| DRDL Technology |
|
The standard-syntax language of DRDL enables rapid development of new signatures. The DRDL database currently consists of more than 2000 (April 2012) applications, services, and protocol. Some applications create multiple flows. DRDL interconnects control and data sessions of protocols like FTP. During the identification process DRDL aggregates detailed traffic properties like MIME-type, filename, chat channel and SIP caller ID. This granularity enables you not only to see the Xbox Live traffic, but rather the Xbox Live users who are playing Halo 3. Another unique capability of DRDL is classification. Connection flags classify the traffic based on its behavior. Typical classifications are “interactive”, “streaming”, “random-looking” and “bulky.” This way you can set preferences on traffic that can not be identified or when you are required to be application agnostic.
|
The core component in PacketLogic is Procera’s own identification engine DRDL – Datastream Recognition Definition Language. DRDL facilitates a broad range of criteria to properly identify the application of each individual datastream, a.k.a. flow, session or connection. The identification relies on bidirectional information like the packet sequence in a handshake, header information, protocol, actual payload, and other distinguishing characteristics of an application. This way DRDL can properly identify even encrypted applications.