Selecting network protocols for receiving mirrored traffic from SPAN ports

Kaspersky Anti Targeted Attack Platform can receive and process mirrored traffic, and extract objects and protocol metadata. You can configure receipt of mirrored traffic from SPAN ports.

To select network protocols for receiving mirrored traffic from SPAN ports:

  1. Enter the management console of the Sensor server via the SSH protocol or through a terminal.
  2. When the system prompts you, enter the administrator user name and the password that was set during the installation of the application.

    This opens the settings menu for the Sensor component. If the menu does not open, enter the kata-admin-menu command and press ENTER.

  3. Go to the Program settings → Configure traffic capture → Setup capture protocols section using the ↑, ↓, and ENTER keys. The selected row is highlighted in red.

    This opens a window where you can enable or disable receipt of mirrored traffic from SPAN ports for the following network protocols:

    • DNS
    • FTP
    • HTTP
    • HTTP2
    • SMTP
    • SMB
    • NFS

      To analyze NFS traffic, you must mount the NFS partition and specify the version of the protocol.

      Example:

      for NFS v.4:

      mount -t nfs -o vers=4 -O uid=1000,iocharset=utf-8 <address>:/from/dir /to/dir

      for NFS v.3:

      mount -t nfs -o vers=3 -O uid=1000,iocharset=utf-8 <address>:/from/dir /to/dir

    If receipt of mirrored traffic from a SPAN port via a network protocol is enabled, [x] is displayed to the right of the network protocol name. If receiving mirrored traffic from a SPAN port is disabled for a particular network protocol, [ ] is displayed to the right of the name of that protocol.

    By default, receipt of mirrored traffic from SPAN ports is enabled for all network protocols except HTTP2.

  4. If you want to enable or disable the receipt of mirrored traffic from SPAN ports for a particular network protocol, select that using the ↑, ↓ keys and press ENTER.
  5. Select the line containing Apply and Exit and press ENTER.

Network protocols for receiving mirrored traffic from SPAN ports are selected.

Page top