Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

    scio sysconf


    scio sysconf option


    Displays supported protocols, attacks, and contexts.


    Table 1 describes scio sysconf options and provides examples of command syntax.

    Table 1: Command Reference: scio sysconf


    Usage and Examples


    Displays a complete list of supported protocols, attacks, and contexts.

    [root@defaulthost admin]# scio sysconf all
            :model (
                    :type (NS-IDP-1100C)
            :version (
                    :branch (idp51)
                    :major (5)
                    :minor (1)
                    :build (136809)
            :interfaces (
                    : (eth2
                            :nic (eth2)
                            :vr (vr0)
                            :subs (s0)
                            :ipaddr ("n/a")
                            :netmask ("n/a")
                            :broadcast ("n/a")
                            :mac ("00:00:00:00:00:00")
                            :sniffer (true)
                            :ha_interface (false)
                            :external (false)


    Displays protocols that can be decoded.

    [root@defaulthost admin]# scio sysconf protocols
    Name        Proto Port        Line Separator Scope
    ----        ----- ----------- -------------- -----------
    ECHO        TCP   7           CRLF           session
    DISCARD     TCP   9           NONE           session
    CHARGEN     TCP   19          NONE           session
    FTP         TCP   21          CRLF or LF     session
    SSH         TCP   22          NONE           session
    TELNET      TCP   23          NONE           session
    SMTP        TCP   25          CRLF or LF     transaction
    DNS         TCP   53          NONE           transaction
    GOPHER      TCP   70          NONE           session
    FINGER      TCP   79          CRLF or LF     session
    HTTP        TCP   80          CRLF or LF     transaction
    HTTP        TCP   3128        CRLF or LF     transaction
    HTTP        TCP   8000        CRLF or LF     transaction
    HTTP        TCP   8080        CRLF or LF     transaction
    POP3        TCP   110         CRLF or LF     session
    PORTMAPPER  TCP   111         NONE           transaction
    IDENT       TCP   113         CRLF or LF     session
    SMB         TCP   139         NONE           session
    IMAP        TCP   143         CRLF or LF     session
    SMB         TCP   445         NONE           session
    REXEC       TCP   512         NONE           session
    RLOGIN      TCP   513         NONE           session
    RSH         TCP   514         /              session
    LPR         TCP   515         CRLF or LF     session
    RTSP        TCP   554         NONE           session
    NFS         TCP   2049        NONE           transaction
    IRC         TCP   6667        CRLF or LF     session
    YMSG        TCP   5050        NONE           session
    AIM         TCP   5190        NONE           session
    VNC         TCP   5800        NONE           session
    VNC         TCP   5900        NONE           session
    NNTP        TCP   119         CRLF           session
    MSN         TCP   1863        CRLF           session
    GNUTELLA    TCP   6346        NONE           session
    WHOIS       TCP   43          CRLF or LF     session
    LDAP        TCP   389         NONE           transaction
    SSL         TCP   443         NONE           session
    MSRPC       TCP   135         NONE           transaction
    MSSQL       TCP   1433        NONE           session
    MYSQL       TCP   3306        NONE           session
    BGP         TCP   0           NONE           session
    SIP         TCP   5060        NONE           session
    TNS         TCP   1521        NONE           session
    H225SGN     TCP   1720        NONE           session
    IEC104      TCP   2404        NONE           session
    MODBUS      TCP   502         NONE           transaction
    UNSPECIFIED TCP   0           NONE           session
    ECHO        UDP   7           NONE           session
    DISCARD     UDP   9           NONE           session
    CHARGEN     UDP   19          NONE           session
    DNS         UDP   53          NONE           transaction
    DHCP        UDP   67          NONE           transaction
    DHCP        UDP   68          NONE           transaction
    TFTP        UDP   69          NONE           session
    PORTMAPPER  UDP   111         NONE           transaction
    SNMP        UDP   161         NONE           transaction
    SNMPTRAP    UDP   162         NONE           session
    IKE         UDP   500         NONE           session
    SYSLOG      UDP   514         NONE           session
    NFS         UDP   2049        NONE           transaction
    NTP         UDP   123         NONE           session
    NBNAME      UDP   137         NONE           session
    NBDS        UDP   138         NONE           session
    RADIUS      UDP   1812        NONE           transaction
    RADIUS      UDP   1813        NONE           transaction
    MSRPC       UDP   135         NONE           transaction
    SQLMON      UDP   1434        NONE           session
    UNSPECIFIED UDP   0           NONE           session
    SIP         UDP   5060        NONE           session
    H225RAS     UDP   1718        NONE           session
    H225RAS     UDP   1719        NONE           session
    MGCP        UDP   2427        NONE           session
    MGCP        UDP   2727        NONE           session
    IEC104      UDP   2404        NONE           session
    RTP         UDP   0           NONE           transaction
    RTPVIDEO    UDP   0           NONE           transaction
    ICMP        ICMP  N/A         NONE           session
    RUSERS      TCP   RPC/100002  NONE           transaction
    RUSERS      UDP   RPC/100002  NONE           transaction
    NFS         TCP   RPC/100003  NONE           transaction
    NFS         UDP   RPC/100003  NONE           transaction
    NFS         TCP   RPC/100227  NONE           transaction
    NFS         UDP   RPC/100227  NONE           transaction
    PORTMAPPER  TCP   RPC/100000  NONE           transaction
    PORTMAPPER  UDP   RPC/100000  NONE           transaction


