2 Replies Latest reply on Jul 8, 2016 4:51 AM by d_aloy

    Identify SQL traffic


      Which is the best way to configure NPS to detect and log all traffic (god and bad) going to an SQL Server from a specific subnet?

        • 1. Re: Identify SQL traffic

          Hi Guillote,


          You can use the Packet Capture option at Devices > (Sensor_Name) > Troubleshooting > Packet Capturing > Capture Now and specify the destination address.



          • 2. Re: Identify SQL traffic

            I'm not sure I understand your question... Where do you have the IPS sensors?


            Is the traffic going through the devices? If the answer is Yes, then you already have visibility on that traffic.

            If the answer is no, then you need to find a way to route the traffic through an IPS device or mirror the subnet traffic and send it to a SPAN port on an IPS sensor