Cisco Cisco Firepower Management Center 4000
17-4
FireSIGHT System User Guide
Chapter 17 Introduction to Intrusion Prevention
Understanding How Traffic Is Analyzed
As the system captures packets, it sends them to the packet decoder. The packet decoder converts the
packet headers and payloads into a format that can be easily used by the preprocessors and the rules
engine. Each layer of the TCP/IP stack is decoded in turn, beginning with the data link layer and
continuing through the network and transport layers, as described in the following table.
packet headers and payloads into a format that can be easily used by the preprocessors and the rules
engine. Each layer of the TCP/IP stack is decoded in turn, beginning with the data link layer and
continuing through the network and transport layers, as described in the following table.
Processing Packets
License:
Protection
Table 17-1
Decoded Packets
TCP/IP Layer
Decoded Packets
Data Link
•
Ethernet
•
Virtual local area network (VLAN)
•
Multiprotocol Label Switching (MPLS)
Network
•
Encapsulated Remote Switched Port Analyzer (ERSPAN) Type II, Type III
•
Internet Protocol version 4 (IPv4)
•
Internet Protocol version 6 (IPv6)
•
Internet Control Message Protocol version 4 (ICMPv4)
•
Internet Control Message Protocol version 6 (ICMPv6)
•
Point-to-Point Protocol (PPP)
•
Point-to-Point Protocol over Ethernet (PPPoE)
•
Generic Routing Encapsulation (GRE)
•
Encapsulating Security Protocol (ESP)
•
Teredo tunneling
•
GPRS Tunneling Protocol (GTP)
Transport
•
Transmission Control Protocol (TCP)
•
User Datagram Protocol (UDP)