Using a test network packet to verify event registration
To verify the registration of events in Kaspersky Industrial CyberSecurity for Networks, you can use a test network packet. When this type of packet is detected in traffic, the application registers test events based on the following technologies:
Deep Packet Inspection. An event is registered regardless of whether or not there are Process Control rules or tags.
Network Integrity Control An event is registered regardless of whether or not there are Network Control rules. Use of Network Integrity Control technology must be enabled.
Intrusion Detection. An event is registered regardless of whether or not there are Intrusion Detection rules. Use of Rule-based Intrusion Detection must be enabled.
Asset management. An event is registered regardless of whether or not there are known assets in the assets table. Use of asset activity detection must be enabled.
To verify audit functions, Kaspersky Industrial CyberSecurity for Networks saves information about the registration of test events in the audit log. An audit entry is created for each registered event, and this entry specifies the technology used to register the test event.
A test network packet is a UDP protocol packet with certain parameter values. The parameters are defined in such a way as to exclude the probability of receiving such a packet in normal industrial network traffic.
The following data must be defined in the parameters of a test network packet:
Ethernet II header:
Source MAC address: 00:00:00:00:00:00
Destination MAC address: ff:ff:ff:ff:ff:ff
EtherType: 0x0800 (IPv4)
Source IP address: 127.0.20.20
Destination IP address: 127.0.20.20
Protocol type: 17 (UDP)
Source port: 20
Destination port: 20
Length of packet contents, in bytes: 20
Packet contents: "KICS4Net Sentinel 20"
To generate and send a test network packet, you can use a network packet generator program such as Scapy. You need to send the test network packet from a node whose traffic is controlled by Kaspersky Industrial CyberSecurity for Networks.
To send a test network packet using the program Scapy in a Linux® operating system:
In the operating system console of the computer, enter the command to run Scapy in interactive mode:
Enter the command to send the test network packet: