Safe Harbor MiniProbe


  • Low cost, easy-to- install
  • Supports latest ATIS lawful-intercept standards,
  • Discovers dynamic IP address assignments
  • Full IPv6 support
  • Supports both pen-register and full-content intercepts
  • Three 1G “listening” inputs
  • Completely self-contained (e.g., integrated VPN, user interface)
  • Also supports VoIP and LTE intercept

4” x 3” x 1” fanless MiniProbe

The Subsentio Safe Harbor MiniProbe is an easy-to-install, self-contained system that provides interception, administration, and VPN security — all in one device.

  • As an out-of-line passive device, the probe can be connected to taps or span/mirror points in the network. 
  • It is independent of specific equipment used in the network.
  • The probe can discover and track dynamic IP assignments.
  • Intercepts are configured or provisioned in the probe through a secure web-browser interface.

Data Intercepts:  The MiniProbe performs data intercepts on many types of broadband networks.  A wide range of identifiers can be provisioned for a target, including:

  • IPv4/IPv6 static address or subnet
  • MAC-to-EIU-64 identifiers
  • DHCP identifiers such as MAC addresses, client identifier, client name, option 82
  • RADIUS identifiers such as user name, calling station ID, NAS port
  • PPPoE IPCP MAC address
  • S-VLAN and C-VLAN tags

Case-by-case, the intercept can be specified as a pen-register (metadata-only) intercept or full content intercept, with optional location reporting.  For LTE, the probe can be connected to the S5 interface, or alternatively the S11 and SGi interfaces.  If access to external DHCP is available, LTE can also be treated as a simple broadband network.

VoIP Intercepts: If the WISP also provides a VoIP service, the same MiniProbe can be used for VoIP intercept, using phone numbers or URIs as intercept identifiers.

Email Alerts and Notifications:  The probe can be provisioned to send periodic reports to designated email addresses, including overall status reports to operational personnel and intercept-case-specific reports to law enforcement.  Additionally, certain events such as delivery error, disk capability, VoIP call start can be selected to trigger email messages.

Delivery:  The MiniProbe contains multiple mechanisms to maximize the robustness of the intercept delivery.  One of these, buffering, prevents the loss of intercept information if anything fails on the upstream path.  The probe integrates a site-to-site VPN capability, eliminating the need for a separate VPN appliance. 

Security: The MiniProbe has two highly protected interfaces:  The provisioning interface and the delivery interface.  It contains a firewall function that permits access to only a few services, and permits access from only a certain set of IP addresses.  A specific client certificate is required to access the TLS-based provisioning interface.  The delivery interface is typically protected using the built-in VPN capability.  Certain information within the probe is encrypted, such as buffer files and the probe’s database.

Filtering: The MiniProbe provides an array of filtering capabilities to reduce the output traffic to law enforcement, should the court order allow for this.  The probe can filter on specific VLAN tags and can filter out specified IP address and port combinations.  It also uses an extendible rules-based file to filter out specific services, such as Netflix, YouTube, Amazon Prime, Hulu, and others.

1G Subsentio Safe Harbor MiniProbe Physical and Electrical Characteristics

  • 4.25” x 3.25” x 1”
  • Approximately 1 lb
  • Fanless
  • Operating temperature: 0-40ºC
  • One 1G system port (provisioning and delivery)
  • Three input ports, RJ-45 copper
  • Max input rate: 2Gb/s data, 1 Gb/s VoIP
  • Max intercept delivery rate: 200 Mbps
  • Storage capacity 120 GB (solid state)
  • 12VDC power provided by external AC power supply (supplied), typical power 10W