Analyzer

Protocol

Version

Limitations

Example application

Corba

Corba

   

DNS

DNS

RFC 1035

UDP-based DNS only.

No support for multi-query requests.

 

DRDA (DB2)

DRDA (DB2)

DRDA version 2

 

IBM DB2 Universal Database 8.1

Exchange/RPC over HTTP

Exchange/RPC over HTTPS

Exchange

MS Exchange 2010, 2013

Encryption at application level is reported as “Encrypted transaction”.

Note: support for Exchange/RPC protocols is discontinued in Dc RUM 2017 and newer releases. Use the MSRPC decode instead, with limited functionality.

Microsoft Exchange Server 2013

Generic

TCP

RFC 793

  

Generic (with transactions)

TCP

RFC 793

  

HTTP

HTTP

1.1, 1.0 (RFC 2616)

Advanced analysis for GET/POST methods by default.

For all other methods, such as PUT, every hit is reported separately. These methods require manual configuration change to enable advanced analysis

No pipelining and no WebSockets support.

 

IBM MQ

IBM MQ over SSL

IBM MQ

WebSphere MQ 6, v7, v8

Supported with the DC RUM 2017 and HS AMD version of the DC RUM 12.4.

Previous version of the MQ decode (AMD Classic 12.4 and earlier) is discontinued.

Use scripted extensions to add insight into the MQ message content, transaction, user, error names extracted from the message content (including XML and any other non-encrypted message body formats)

Traffic between MQ servers, (Manager to Manager) and between MQ clients and MQ servers can be analyzed.

Dynamic queue names are recognized.

Persistent TCP sessions are supported.

Custom parsers for message content are available.

ICA (Citrix)

Citrix

4.5, 5.0, 6.0, 6.5, and 7.x

Username extraction and counting is limited to ICA traffic with Basic or None encryption levels.

RC5 encryption is not supported - When enhanced encryption is enabled, traffic will be considered an encrypted operation.

See Known limitations for more information.

Citrix XenApp

(formerly Citrix Metaframe Presentation Server).

SSL decryption is supported (ICA over SSL).

ICMP

ICMP

RFC 792

  

Informix

Informix

IDS 7.x, IDS 9.x

 

Informix Dynamic Server

IP

IP

RFC 791

  

Jolt (Tuxedo)

Jolt

8.x

 

BEA Tuxedo

Kerberos

SMB

Microsoft Kerberos 5

 

All Microsoft Windows systems that use the SMB 1.0 protocol. (Tested on Windows 2000 and Windows XP.)

LDAP

LDAPS

LDAP

RFC 4511

Applications using LDAP services in which Kerberos encryption is used are not supported.

All Java applications using LDAP services where “plain text ”authentication is used.

RPCMSRPCMicrosoft RPC

There's a default list of RPC GUIDs which RPC decode reports by the readable service endpoint names. Other GUIds can be added to the list via configuration means

Service endpoint names are recognized, but not the service transaction/operation call names, which typically are encrypted.

MSRPC

LSARPC

Exchange 2010

MySQL

MySQL

4.x and 5.x

  

NetFlow

NetFlow

version 5, version 9, IPFIX

Supported excluding flexible NetFlow: You should configure NetFlow to export only a subset of fields and only for ingress traffic.

Cisco router

Oracle

Net8

(a.k.a. SQL*Net a.k.a. TNS)

9i, 10g, 11g and 12c

No support for TDE encryption. If TDE encryption is enabled, the Oracle analyzer stops reporting performance data.

Oracle T3/TS3 is not supported.

Oracle 9i, 10g, 11g

Oracle Forms over HTTP/HTTPS

Oracle Forms

6i, 9i, 10.1, 11g

Note: Oracle Forms over TCP is not supported in DC RUM 2017 and newer and HS AMD 12.4.

Oracle Forms 6i

Oracle Application Server 9i, 10i, 10g R2, 11g

RMI

BEA T3

JBoss RMI

SUN RMI

  SSL/TLS support

SAP GUI

SAP GUI protocol (DIAG)

6.x, 7.x

 

SAP GUI for Java 7.10rev8,
SAP GUI for Windows 7.10,
SAP GUI for Windows 7.30,
SAP GUI for Windows 7.40,
SAP GUI Console, Net weaver Business Client 4.0.

