Supported Protocols
Malcolm uses Zeek and Moloch to analyze network traffic. These tools provide varying degrees of visibility into traffic transmitted over the following network protocols:
| Traffic | Wiki | Organization/Specification | Moloch | Zeek |
|---|---|---|---|---|
| Internet layer | 🔗 | 🔗 | ✓ | ✓ |
| Border Gateway Protocol (BGP) | 🔗 | 🔗 | ✓ | |
| Building Automation and Control (BACnet) | 🔗 | 🔗 | ✓ | |
| Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) | 🔗 | 🔗 | ✓ | |
| Dynamic Host Configuration Protocol (DHCP) | 🔗 | 🔗 | ✓ | ✓ |
| Distributed Network Protocol 3 (DNP3) | 🔗 | 🔗 | ✓ | |
| Domain Name System (DNS) | 🔗 | 🔗 | ✓ | ✓ |
| EtherNet/IP / Common Industrial Protocol (CIP) | 🔗 🔗 | 🔗 | ✓ | |
| FTP (File Transfer Protocol) | 🔗 | 🔗 | ✓ | |
| Google Quick UDP Internet Connections (gQUIC) | 🔗 | 🔗 | ✓ | ✓ |
| Hypertext Transfer Protocol (HTTP) | 🔗 | 🔗 | ✓ | ✓ |
| Internet Relay Chat (IRC) | 🔗 | 🔗 | ✓ | ✓ |
| Kerberos | 🔗 | 🔗 | ✓ | ✓ |
| Lightweight Directory Access Protocol (LDAP) | 🔗 | 🔗 | ✓ | ✓ |
| Modbus | 🔗 | 🔗 | ✓ | |
| MQ Telemetry Transport (MQTT) | 🔗 | 🔗 | ✓ | |
| MySQL | 🔗 | 🔗 | ✓ | ✓ |
| NT Lan Manager (NTLM) | 🔗 | 🔗 | ✓ | |
| Network Time Protocol (NTP) | 🔗 | 🔗 | ✓ | |
| Oracle | 🔗 | 🔗 | ✓ | |
| PostgreSQL | 🔗 | 🔗 | ✓ | |
| Process Field Net (PROFINET) | 🔗 | 🔗 | ✓ | |
| Remote Authentication Dial-In User Service (RADIUS) | 🔗 | 🔗 | ✓ | ✓ |
| Remote Desktop Protocol (RDP) | 🔗 | 🔗 | ✓ | |
| Remote Framebuffer (RFB) | 🔗 | 🔗 | ✓ | |
| S7comm / Connection Oriented Transport Protocol (COTP) | 🔗 🔗 | 🔗 🔗 | ✓ | |
| Session Initiation Protocol (SIP) | 🔗 | 🔗 | ✓ | |
| Server Message Block (SMB) / Common Internet File System (CIFS) | 🔗 | 🔗 | ✓ | ✓ |
| Simple Mail Transfer Protocol | 🔗 | 🔗 | ✓ | ✓ |
| Simple Network Management Protocol | 🔗 | 🔗 | ✓ | ✓ |
| SOCKS | 🔗 | 🔗 | ✓ | ✓ |
| Secure Shell (SSH) | 🔗 | 🔗 | ✓ | ✓ |
| Secure Sockets Layer (SSL) / Transport Layer Security (TLS) | 🔗 | 🔗 | ✓ | ✓ |
| Syslog | 🔗 | 🔗 | ✓ | ✓ |
| Tabular Data Stream | 🔗 | 🔗 🔗 | ✓ | ✓ |
| Telnet / remote shell (rsh) / remote login (rlogin) | 🔗🔗 | 🔗🔗 | ✓ | ✓ |
| WireGuard | 🔗 | 🔗🔗 | ✓ | |
| various tunnel protocols (e.g., GTP, GRE, Teredo, AYIYA, IP-in-IP, etc.) | 🔗 | ✓ | ✓ |
1398
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
