Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
42-12
FireSIGHT System User Guide
 
Chapter 42      Enhancing Network Discovery 
  Using Custom Fingerprinting
Caution
You can capture IPv6 fingerprints only with appliances running Version 5.2 and later of the FireSIGHT 
System.
Step 8
In the 
Target Distance
 field, enter the number of network hops between the host and the device that you 
 to collect the fingerprint.
Caution
This must be the actual number of physical network hops to the host, which may or may not be the same 
as the number of hops detected by the system.
Step 9
From the 
Interface
 list, select the network interface that is connected to the network segment where the 
host resides.
Caution
Cisco recommends that you do not use the sensing interface on a managed device for fingerprinting for 
several reasons. First, fingerprinting does not work if the sensing interface is on a span port. Also, if you 
use the sensing interface on a device, the device stops monitoring the network for the amount of time it 
takes to collect the fingerprint. You can, however, use the management interface or any other available 
network interfaces to perform fingerprint collection. If you do not know which interface is the sensing 
interface on your device, refer to the Installation Guide for the specific model you are using to 
fingerprint.
Step 10
Click 
Get Active Ports
.
If the system has detected any open ports on the host, they appear in the drop-down list.
Step 11
In the 
Server Port
 field, type the port that you want the device selected to collect the fingerprint to initiate 
contact with, or select a port from the 
Get Active Ports 
drop-down list.
You can use any server port that you know is open on the host (for instance, 80 if the host is running a 
web server).
Step 12
In the 
Source IP Address
 field, type an IP address that should be used to attempt to communicate with the 
host.
You should use a source IP address that is authorized for use on the network but is not currently being 
used, for example, a DHCP pool address that is currently not in use. This prevents you from temporarily 
knocking another host offline while you create the fingerprint.
In addition, you should exclude that IP address from monitoring in your network discovery policy while 
you create the fingerprint. Otherwise, the network map and discovery event views will be cluttered with 
inaccurate information about the host represented by that IP address. For more information, see 
.
Step 13
In the 
Source Subnet Mask
 field, type the subnet mask for the IP address you are using.
Step 14
If the 
Source Gateway
 field appears, enter the default gateway IP address that should be used to establish 
a route to the host.
The 
Source Gateway
 field appears if the target distance (number of hops) is 1 or higher and you are using 
an interface other than the management interface to connect to the network where the host resides.
Step 15
If you want to display custom information in the host profile for fingerprinted hosts or if the fingerprint 
name you want to use does not exist in the OS Definition section, select 
Use Custom OS Display
 in the 
Custom OS Display section.
Provide the values you want to appear in host profiles for the following: