Home
Contents

NetResident - Network Content Monitoring Tool
Prev Page Next Page
 
Introduction
Overview
System Requirements
What Network Content NetResident Can Analyze
What’s New in NetResident 3.0
NetResident Architecture
Deploying the Application
Before You Begin: Network Visibility
Step 1: Deploying the NetResident Service and Console
Step 2: Deploying NetResident Agents
Ensuring Connectivity Between the System Components
Tips and Tricks
Setting Up the Database
Step 1: Creating a New Database and Configuration File
Step 2: Selecting an SQL Server
Step 3: Selecting a Database Location and Name
Step 4: Setting Database Access Token
Step 5: Summary
Working with NetResident
Events
Connections
Alerts
About
Understanding the Difference Between the Display and Capture Filters
Remote Connections
Aliases
Workspaces
Adding Exceptions to NetResident Agents
Manual SQL Server Installation
Analyzing Imported Capture Files
Frequently Asked Questions
Sales and Support

Adding Exceptions to NetResident Agents

It is possible to configure NetResident agents to ignore network traffic based on the source and/or destination IP addresses and/or ports. In essence, you are adding an exception, just like you add exceptions to a firewall. This feature may be useful in the following cases:

· Increasing system performance. Some protocols may generate much traffic that you do not want to analyze; excluding this traffic from analysis allows the application to “focus” on the traffic that is more important.
· Privacy reasons. You may want to prevent NetResident from analyzing certain network events.
· Dealing with software compatibility issues. Some third party software may not work correctly when running on the same computer where NetResident agent is installed.

To add an exception, navigate to the Excluded Connections frame on the Agents tab and click Add. The follow dialog is displayed:

exceptions2

The Description field contains an optional description of the exception being added. The Protocol field contains the protocol name to which the exception is applicable. Under Source Address, enter the source IP address and source port of the packets that you want to have ignored. Under Destination Address, enter the destination IP address and destination port of the packets that you want to have ignored. To add an exception successfully, you must specify at least one of the four parameters. To specify any IP address, leave the field blank or use “0.0.0.0” or “::”. To specify any port, leave the field blank or use “0”. For example, the image above illustrates a rule that would ignore any traffic originating from port 3389 regardless of the source and destination IP addresses and regardless of the destination port.

By default, each NetResident agent is installed with the following set of exceptions:

 

Source IP address

Source Port

Destination IP address

Destination Port

1

any

445

any

any

2

any

any

any

445

3

any

137

any

any

4

any

any

any

137

5

any

139

any

any

6

any

any

any

139

7

any

2221

any

any

8

any

any

any

2221

9

any

3389

any

any

10

any

any

any

3389