3.3. Functional characteristics of GCap
3.3.1. Functional characteristics
REFERENCE |
MAX THROUGHPUT |
NUMBER OF FILES RECONSTRUCTED MAX PER S |
NUMBER OF SESSIONS MAX |
NUMBER OF MAX SESSIONS PER |
EPS MAX |
|---|---|---|---|---|---|
GCAP1010HWr2 |
10 MBPS |
1 |
1000 |
20 |
100 |
GCAP1020HWr2 |
20 MBPS |
2 |
2000 |
50 |
100 |
GCAP1050HWr2 |
50 MBPS |
2 |
5000 |
100 |
100 |
GCAP1100HWr2 |
100 MBPS |
5 |
20000 |
1000 |
200 |
GCAP1200HWr2 |
200 MBPS |
10 |
40000 |
2000 |
300 |
GCAP1400HWr2 |
400 MBPS |
10 |
40000 |
2000 |
400 |
GCAP2200HWr2 |
1 GBPS |
20 |
150 000 |
5 000 |
2000 |
GCAP2600HWr2 |
2 GBPS |
25 |
200 000 |
10 000 |
3000 |
GCAP2800HWr2 |
4 GBPS |
25 |
250 000 |
20 000 |
4000 |
GCAP5400HWr2 |
10 GBPS |
35 |
500 000 |
50 000 |
8000 |
GCAP5600HWr2 |
20 GBPS |
35 |
750 000 |
75 000 |
8000 |
GCAP5800HWr2 |
40 GBPS |
35 |
1 000 000 |
100 000 |
8000 |
3.3.2. List of protocols that can be selected for analysis
Protocol detection consists of two parts:
parsing:
It enables SIGFLOW signature detection for a given protocol
If parsing is enabled for a protocol then the flow identified by a signature raises an alert
If parsing is disabled for a protocol then no alert is raised
logging:
It enables generating metadata for a given protocol
If logging is enabled for a protocol then the observed flow will generate metadata
If logging is disabled for a protocol then no metadata is generated
For each interface, it is possible to:
Enable parsing and logging
Enable parsing only
Disable parsing and logging
PROTOCOLE |
PARSING |
LOGGING |
|---|---|---|
DCE-RPC |
supported |
supported |
DHCP |
supported |
supported |
DNP3 |
supported |
supported |
DNS_udp |
supported |
supported |
DNS_tcp |
supported |
supported |
ENIP |
supported |
not supported |
FTP |
supported |
supported |
HTTP |
supported |
supported |
HTTP2 |
supported |
supported |
IKEv2 |
supported |
supported |
IMAP |
parsing detection only |
not supported |
Kerberos (KRB5) |
supported |
supported |
MODBUS |
supported |
not supported |
MQTT |
supported |
supported |
NETFLOW |
not supported |
supported |
NFS |
supported |
supported |
NTP |
supported |
not supported |
RDP |
supported |
supported |
RFB |
supported |
supported |
SIP |
supported |
supported |
SMB |
supported |
supported |
SMTP |
supported |
supported |
SNMP |
supported |
supported |
SHH |
supported |
supported |
TFTP |
supported |
supported |
TLS |
supported |
supported |
These options depend on the Gcenter version, thus on the selected compatibility.
For more information, please refer to the GCenter documentation.
3.3.3. List of selectable protocols for file reconstruction
PROTOCOLE |
SUPPORTED |
|---|---|
FTP |
supported |
HTTP |
supported |
HTTP2 |
supported |
NFS |
supported |
SMB |
supported |
SMTP |
supported |
These options depend on the Gcenter version, thus on the selected compatibility.
For more information, please refer to the GCenter documentation.