Supported Protocols
Malcolm uses Zeek and Moloch to analyze network traffic. These tools provide varying degrees of visibility into traffic transmitted over the following network protocols:
Traffic | Wiki | Organization/Specification | Moloch | Zeek |
---|---|---|---|---|
Internet layer | 🔗 | 🔗 | ✓ | ✓ |
Border Gateway Protocol (BGP) | 🔗 | 🔗 | ✓ | |
Building Automation and Control (BACnet) | 🔗 | 🔗 | ✓ | |
Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) | 🔗 | 🔗 | ✓ | |
Dynamic Host Configuration Protocol (DHCP) | 🔗 | 🔗 | ✓ | ✓ |
Distributed Network Protocol 3 (DNP3) | 🔗 | 🔗 | ✓ | |
Domain Name System (DNS) | 🔗 | 🔗 | ✓ | ✓ |
EtherNet/IP / Common Industrial Protocol (CIP) | 🔗 🔗 | 🔗 | ✓ | |
FTP (File Transfer Protocol) | 🔗 | 🔗 | ✓ | |
Google Quick UDP Internet Connections (gQUIC) | 🔗 | 🔗 | ✓ | ✓ |
Hypertext Transfer Protocol (HTTP) | 🔗 | 🔗 | ✓ | ✓ |
Internet Relay Chat (IRC) | 🔗 | 🔗 | ✓ | ✓ |
Kerberos | 🔗 | 🔗 | ✓ | ✓ |
Lightweight Directory Access Protocol (LDAP) | 🔗 | 🔗 | ✓ | ✓ |
Modbus | 🔗 | 🔗 | ✓ | |
MQ Telemetry Transport (MQTT) | 🔗 | 🔗 | ✓ | |
MySQL | 🔗 | 🔗 | ✓ | ✓ |
NT Lan Manager (NTLM) | 🔗 | 🔗 | ✓ | |
Network Time Protocol (NTP) | 🔗 | 🔗 | ✓ | |
Oracle | 🔗 | 🔗 | ✓ | |
PostgreSQL | 🔗 | 🔗 | ✓ | |
Process Field Net (PROFINET) | 🔗 | 🔗 | ✓ | |
Remote Authentication Dial-In User Service (RADIUS) | 🔗 | 🔗 | ✓ | ✓ |
Remote Desktop Protocol (RDP) | 🔗 | 🔗 | ✓ | |
Remote Framebuffer (RFB) | 🔗 | 🔗 | ✓ | |
S7comm / Connection Oriented Transport Protocol (COTP) | 🔗 🔗 | 🔗 🔗 | ✓ | |
Session Initiation Protocol (SIP) | 🔗 | 🔗 | ✓ | |
Server Message Block (SMB) / Common Internet File System (CIFS) | 🔗 | 🔗 | ✓ | ✓ |
Simple Mail Transfer Protocol | 🔗 | 🔗 | ✓ | ✓ |
Simple Network Management Protocol | 🔗 | 🔗 | ✓ | ✓ |
SOCKS | 🔗 | 🔗 | ✓ | ✓ |
Secure Shell (SSH) | 🔗 | 🔗 | ✓ | ✓ |
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) | 🔗 | 🔗 | ✓ | ✓ |
Syslog | 🔗 | 🔗 | ✓ | ✓ |
Tabular Data Stream | 🔗 | 🔗 🔗 | ✓ | ✓ |
Telnet / remote shell (rsh) / remote login (rlogin) | 🔗🔗 | 🔗🔗 | ✓ | ✓ |
WireGuard | 🔗 | 🔗🔗 | ✓ | |
various tunnel protocols (e.g., GTP, GRE, Teredo, AYIYA, IP-in-IP, etc.) | 🔗 | ✓ | ✓ |