Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classification Presenter Name Presenter Title TDA Troubleshooting sharing.

Published byMorgan Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "Classification Presenter Name Presenter Title TDA Troubleshooting sharing."— Presentation transcript:

1 Classification Presenter Name Presenter Title TDA Troubleshooting sharing

2 Copyright 2007 - Trend Micro Inc. Classification Agenda Login Kmod page to check con-current the TDA traffic How to check network traffic has pass-thru TDA monitor port ? How to check packets have no lost ? How to check TDA performance ? How to check TDA network interface link speed?

3 Copyright 2007 - Trend Micro Inc. Login Kmod page to check con-current the TDA traffic Check if packet is not dropped when mirrored to TDA –https://[TDA_Management_IP]/html/kmod_main.html –“conntrack_count” : concurrent connection including all TCP state –No packet dropped : “nr_corrupt” is 0 –No packet dropped : “ESTABLISHED” is almost equal to “conntrack_count”

4 Copyright 2007 - Trend Micro Inc. Trouble Shooting SYN_SENT: the number of TCP sessions that are in SYN_SENT state at the moment ESTABLISHED : the number of TCP sessions that are in ESTABLISHED state at the moment nr_corrupt : accumulated number of TCP sessions that are timed-out (60 seconds) in established state => numbers of sessions that had packet dropped clientserver Data communication 1:syn : SYN_SENT 2:synack : SYN_RECV 3:ack : ESTABLISHED

5 Copyright 2007 - Trend Micro Inc. Classification What kind of tools you should ready before go to next step. Before you go to next page, following tools you should prepared. –A SSH client, Putty is preferred. –A OpenSSH public key that support TDA access. This key that is control release by TDA R&D team. –A network traffic analysis tool like Ethereal.

6 Copyright 2007 - Trend Micro Inc. Debug Log URL: https://[TDA_Management_IP]/cgi-bin/cgiSetDebugLog.cgi It will ask you to logon TDA first to avoid non- authorized communication Debug Level and Module Settings –Debug Level disable,0-fatal,1-error,2-warning,3-info,4-debug –Debug Module ID 1-cav, 3-fstream_serv, 4-mr_system_logger, 5- preconf, all Export Debug Log Debug Log Maintenance (Reset Debug Log) Note –debug log will rotate when it reaches size of 10 M bytes.

7 Copyright 2007 - Trend Micro Inc. Rule disable/enable Why? –TDA provide customized rule detection for customer/analyzer How? –URL: https://[TDA_Management_IP]/cgi-bin/cav_edit.cgihttps://[TDA_Management_IP]/cgi-bin/cav_edit.cgi It will ask you to logon TDA first to avoid non- authorized communication –Check  Mark as  Apply (TDA takes effect immediately) Note –Rule enable/disable setting will be overwritten after update Network Content Correlation Pattern

8 Copyright 2007 - Trend Micro Inc. Known threat logging disable Why? –TDA can disable the log in database when it detects known threat (VSAPI, Network Virus) –Customer doesn’t want to see duplicate detection logs before the victim client is taken care of How? –URL: https://[TDA_Management_IP]/cgi-bin/cav_log.cgihttps://[TDA_Management_IP]/cgi-bin/cav_log.cgi It will ask you to logon TDA first to avoid non- authorized communication –Select VSAPI or Network Virus then save (TDA takes effect immediately)

9 Copyright 2007 - Trend Micro Inc. Classification Q&A

Download ppt "Classification Presenter Name Presenter Title TDA Troubleshooting sharing."

Similar presentations

THE FIRST MEETING IMPLEMENTATION 1. Goals Set Direction Establish Agreed Upon Necessity Establish Lead Individuals Team Building Management Support Success.

THE FIRST MEETING IMPLEMENTATION 1. Goals Set Direction Establish Agreed Upon Necessity Establish Lead Individuals Team Building Management Support Success.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Copyright 2008 Kenneth M. Chipps Ph.D. www.chipps.com Cisco CCNA Exploration CCNA 2 Routing Protocols and Concepts Chapter 4 Distance Vector Routing Protocols.

Copyright 2008 Kenneth M. Chipps Ph.D. Cisco CCNA Exploration CCNA 2 Routing Protocols and Concepts Chapter 4 Distance Vector Routing Protocols.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
source router Destination IP packet IP packet fragments Reassembly Required Fragments Created.

source router Destination IP packet IP packet fragments Reassembly Required Fragments Created.
Remote Login: TELNET and

Remote Login: TELNET and
ECE 526 – Network Processing Systems Design Packet Processing II: algorithms and data structures Chapter 5: D. E. Comer.

ECE 526 – Network Processing Systems Design Packet Processing II: algorithms and data structures Chapter 5: D. E. Comer.
P2P Project Mark Kurman Nir Zur Danny Avigdor. Introduction ► Motivation:  Firewalls may allow TCP or UDP connections on several specific ports and block.

P2P Project Mark Kurman Nir Zur Danny Avigdor. Introduction ► Motivation:  Firewalls may allow TCP or UDP connections on several specific ports and block.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Process-to-Process Delivery:

Process-to-Process Delivery:
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.

PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Www.netfort.com NetFort Customer Webinar Getting back to basics – Using LANGuardian Aisling Brennan 26 th Feb 2015.

NetFort Customer Webinar Getting back to basics – Using LANGuardian Aisling Brennan 26 th Feb 2015.

Similar presentations

Ads by Google