    Displays protocols the kernel can detect.

    [root@defaulthost admin]# scio sysconf ptypes
    Name     ID
    ----     --
    http     0
    ssh      1
    msn      2
    ymsg     3
    vnc      4
    gnutella 5
    gopher   6


    Displays attacks that can be detected.

    [root@defaulthost admin]# scio sysconf attacks
    Service     SvcID Attack                                 AttackID
    -------     ----- ------                                 --------
    NONE        0     ACCEPT                                 0
                      RULEBASE_DROP                          1
                      NO_VCIRCUIT                            2
                      NO_ROUTE                               3
                      NO_ARP_ENTRY                           4
                      ARP_PENDING                            5
                      SHORT_READ                             6
                      LINE_TOO_LONG                          7
                      TTL_TIME_EXCEEDED                      8
                      INVALID_IP_PROTOCOL                    9
                      INVALID_VERSION                        10
                      INVALID_CHECKSUM                       11
                      TCP_SESSIONS_EXCEEDED                  12
                      UDP_SESSIONS_EXCEEDED                  13
                      ICMP_SESSIONS_EXCEEDED                 14
                      IP_SESSIONS_EXCEEDED                   15
                      SESSION_START                          16
                      SESSION_END                            17
                      MEMORY_LIMIT_EXCEEDED                  18
                      OVERSIZED_TCP_SEGMENT                  19
                      INVALID_TCP_HEADER_LENGTH              20


    Displays contexts that can be isolated in attack searches.

    [root@defaulthost admin]# scio sysconf contexts
    Service  Context                             OffID Direction
    -------  ------                              ----- ---------
    NONE     stream                              0     ANY
    NONE     normalized-stream                   1     ANY
    NONE     normalized-stream256                2     ANY
    NONE     normalized-stream1k                 3     ANY
    NONE     normalized-stream8k                 4     ANY
    NONE     stream256                           5     ANY
    NONE     stream1k                            6     ANY
    NONE     stream8k                            7     ANY
    NONE     line                                8     ANY
    NONE     first-packet                        9     ANY
    NONE     first-data-packet                   10    ANY
    NONE     packet                              11    ANY
    HTTP     http-url                            12    CTS
    HTTP     http-url-parsed                     13    CTS
    HTTP     http-url-parsed-param               14    CTS
    HTTP     http-url-parsed-param-parsed        15    CTS
    HTTP     http-get-url-parsed-param-parsed    16    CTS
    HTTP     http-post-url-parsed-param-parsed   17    CTS
    HTTP     http-head-url-parsed-param-parsed   18    CTS
    HTTP     http-param-parsed                   19    CTS
    HTTP     http-get-url                        20    CTS

    Published: 2011-02-08