Using a test network packet to verify event registration

To verify the registration of events in Kaspersky Industrial CyberSecurity for Networks, you can use a test network packet. When this type of packet is detected in traffic, the application registers test events based on the following technologies:

Events are registered with system event types that are assigned the following codes:

You can view test events in the table of registered events.

To verify audit functions, Kaspersky Industrial CyberSecurity for Networks saves information about the registration of test events in the audit log. An audit entry is created for each registered event, and this entry specifies the technology used to register the test event.

A test network packet is a UDP protocol packet with certain parameter values. The parameters are defined in such a way as to exclude the probability of receiving such a packet in normal industrial network traffic.

The following data must be defined in the parameters of a test network packet:

To generate and send a test network packet, you can use a network packet generator program such as Scapy. You need to send the test network packet from a node whose traffic is controlled by Kaspersky Industrial CyberSecurity for Networks.

Example:

To send a test network packet using the program Scapy in a Linux® operating system:

  1. In the operating system console of the computer, enter the command to run Scapy in interactive mode:

    sudo scapy

  2. Enter the command to send the test network packet:

    sendp(
    Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/
    IP(src='127.0.20.20', dst='127.0.20.20', id=20, ttl=20)/
    UDP(sport=20, dport=20)/
    "KICS4Net Sentinel 20",
    iface="<interface name>"
    )

    where <interface name> is the name of the network interface connected to the industrial network (for example, eth0).

After the packet is detected in traffic, Kaspersky Industrial CyberSecurity for Networks registers test events.

Page top