• LogRhythm Documentation
  • LogRhythm Documentation
  • Knowledge Base Modules
  • Community
  • Support
  • University
  • Documentation Feedback
  • NetMon
  • Current: NetMon Deep Packet Analytics

NetMon Deep Packet Analytics

This section describes NetMon's Deep Packet Analytics, powered by the Lua API, and how to view, add, edit, and delete Deep Packet Analytics Rules.

Overview
Available Functions
Determine Flow State
Access Metadata
Packet-Level Functions
Alarming and Capture
Custom Metadata Fields
Logging
Deep Packet Analytics System Rules
Data Rules
Phishing Rules
Suspicious Behaviors
Operations and Company Policy Rules
Add a Custom DPA Rule to NetMon
Deep Packet Analytics Rule Examples
Alarm for HTTPS Protocol Mismatch
Capture Traffic from Specific IPs
Classify Custom Networks
Classify Newegg Traffic
Detect Applications in Flow
Detect External Network Traffic
Detect Protocol Mismatch
Detect Reverse PowerShell
Detect SMTP Domain Mismatch
Detect TLS Version
Display Hex Dump for DNS Traffic
Get Content in Flow
Get FTP Data Content in Flow
Get Metadata Fields from DpiMessage (String, Int, Long)
Get or Set Custom Fields
Get Packet Length
Get Packet String
Get Payload Length
Get SMTP Content in Flow
Get Strings as Table
Get VLAN Offset
Trigger User Alarms
Manage Deep Packet Analytics Rules
Download Deep Packet Analytics Rules
View a System Deep Packet Analytics Rule
Edit Custom Deep Packet Analytics Rules
Delete Custom Deep Packet Analytics Rules
Add Custom Deep Packet Analytics Rules
Troubleshoot Deep Packet Analytics

NetMon Logo
Copyright © 2023 LogRhythm, Inc. All Rights Reserved • Powered by Scroll Viewport and Atlassian Confluence