blog posts

what is NetScan

scan Network Assurance

NetScan is a powerful, flexible network monitoring system that extracts information directly from the control and user plane and makes it accessible in real-time. In addition to complete, end-to-end capabilities, NetScan offers continuous real-time monitoring of 100% of transactions, ensuring no data is lost or information missed. All transactions in the network are captured, processed, consolidated, and stored for real-time or historical reporting. It offers many important features for every mobile operator.

 Learn about Scanner Access Now Easy here!

Real-time, 24/7, continuous network monitoring, processing, and data analysis. Supports fixed and mobile (incl. GSM-R) voice and data networks, from SS7 to LTE – all in one system.

Shared-RAN support (MOCN & MORAN), including secure separation of data between MNOs involved. Reach a set of pre-defined KPIs aggregated per cell, project, region, BSC/RNC, roaming partner, and terminal type.

Detailed analysis of radio-related problems, incl. unique full Abis coverage. Network-wide call tracing with down-to-bit message decoding.

Open architecture ready to deploy new features (real-time alarming, VIP subscriber care system, Gn, LTE).


System architecture

 

Highly distributed, scalable system architecture to cope with high load.

Network signaling is monitored through intelligent TAPs feeding local servers with pre-filtered data.

Captured PDUs are decoded and processed to calculate KPIs and correlate on various levels.

Multi-interface correlation is supported, including inter-BSC and inter-system HOs.


Network status indication

The network status screen visualizes statistics values with colors indicating violating statistics’ pre-defined thresholds.

All elements on the screen are active – with a single mouse click, one can see statistical details, detailed cell analysis, or signaling transactions.


Statistics

 

400+ KPIs calculated for all significant protocols on RAN & Core interfaces

Daily, hourly, 15 minutes … aggregations per cell, region, cluster, etc.

Graphical visualization of single statistic in many geos- and time contexts.


Call tracing

 

Calls can be analyzed both in tabular and graphical formats.

Calls can be traced based on localization (region->project->BSC/RNC->cell), terminal or user identity (IMEI, IMSI, TMSI), selected transaction parameters (termination cause, type of transaction, etc.), or specific events like unsuccessful HO.


Traffic Analysis

 

Over time, visualize traffic metrics (volume, bytes/packets sent, etc.).

Shows traffic distribution per node

Optionally, it displays also service/protocol distribution.


Cell analysis

3-dimensional graphs illustrate the correlation between specific measurements reported in MR messages for the selected cell and time.

Systemics-PAB is a leading company in Quality of Experience benchmarking services. We are also a fully active member of ETSI, the European Telecommunications Standards Institute.
The company’s headquarters is in Poland, with offices in Russia, Germany, Ireland, Austria, and Jordan. We provide our services to
mobile operators globally.
Our customers are predominantly mobile operators, including Vodafone, T-Mobile, Orange, and MTS. We also
work for equipment vendors such as Nokia and Huawei and telecommunications markets regulators.

Systemics-PAB and NetScan are part of the Systemics Group, which delivers independent auditing
and optimization services. We aim to help mobile operators improve their network service quality. Customer especially appreciates our services and monitoring system with multiple RAN
equipment vendors.


Our auditing and optimization services include the following:

  • Active drive and indoor QoE benchmarking tests
    • E2E monitoring and analysis of Voice, Data, and Video – from RAN up to IP Core Network
    • Carrier Aggregation/VoLTE testing
    • Complete QoS & QoE Analysis
    • Roaming monitoring
    • Diagnostics & Optimization of MNO
    • Quality Problems Investigations
    • Software Tools Development
    • Network Strategy Consulting
    • Audits and training in mobile technologies (LTE-A/LTE/3G/2G).

Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network protocol to signal devices and awaits a response. Most network scanning today is used in monitoring and management, but scanning can also identify network elements or users for attacks. The specific protocol features used in scanning depend on the network. Still, for IP networks, scanning typically sends a simple message (a ping, for example) to each possible IP address in a specified range. Then it uses another protocol to obtain data on the devices if a response to the ping is received.

