3.3. Functional characteristics of GCap

3.3.1. Functional characteristics

REFERENCE

MAX THROUGHPUT

NUMBER OF FILES RECONSTRUCTED MAX PER S

NUMBER OF SESSIONS MAX

NUMBER OF MAX SESSIONS PER

EPS MAX

GCAP1010HWr2

10 MBPS

1

1000

20

100

GCAP1020HWr2

20 MBPS

2

2000

50

100

GCAP1050HWr2

50 MBPS

2

5000

100

100

GCAP1100HWr2

100 MBPS

5

20000

1000

200

GCAP1200HWr2

200 MBPS

10

40000

2000

300

GCAP1400HWr2

400 MBPS

10

40000

2000

400

GCAP2200HWr2

1 GBPS

20

150 000

5 000

2000

GCAP2600HWr2

2 GBPS

30

200 000

10 000

3000

GCAP2800HWr2

4 GBPS

30

250 000

20 000

4000

GCAP5400HWr2

10 GBPS

50

500 000

50 000

8000

GCAP5600HWr2

20 GBPS

50

750 000

75 000

8000

GCAP5800HWr2

40 GBPS

50

1 000 000

100 000

8000

3.3.2. List of protocols that can be selected for analysis

Protocol detection consists of two parts:

  • parsing:

    • It enables SIGFLOW signature detection for a given protocol

    • If parsing is enabled for a protocol then the flow identified by a signature raises an alert

    • If parsing is disabled for a protocol then no alert is raised

  • logging:

    • It enables generating metadata for a given protocol

    • If logging is enabled for a protocol then the observed flow will generate metadata

    • If logging is disabled for a protocol then no metadata is generated

For each interface, it is possible to:

  • Enable parsing and logging

  • Enable parsing only

  • Disable parsing and logging

    PROTOCOL

    PARSING

    LOGGING

    DCE/RPC

    supported

    supported

    DHCP

    supported

    supported

    DNP3

    supported

    supported

    DNS_udp

    supported

    supported

    DNS_tcp

    supported

    supported

    ENIP

    supported

    not supported

    FTP

    supported

    supported

    HTTP

    supported

    supported

    HTTP2

    supported

    supported

    IKEv2

    supported

    supported

    IMAP

    parsing detection only

    not supported

    Kerberos (KRB5)

    supported

    supported

    MODBUS

    supported

    not supported

    MQTT

    supported

    supported

    NETFLOW

    not supported

    supported

    NFS

    supported

    supported

    NTP

    supported

    not supported

    RDP

    supported

    supported

    RFB

    supported

    supported

    SIP

    supported

    supported

    SMB

    supported

    supported

    SMTP

    supported

    supported

    SNMP

    supported

    supported

    SHH

    supported

    supported

    TLS

    supported

    supported
These options depend on the GCenter version, thus on the selected compatibility.
For more information, please refer to the GCenter documentation.

3.3.3. List of selectable protocols for file reconstruction

PROTOCOL

SUPPORTED

FTP

supported

HTTP

supported

HTTP2

supported

NFS

supported

SMB

supported

SMTP

supported
These options depend on the GCenter version, thus on the selected compatibility.
For more information, please refer to the GCenter documentation.