Custom protocols

The view Custom protocols view allows you to enrich the process of network protocol recognition by DC Netscope.

By default DC Netscope identifies the protocols of a network flow by taking into account the network port used for the flow. Although functional for flows that use the default ports associated with a protocol, protocol recognition is defeated when other than the default ports are used. protocol recognition is set to default when other than the default ports are used.

With Custom protocols it is possible to define rules that allow:

  • associate flows that do not use default ports with a protocol
  • define a new network protocol
  • define specific rules that target certain hosts

General view

The Custom protocols view is as follows: each card corresponds to a rule where a network protocol is defined. A rule is composed of one or more criteria that allow DC Netscope to understand when to apply the rule. Please note that custom protocol rules are only applied to unknown flows.

And here is an example of interaction with the component:

Defining a rule

It is possible to define several types of criteria within a rule:

simple criterion:

This is a criterion that indicates a value that one of the attributes of a stream must satisfy.

Below you will find examples of criteria:

Composed criterion:

This is a criterion that will be composed of several sub-criteria. It is possible to configure the composed criterion in two ways:

  • all the following are true: The composed criterion is satisfied if all the sub-criteria are satisfied.
  • one at least is true: The composed criterion is satisfied if at least one of the sub-criteria is satisfied.
  • Below is an example of a composed criterion:

'not' criterion:

This is a criterion that is satisfied, if its sub-criterion is not satisfied

Actions on a criterion

The three icons above allow respectively (from left to right)

  • edit the criterion
  • add sub-criteria in the case of criteria composed or not
  • delete the criterion

Actions on a rule

It is possible to perform several actions on a rule. By default, on the right of a rule, you have the following action buttons:

The actions are the following:

  • check: checks that the syntax of the criteria is correct.
  • edit: switches the rule to edit mode.
  • delete: deletes the rule.

By clicking on the edit icon, the following buttons are available:

Click on save allows you to exit the editing mode of a rule and save the changes locally.

Below you will find an example of interactions:

Synchronisation of rules in the database

Once the local state of the rules is deemed satisfactory, it is possible to push the protocol rules to the DC Netscope server. To do this, click on the PUSH TO SERVER.

Conversely, if you want to retrieve the last rules stored on the server, or if you want to undo the local modifications you must click on the button PULL FROM SERVER