When used by monitoring and management systems, scanning is used to identify current network users, determine the state of systems and devices, and take an inventory of network elements. Often an inventory of devices is compared against a list of expected devices as a health measure. All these are legitimate management functions and are used routinely by network administrators.

Scanning used by attackers relies on the same tools and protocols as monitoring/management scanning. An attacker would typically obtain the IP address range assigned to a company using the domain name system (DNS) or the WHOIS protocol. Addresses within that address range would then be scanned, looking for servers, their operating systems, the system architecture, and the services running on each. The attacker can then attempt to breach the target systems and applications.

Types of netscan

The nets can process two other sub-branches, which we will examine all three scans in the following:
Network scanning

This scan is a fundamental and essential method to determine active systems’ location.S. Scanning the network or nets can help the hacker obtain a logical network plan and a basic road map.

In the first step, the footprint step, data such as the organization’s DNS, email servers, and IP address ranges are identified.

During the scanning phase, the hacker discovers details about the identified IP addresses, architecture, operating systems, and services running on each system.

In the enumeration phase of nets can, data such as routing tables, usernames, network groups, and Simple Network Management Protocol (SNMP) data are collected.

Port Scanning

As the name suggests, port scanning is a process used to find active ports on a network. A port scanner forwards client requests to a range of target network ports and then stores details about the ports that send responses.

This type of scanning is deeper than nets can or Network Scanning and clearly shows details. For example, it shows that a system with IP address 10.10.10.10 is up and running, and port 80 (a popular port for HTTP traffic) is open. So this device is a web server, and a hacker can use this information to plan the next stage of his hack.

Finding open holes among the 65,535 ports of each IP address provides the necessary opportunities for a robust and successful attack.

Of course, this sub-branch of nets can itself has different types, the most used of which are:

  • TCP scanning
  • SYN scanning
  • UDP scanning
  • ACK scanning
  • Window scanning
  • FIN scanning

Vulnerability scanning

Go a step beyond port scanning and identify not only open ports and operating systems and the vulnerabilities the host faces. For example, if a port scanner shows that the host is running Windows 7 and a particular service, a vulnerability scanner will also detect vulnerabilities caused by exploits.

These vulnerabilities discovered by nets can result from poor programming and misconfiguration of the network. Among the types of vulnerable scanners, the following can be mentioned:

Network Enumerator – A computer program used to gather information about users and groups of systems on a network. Network Vulnerability Scanner – an approach that continuously scans network vulnerabilities.

Web Application Security Scanner – a program that communicates with a web application and identifies possible vulnerabilities of the application or its architecture.

Computer Worm – a type of computer malware used to detect vulnerabilities.

How to prevent hackers from running Netscan

Hackers use net can tools to search the network to discover the security levels of organizations, and by identifying vulnerabilities, they can attack properly and somewhere. You must have up-to-date and practical information on Netscan to remove these threats from your network.

The presence of powerful security software, port scanning tools, and security alerts are among the primary needs of the network. Netcat and Nmap are valuable tools that you can use to increase your security levels by identifying vulnerabilities.

The most widely used network defense mechanisms against unauthorized nets can use a strong firewall.

A firewall can prevent unauthorized access to a business’s private network. Firewalls can detect ports and their status and monitor and turn off running scans.

Most quality routers have a built-in firewall, but installing a software firewall on devices connected to the Internet is recommended. These types of firewalls identify external threats and prevent any risk of attacking high-risk ports. This makes the network’s vulnerabilities less against the nets can problems caused by hackers.

TCP wrappers

TCP wrappers allow administrators more flexibility to allow access or block unauthorized access. Admins do this based on IP addresses and domain names.

Discovering holes in the network

Identify open ports, network status, and system vulnerabilities by performing the necessary scans before the hacker comes into action with the nets that can attack.

Periodic scanning of the network helps to discover its weak points. If you can identify vulnerable applications, open and vulnerable ports, poor programming, incorrect network configuration, etc., before the hacker, you will block the way for any attack by Netscan.

Some other solutions:

Checking the files on the server and identifying suspicious and malicious files
Using tools like CXS and Maldet to prevent malicious file uploads
Using tools like Hardening to close open ports and services