DetectProtoFtp DetectProtoSmtp

In the course of protocol detection, it is sometimes hard do distinguish between FTP and SMTP, since these protocols start with very similar traffic. The actions DetectProtoFtp and DetectProtoSmtp can be used to force detecting FTP or SMTP in cases where the recorder would misdetect the protocol otherwise.

The conditions can assess the following pieces of information in the ApplyTo tag:
  • WelcomeMsg: The welcome message of the server
  • NoopResponse: The server response to a NOOP command which is sent by the ProxyEngine
  • TargetPort: The target port
Parent topic: ProxyEngineRule Actions