Sensing Properties
Sensing
Properties
As you have read in Chapter 4, the Sensing tab allows you
to configure what signature configuration file the sensor is using, what Packet
Capture Device (Interface) the sensor is using, and how to handle IP fragment
reassembly. You can specify the active configuration, which is the signature
file the sensor is using for comparison. You also set the Packet Capture Device.
This is the sniffing interface. This is also the tab that you configure for IP
fragment reassembly (discussed earlier in this chapter).
Configuring Sensing Properties
To configure the sensing properties, follow these steps:
-
Select the Sensing tab on the sensor you
are going to configure (see Figure 7.22 earlier).
-
In the Active Configuration field, select the Sensor
Signature file template that the sensor will be using to monitor the network. It
is not uncommon to have a different Sensor Signature file template for each
sensor. Some signatures may be disabled or tuned differently depending on the
positioning on the network.
-
Select the appropriate Packet Capture device for your device
and network. The Packet Capture device is the interface that is doing the
sniffing. (Refer to Chapter 3 for help with the different interfaces on a
sensor.)
-
If you are configuring IP fragment reassembly, make your
configuration changes here. IP fragment reassembly causes your sensor to
reassemble a fragmented IP packet first, and then compare that packet with a
signature. This can be a resource hog depending on your network traffic
patterns. Unless you are very familiar with the traffic patterns on your
network, do not modify the default settings.
-
Once you have finished configuring the Sensing parameters,
click OK, then save and update your
configuration.
-
From the Command tab, click Approve Now to push the new configuration to your
sensor.
154 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
