Scanning and analyzing TCP traffic when handshake packets are not mirrored in Deep Discovery Inspector (DDI)

- Updated:
- 31 Mar 2015
- Product/Version:
- Deep Discovery Inspector 3.2
- Deep Discovery Inspector 3.5
- Deep Discovery Inspector 3.6
- Deep Discovery Inspector 3.7
- Deep Discovery Inspector 3.8
- Platform:
- N/A N/A

Summary

You want to know if DDI is able to scan or analyze TCP traffic if the packets for TCP three-way handshake are not mirrored but all other packets after the handshake are mirrored.

Details

DDI cannot scan or analyze TCP traffic when handshake packets are not mirrored. Because TCP is a stateful protocol, three-way handshake packets are required for DDI scanning. Otherwise, DDI will not treat the traffic as stream to scan.

Make sure to mirror all packets to DDI, including packets from connection establishment to connection close.

Since UDP traffic is a stateless protocol, DDI treats UDP packets as independent datagram so there is no such limitation.

Rating:

Category:

Troubleshoot; SPEC

Solution Id:

1103527

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.