3.3. Functional characteristics of the GCaps

3.3.1. Functional characteristics

REFERENCE

MAX THROUGHPUT

NUMBER OF FILES RECONSTRUCTED MAX PER S

NUMBER OF SESSIONS MAX

NUMBER OF

MAX SESSIONS PER

EPS MAX

GCAP1010HWr2

10 MBPS

1

1000

20

100

GCAP1020HWr2

20 MBPS

2

2000

50

100

GCAP1050HWr2

50 MBPS

2

5000

100

100

GCAP1100HWr2

100 MBPS

5

20000

1000

200

GCAP1200HWr2

200 MBPS

10

40000

2000

300

GCAP1400HWr2

400 MBPS

10

40000

2000

400

GCAP2200HWr2

1 GBPS

20

150 000

5 000

2000

GCAP2600HWr2

2 GBPS

30

200 000

10 000

3000

GCAP2800HWr2

4 GBPS

30

250 000

20 000

4000

GCAP5400HWr2

10 GBPS

50

500 000

50 000

8000

GCAP5600HWr2

20 GBPS

50

750 000

75 000

8000

GCAP5800HWr2

40 GBPS

50

1 000 000

100 000

8000


3.3.2. List of protocols that can be selected for analysis

Protocol detection consists of two parts:

  • parsing:

    • it enables SIGFLOW signature detection for a given protocol.

    • if parsing is enabled for a protocol then the flow identified by a signature raises an alert.

    • if parsing is disabled for a protocol then no alert is raised.

  • logging:

    • it enables generating metadata for a given protocol.

    • if logging is enabled for a protocol then the observed flow will generate metadata.

    • if logging is disabled for a protocol then no metadata is generated.

For each interface, it is possible to:

  • enable parsing and logging

  • enable parsing only

  • disable parsing and logging

PROTOCOLE

PARSING

LOGGING

DCE-RPC

supported

supported

DHCP

supported

supported

DNP3

supported

supported

DNS_udp

supported

supported

DNS_tcp

supported

supported

ENIP

supported

not supported

FTP

supported

supported

HTTP

supported

supported

HTTP2

supported

supported

IKEv2

supported

supported

IMAP

parsing detection only

not supported

Kerberos (KRB5)

supported

supported

MODBUS

supported

not supported

MQTT

supported

supported

NETFLOW

not supported

supported

NFS

supported

supported

NTP

supported

not supported

RDP

supported

supported

RFB

supported

supported

SIP

supported

supported

SMB

supported

supported

SMTP

supported

supported

SNMP

supported

supported

SHH

supported

supported

TFTP

supported

supported

TLS

supported

supported

These options depend on the Gcenter version, thus on the selected compatibility.

For more information, please refer to the GCenter documentation.


3.3.3. List of selectable protocols for file reconstruction

PROTOCOLE

SUPPORTE

FTP

supported

HTTP

supported

HTTP2

supported

NFS

supported

SMB

supported

SMTP

supported

These options depend on the Gcenter version, thus on the selected compatibility.

For more information, please refer to the GCenter documentation.

`