Scenario 2.1: Status Code Logging (Protocols)

Scenario 2.1: Status Code Logging (Protocols)#

Purpose#

Identify, collect, and report on protocol-specific error status codes for services.

Description#

This demonstration shows how decrypted traffic can be utilized to identify, collect, and report on protocol-specific error status codes for services. HTTP, SMTP, and SQL servers were utilized in this demonstration. A traffic generation script produced error codes related to each protocol.

Procedure#

  1. Run script2.1 to generate status codes for MariaDB, SMTP, and HTTP.

  2. Observe the status codes for each service in NetScout’s Packet analysis tool.

Expected Outcome#

The status codes for each service are visible in NetScout.

Passive

Active

Bounded Life-Time

Exported Session Key

Break & Inspect (Mira)

Break and Inspect (F5)

Real-Time

Post-Facto

Real-Time

Post-Facto

Real-Time

Post-Facto

Real-Time

Post-Facto

Pass

Pass

Pass

Pass

Pass

Pass

Pass

Pass

Screenshots#

A screenshot of NetScout's packet capture interface showing decrypted MariaDB traffic during an error.

Decrypted errors generated by MariaDB.#