Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
OpenCALEA
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: [OpenCALEA] standards compliance

  • From: Jesse Norell
  • Date: Tue Mar 20 10:46:32 2007 
On Mon, 2007-03-19 at 15:46 -0800, an unknown sender wrote:
> 
> >  Is the goal of OpenCALEA specifically to conform to that standard (final
> > version), or simply to meet legal requirements under CALEA?
> 
> I'm still trying to decipher the legal requirements of CALEA as it appears 
> the law doesn't define a standard yet we apparently need to comply with 
> whatever "standard" the industry comes up with.

  As I understand it from various places (though I need to look at the
CALEA document itsself) is you can use any approach that gets the job
done and can get the data to the law enforment agency; so opencalea
could use their own packet format, etc., and if everything is covered as
far as collecting and presenting all the pertinent info, I'd imagine
that LEA's would accept that format for intercepts.  Another approach
would be to implement the ATIS-PP-1000013.2007 standard.  There are
pro's/con's of both ways, of course; my question was if opencalea was
specifically trying for one approach or the other.  If that question is
currently unanswered, that may be a good discussion to have real
soon.  :)

  If anyone wants a good overview of calea requirements, the best I've
found to date is: http://www.baller.com/pdfs/BHLG-CTC_CALEA_Memo.pdf



> Another puzzler is whether the Cisco router CALEA stream (intercepted 
> layer-2 packets bottled up in UDP) is sufficient to forward or if the data 
> has to be massaged with a UDP-UDP converter before forwarding to the LEA.

  No idea.  I'll try to find time to read at least section 103 of the
CALEA spec .. but I'm not familiar with Cisco's calea features, either.


> Last but not least is whether its possible to do on-the-fly filtering with 
> libpcap to pull a particular IP off a switch SPAN port.

  You mean to configure the switch?  libpcap could not do that.  If you
mean have the switch send all it's traffic to a monitoring port (is that
a "span port" in cisco parlance?) and libpcap filter out what it's
interested in, then yes, that's exactly how it works.


-- 
Jesse Norell - jesse@kci.net
Kentec Communications, Inc.


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.