Law Enforcement

Capture, Analyze All the Data, and Only the Data, You Need

WildPackets’ relationship with law enforcement agencies (LEAs) stretches back to 1997 when a major US Law Enforcement Agency adopted EtherPeek as their standard for ‘lawful intercept,’ a process by which LEAs conduct electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order. Today, the standard has been updated to include OmniPeek as the primary tool for capturing Ethernet and wireless data, including voice, email and instant messaging.

OmniPeek has many features built in that assist in capturing data for lawful intercept purposes. The easy-to-use interface allows even beginners to get started immediately and capture the necessary packets to be collected for evidence. To ensure strict compliance with judicial and administrative orders, WildPackets has extended the out-of-the-box functionality to include plug-ins specific to law enforcement requirements. These extensions have been developed by WildPackets’ Custom Engineering Group (CEG), a specialized team with years of lawful intercept experience that is dedicated to customizing our software to fit the requirements of law enforcement officials.

WildPackets lawful intercept plug-ins include:

Email Capture (SMTP and POP3)

• Pen: text report and email
  • No content, but establishes relationships between individuals
  • Text Report is a log of the communications of the Targets
  • A copy of the headers of each intercepted message is saved for each target
• Full Content: capture files and email
  • All content, monitor the targets communications
  • Capture Files, all the packets in the message stream
• Integrety feature
  • Generates a digital signature of the resulting trace file, which can be used in court to ensure that the file has not been tampered with
• Per Target Settings: Allows the subjects multiple court orders to be individually tracked in a single capture

IP Pen Register

• Text report of ‘who’ is communicating with ‘whom’
• Packets are sliced to include only IP, TCP, UDP and ICMP headers - rejects all other non-IP protocols
• Passive Name Resolution

RADIUS

• Report log on/log off and IP assignments
• Record the IP address
• All traffic of Target IP written to individual trace files

Web based Email

• Hotmail
• Lycos
• Yahoo
• Pen and Full Capture, same reports
• Also report on Opening and Saving Drafts

VLAN Filter Analysis Module

• Accepts into the Capture Buffer packets with the VLAN tags that are specified by the user.

No Packets Analysis Module

• Sends a notification to the user if no packets have been received after a preset amount of time.

FTP Capture Analysis Module

• Monitors FTP sessions and captures FTP communications of a user defined list of user names.

CMI (Cisco Messaging Interface) Filter

• Filters and extracts content (802.3) packets from a CMI tunnel. Can be applied to other Law Enforcement plug-ins.
  • Manages fragmented/orphaned packets
  • Includes CMI Tunnel Utility

Forensics Plug-in

• Allows data mining across multiple captured trace files. Data can be filtered by IP, Mac and time and date range

DHCP Capture Plugin

• Monitors DHCP sessions, capturing traffic when the specific MAC has been assigned an IP.
• Per target setting
  • Allows more than one target to be tracked based in the dates specified in a court order

VOIP Capture Plugin

• Monitors VOIP calls, capturing traffic based on a MAC, IP, or phone number, and writes the voice traffic to .wav files.

ETSI Capture Plugin

• Extracts packets tunneled in the ETSI TS 102 232 tunneling protocol.