Custom protocols

The view Custom protocols allows the process of recognising network protocols to be enriched by DC Netscope.

By default DC Netscope identifies the protocols of a network flow by taking into account the network port used for the flow. Although functional for flows that use the default ports associated with a protocol, the recognition of protocols is set to default when ports other than the default ports are used.

With Custom protocolsIt is possible to define rules that allow:

  • associate flows that do not use default ports with a protocol
  • define a new network protocol
  • define specific rules that target certain hosts

General view

The view Custom protocols is as follows: each card corresponds to a rule where a network protocol is defined. A rule consists of one or more criteria that allow DC Netscope to understand when to apply the rule. Please note that custom protocol rules only apply to unknown streams.

And here is an example of interaction with the component:

Define a rule

It is possible to define several types of criteria within a rule:

Simple criterion:

It is a criterion that indicates a value that one of the attributes of a flow must satisfy.

Below you will find examples of criteria:

Compound criterion:

This is a criterion that will be composed of several sub-criteria. It is possible to configure the composite criterion in two ways:

  • all the following are trueThe composite criterion is satisfied if all sub-criteria are met.
  • one at least is trueThe composite criterion is met if at least one of the sub-criteria is met.
  • Below is an example of a composite criterion:

Not' criterion:

This is a criterion that is met, if its sub-criterion is not met

Actions on a criterion

The three icons above allow respectively (from left to right)

  • edit the criterion
  • add sub-criteria in the case of criteria compounds or not
  • delete the criterion

Actions on a rule

It is possible to perform several actions on a rule. By default, on the right of a rule, you have the following action buttons:

The actions are as follows:

  • checkChecks that the syntax of the criteria is correct.
  • editSwitches the rule to edit mode.
  • deletedeletes the rule.

By clicking on the edit icon, the following buttons will appear:

Click on save allows you to exit the editing mode of a rule and save the changes locally.

Below you will find an example of interactions:

Synchronisation of rules in the database

Once the local state of the rules is deemed satisfactory, the protocol rules can be pushed to the DC Netscope server. To do this, click on the PUSH TO SERVER.

Conversely, if you want to retrieve the latest rules stored on the server, or if you want to undo local changes, you must click on the button PULL FROM SERVER