SAP GUI over HTTPS

HTTPS

HTTP 1.1 encapsulated in SSL, SSL 3.0, TLS1.0 (RFC 2246), TLS1.1 (RFC 4346) and TLS1.2 (RFC 5246)

Tested with SAP 7.01 SP3 and 7.02.

SAP GUI for HTML

SAP HANA DBSAP HANA JDBC/ODBC Support added in DC RUM 2017SAP HANA database.

SAP RFC

SAP RFC

  

SAP PI, SAP BW, Excel plugin for SAP

SAP SNC for KerberosSAP RFCInternal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2We do not support other SNC libraries for SAP authentication using Kerberos. 

Siebel

HTTP

HTTP 1.1, 1.0 (RFC 2616)

HTTP 1.1 encapsulated in SSL, SSL 3.0, TLS1.0 (RFC 2246), TLS1.1 (RFC 4346) and TLS1.2 (RFC 5246)

A special parameter configuration is recommended for analyzing Siebel applications. For more information, see HTTP - Recognition and Parsing of URLs.

Siebel CRM 7.8.2.0.

Siebel CRM 8.0

Siebel OpenUI

SMB

SMB

SMB 1.0, 2.0

SMB 3.0 is not supported

All Microsoft Windows systems that use the SMB 1.0 or 2.0 protocol.

SMTP

SMTP, ESMTP

RFC 821, RFC1891

Supported commands: HELO/EHLO, MAIL FROM, RCPT TO, DATA, QUIT, RSET, VRFY, HELP, EXPN, NOOP (no support for SEND, SOML, SAML, TURN

Multi-part attachments are always saved in one piece (no segmentation is preserved).

MS Exchange Server native RPC protocol and POP3 (e-mail download) are not supported.

 

SOAP over HTTP/HTTPS

SOAP

SOAP 1.1 and 1.2

Automatic configuration support for Remote Procedures Calls only.

Can be configured to extract any identifiers from request or response messages, as long as it's not encrypted on the message level.

Any business application that uses SOAP for data exchange over the network.

SSL support.

SSL

SSL Decrypted

HTTPS

HTTP 1.1 encapsulated in SSL

SSL 3.0,

TLS1.0 (RFC 2246)

TLS1.1 (RFC 4346)

TLS1.2 (RFC 5246)

Only RSA Key Exchange Algorithm is supported for decryption.

Specifically, decryption is not supported for: Diffie-Hellman ciphers (DHE, ECDHE), 56-bit DES.

Discovery and cipher classification is supported for all ciphers

Open SSL supports 1024-bit, 2048-bit, 4096-bit and 8192-bit keys.

nCipher cards support 1024-bit, 2048-bit, 4096-bit and 8192-bit keys.

Cavium NITROX XL FIPS cards support 1024-bit and 2048-bit keys.

SSL/TLS version, cipher, certificate discovery.

SSL/TLS decryption support for Web/HTTP, SOAP, database protocols, Citrix ICA etc.

TCP

TCP

RFC 793

  

TDS

TDS

 

5.x, 7.x, 8.x

 

MS SQL Server 7.0, 2000-2012, 2016.

Sybase 10.0, Sybase Adaptive Server Enterprise (ASE) 15

SSL/TLS support

Named Pipes support

UDP

UDP

RFC 768

  

VoIP

RTP, RTCP, SIP, H323

G.726, GSM, G.722-64, G.729, G.711 (PCMA), G.711(PCMU), G.723.1 (ACELP), G.723.1 (MP-MLQ), LPS

Conference calls, secure protocols, and forked calls (multiple phones ringing at the same time) are not supported.

The AMD must see both signaling and media on the same AMD.

 

XML over HTTP/HTTPS

XML

W3C recommendation 1.0 and 1.1

Encapsulated HTTP and in HTTPS.

Message-level encryption is not supported.

TCP encapsulation supported only up to DC RUM 12.4 release. DC RUM 2017 support for TCP encapsulation can be achieved via custom scripts for the universal decode.

SSL support.

 

  • No labels

5 Comments

  1. Mrs,

    Some experience with support citrix version 7.5, in this table support protocols, say for citrix until to version 6.5 

    1. It was an omission in the table. Fixed. DC RUM 12.4, of course, supports 7.5. Thanks for pointing this out.

      1. Thanks!! just my customer ask for this! (wink)

  2. Some experience with Citrix versión 7.9?

  3. We're currently testing the 7.9 version. As soon as we complete the tests, we will update the table.