Cisco Cisco FirePOWER Appliance 8120
42-12
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Using Custom Fingerprinting
Caution
You can capture IPv6 fingerprints only with appliances running Version 5.2 and later of the FireSIGHT
System.
System.
Step 8
In the
Target Distance
field, enter the number of network hops between the host and the device that you
to collect the fingerprint.
Caution
This must be the actual number of physical network hops to the host, which may or may not be the same
as the number of hops detected by the system.
as the number of hops detected by the system.
Step 9
From the
Interface
list, select the network interface that is connected to the network segment where the
host resides.
Caution
Cisco recommends that you do not use the sensing interface on a managed device for fingerprinting for
several reasons. First, fingerprinting does not work if the sensing interface is on a span port. Also, if you
use the sensing interface on a device, the device stops monitoring the network for the amount of time it
takes to collect the fingerprint. You can, however, use the management interface or any other available
network interfaces to perform fingerprint collection. If you do not know which interface is the sensing
interface on your device, refer to the Installation Guide for the specific model you are using to
fingerprint.
several reasons. First, fingerprinting does not work if the sensing interface is on a span port. Also, if you
use the sensing interface on a device, the device stops monitoring the network for the amount of time it
takes to collect the fingerprint. You can, however, use the management interface or any other available
network interfaces to perform fingerprint collection. If you do not know which interface is the sensing
interface on your device, refer to the Installation Guide for the specific model you are using to
fingerprint.
Step 10
Click
Get Active Ports
.
If the system has detected any open ports on the host, they appear in the drop-down list.
Step 11
In the
Server Port
field, type the port that you want the device selected to collect the fingerprint to initiate
contact with, or select a port from the
Get Active Ports
drop-down list.
You can use any server port that you know is open on the host (for instance, 80 if the host is running a
web server).
web server).
Step 12
In the
Source IP Address
field, type an IP address that should be used to attempt to communicate with the
host.
You should use a source IP address that is authorized for use on the network but is not currently being
used, for example, a DHCP pool address that is currently not in use. This prevents you from temporarily
knocking another host offline while you create the fingerprint.
used, for example, a DHCP pool address that is currently not in use. This prevents you from temporarily
knocking another host offline while you create the fingerprint.
In addition, you should exclude that IP address from monitoring in your network discovery policy while
you create the fingerprint. Otherwise, the network map and discovery event views will be cluttered with
inaccurate information about the host represented by that IP address. For more information, see
you create the fingerprint. Otherwise, the network map and discovery event views will be cluttered with
inaccurate information about the host represented by that IP address. For more information, see
.
Step 13
In the
Source Subnet Mask
field, type the subnet mask for the IP address you are using.
Step 14
If the
Source Gateway
field appears, enter the default gateway IP address that should be used to establish
a route to the host.
The
Source Gateway
field appears if the target distance (number of hops) is 1 or higher and you are using
an interface other than the management interface to connect to the network where the host resides.
Step 15
If you want to display custom information in the host profile for fingerprinted hosts or if the fingerprint
name you want to use does not exist in the OS Definition section, select
name you want to use does not exist in the OS Definition section, select
Use Custom OS Display
in the
Custom OS Display section.
Provide the values you want to appear in host profiles for the following: