Custom protocols

The Custom Protocols view enhances the process of recognizing network protocols in DC Netscope.

By default, DC Netscope identifies the protocols of a network flow based on the network port used for the flow. While this method is functional for flows using default ports associated with a protocol, protocol recognition fails when non-default ports are used.

With Custom Protocols, you can define rules that allow you to:

  • Associate flows that do not use default ports with a specific protocol.
  • Define a new network protocol.
  • Create precise rules targeting specific hosts.

Overview

The Custom Protocols view is structured as follows: each card represents a rule defining a network protocol. A rule consists of one or more criteria that enable DC Netscope to determine when to apply the rule. Please note that custom protocol rules only apply to unknown flows.

Here is an example of interacting with the component:

Defining a Rule

You can define several types of criteria within a rule: Simple Criterion

A simple criterion specifies a value that one of the flow's attributes must satisfy.

Below are examples of simple criteria:

Compound Criterion

A compound criterion consists of multiple sub-criteria. It can be configured in two ways:

  • All the following are true: The compound criterion is satisfied if all sub-criteria are met.
  • At least one is true: The compound criterion is satisfied if at least one sub-criterion is met.

Below is an example of a compound criterion:

Not Criterion

A not criterion is satisfied if its sub-criterion is not met. Criterion Actions

The three icons above allow you to (from left to right):

  • Edit the criterion.
  • Add sub-criteria for compound or not criteria.
  • Delete the criterion.

Rule Actions

Several actions can be performed on a rule. By default, the action buttons on the right side of a rule include:

The actions are as follows:

  • Check: Verifies the syntax of the criteria.
  • Edit: Enters edit mode for the rule.
  • Delete: Deletes the rule.

When you click the edit icon, the following buttons appear:

Clicking Save exits edit mode and saves the changes locally.

Below is an example of these interactions:

Synchronizing Rules with the Database

Once the local state of the rules is satisfactory, you can push the protocol rules to the DC Netscope server by clicking the PUSH TO SERVER button.

Conversely, to retrieve the latest rules stored on the server or to discard local modifications, click the PULL FROM SERVER button.