3. Select scanned protocols

_images/MoteurDeDetectionOFF.png

This menu is present in the configuration settings of the GCap probe so that the administrator can select the type of protocols captured and analyzed by the GCenter.

Important

The presence of this tab is due to the version compatibility mode selected between a GCap and a GCenter from the 'Compatibility' menu. If the GCenter has a version less than or equal to 2.5.3.100 then this setting is possible from the GCap. In addition, more or fewer protocols are available depending on this compatibility mode.

_images/SPDC10.PNG

From the 'Protocols' tab, the administrator can select the box corresponding to the protocol to be analyzed using the "space" key or the left mouse click.

The possibility of analysis will cover the following protocols depending on the compatibility of the GCenter:

_images/SPDC11.PNG

Note

List of scanned protocols: NFS | TFTP (limited to port 69) | SMTP | SSH | TLS | Kerberos (KRBS) | DHCP | TFTP | IKEv2 | DCE-RPC | DNP3 | DNS over UDP | DNS over TCP | FTP | HTTP | MODBUS | SMB

In a second step, it will be necessary to define the preferences for recording the following protocols:

_images/SPDC12.PNG

Note

List of registered protocols: NETFLOW | DNP3 | DNS | HTTP | SMTP | SSH | TLS | Kerberos | DHCP | TFTP | IKEv2 | NFS | TFTP (limited to port 69)

This menu allows you to select the protocols that will be processed by Sigflow. It is used for example to disable DNS protocol analysis which can easily overwhelm a GCap probe. The system administrator must apply the configuration between each page via 'OK' for this to be taken into account.

You can do it with the following CLI command :

set protocols-selector parsing [enable|disable] [DHCP|IKEv2|KRBS|NFS|TFTP|NTP|Modbus|FTP|SMTP|TLS|SSH|SMB|HTTP|DNP3|DNS-UDP/TCP|DCE-RPC]

set protocols-selector logging [enable|disable] [DHCP|IKEv2|KRBS|NFS|TFTP|DNP3|DNS|HTTP|Netflow|SSH|TLS|SMTP]