"The marriage of [these] technologies creates a better way for the enterprise to safeguard itself from threats that could compromise the network"
— Mike Montecillo, analyst, Enterprise Management Associates
 

    Quick Contact

    First Name:

    Last Name:

    Company:

    Email:

    Phone:

    State:

    What can we do for you?

      


    Click here for more contact options.

  •  

 
 

Supported Protocols

The following protocols are supported by the Intelligent Content Extraction (ICE) engine, used by NitroView Application Data Monitor (ADM). Information contained within the following documents may be monitored by NitroView ADM, for improved security and fraud detection.

Protocol Modules

Protocol ModuleComments
AOLMAILAOL Webmail
DeltaSyncWindows Live Mail over Outlook client
FTP
Gmail
Hotmail
HTTP
IRC
MAPIMicrosoft Exchange
MSN
MS SQL ServerMonitor SQL queries
Network PrintersPrint monitor - PJL (postscript, PCL)
NNTP
OSCARICQ, AOL Instant Messaging
Peer to PeerGnutella
POP3
SIPIM / VoIP
SMTP
SSHNo Decryption
SSLNo Decryption
Telnet
XMPPJabber IM
YahoomailYahoo Webmail
YIMYahoo Instant Messaging

Network Modules

Network ModuleComments
BASE64
DNSIP -> Name Cache for Use by Modules
GZIP
HU01Compression used by windows live mail
IPIPv4
KERBEROSWindows Login Detection
LZFUCompression used by MAPI / TNEF
MARKUPText Extraction from HTML for Indexing
MIMEEmail and Web Form Decoding
NBNSNames for MAC Addresses from Windows
QPQuoted Printable decoding
RFC822Email Decoding
RPC
RTFText Extraction for Indexing
RTP
SMBDetection only
SOCKSProxy Server
TARArchive extraction
TNEFWinmail.dat files
TCP
UDP
ZIPArchive extraction

File Transfer Protocol Modules

FTPHTTPSMB¹SSL²
Display NameDisplay NameDisplay NameDisplay Name
File NameFile NameFile NameFile Name
Host NameHost NameHost NameHost Name
URLReferer
URL
All HTTP headers

E-Mail Protocol Modules

DeltaSyncMAPINNTPPOP3SMTP
Bcc³BccBcc³Bcc³Bcc³
Cc³CcCc³Cc³Cc³
Display NameDisplay NameDisplay NameDisplay NameDisplay Name
From³FromFrom³From³From³
Host NameHost NameHost NameHost NameDomain
Subject³SubjectSubject³PasswordHost Name
To³ToTo³Subject³To³
User NameTo³Subject³
User Name

Web-Mail Protocol Modules

AOLGmailHotmailYahoo
Attachment NameAttachment NameAttachment NameAttachment Name
Bcc³Bcc³Bcc³Bcc³
Cc³Cc³Cc³Cc³
Display NameDisplay NameDisplay NameDisplay Name
File NameFile NameFile NameFile Name
Host NameHost NameHost NameHost Name
From³From³From³From³
Subject³Subject³Subject³Subject³
To³To³To³To³

Instant-Messaging Protocol Modules

AOLICQJabberMSNSIPYahoo
Call IDCall IDCall IDCall IDCall IDCall ID
Client VersionClient VersionClient VersionClient VersionClient VersionClient Version
Contact NameContact NameContact NameContact NameContact NameContact Name
Contact NicknameContact NicknameContact NicknameContact NicknameContact NicknameContact Nickname
Display NameDisplay NameDisplay NameDisplay NameDisplay NameDisplay Name
File NameFile NameFile NameFile NameFile NameFile Name
User NameUser NameUser NameUser NameUser NameUser Name
User NicknameUser NicknameUser NicknameUser NicknameUser NicknameUser Nickname

Peer To Peer Protocol Modules

GnutellaDisplay NameFile NameHost Name

Network Printers Protocol Modules

PJL
Auto Continue
Auto Select
Banner Sheet
Comment
Copies
Message
Name
Job Name
Language
User Name
Password
Start Page

Shell Access Protocol Modules

SSH*Telnet
Display NameDisplay Name
Host NameHost Name

VoIP Protocol Modules

SIP
Call ID
Client Version
Contact Name
Contact Nickname
Display Name
File Name
User Name
User Nickname

DB Protocol Modules

MS SQL Server (TDS)
App Name
Ctl Internal Name
Database
Host Name
Password
Server Name
User Name

Content Extraction Modules

HTMLRTFTARTNEFZIP

Decompression & Decoding Modules

BASE64GZIPHU01LZFUMIMEQuoted-PrintableRFC822

Low-Level & Transport Protocol Modules

DNSIPv4KerberosNBNSRPCRTPSOCKSTCPUDP

Notes

¹ Detection only

² No decryption, captures X.509 certificates and encrypted data

³ Via RFC822 module

For all protocols we capture source/destination IP and MAC addresses, and Time/Date stamp (msec).



These icons link to social bookmarking sites to help share this content.
  • bodytext
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • Propeller
  • TwitThis
              
 

Search NitroSecurity.com