You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to add or change?:
Add the alert and executing user own script function in the ntopng if some traffic not listed in the whitelist were detected like Cisco ACL.
【Support Protocol in the Whitelist】
1. ARP
2. ICMP
3. UDP
Note: No need to support TCP. the environment has no TCP traffic. They want to check only ARP, ICMP and UDP traffic.
If the above lines are all set in the whitelist it works like below.
If any ARP traffic other than FROM: 10.10.10.1 TO: 10.10.10.2 was detected, trigger an alert (execute shell script).
If any ICMP traffic other than FROM: 10.10.10.1 TO: 10.10.10.2 was detected, trigger an alert (execute shell script).
If any UDP traffic other than FROM: 10.10.10.1 TO: 10.10.10.2 and port number udp/123 was detected, trigger an alert (execute shell script).
Example Whitelist#2
~
#layer2
#layer3
#layer4
UDP:10.10.10.1:10.10.10.2:123
~
If any UDP traffic other than FROM: 10.10.10.1 TO: 10.10.10.2 and port number udp/123 was detected, trigger an alert (execute shell script).
If any ARP traffic is detected, trigger an alert (execute shell script).
If any ICMP traffic is detected, trigger an alert (execute shell script).
Note: No alert would be triggered if traffic using other protocol aside from ICMP,UDP and ARP were detected.
Examples:
No alert would be triggered if traffic with protocol number 132 (SCTP) found.
No alert would be triggered if traffic with protocol number 47 (GRE) found.
Why do you and others need this?:
Our client request
The text was updated successfully, but these errors were encountered:
@Yoshihiro-jp Do you need us to support wildcards (* meaning any port)? Example UDP:10.10.10.1:10.10.10.2:* ?
Dear @lucaderi
No need to support the wildcards.
He would writes all IP addresses in the Whitelist.
What would you like to add or change?:
【Support Protocol in the Whitelist】 1. ARP 2. ICMP 3. UDPAdd the alert and executing user own script function in the ntopng if some traffic not listed in the whitelist were detected like Cisco ACL.
Note: No need to support TCP. the environment has no TCP traffic. They want to check only ARP, ICMP and UDP traffic.
【Whitelist format】
PROTOCOL:SRC_ADDR:DST_ADDR:DST_PORT
Note: the DST_PORT is mandatory when the Protocol was the UDP in the Whitelist.
【Whitelist examples】
Example Whitelist#1
~
#layer2
ARP:10.10.10.1:10.10.10.2
#layer3
ICMP:10.10.10.1:10.10.10.2
#layer4
UDP:10.10.10.1:10.10.10.2:123
~
If the above lines are all set in the whitelist it works like below.
Example Whitelist#2
~
#layer2
#layer3
#layer4
UDP:10.10.10.1:10.10.10.2:123
~
Note: No alert would be triggered if traffic using other protocol aside from ICMP,UDP and ARP were detected.
Examples:
No alert would be triggered if traffic with protocol number 132 (SCTP) found.
No alert would be triggered if traffic with protocol number 47 (GRE) found.
Why do you and others need this?:
Our client request
The text was updated successfully, but these errors were encountered: