field types, Copy Buffer 1 through Copy Buffer 10, allow you to capture bytes from a received message. You can specify the bytes to capture in one of two ways:

Static capture — The Format field identifies the value type and the number of bytes and Offset identifies the starting point. Use this method when the value is always in the same position in the message and the length can be defined by the format (either fixed-length or a string of characters). When you select the ASCII/String format, the buffer is filled with alphanumeric characters (A — Z, a — z, 0 — 9, @, _) until the maximum number of bytes is reached or until a non-alphanumeric value is encountered. When you select a binary format, the number of bytes specified by the format is captured.
Dynamic capture — Use a Search Pattern to find a value anywhere in the message or to find a variable-length value. When you perform a search, it begins at the byte specified by Offset.

Copy Buffer n — Ten field types, Copy Buffer 1 through Copy Buffer 10, allow you to capture bytes from a received message. You can specify the bytes to capture in one of two ways:
Paste Buffer n — Information that was captured with a Copy Buffer field can be inserted into one or more outgoing messages by adding the corresponding paste buffer to the messages. Corresponding paste fields, Paste Buffer 1 through Paste Buffer 10, are provided for each copy buffer. Paste Buffer 1 inserts the value captured by Copy Buffer 1, and so on. The number of bytes inserted is defined by Format. Select the variable-size Binary format to insert the contents of the copy buffer without regard to length. You can also select one of the fixed-length formats. If you insert more bytes than the copy buffer holds, the extra bytes are coded as 0x00. If you insert less bytes than the copy buffer holds, the information from the copy buffer is truncated.

You can also use Paste Buffers in standalone mode to provision a common value in many messages, allowing you to change the value once and propagate the change through all affected messages.

Buffer Configuration

When you use the copy and paste buffers, you must define each buffer that will be used in the Buffer Fields window. You can optionally set the initial, or default, values and assign names to the buffers and you must set the size.

You can choose to use the same initial values for every MN, auto-incrementing values for each MN, or provision different, explicit values for each MN in a Test Data File. Regardless of the provisioning method you choose, these values will be used in the following scenarios:

When a corresponding Copy Buffer is not used.
If a Paste Buffer is executed before a copy is successfully performed — when the message that supplies a copy value is received out of order, for example.
The Copy Buffer fails to find a value that matches the defined Search Pattern.

Click the Paste Buffer Configuration button in the Data Message Flow window... to access the following settings.

Name

You can rename the buffers with labels that indicate the type of information that will be captured or inserted. The name is displayed in the field Type drop-down list and the Auto-Fill Viewer sub-tab, preceded by either "Copy_" or "Paste_" depending on the operation to be performed.

Range: Up to 15 alphanumeric or underscore (_) characters. Names are not case-sensitive and each name must be unique.

Default: Buffer_n

Size

The maximum number of bytes contained in a buffer. Each buffer includes a terminating null byte, therefore the defined size should equal the number of bytes required for the largest possible value + 1. If the Initial Value provisioned for any buffer exceeds the buffer's size, the test will fail run-time validation and an error will be noted in the Test Log.

NOTE: When a buffer is initialized in the mainflow and pasted into a subflow, there is no need to initialize the buffer in the subflow.

Range: 0 — 4095

Default: 0

Initial Value

The same value will be used for all MNs unless you use the Legacy Auto-Increment syntax or check the Apply DMF Initialization from Test Data File box and use a file to provision the values. Non-alphanumeric ASCII values and non-ASCII values can be represented with a hexadecimal string. The format is : "0x" leading hexadecimal string (0x#(<hex>) per UE or #(<decimal>). The supported format for hex increment is : 0x#(abcd), where abcd is valid hex digit.

No combination with base string is supported. No repeat is supported.

For example: "0x0d0a8ff611191ba2be49aa09", 2 hex characters represent 1 byte hex value, the CR-LF pair is represented as "0d0a".

Will accept up to 4095 ASCII characters in the field based on max buffer size of 4095 bytes. The validation will attempt to prevent using an initial value > size of buffer. If using auto-increment syntax, e.g. #(23232), validation will subtract 3 characters from the length to account for # ( and ) characters.

You can obtain a sample Test Data File from your Technical Support representative. See Parameter Features for more information on provisioning parameters with Test Data Files.

NOTE: You are allowed to paste copied buffers/information between licensed Scenario Lite DMFs. You cannot copy from a licensed scenario Lite DMF into a non-Licensed Scenario Lite DMF or a different group of licensed Scenario Lite DMFs.

^ Back to Top

Save

Click Save to store the DMF in the desired library and continue to work on the DMF.
Click Save and Close to store the DMF in the desired library and close the DMF.
Click Close to discard any changes you have made to the DMF and close the window.

NOTES:

You may save copies of modified Studio Scenario Lite DMFs, which will automatically be associated with your license Group information. (You will need your original license to use your saved copy. Losing the license for the original Scenario will stop you from using your saved copy).
Studio Scenarios are included in libraries based upon their group and licenses. For example, Studio Free (Basic), Studio Applications, and Studio Vulnerabilities and Malware groups are located in separated libraries.
Free Studio Scenario Lite DMFs are included in the standard Basic library of DMFs and the rest are grouped in separate libraries.
Studio Scenarios are provided as read-only Lite DMFs.

See Adding to Libraries

^ Back to Top

Convert to aDMF

Convert To aDMF (advanced DMF)

Allows you to save a copy of the Lite DMF to an Advanced DMF. You may also convert an imported PCAP file to an Advanced DMF by importing PCAP to Lite DMF, then saving it as an Advanced DMF.

Click Convert To aDMF. A Save Converted Advanced DMF in UserDirectory (your default user directory) window opens. Navigate to the required directory, enter a name, and save the converted file.

NOTE: This option is also available for free Scenarios (i.e., Basic Lite DMF) or regular non-Scenario Lite DMFs.

You cannot convert licensed Studio Scenarios to Advanced DMFs.

NOTE: If you are licensed, you may Import Studio XML files.

The Lite DMF editor allows you to import the Landslide-ready XML generated by Studio Scenarios.

This option is available to systems with appropriate license key. Any Lite DMF created by importing Studio XML, is assigned to the Scenario Group Import and associated with the relevant license key.

^ Back to Top

Studio Scenarios

Studio Scenarios are multi-protocol message exchanges that recreate specific situations (such as login authentication, streaming video, or VoIP communications) on a network. A list of Studio, Scenarios in the system, include:

Application Scenarios	Contain traffic for network activity such as VoIP phone calls, Facebook status updates, or movies streamed over the Internet. Use these Scenarios to test how network devices handle specific applications and enforce policies on that traffic.
Attack Scenarios	Contain traffic with vulnerability signatures for known attacks. Use these Scenarios to test how your intrusion detection and/or prevention devices and software applications recognize known exploits—and how well those devices and applications are protecting your network from known attacks.

^ Back to Top