Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For administrators: Getting started with the application web interface

Managing the Sensor component

Selecting network protocols for receiving mirrored traffic from SPAN ports

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools

Selecting network protocols for receiving mirrored traffic from SPAN ports

April 2, 2024

ID 262106

Kaspersky Anti Targeted Attack Platform can receive and process mirrored traffic, and extract objects and protocol metadata. You can configure receipt of mirrored traffic from SPAN ports.

To select network protocols for receiving mirrored traffic from SPAN ports:

  1. Enter the management console of the Sensor server via the SSH protocol or through a terminal.
  2. When the system prompts you, enter the administrator user name and the password that was set during the installation of the application.

    This opens the settings menu for the Sensor component. If the menu does not open, enter the kata-admin-menu command and press ENTER.

  3. Go to the Program settings → Configure traffic capture → Setup capture protocols section using the ↑, ↓, and ENTER keys. The selected row is highlighted in red.

    This opens a window where you can enable or disable receipt of mirrored traffic from SPAN ports for the following network protocols:

    • DNS
    • FTP
    • HTTP
    • HTTP2
    • SMTP
    • SMB
    • NFS

      To analyze NFS traffic, you must mount the NFS partition and specify the version of the protocol.

      Example:

      for NFS v.4:

      mount -t nfs -o vers=4 -O uid=1000,iocharset=utf-8 <address>:/from/dir /to/dir

      for NFS v.3:

      mount -t nfs -o vers=3 -O uid=1000,iocharset=utf-8 <address>:/from/dir /to/dir

    If receipt of mirrored traffic from a SPAN port via a network protocol is enabled, [x] is displayed to the right of the network protocol name. If receiving mirrored traffic from a SPAN port is disabled for a particular network protocol, [ ] is displayed to the right of the name of that protocol.

    By default, receipt of mirrored traffic from SPAN ports is enabled for all network protocols except HTTP2.

  4. If you want to enable or disable the receipt of mirrored traffic from SPAN ports for a particular network protocol, select that using the ↑, ↓ keys and press ENTER.
  5. Select the line containing Apply and Exit and press ENTER.

Network protocols for receiving mirrored traffic from SPAN ports are selected.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.